Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 93

  1. Codes from exploit programs are frequently reused in:

    • trojan horses only.
    • computer viruses only.
    • OS patchers.
    • eavedroppers.
    • trojan horses and computer viruses.
    • None of the choices.

    Explanation: 
    “The term “”exploit”” generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file.”

  2. Machines that operate as a closed system can NEVER be eavesdropped.

    • True
    • False
    Explanation:
    Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electromagnetic transmissions generated by the hardware such as TEMPEST.
  3. TEMPEST is a hardware for which of the following purposes?

    • Eavedropping
    • Social engineering
    • Virus scanning
    • Firewalling
    • None of the choices.
    Explanation:
    Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electromagnetic transmissions generated by the hardware such as TEMPEST.
  4. Human error is being HEAVILY relied upon on by which of the following types of attack?

    • Eavedropping
    • DoS
    • DDoS
    • ATP
    • Social Engineering
    • None of the choices.
  5. A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them. zombie computers are being HEAVILY relied upon on by which of the following types of attack?

    • Eavedropping
    • DoS
    • DDoS
    • ATP
    • Social Engineering
    • None of the choices.
    Explanation:
    “Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (“”zombie computers””) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion.”
  6. Attack amplifier is often being HEAVILY relied upon on by which of the following types of attack?

    • Packet dropping
    • DoS
    • DDoS
    • ATP
    • Wiretapping
    • None of the choices.
    Explanation:
    Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts are used to flood a target system with network requests. One technique to exhaust victim resources is through the use of an attack amplifier – where the attacker takes advantage of poorly designed protocols on 3rd party machines in order to instruct these hosts to launch the flood.
  7. Back Orifice is an example of:

    • a virus.
    • a legitimate remote control software.
    • a backdoor that takes the form of an installed program.
    • an eavesdropper.
    • None of the choices.
    Explanation:
    “A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing “”legitimate”” program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports.”
  8. Which of the following will replace system binaries and/or hook into the function calls of the operating system to hide the presence of other programs (choose the most precise answer)?

    • rootkits
    • virus
    • trojan
    • tripwire
    • None of the choices.
    Explanation:
    “A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing “”legitimate”” program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports.”
  9. Which of the following types of attack makes use of common consumer devices that can be used to transfer data surreptitiously?

    • Direct access attacks
    • Indirect access attacks
    • Port attack
    • Window attack
    • Social attack
    • None of the choices.
    Explanation:
    Direct access attacks make use of common consumer devices that can be used to transfer data surreptitiously. Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, keyboard loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media or portable devices.
  10. Which of the following types of attack almost always requires physical access to the targets?

    • Direct access attack
    • Wireless attack
    • Port attack
    • Window attack
    • System attack
    • None of the choices.
    Explanation:
    Direct access attacks make use of common consumer devices that can be used to transfer data surreptitiously. Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, keyboard loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media or portable devices.
  11. Which of the following methods of encryption has been proven to be almost unbreakable when correctly used?

    • key pair
    • Oakley
    • certificate
    • 3-DES
    • one-time pad
    • None of the choices.
    Explanation:
    It’s possible to protect messages in transit by means of cryptography. One method of encryption – the one-time pad –has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once-and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.
  12. Which of the following encryption methods uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message?

    • Blowfish
    • Tripwire
    • certificate
    • DES
    • one-time pad
    • None of the choices.
    Explanation:
    It’s possible to protect messages in transit by means of cryptography. One method of encryption – the one-time pad – has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once-and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.
  13. Why is one-time pad not always preferable for encryption:

    (Choose all that apply.)

    • it is difficult to use securely.
    • it is highly inconvenient to use.
    • it requires licensing fee.
    • it requires internet connectivity.
    • it is Microsoft only.
    • None of the choices.
    Explanation:
    It’s possible to protect messages in transit by means of cryptography. One method of encryption – the one-time pad – has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once-and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.
  14. You may reduce a cracker’s chances of success by:

    (Choose all that apply.)

    • keeping your systems up to date using a security scanner. 
    • hiring competent people responsible for security to scan and update your systems. 
    • using multiple firewalls.
    • using multiple firewalls and IDS.
    • None of the choices.
    Explanation:
    Only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it is quite possible for a determined cracker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. You may reduce a cracker’s chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security.
  15. Which of the following measures can protect systems files and data, respectively?

    • User account access controls and cryptography
    • User account access controls and firewall
    • User account access controls and IPS
    • IDS and cryptography
    • Firewall and cryptography
    • None of the choices.
    Explanation:
    User account access controls and cryptography can protect systems files and data, respectively. On the other hand, firewalls are by far the most common prevention systems from a network security perspective as they can shield access to internal network services, and block certain kinds of attacks through packet filtering.
  16. Which of the following is by far the most common prevention system from a network security perspective?

    • Firewall
    • IDS
    • IPS
    • Hardened OS
    • Tripwire
    • None of the choices.
    Explanation:
    User account access controls and cryptography can protect systems files and data, respectively. On the other hand, firewalls are by far the most common prevention systems from a network security perspective as they can shield access to internal network services, and block certain kinds of attacks through packet filtering.
  17. Which of the following are designed to detect network attacks in progress and assist in post- attack forensics?

    • Intrusion Detection Systems
    • Audit trails
    • System logs
    • Tripwire
    • None of the choices.
    Explanation:
    Intrusion Detection Systems are designed to detect network attacks in progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems.
  18. “Nowadays, computer security comprises mainly “preventive”” measures.”

    • True
    • True only for trusted networks
    • True only for untrusted networks
    • False
    • None of the choices.
    Explanation:
    “Nowadays, computer security comprises mainly “”preventive”” measures, like firewalls or an Exit Procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network and is normally implemented as software running on the machine or as physical integrated hardware.”
  19. The majority of software vulnerabilities result from a few known kinds of coding defects, such as (Choose five.):

    • buffer overflows
    • format string vulnerabilities
    • integer overflow
    • code injection
    • command injection
    • None of the choices.
    Explanation:
    The majority of software vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. Some common languages such as C and C++ are vulnerable to all of these defects. Languages such as Java are immune to some of these defects but are still prone to code/ command injection and other software defects which lead to software vulnerabilities.
  20. ALL computer programming languages are vulnerable to command injection attack.

    • True
    • False
    Explanation:
    The majority of software vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. Some common languages such as C and C++ are vulnerable to all of these defects. Languages such as Java are immune to some of these defects but are still prone to code/ command injection and other software defects which lead to software vulnerabilities.