Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 96

  1. Which of the following are often considered as the first defensive line in protecting a typical data and information environment?

    • certificates
    • security token
    • password
    • biometrics
    • None of the choices.

    Explanation: 
    Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password.

  2. Which of the following are the characteristics of a good password?

    • It has mixed-case alphabetic characters, numbers, and symbols.
    • It has mixed-case alphabetic characters and numbers.
    • It has mixed-case alphabetic characters and symbols.
    • It has mixed-case alphabetic characters, numbers, and binary codes.
    • None of the choices.
    Explanation: 
    Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters.
  3. What is the recommended minimum length of a good password?

    • 6 characters
    • 8 characters
    • 12 characters
    • 18 characters
    • 22 characters
    • None of the choices.
    Explanation: 
    Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters.
  4. Which of the following is a good tool to use to help enforcing the deployment of good passwords?

    • password cracker
    • local DoS attacker
    • network hacker
    • remote windowing tool
    • None of the choices.
    Explanation: 
    “Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters. You may want to run a “password cracker” program periodically, and require users to immediately change any easily cracked passwords. In any case ask them to change their passwords every 90 to 120 days.”
  5. Which of the following is a good time frame for making changes to passwords?

    • every 180 to 365 days
    • every 30 to 45 days
    • every 10 to 20 days
    • every 90 to 120 days
    • None of the choices.
    Explanation: 
    “Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters. You may want to run a “password cracker” program periodically, and require users to immediately change any easily cracked passwords. In any case ask them to change their passwords every 90 to 120 days.”
  6. You should keep all computer rooms at reasonable temperatures, which is in between:

    (Choose all that apply.)

    • 60 – 75 degrees Fahrenheit
    • 10 – 25 degrees Celsius
    • 30 – 45 degrees Fahrenheit
    • 1 – 15 degrees Celsius
    • 20 – 35 degrees Fahrenheit
    • 0 – 5 degrees Celsius
    Explanation: 
    You should keep all computer rooms at reasonable temperatures, which is in between 60 – 75 degrees Fahrenheit or 10 – 25 degrees Celsius. You should also keep humidity levels at 20 – 70 percent.
  7. You should keep all computer rooms at reasonable humidity levels, which are in between:

    • 20 – 70 percent.
    • 10 – 70 percent.
    • 10 – 60 percent.
    • 70 – 90 percent.
    • 60 – 80 percent.
    • None of the choices.
    Explanation: 
    You should keep all computer rooms at reasonable temperatures, which is in between 60 – 75 degrees Fahrenheit or 10 – 25 degrees Celsius. You should also keep humidity levels at 20 – 70 percent.
  8. A virus typically consists of what major parts (Choose three.):

    • a mechanism that allows them to infect other files and reproduce” a trigger that activates delivery of a “payload””
    • a payload
    • a signature
    • None of the choices.
    Explanation: 
    “A virus typically consist of three parts, which are a mechanism that allows them to infect other files and reproduce a trigger that activates delivery of a “payload” and the payload from which the virus often gets its name. The payload is what the virus does to the victim file.”
  9. Within a virus, which component is responsible for what the virus does to the victim file?

    • the payload
    • the signature
    • the trigger
    • the premium
    • None of the choices.
    Explanation: 
    “A virus typically consist of three parts, which are a mechanism that allows them to infect other files and reproduce a trigger that activates delivery of a “payload” and the payload from which the virus often gets its name. The payload is what the virus does to the victim file.”
  10. Which of the following can be thought of as the simplest and almost cheapest type of firewall?

    • stateful firewall
    • hardware firewall
    • PIX firewall
    • packet filter
    • None of the choices.
    Explanation: 
    The simplest and almost cheapest type of firewall is a packet filter that stops messages with inappropriate network addresses. It usually consists of a screening router and a set of rules that accept or reject a message based on information in the message header.
  11. Screening router inspects traffic through examining:

    • message header.
    • virus payload
    • message content
    • attachment type
    • None of the choices.
    Explanation: 
    The simplest and almost cheapest type of firewall is a packet filter that stops messages with inappropriate network addresses. It usually consists of a screening router and a set of rules that accept or reject a message based on information in the message header.
  12. A major portion of what is required to address nonrepudiation is accomplished through the use of:

    • strong methods for authentication and ensuring data validity
    • strong methods for authentication and ensuring data integrity.
    • strong methods for authorization and ensuring data integrity.
    • strong methods for authentication and ensuring data reliability.
    • None of the choices.
    Explanation: 
    A major portion of what is required to address nonrepudiation is accomplished through the use of strong methods for authentication and ensuring data integrity.
  13. Why is it not preferable for a firewall to treat each network frame or packet in isolation?

    • Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
    • Such a firewall is costly to setup.
    • Such a firewall is too complicated to maintain.
    • Such a firewall is CPU hungry.
    • Such a firewall offers poor compatibility.
    • None of the choices.
    Explanation: 
    A stateless firewall treats each network frame or packet in isolation.
    Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
  14. Phishing attack works primarily through:

    • email and hyperlinks
    • SMS
    • chat
    • email attachment
    • news
    • file download
    • None of the choices.
    Explanation: 
    “Phishing applies to email appearing to come from a legitimate business, requesting “verification”” of information and warning of some dire consequence if it is not done. The letter usually contains a link to a fraudulent web page that looks legitimate and has a form requesting everything from a home address to an ATM card’s PIN.”
  15. Which of the following types of attack often take advantage of curiosity or greed to deliver malware?

    • Gimmes
    • Tripwire
    • Icing
    • Soft coding
    • Pretexting
    • None of the choices.
    Explanation: 
    Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything. The recipient is expected to give in to the need to the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate.
  16. Gimmes often work through:

    • SMS
    • IRC chat
    • email attachment
    • news
    • file download
    • None of the choices.
    Explanation: 
    Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything. The recipient is expected to give in to the need to the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate.
  17. Talking about biometric authentication, physical characteristics typically include (Choose five.):

    • fingerprints
    • eye retinas
    • irises
    • facial patterns
    • hand measurements
    • None of the choices.
    Explanation: 
    Biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for authentication purposes. Physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while behavioral characteristics include signature, gait and typing patterns. Voice is often considered as a mix of both physical and behavioral characteristics.
  18. Talking about biometric authentication, which of the following is often considered as a mix of both physical and behavioral characteristics?

    • Voice
    • Finger measurement
    • Body measurement
    • Signature
    • None of the choices.
    Explanation: 
    Biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for authentication purposes. Physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while behavioral characteristics include signature, gait and typing patterns. Voice is often considered as a mix of both physical and behavioral characteristics.
  19. Performance of a biometric measure is usually referred to in terms of (Choose three.):

    • failure to reject rate
    • false accept rate
    • false reject rate
    • failure to enroll rate
    • None of the choices.
    Explanation: 
    Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted in, while the FRR measures the percent of valid users who are wrongly rejected.
  20. Talking about biometric measurement, which of the following measures the percent of invalid users who are incorrectly accepted in?

    • failure to reject rate
    • false accept rate
    • false reject rate
    • failure to enroll rate
    • None of the choices.
    Explanation: 
    Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted in, while the FRR measures the percent of valid users who are wrongly rejected.