Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 84

  1. Which of the following is the MOST effective control in an organization to mitigate the risk of insider misuse of personal devices?

    • Security risk assessments
    • Periodic vulnerability scanning
    • Security awareness training
    • Comprehensive procedures on data security
  2. Which of the following security testing techniques is MOST effective in discovering unknown malicious attacks?

    • Vulnerability testing
    • Reverse engineering
    • Penetration testing
    • Sandboxing
  3. Which of the following hardware upgrades would BEST enhance the capability of a web server to accommodate a significant increase in web traffic?

    • Multicore CPUs
    • Solid state drives
    • Additional flash memory
    • Cloud architecture
  4. An organization has recently converted its infrastructure to a virtualized environment. The GREATEST benefit related to disaster recovery is that virtualized servers:

    • reduce the time it takes to successfully create backups.
    • decrease the recovery time objective (RTO).
    • eliminate the manpower necessary to restore the server.
    • can be recreated on similar hardware faster than restoring from backups.
  5. Which of the following would help to ensure the completeness of batch file transfers?

    • Input controls
    • Self-checking digits
    • Hash totals
    • Parity check
  6. The sender of a public key would be authenticated by a:

    • certificate authority.
    • digital signature.
    • digital certificate.
    • registration authority.

    A digital certificate is an electronic document that declares a public key holder is who the holder claims to be. The certificates do handle data authentication as they are used to determine who sent a particular message. A certificate authority issues the digital certificates, and distributes, generates and manages public keys. A digital signature is used to ensure integrity of the message being sent and solve the nonrepudiation issue of message origination. The registration authority would perform most of the administrative tasks of a certificate authority, i.e., registration of the users of a digital signature plus authenticating the information that is put in the digital certificate.

  7. An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?

    • The corporate network is using an intrusion prevention system (IPS)
    • This part of the network is isolated from the corporate network
    • A single sign-on has been implemented in the corporate network
    • Antivirus software is in place to protect the corporate network
    If the conference rooms have access to the corporate network, unauthorized users may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An I PS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk.
  8. What is the BEST action to prevent loss of data integrity or confidentiality in the case of an e- commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?

    • Using virtual private network (VPN) tunnels for data transfer
    • Enabling data encryption within the application
    • Auditing the access control to the network
    • Logging all changes to access lists
    The best way to ensure confidentiality and integrity of data is to encrypt it using virtual private network (VPN) tunnels. This is the most common and convenient way to encrypt the data traveling over the network. Data encryption within the application is less efficient than VPN. The other options are good practices, but they do not directly prevent the loss of data Integrity and confidentiality during communication through a network.
  9. When conducting a penetration test of an IT system, an organization should be MOST concerned with:

    • the confidentiality of the report.
    • finding all possible weaknesses on the system.
    • restoring all systems to the original state.
    • logging all changes made to the production system.
    All suggested items should be considered by the system owner before agreeing to penetration tests, but the most important task is to be able to restore all systems to their original state.
    Information that is created and/or stored on the tested systems should be removed from these systems. If for some reason, at the end of the penetration test, this is not possible, all files (with their location) should be identified in the technical report so that the client’s technical staff will be able to remove these after the report has been received.
  10. Which of the following penetration tests would MOST effectively evaluate incident handling and response capabilities of an organization?

    • Targeted testing
    • External testing
    • internal testing
    • Double-blind testing
    In a double-blind test, the administrator and security staff are not aware of the test, which will result in an assessment of the incident handling and response capability in an organization. In targeted, external, and internal testing, the system administrator and security staff are aware of the tests since they are informed before the start of the tests.
  11. When protecting an organization’s IT systems, which of the following is normally the next line of defense after the network firewall has been compromised?

    • Personal firewall
    • Antivirus programs
    • Intrusion detection system (IDS)
    • Virtual local area network (VLAN) configuration
    An intrusion detection system (IDS) would be the next line of defense after the firewall. It would detect anomalies in the network/server activity and try to detect the perpetrator. Antivirus programs, personal firewalls and VIAN configurations would be later in the line of defense.
  12. In wireless communication, which of the following controls allows the device receiving the communications to verify that the received communications have not been altered in transit?

    • Device authentication and data origin authentication
    • Wireless intrusion detection (IDS) and prevention systems (IPS)
    • The use of cryptographic hashes
    • Packet headers and trailers
    Calculating cryptographic hashes for wireless communications allows the device receiving the communications to verify that the received communications have not been altered in transit. This prevents masquerading and message modification attacks. Device authentication and data origin authentication is not the correct answer since authenticating wireless endpoints to each other prevents man-in-the-middle attacks and masquerading. Wireless iDS/lPSs is not the correct answer since wireless IDS/lPS shave the ability to detect misconfigured devices and rogue devices, and detect and possibly stop certain types of attacks. Packet headers and trailers alone do not ensure that the content has not been altered.
  13. An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access?

    • Implement Wired Equivalent Privacy (WEP)
    • Permit access to only authorized Media Access Control (MAC) addresses
    • Disable open broadcast of service set identifiers (SSID)
    • Implement Wi-Fi Protected Access (WPA) 2
    Wi-Fi Protected Access (WPA) 2 implements most of the requirements of the IEEE 802.11i standard. The Advanced Encryption Standard (AESJ used in WPA2 provides better security. Also, WPA2 supports both the Extensible Authentication Protocol and the preshared secret key authentication model. Implementing Wired Equivalent Privacy (WEP) is incorrect since it can be cracked within minutes. WEP uses a static key which has to be communicated to all authorized users, thus management is difficult. Also, there is a greater vulnerability if the static key is not changed at regular intervals. The practice of allowing access based on Media Access Control (MAC) is not a solution since MAC addresses can be spoofed by attackers to gain access to the network. Disabling open broadcast of service set identifiers (SSID) is not the correct answer as they cannot handle access control.
  14. An IS auditor is reviewing a software-based configuration. Which of the following represents the GREATEST vulnerability? The firewall software:

    • is configured with an implicit deny rule as the last rule in the rule base.
    • is installed on an operating system with default settings.
    • has been configured with rules permitting or denying access to systems or networks.
    • is configured as a virtual private network (VPN) endpoint.
    Default settings are often published and provide an intruder with predictable configuration information, which allows easier system compromise. To mitigate this risk, firewall software should be installed on a system using a hardened operating system that has limited functionality, providing only the services necessary to support the firewall software. Choices A, C and D are normal or best practices for firewall configurations.
  15. The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:

    • that there will be too many alerts for system administrators to verify.
    • decreased network performance due to IPS traffic.
    • the blocking of critical systems or services due to false triggers.
    • reliance on specialized expertise within the IT organization.
    An intrusion prevention system (IPS) prevents a connection or service based on how it is programmed to react to specific incidents. If the packets are coming from a spoofed address and the IPS is triggered based on previously defined behavior, it may block the service or connection of a critical internal system. The other choices are risks that are not as severe as blocking critical systems or services due to false triggers.
  16. The MOST effective control for reducing the risk related to phishing is:

    • centralized monitoring of systems.
    • including signatures for phishing in antivirus software.
    • publishing the policy on antiphishing on the intranet.
    • security training for all users.
    Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine, with the intention of obtaining information. Phishing is an example of a social engineering attack. Any social engineering type of attack can best Decontrolled through security and awareness training.
  17. When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?

    • There is no registration authority (RA) for reporting key compromises
    • The certificate revocation list(CRL) is not current.
    • Digital certificates contain a public key that is used to encrypt messages and verify digital signatures.
    • Subscribers report key compromises to the certificate authority (CA).
    If the certificate revocation list (CRL) is not current, there could be a digital certificate that is not revoked that could be used for unauthorized or fraudulent activities. The certificate authority (CA) can assume the responsibility if there is no registration authority (RA). Digital certificates containing a public key that is used to encrypt messages and verifying digital signatures is not a risk. Subscribers reporting key compromises to the CA is not a risk since reporting this to the CA enables the CA to take appropriate action.
  18. When using a digital signature, the message digest is computed:

    • only by the sender.
    • only by the receiver.
    • by both the sender and the receiver.
    • by the certificate authority (CA).
    A digital signature is an electronic identification of a person or entity. It is created by using asymmetric encryption. To verify integrity of data, the sender uses a cryptographic hashing algorithm against the entire message to create a message digest to be sent along with the message. Upon receipt of the message, the receiver will re compute the hash using the same algorithm and compare results with what was sent to ensure the integrity of the message.
  19. Which of the following would effectively verify the originator of a transaction?

    • Using a secret password between the originator and the receiver
    • Encrypting the transaction with the receiver’s public key
    • Using a portable document format (PDF) to encapsulate transaction content
    • Digitally signing the transaction with the source’s private key
    A digital signature is an electronic identification of a person, created by using a public key algorithm, to verify to a recipient the identity of the source of a transaction and the integrity of its content. Since they are a ‘shared secret’ between the user and the system itself, passwords are considered a weaker means of authentication. Encrypting the transaction with the recipient’s public key will provide confidentiality for the information, while using a portable document format(PDF) will probe the integrity of the content but not necessarily authorship.
  20. A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:

    • eavesdropping
    • spoofing.
    • traffic analysis.
    • masquerading.
    In traffic analysis, which is a passive attack, an intruder determines the nature of the traffic flow between defined hosts and through an analysis of session length, frequency and message length, and the intruder is able to guess the type of communication taking place. This typically is used when messages are encrypted and eavesdropping would not yield any meaningful results, in eavesdropping, which also is a passive attack, the intruder gathers the information flowing through the network with the intent of acquiring and releasing message contents for personal analysis or for third parties. Spoofing and masquerading are active attacks, in spoofing, a user receives an e-mail that appears to have originated from one source when it actually was sent from another source. In masquerading, the intruder presents an identity other than the original identity.