Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 95

  1. Which of the following refers to a method of bypassing normal system authentication procedures?

    • virus
    • worm
    • trojan horse
    • spyware
    • rootkits
    • backdoor
    • None of the choices.

    Explanation: 
    A backdoor is a method of bypassing normal authentication procedures.
    Many computer manufacturers used to preinstall backdoors on their systems to provide technical support for customers. Hackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors, hackers prefer to use either Trojan horse or computer worm.

  2. To install backdoors, hackers generally prefer to use:

    • either Trojan horse or computer worm.
    • either Tripwire or computer virus.
    • either eavedropper or computer worm.
    • either Trojan horse or eavedropper.
    • None of the choices.
    Explanation: 
    A backdoor is a method of bypassing normal authentication procedures.
    Many computer manufacturers used to preinstall backdoors on their systems to provide technical support for customers. Hackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors, hackers prefer to use either Trojan horse or computer worm.
  3. In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as:

    • wormnets
    • trojannets
    • spynets
    • botnets
    • rootnets
    • backdoor
    Explanation: 
    In order to coordinate the activity of many infected computers, attackers are used coordinating systems known as botnets. In a botnet, the malware or mailbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.
  4. In a botnet, mailbot logs into a particular type of system for making coordinated attack attempts. What type of system is this?

    • Chat system
    • SMS system
    • Email system
    • Log system
    • Kernel system
    • None of the choices.
    Explanation: 
    In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware or mailbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.
  5. Which of the following software tools is often used for stealing money from infected PC owner through taking control of the modem?

    • System patcher
    • Porn dialer
    • War dialer
    • T1 dialer
    • T3 dialer
    • None of the choices.
    Explanation: 
    One way of stealing money from infected PC owner is to take control of the modem and dial an expensive toll call. Dialer such as porn dialer software dials up a premium-rate telephone number and leave the line open, charging the toll to the infected user.
  6. Which of the following is an oft-cited cause of vulnerability of networks?

    • software monoculture
    • software diversification
    • single line of defense
    • multiple DMZ
    • None of the choices.
    Explanation: 
    An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.
  7. Introducing inhomogeneity to your network for the sake of robustness would have which of the following drawbacks?

    • poorer performance.
    • poor scalability.
    • weak infrastructure.
    • high costs in terms of training and maintenance.
    • None of the choices.
    Explanation: 
    An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.
  8. Which of the following may be deployed in a network as lower cost surveillance and early-warning tools?

    • Honeypots
    • Hardware IPSs
    • Hardware IDSs
    • Botnets
    • Stateful inspection firewalls
    • Stateful logging facilities
    • None of the choices.
    Explanation: 
    Honeypots, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques.
  9. Relatively speaking, firewalls operated at the application level of the seven layer OSI model are:

    • almost always less efficient.
    • almost always less effective.
    • almost always less secure.
    • almost always less costly to setup.
    • None of the choices.
    Explanation: 
    Early attempts at producing firewalls operated at the application level of the seven-layer OSI model but this required too much CPU processing power.
    Packet filters operate at the network layer and function more efficiently because they only look at the header part of a packet.
  10. Relatively speaking, firewalls operated at the physical level of the seven-layer OSI model are:

    • almost always less efficient.
    • almost always less effective.
    • almost always less secure.
    • almost always less costly to setup.
    • None of the choices.
    Explanation: 
    Early attempts at producing firewalls operated at the application level of the seven-layer OSI model but this required too much CPU processing power.
    Packet filters operate at the network layer and function more efficiently because they only look at the header part of a packet. NO FIREWALL operates at the physical level.
  11. Which of the following refers to the act of creating and using an invented scenario to persuade a target to perform an action?

    • Pretexting
    • Backgrounding
    • Check making
    • Bounce checking
    • None of the choices.
    Explanation: 
    Pretexting is the act of creating and using an invented scenario to persuade a target to release information or perform an action and is usually done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information.
  12. Pretexting is an act of:

    • DoS
    • social engineering
    • eavedropping
    • soft coding
    • hard coding
    • None of the choices.
    Explanation: 
    Pretexting is the act of creating and using an invented scenario to persuade a target to release information or perform an action and is usually done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information.
  13. With Deep packet inspection, which of the following OSI layers are involved?

    • Layer 2 through Layer 7
    • Layer 3 through Layer 7
    • Layer 2 through Layer 6
    • Layer 3 through Layer 6
    • Layer 2 through Layer 5
    • None of the choices.
    Explanation: 
    Deep packet inspection (DPI) is a form of computer network packet filtering that examines the data part of a through-passing packet, searching for non- protocol compliance or predefined criteria to decide if the packet can pass.
    DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model.
  14. Squid is an example of:

    • IDS
    • caching proxy
    • security proxy
    • connection proxy
    • dialer
    • None of the choices.
    Explanation: 
    Squid is an example of a caching proxy, not a security proxy. It has the main purpose of locally storing copies of web pages that are popular, with the benefit of saving bandwidth.
  15. Which of the following types of firewall treats each network frame or packet in isolation?

    • statefull firewall
    • hardware firewall
    • combination firewall
    • packet filtering firewall
    • stateless firewall
    • None of the choices.
    Explanation: 
    A stateless firewall treats each network frame or packet in isolation.
    Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
  16. Which of the following types of attack involves a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files?

    • Local DoS attacks
    • Remote DoS attacks
    • Distributed DoS attacks
    • Local Virus attacks
    • None of the choices.
    Explanation: 
    Local DoS attacks can be a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files. The best defense is to find this program and kill it.
  17. What is the best defense against Local DoS attacks?

    • patch your systems.
    • run a virus checker.
    • run an anti-spy software.
    • find this program and kill it.
    • None of the choices.
    Explanation: 
    Local DoS attacks can be a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files. The best defense is to find this program and kill it.
  18. Which of the following are examples of tools for launching Distributed DoS Attack (Choose four.):

    • TFN
    • TFN2K
    • Trin00
    • Stacheldracht
    • Tripwire
    Explanation: 
    Distributed DoS Attack is a network-based attack from many servers used remotely to send packets. Examples of tools for conducting such attack include TFN, TFN2K, Trin00, Stacheldracht, and variants. The best defense is to make sure all systems patches are up-to-date. Also make sure your firewalls are configured appropriately.
  19. What is the best defense against Distributed DoS Attack?

    • patch your systems.
    • run a virus checker.
    • run an anti-spy software.
    • find the DoS program and kill it.
    • None of the choices.
    Explanation: 
    Distributed DoS Attack is a network-based attack from many servers used remotely to send packets. Examples of tools for conducting such attack include TFN, TFN2K, Trin00, Stacheldracht, and variants. The best defense is to make sure all systems patches are up-to-date. Also make sure your firewalls are configured appropriately.
  20. What is wrong with a Black Box type of intrusion detection system?

    • you cannot patch it
    • you cannot test it
    • you cannot examine its internal workings from outside.
    • you cannot tune it
    • None of the choices.
    Explanation: 
    “An intrusion detection system should be able to run continually without human supervision. The system must be reliable enough to allow it to run in the background of the system being observed. However, it should not be a “black box”, because you want to ensure its internal workings are examinable from outside.”