Last Updated on December 13, 2021 by Admin 3
CISA : Certified Information Systems Auditor : Part 154
- CISA : Part 1 - 40
- CISA : Part 41 - 80
- CISA : Part 81 - 120
- CISA : Part 121 - 160
- CISA : Part 161 - 172
Which of the following would be an indicator of the effectiveness of a computer security incident response team?
- Financial impact per security incident
- Number of security vulnerabilities that were patched
- Percentage of business applications that are being protected
- Number of successful penetration tests
The most important indicator is the financial impact per security incident. Choices B, C and D could be measures of effectiveness of security, but would not be a measure of the effectiveness of a response team.
An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:
- the setup is geographically dispersed.
- the network servers are clustered in a site.
- a hot site is ready for activation.
- diverse routing is implemented for the network.
A clustered setup in one location makes the entire network vulnerable to natural disasters or other disruptive events. Dispersed geographical locations and diverse routing provide backup if a site has been destroyed. A hot site would also be a good alternative for a single point-of-failure site.
Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network?
- Layer 2 switches
Firewall systems are the primary tool that enable an organization to prevent unauthorized access between networks. An organization may choose to deploy one or more systems that function as firewalls. Routers can filter packets based on parameters, such as source address, but are not primarily a security tool. Based on Media Access Control (MAC) addresses, layer 2 switches separate traffic in a port as different segments and without determining if it is authorized or unauthorized traffic. A virtual LAN (VLAN) is a functionality of some switches that allows them to switch the traffic between different ports as if they are in the same LAN. Nevertheless, they do not deal with authorized vs. unauthorized traffic.
A company is implementing a dynamic host configuration protocol (DHCP). Given that the following conditions exist, which represents the GREATEST concern?
- Most employees use laptops.
- A packet filtering firewall is used.
- The IP address space is smaller than the number of PCs.
- Access to a network port is not restricted.
Given physical access to a port, anyone can connect to the internal network. The other choices do not present the exposure that access to a port does. DHCP provides convenience (an advantage) to the laptop users. Sharing IP addresses and the existence of a firewall can be security measures
An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure Sockets Layer (SSL) technology for protecting their customer’s payment information. The IS auditor should be MOST concerned if a hacker:
- compromises the Wireless Application Protocol (WAP) gateway.
- installs a sniffing program in front of the server.
- steals a customer’s PDA.
- listens to the wireless transmission.
In a WAP gateway, the encrypted messages from customers must be decrypted to transmit over the Internet and vice versa. Therefore, if the gateway is compromised, all of the messages would be exposed. SSL protects the messages from sniffing on the Internet, limiting disclosure of the customer’s information. WTLS provides authentication, privacy and integrity and prevents messages from eavesdropping.
Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device?
Switches are at the lowest level of network security and transmit a packet to the device to which it is addressed. This reduces the ability of one device to capture the packets that are meant for another device. Filters allow for some basic isolation of network traffic based on the destination addresses. Routers allow packets to be given or denied access based on the addresses of the sender and receiver and the type of packet. Firewalls are a collection of computer and network equipment used to allow communications to flow out of the organization and restrict communications flowing into the organization.
In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users?
- Diskless workstations
- Data encryption techniques
- Network monitoring devices
- Authentication systems
Network monitoring devices may be used to inspect activities from known or unknown users and can identify client addresses, which may assist in finding evidence of unauthorized access. This serves as a detective control. Diskless workstations prevent access control software from being bypassed. Data encryption techniques can help protect sensitive or propriety data from unauthorized access, thereby serving as a preventive control. Authentication systems may provide environment wide, logical facilities that can differentiate among users, before providing access to systems.
When reviewing system parameters, an IS auditor’s PRIMARY concern should be that:
- they are set to meet security and performance requirements.
- changes are recorded in an audit trail and periodically reviewed.
- changes are authorized and supported by appropriate documents.
- access to parameters in the system is restricted.
The primary concern is to find the balance between security and performance. Recording changes in an audit trail and periodically reviewing them is a detective control; however, if parameters are not set according to business rules, monitoring of changes may not be an effective control. Reviewing changes to ensure they are supported by appropriate documents is also a detective control, if parameters are set incorrectly, the related documentation and the fact that these are authorized does not reduce the impact. Restriction of access to parameters ensures that only authorized staff can access the parameters; however, if the parameters are set incorrectly, restricting access will still have an adverse impact.
Which of the following is a control over component communication failure/errors?
- Restricting operator access and maintaining audit trails
- Monitoring and reviewing system engineering activity
- Providing network redundancy
- Establishing physical barriers to the data transmitted over the network
Redundancy by building some form of duplication into the network components, such as a link, router or switch to prevent loss, delays or data duplication is a control over component communication failure or error. Other related controls are loop/echochecks to detect line errors, parity checks, error correction codes and sequence checks. Choices A, B and D are communication network controls.
An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable?
- Electromagnetic interference (EMI)
Attenuation is the weakening of signals during transmission. When the signal becomes weak, it begins to read a 1 for a 0, and the user may experience communication problems. UTP faces attenuation around 100 meters. Electromagnetic interference (EMl) is caused by outside electromagnetic waves affecting the desired signals, which is not the case here. Cross-talk has nothing to do with the length of the UTP cable.
Which of the following line media would provide the BEST security for a telecommunication network?
- broadband network digital transmission
- Baseband network
- Dedicated lines
Dedicated lines are set apart for a particular user or organization. Since there is no sharing of lines or intermediate entry points, the risk of interception or disruption of telecommunications messages is lower.
Which of the following types of firewalls would BEST protect a network from an internet attack?
- Screened subnet firewall
- Application filtering gateway
- Packet filtering router
- Circuit-level gateway
A screened subnet firewall would provide the best protection. The screening router can be a commercial router or a node with routing capabilities and the ability to allow or avoid traffic between nets or nodes based on addresses, ports, protocols, interfaces, etc. Application-level gateways are mediators between two entities that want to communicate, also known as proxy gateways. The application level (proxy) works at the application level, not just at a package level. The screening controls at the package level, addresses and ports, but does not see the contents of the package. A packet filtering router examines the header of every packet or data traveling between the internet and the corporate network.
Neural networks are effective in detecting fraud because they can:
- discover new trends since they are inherently linear.
- solve problems where large and general sets of training data are not obtainable.
- attack problems that require consideration of a large number of input variables.
- make assumptions about the shape of any curve relating variables to the output.
Neural networks can be used to attack problems that require consideration of numerous input variables. They are capable of capturing relationships and patterns often missed by other statistical methods, but they will not discover new trends. Neural networks are inherently nonlinear and make no assumption about the shape of any curve relating variables to the output. Neural networks will not work well at solving problems for which sufficiently large and general sets of training data are not obtainable.
Assuming this diagram represents an internal facility and the organization is implementing a firewall protection program, where should firewalls be installed?
- No firewalls are needed
- Op-3 location only
- MIS (Global) and NAT2
- SMTP Gateway and op-3
The objective of a firewall is to protect a trusted network from an untrusted network; therefore, locations needing firewall implementations would be at the existence of the external connections. All other answers are incomplete or represent internal connections.
For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active. Assuming that is true, what control, if any, should be recommended to mitigate this weakness?
- Intelligent hub
- Physical security over the hubs
- Physical security and an intelligent hub
- No controls are necessary since this is not a weakness
Open hubs represent a significant control weakness because of the potential to access a network connection easily. An intelligent hub would allow the deactivation of a single port while leaving the remaining ports active. Additionally, physical security would also provide reasonable protection over hubs with active ports.
In the 2c area of the diagram, there are three hubs connected to each other. What potential risk might this indicate?
- Virus attack
- Performance degradation
- Poor management controls
- Vulnerability to external hackers
Hubs are internal devices that usually have no direct external connectivity, and thus are not prone to hackers. There are no known viruses that are specific to hub attacks. While this situation may be an indicator of poor management controls, choice B is more likely when the practice of stacking hubs and creating more terminal connections is used.
An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?
- A Secure Sockets Layer (SSL) has been implemented for user authentication and remote administration of the firewall.
- Firewall policies are updated on the basis of changing requirements.
- inbound traffic is blocked unless the traffic type and connections have been specifically permitted.
- The firewall is placed on top of the commercial operating system with all installation options.
The greatest concern when implementing firewalls on top of commercial operating systems is the potential presence of vulnerabilities that could undermine the security posture of the firewall platform itself. In most circumstances, when commercial firewalls are breached that breach is facilitated by vulnerabilities in the underlying operating system. Keeping all installation options available on the system further increases the risks of vulnerabilities and exploits. Using SSL for firewall administration (choice A) is important, because changes in user and supply chain partners’ roles and profiles will be dynamic. Therefore, it is appropriate to maintain the firewall policies daily (choice B), and prudent to block all inbound traffic unless permitted (choice C).
In a client-server architecture, a domain name service (DNS) is MOST important because it provides the:
- address of the domain server.
- resolution service for the name/address.
- IP addresses for the internet.
- domain name system.
DNS is utilized primarily on the Internet for resolution of the name/address of the web site. It is an Internet service that translates domain names into IP addresses. As names are alphabetic, they are easier to remember. However, the Internet is based on IP addresses. Every time a domain name is used, a DNS service must translate the name into the corresponding IP address. The DNS system has its own network, if one DNS server does not know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.
In what way is a common gateway interface (CGI) MOST often used on a webserver?
- Consistent way for transferring data to the application program and back to the user
- Computer graphics imaging method for movies and TV
- Graphic user interface for web design
- interface to access the private gateway domain
The common gateway interface (CGI) is a standard way for a web server to pass a user’s request to an application program and to move data back and forth to the user. When the user requests a web page (for example, by clicking on a highlighted word orienteering a web site address), the server sends back the requested page. However, when a user fills out a form on a web page and submits it, it usually needs to be processed by an application program. The web server typically passes the form information to a small application program that processes the data and may send back a confirmation message. This method, or convention, for passing data back and forth between the server and the application is called the common gateway interface (CGI). It is part of the web’s HTTP protocol.
Receiving an EDI transaction and passing it through the communication’s interface stage usually requires:
- translating and unbundling transactions.
- routing verification procedures.
- passing data to the appropriate application system.
- creating a point of receipt audit log.
The communication’s interface stage requires routing verification procedures. Edi or ANSI X12 is a standard that must be interpreted by an application for transactions to be processed and then to be invoiced, paid and sent, whether they are for merchandise or services. There is no point sending and receiving EDI transactions if they cannot be processed by an internal system.
Unpacking transactions and recording audit logs are important elements that help follow business rules and establish controls, but are not part of the communication’s interface stage.
- CISA : Part 1 - 40
- CISA : Part 41 - 80
- CISA : Part 81 - 120
- CISA : Part 121 - 160
- CISA : Part 161 - 172