ISACA CISA SET Exam 121 Questions with Verified Answers,100% CORRECT

ISACA CISA SET Exam 121 Questions with Verified Answers The internal audit dept. wrote some scripts that are sued for continuous auditing of some information systems. The IT dept. asked for compies of the scripts so that they can use them for setting up a continuous monitoring process on key systems. Does sharing these scripts with IT affect the ability of the IS auditors to independently and objectively audit the IT functions? a. sharing scripts is not permitted because it gives IT ability to pre-audit systems and avoid an accurate comprehensive audit. b. sharing scripts is required because IT must have ability to review all programs and software that run on IS system regardless of audit independence c. sharing the scrips is permissable of IT recognizes that audit may still be conducted in areas not covered in scripts d. sharing scripts is not permitted because the IS auditors who wrote scripts would not be permitted to audit any IS systems where the scripts are being u - CORRECT ANSWER c. sharing the scrips is permissable of IT recognizes that audit may still be conducted in areas not covered in scripts IS audit can still review all aspects of the system. They may not be able to review the effectiveness of the scripts but they can still audit the systems. Which of the following activities cause most security vulnerabilities in web servers? A. Acquisition B. Usage C. Configuration D. Maintenance - CORRECT ANSWER C. Configuration The correct answer is configuration. The web server that an organization acquires is generic and must be customized during its configuration. Unnecessary software services and user accounts in the web server should be removed or redefined. The web server configuration scenarios should fit its established security policy. The other answer choices are incorrect: The acquisition, usage, and maintenance of a web server are not as important as that of its configuration. Which of the following network security tools is PRIMARILY used by the security team to enhance security in the IT environment? A. Honeypots B. Intrusion detection system C. Intrusion prevention system D. Vulnerability scanner - CORRECT ANSWER A. Honeypots Honeypots are computers that security administrators place as a trap for intruders. Hackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. The security team can use this knowledge to determine which areas of network require protection from such attacks. The other answer choices are incorrect: Intrusion prevention systems (IPS) are configured to both detect and prevent potential attacks on the IT environment and assets. The intrusion detection system (IDS) aims to identify and potentially stop unauthorized use, misuse, and abuse of information systems by both internal network users and external attackers in near real-time. A vulnerability scanner is designed to evaluate system, networks, and applications for existing weaknesses. Amanda, an IS auditor, is reviewing an organization's agreement with a cloud provider. Which of the following is the MOST significant concern for Amanda ? A. The contract prohibits site visits. B. The contract does not state the cloud provider's responsibility in the event of a data breach. C. Laws and regulations are different in the countries of the organization and the vendor. D. The organization uses an older web browser that is highly vulnerable to cyberattacks. - CORRECT ANSWER B. The contract does not state the cloud provider's responsibility in the event of a data breach. The correct answer is "the contract does not state the cloud provider's responsibility in the event of a data breach." Cloud computing involves more than one party, and each party is responsible for maintaining adequate security in their respective IT environments. In the event of a security breach, the party responsible for the breach should be held accountable. Therefore, the contract should state the responsibilities of each party in the case of a data incident. The answer choice "the contract prohibits site visits" is incorrect. While site visits act as a helpful oversight and monitoring control, there are alternative procedures to monitor cloud providers such as virtual meetings and performance monitoring reports. The answer choice "laws and regulations are different in the countries of the organization and the vendor" is incorrect. The IS auditor should ensure that the contract addresses the differing laws and regulations in the countries of the organization and the vendor, but having different laws and regulations is not a problem. The answer choice "the organization uses an older web browser that is highly vulnerable to cyberattacks" is incorrect. While highly vulnerable browsers pose a significant risk to the organization's security, the IS auditor can raise an audit issue for this problem, and IT can acquire and deploy a more secure browser. Which of the following is an example of a digital envelope? A. Pretty Good Privacy (PGP) B. Full disk encryption C. TCP/IP D. SSL - CORRECT ANSWER A. Pretty Good Privacy (PGP) A digital envelope uses both secret-key (symmetric) and public-key encryption (asymmetric) encryption. It is the electronic equivalent of putting your message/document in a sealed envelope for privacy and resistance to tampering. Symmetric (secret key) encryption is used for encrypting and decrypting the message. Asymmetric (Public key) encryption is used to send a secret key to the receiving end. The sender of a message randomly selects an asymmetric algorithm session key which is then encrypted by using the recipient's public key. WHY CHOICES are INCORRECT Full disk encryption protects the user data stored on a laptop hard drive, but it is only effective when the laptop is logged off or powered off. Transmission Control Protocol/Internet Protocol (TCP/IP) is a collection of data transmission protocols for internetwork communications. Secure Sockets Layer (SSL) is a security protocol that creates an encrypted link between a web server and a web browser. Which of the following attacks violates the principle of confidentiality? A. Email spamming B. Man-in-the-middle (MITM) attack C. Juice jacking attack D. All of the answer choices are correct. - CORRECT ANSWER D. All of the answer choices are correct. All of the answer choices are correct: - Email spamming involves sending junk email messages to several users to receive a response (which may disclose sensitive company information). -In a MITM attack, a perpetrator inserts themselves in the middle of a communication link or data transfer and pretends to be both of the legitimate parties. This way, the perpetrator intercepts data from both parties while also transmitting malicious links to the legitimate parties. -In a juice jacking attack, an infected USB (universal serial bus) charging station/port can be used to compromise devices connected to that port. This attack is common at public places such as airports and public transit where users may connect their devices to charge a device battery. When the device is plugged into a USB port, a perpetrator may have A server administrator noticed an IP address transmitting suspicious data into the network and contacted the incident response team. The incident response team immediately rebooted the web server to stop the attack. What should the incident response team have done before they rebooted the web server? A. Contact the local regulatory body to inform them of the attack. B. Notify potentially impacted customers. C. Loop in key stakeholders in the organization. D. Gather the required evidence. - CORRECT ANSWER D. Gather the required evidence. The correct answer is "gather the required evidence." Gathering evidence and storing it in a secure place is critical to prosecuting the perpetrator. As a result of rebooting the server, crucial evidence was lost, and hence it will be difficult to prosecute the perpetrator in a court of law. The other answer choices are INCORRECT. -The local regulatory authority, customers, and stakeholders can be informed of the incident once the incident has been contained, evidence has been gathered, and the incident does not pose any further threat to the organization. Which of the following is the PRIMARY objective of the incident response process? A. Preserve the integrity of evidence related to the incident. B. Minimize the impact of the incident on the organization C. Detect the incident at the earliest opportunity D. None of the answer choices are correct. - CORRECT ANSWER B. Minimize the impact of the incident on the organization The correct answer is "minimize the impact of the incident on the organization." The primary objective of the incident response plan is to minimize the incident impact on the organization. An incident is any event that adversely impacts the confidentiality, integrity, or availability of an organization's assets. The other answer choices are INCORRECT: -Preserving the integrity of evidence is essential if the incident relates to fraud; however, this is the responsibility of the forensic investigations team. -While detecting the incident at the earliest opportunity may help minimize the incident's impact on the organization, early detection is not the primary objective of the incident response process. Which of the following is a control used to respond to the risk of power failure? A. Smoke/fire detectors B. Water sprinklers C. Uninterruptible power supply (UPS) D. Fire or evacuation drills - CORRECT ANSWER C. Uninterruptible power supply (UPS) The correct answer is "uninterruptible power supply (UPS)." A UPS system contains a battery or gas-powered generator that connects with the electricity entering the building/facility and the electrical power entering the IT hardware. The other answer choices are INCORRECT as smoke/fire detectors, water sprinklers, and fire or evacuation drills respond to the RISK OF FIRE, NOT POWER FAILURE. Which of the following controls provides a first line of defense against potential threats, risks, or losses? A. Software testing B. Transaction logs C. Passwords and user IDs D. Dial-back modem - CORRECT ANSWER C. Passwords and user IDs The correct answer is "passwords and user IDs." These provide the first line of defense against breach of a network's security. Several restrictions can be placed on passwords to improve their effectiveness. These restrictions may include minimum length and format and forced periodic password changes. The other answer choices are INCORRECT: -Switched ports are among the most vulnerable security points on a network. These allow dial-in and dial-out access. They are security risks because they allow users with telephone terminals to access systems. Although callback or dial-back is a potential control as a first line of defense, it is not necessarily the most effective because of the call-forwarding capability of telephone circuits. -Software testing is the last line of defense to ensure data integrity and security. Therefore, the software must be tested thoroughly by end users, information systems staff, and computer operations staff. -For online applications, the logging of all transactions processed or reflected by input programs provides a complete audit trail of actual and attempted entries, thus providing a last line of defense. The log can be stored on tape or disk files for subsequent analysis. The logging control should include the date, time, user ID and password used, location, and number of unsuccessful attempts made. Which of the following layers of the ISO/OSI Reference Model handles "error detection and correction"? A. Data link B. Physical C. Network D. Application - CORRECT ANSWER A. Data link The correct answer is data link. The data link layer addresses protocols, models, error detection and correction, etc. It provides reliable transfer of data across physical links, error and flow control, link-level encryption and decryption, and synchronization. The data link layer provides error detection and, optionally, correction (involving two computers directly connected) across a line between nodes of a subnetwork. The other answer choices are INCORRECT: - The physical layer provides for the transmission of unstructured bit streams over the communications channel. -The network layer addresses deadlocks, etc. It provides routing services to establish connections across communications networks. -The application layer addresses dataflow modeling, file management, etc. It provides services such as file transfer protocols directly to users. A furniture manufacturer issues individual universal serial bus (USB) drives to each employee to transfer company data between different location. Employees are strictly advised to not use these devices for personal use. Which of the following is the MOST significant risk in this case? A. Employees may lose the USB drive. B. Employees may use the USB for personal purposes. C. The USB may introduce malware into the organization's network. D. Data may be lost due to the USB's nonfunctionality. - CORRECT ANSWER A. Employees may lose the USB drive. The correct answer is "employees may lose the USB drive." USB drives are small in size and therefore susceptible to loss or theft, resulting in unauthorized exposure of confidential company data. These are INCORRECT The answer choice "data may be lost due to the USB's nonfunctionality" is incorrect. While lost data may be hard to recover (especially if data does not exist on the network), the risk of data exposure to unauthorized parties is more significant. The answer choice "employees may use the USB for personal purposes" is incorrect. Personal use of USB drives will be noncompliance with the company policy but does not impose a more significant risk than unauthorized exposure of data. Personal use of USBs increases the risk of importing malware from personal computers; however, network security controls such as antivirus software can help to mitigate this risk. The answer choice "the USB may introduce malware into the organization's network" is incorrect. Network security controls such as antivirus scanners can detect and prevent the introduction of malware on the company network, and therefore risk can be reasonably mitigated. The firewall is designed to: A. prevent outsiders from getting in. B. stop electronic mail. C. prevent insiders from getting out. D. stop generating a log file. - CORRECT ANSWER A. prevent outsiders from getting in. The correct answer is "prevent outsiders from getting in." The firewall is designed to prevent outsiders from getting in. Its purpose is to protect internal information systems from external attacks. A global financial services company is introducing a new security governance framework across different countries. What should management do FIRST? A. Review existing security policies. B. Interview security employees in each country to determine local security practices. C. Evaluate the regulatory requirements in each country. D. Interview local security experts in each country to determine the best practices in each country. - CORRECT ANSWER C. Evaluate the regulatory requirements in each country. The correct answer is "evaluate the regulatory requirements in each country." The security governance framework should include regulatory requirements for all countries where the company has located its operations to ensure that all such requirements are met in the framework. Data diddling can be detected by which of the following? A. Exception reports B. Access controls C. Integrity checking D. Program change controls - CORRECT ANSWER A. Exception reports The correct answer is exception reports. Data diddling includes changing data with malicious intent before it is entered into the system. Data diddling can be detected using exception reports. Exception reports highlight exceptions or deviations from the anticipated situation. Rapid detection is needed—the sooner the better—because correction of data diddling is expensive. INCORRECT The other options are incorrect: Access controls, program change controls, and integrity checking are all preventive controls. Which of the following is a characteristic of an intrusion detection system (IDS)? A. Prevents access to specific internet websites B. Blocks users from accessing specific application servers C. Collects evidence on intrusive system activity D. None of the answer choices are correct. - CORRECT ANSWER C. Collects evidence on intrusive system activity The correct answer is "collects evidence on intrusive system activity." The intrusion detection system aims to identify and detect unauthorized use, misuse, and abuse of information systems by both internal network users and external attackers in near real-time. INCORRECT The other answer choices are incorrect. Preventing access to websites and blocking users' access to application servers are performed by a firewall. Which of the following network security testing tools can be disruptive to the organization? A. War dialing B. Penetration testing C. Vulnerability scanning D. Network scanning - CORRECT ANSWER B. Penetration testing The correct answer is "penetration testing." Penetration testing's impacts include server crashes and exposure and corruption of sensitive data. In addition, penetration testing may aid the hackers in perpetrating a similar attack on the organization. INCORRECT The other answer choices are incorrect: Network scanning and vulnerability scanning are not disruptive as they do not penetrate the IT environment; these tools help to identify vulnerabilities in the environment. War dialing is a type of attack. The war dialing technique involves dialing all possible telephone numbers in a particular area code to locate active modems and computers. Perpetrators use war dialing for various reasons, including guessing user IDs by listening to voicemail greetings or finding modems that potentially help access an IT network. Which of the following use public-key (asymmetric) algorithms for data encryption? A. RSA and ECC B. RSA and DES C. MD5 and ECC D. DES and SHA - CORRECT ANSWER A. RSA and ECC The correct answer is "RSA and ECC," the only answer that correctly identifies two asymmetric algorithms. RSA (Rivest-Shamir-Adleman) is one of the oldest public-key and most popular cryptosystems to protect data transmission. Elliptic-curve cryptography (ECC) is a faster alternative to RSA because it uses shorter keys and requires less computing power. INCORRECT The other answer choices are incorrect. DES (Data Encryption Standard) and IDEA (International Data Encryption Algorithm) are examples of private-key (secret-key) algorithms that are based on the concept of a single, shared key. DES is used in secret-key (symmetric) encryption and SHA (Secure Hash Algorithm) and MD5 (Message Digest 5) are hashing algorithms. Ian, an IS auditor, is reviewing the results of a recent fire drill. Which of the following is the MOST significant concern regarding physical and environmental security controls? A. Elevators were not operating during the drill. B. Employees on vacations were not involved in the drill. C. Fire extinguishers were not placed in all sections of the building. D. Emergency exits were not appropriately marked across the facility. - CORRECT ANSWER D. Emergency exits were not appropriately marked across the facility. The correct answer is "emergency exits were not appropriately marked across the facility." The most important concern is with saving human life during an evacuation, and therefore emergency exits should be marked across the facility to facilitate swift evacuation from the facility. Which of the following controls over telecommuting uses tokens and/or multifactor authentication? A. Intrusion detection system B. Encryption C. Combined authentication methods D. Firewalls - CORRECT ANSWER C. Combined authentication methods The correct answer is "combined authentication methods." Combined authentication methods increases security in two significant ways. They can require the user to possess a token in addition to a password or personal identification number (PIN). Tokens used with PINs provide significantly more security than passwords. For a hacker or other would-be impersonator to pretend to be someone else, the impersonator must have both a valid token and the corresponding PIN. This is much more difficult than obtaining a valid password and user ID combination. Combined authentication methods can also create multifactor authentication. Each time a user is authenticated to the computer, a different "one-time code" is used. The other answer choices are incorrect: -Firewalls use a secure gateway or series of gateways to block or filter access between two networks, often between a private network and a larger, more public network such as the internet or a public switched network (i.e., the telephone system). -The intrusion detection system (IDS) aims to identify unauthorized use, misuse, and abuse of information systems by both internal network users and external attackers in near real-time. -Encryption is more expensive than combined authentication methods. It is most useful if highly confidential data needs to be transmitted or if moderately confidential data is transmitted in a high-threat area. Encryption is most widely used to protect the confidentiality and integrity of data. What must begin after a physical intrusion detection alarm is initiated and reported? A. Communication B. Assessment C. Deployment D. Interruption - CORRECT ANSWER B. Assessment Correct The correct answer is "assessment." Once a physical intrusion detection alarm is initiated and reported, assessment of the situation begins. One needs to know whether the alarm is valid or a nuisance alarm, as well as details about the cause of the alarm. INCORRECT Communication, interruption, and deployment are incorrect because they are part of a response to a physical intrusion detection alarm. Who is responsible for the classification of information assets? A. Business managers B. Security administrators C. Data custodian D. Asset owners - CORRECT ANSWER D. Asset owners CORRECT The correct answer is asset owners. Each information asset should be assigned an owner. The owner is an official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. The asset owner should determine the appropriate classification according to the organization's data classification policy. INCORRECT The other answer choices are incorrect. Business managers and security administrators can use data classification in their risk assessment process to determine the appropriate level of access to the information asset. A data custodian provides physical and logical access procedures, and implements security controls, and access safeguards. Which of the following items of information in the audit trail record would help determine if the user was a masquerader or the actual person specified? A. The date and time associated with the event B. The user identification associated with the event C. The command used to initiate the event D. The program used to initiate the event - CORRECT ANSWER A. The date and time associated with the event CORRECT The correct answer is "the date and time associated with the event." By knowing the dates and times the actual person specified could not be using the system (e.g., after hours, on vacation) and looking for those date and time stamps in the audit logs, the IS auditor can determine if that user is a masquerader or the actual person specified. INCORRECT The remaining answer choices are incorrect; the user identification, program used, and commands used would be the same as the legitimate user and therefore would not help to determine whether the user was legitimate or a masquerader. Which of the following ISO/OSI layers provides access control services? A. Transport B. Presentation C. Session D. Data link - CORRECT ANSWER A. Transport The correct answer is "transport." The transport layer ensures error-free, in-sequence exchange of data between endpoints. It is responsible for transmitting a message between one network user and another. It is the only layer listed in the question that provides access control services. INCORRECT -The presentation layer provides authentication and confidentiality services, but not access control. The presentation layer defines and transforms the format of data to make it useful to the receiving application. The session layer does not provide access control services. It establishes, manages, and terminates connections between applications and provides checkpoint recovery services. It helps users interact with the system and other users. -The data link layer provides confidentiality service, but not access control. The data link layer provides reliable transfer of data across physical links, error flow control, link-level encryption and decryption, and synchronization. It handles the physical transmission of frames over a single data link. Ronald, a forensic investigator, is reviewing fraudulent electronic transactions. The suspect has worked with Ronald in the past at another company. What is the MOST important consideration for Ronald in this situation? A. Ronald should not conduct informal meetings with the suspect during the investigation. B. Ronald should maintain independence during the engagement. C. Ronald should ensure that the evidence is preserved in its original state. D. Ronald should assess other electronic transactions carried out by the suspect. - CORRECT ANSWER C. Ronald should ensure that the evidence is preserved in its original state. CORRECT The correct answer is "Ronald should ensure that the evidence is preserved in its original state." Evidence from the crime scene must be securely retained and preserved to present in a legal proceeding. The chain of custody must also be documented and preserved for presentation in the court of law. INCORRECT The answer choice "Ronald should maintain independence during the engagement" is incorrect. Maintaining independence is essential; however, preserving the integrity of the evidence is more essential to ensure the evidence is admissible in the court of law. The answer choice "Ronald should not conduct informal meetings with the suspect during the investigation" is incorrect. While this is important, preserving the integrity of the evidence is more essential to ensure the evidence is admissible in the court of law. The answer choice "Ronald should assess other electronic transactions carried out by the suspect" is incorrect. While it is a good idea to investigate further transactions to uncover the possibility of more fraudulent transactions, preserving the integrity of the evidence is more essential to ensure the evidence is admissible in the court of law. Modern "dry pipe" systems: A. are a substitute for water-based sprinkler systems. B. maximize chances of accidental discharge of water. C. are less sophisticated than water-based sprinkler systems. D. None of the answer choices are correct. - CORRECT ANSWER A. are a substitute for water-based sprinkler systems. CORRECT The correct answer is "are a substitute for water-based sprinkler systems." In a dry pipe sprinkling system, water is not present in the pipes and only flows when the system is activated. INCORRECT The other answer choices are incorrect. Dry pipe systems are more sophisticated compared to water-based sprinkler systems. Dry pipe systems reduce the likelihood of accidental water discharge because they discharge water only when needed. An IS auditor is recommending the use of raised flooring in the data center. Which of the following risks is PRIMARILY mitigated by raised flooring? A. Protection from electrical surges B. Guarding the equipment from lightning C. Flood damage D. Employees can step on the raised floor in the event of a fire. - CORRECT ANSWER C. Flood damage CORRECT The correct answer is "flood damage." Data center facilities are usually built a certain height above the ground level to prevent floodwater on the ground from coming in contact with the IT hardware assets such as servers. INCORRECT The other answer choices are incorrect as raised flooring does not protect against electrical surges and lightning. In case of a fire, employees should exit the facility instead of stepping on the raised floor. Which of the following is considered inappropriate when designing physical access controls at a facility? A. All employees can access all areas of the facility. B. The data center is located in the center of the physical facility. C. Work and visitor areas are physically separated. D. Teams that perform confidential functions are located in additionally secured areas. - CORRECT ANSWER A. All employees can access all areas of the facility. CORRECT The correct answer is "all employees can access all areas of the facility." Physical access should be granted based on job responsibilities, and access to highly sensitive areas should be restricted. INCORRECT The answer choice "work and visitor areas are physically separated" is incorrect; this is a required control to restrict visitors' access to the facility. An employee should always escort visitors. The answer choice "teams that perform confidential functions are located in additionally secured areas" is incorrect as this is a good security practice to ensure the protection of the organization's assets. The answer choice "the data center is located in the center of the physical facility" is incorrect. The data center contains important IT assets and should be strategically located to ensure unauthorized individuals cannot easily locate the facility. An example of the drawbacks of smart cards includes a means of: A. storing user data. B. access control and data storage. C. gaining unauthorized access. D. access control. - CORRECT ANSWER C. gaining unauthorized access. CORRECT The correct answer is "gaining unauthorized access." An unauthorized person can gain access to a computer system in the absence of other strong controls. A smart card is a credit card-sized device, containing one or more integrated circuit chips, which performs the functions of a microprocessor, memory, and an input/output interface. Smart cards can be used (1) as a means of access control, (2) as a medium for storing and carrying the appropriate data, and (3) a combination of 1 and 2. INCORRECT The other answer choices (access control and storing user data) are incorrect as they are advantages of using smart cards. Since valuable data is stored on a smart card, the card is useless if lost, damaged, or forgotten. A financial services company grants individual access cards to its employees to enter and exit the office facility. Which of the following is the MAJOR risk with this control? A. Unauthorized individuals may duplicate the access card and gain access to the facility. B. Employees may lose their access cards. C. In case of a fire hazard, the evacuation process will be very slow as each employee needs to tap their card to exit the door. D. Unauthorized individuals may follow behind the employee and gain access to the facility. - CORRECT ANSWER D. Unauthorized individuals may follow behind the employee and gain access to the facility. CORRECT ANSWER: The correct answer is "unauthorized individuals may follow behind the employee and gain access to the facility." Physical piggybacking is a significant problem when access cards are used to enter the building. Employees should be educated from time to time to be alert to individual piggybacking into the facility. INCORRECT ANSWER: The answer choice "in case of a fire hazard, the evacuation process will be prolonged as each employee needs to tap their card to exit the door" is incorrect. In cases of emergency, all doors must be set to open without the need for an access card. The answer choice "unauthorized individuals may duplicate the access card and gain access to the facility" is incorrect. Usually, duplicating access cards is incredibly challenging and therefore is not a significant risk associated with the use of access cards. The answer choice "employees may lose their access cards" is incorrect. While this may be an inconvenience to employees, a replacement card can be provided to the employee. Employees must be educated to protect their access cards and that, in the event of a lost access card, they should immediately report to the appropriate team so that the lost access card be deactivated Which of the following is a simple networking device that interconnects two or more local area networks (LANs)? A. Brouter B. Bridge C. Router D. Gateway - CORRECT ANSWER B. Bridge CORRECT The correct answer is "bridge." Bridges are simple networking devices that interconnect two or more LANs. Bridges operate at the lowest network level such as the data link layer of the ISO/OSI Reference Model. Which of the following is an example of an administrative measure to defend against computer damage? A. Passwords B. Least privilege principle C. Access controls D. Audit trails - CORRECT ANSWER A. Passwords Passwords are administrative controls that help to defend against computer damage. INCORRECT Access controls are technical controls. Access controls include discretionary access controls and mandatory access controls. An audit trail is the collection of data that provides a trace of user actions so that security events can be traced to the actions of a specific individual. To fully implement an audit trails program, audit reduction and analysis tools are also required. Least privilege is a concept that deals with limiting damage through the enforcement of separation of duties. It refers to the principle that users and processes should operate with no more privileges than those needed to perform the duties of the role they are currently assuming. Which of the following is most effective for encrypting data on mobile devices? A. Blowfish algorithm B. Data encryption standard C. Advanced encryption standard D. Elliptic curve cryptography - CORRECT ANSWER D. Elliptic curve cryptography Elliptic-curve cryptography (ECC) is correct. The elliptic curve requires significantly shorter keys and limited bandwidth resources and is suitable for encrypting mobile devices. INCORRECT -The data encryption standard (DES) uses less processing power compared to the advanced encryption standard (AES), but the elliptic curve is an asymmetric algorithm and is most effective for a mobile device. -The advanced encryption standard (AEA) is a symmetric algorithm and has the problem of key management and distribution. -The blowfish algorithm consumes too much processing power. Blowfish is an encryption algorithm that can be used as a replacement for the DES algorithm or IDEA (International Data Encryption Algorithm). The elliptic curve is an asymmetric algorithm and is most effective for a mobile device. Which of the following types of penetration testing is the MOST expensive? A. Targeted testing B. Internal testing C. External testing D. Blind testing - CORRECT ANSWER D. Blind testing CORRECT The correct answer is "blind testing" In blind testing, the tester has very limited or no knowledge at all about the target system. Testing is usually expensive as the tester has to perform research on the target system based on publicly available information. INCORRECT The other answer choices are incorrect as targeted, internal, and external testing are less expensive than penetration testing. Allan, an IS auditor, is reviewing an organization's data center facility. Which of the following is the MOST significant concern for Allan? A. The fire suppression system uses carbon dioxide. B. The use of dry pipe sprinkling systems C. The use of water-based sprinkler systems D. A team of security guards monitors the data center entrance and exit. - CORRECT ANSWER A. The fire suppression system uses carbon dioxide. CORRECT The correct answer is "the fire suppression system uses carbon dioxide." Carbon dioxide is hazardous to human life as it can cause suffocation when sprayed or leaked Which of the following is the PRIMARY risk when a "backdoor" is installed in a software vendor product? A. The vendor may disconnect software, leaving the client unable to use the software. B. Remote maintenance C. Remote monitoring D. Unauthorized user entry - CORRECT ANSWER D. Unauthorized user entry The correct answer is "unauthorized user entry." Some vendors may install a "backdoor" or "trapdoor" entry for remote monitoring and maintenance purposes. The backdoor provides a convenient approach to the vendor to solve operational problems. However, the backdoor is a wide-open door for hackers. Additionally, the vendor may modify the software without the client organization's knowledge or permission. INCORRECT -Remote monitoring and remote maintenance are part of the vendor's activities to help the client operate the software smoothly and resolve software issues. -The vendor may disconnect software, leaving the client unable to use the software: While this is a concern for the client using the software, this may be required as a penalty for nonpayment or disputes in payment. Which of the following ISO/OSI layers provides both confidentiality and data integrity services? A. Presentation B. Data link C. Application D. Physical - CORRECT ANSWER C. Application The correct answer is "application." The application layer provides for internetworking between application processes in end systems The basis of all security work within the ISO (International Standards Organization) is the OSI (Open Systems Interconnection ) security architecture. This standard provides text and definitions that cover (1) security attacks relevant to open systems, (2) general architectural elements that can be used to thwart such attacks, and (3) circumstances under which the security elements can be used. The application layer is the only layer listed in the question that provides both confidentiality and data integrity services. The application layer provides services such as file transfer protocols (FTP) directly to users. Which of the following cryptographic security services for email and electronic messaging applications is provided by S/MIME? A. Nonrepudiation B. Authentication and message integrity C. Data encryption D. All of the answer choices are correct. - CORRECT ANSWER D. All of the answer choices are correct. All of the answer choices are correct. S/MIME provides the following cryptographic security services for email and electronic messaging applications: Authentication Message integrity Nonrepudiation of origin (using digital signatures) Privacy Data security (using encryption) Which of the following is a prerequisite to data classification? a. Having in-house data classification experts b. Notifying affected customers c. Identifying all information assets and creating a complete inventory of such assets d. None of the answer choices are correct. - CORRECT ANSWER c. Identifying all information assets and creating a complete inventory of such assets The correct answer is "identifying all information assets and creating a complete inventory of such assets." Before an organization can begin the data classification process, an inventory of all assets needs to be created. What is a cryptographic system? A. Hardware used in data encryption B. A prerequisite to data classification C. A type of anti-malware D. A collection of software and hardware that can encrypt or decrypt information - CORRECT ANSWER D. A collection of software and hardware that can encrypt or decrypt information The correct answer is "a collection of software and hardware that can encrypt or decrypt information." This process generally involves finding weaknesses in implementation, enabling an attacker to find the secret key or an equivalent algorithm for encryption and decryption that does not require knowing the secret key used. The other answer choices are not related to a cryptographic system. Which of the following controls is best suited for a user to establish a secure intranet connection over the internet? A. Install encrypted routers B. Implement password controls to the private web server C. Install encrypted firewalls D. Use virtual private network (VPN) software - CORRECT ANSWER D. Use virtual private network (VPN) software The correct answer is "use virtual private network (VPN) software." VPN software provides an encrypted connection across the internet and can also provide other controls such as preventing other connections while VPN is active. VPNs can also provide flexible solutions, such as securing communications between remote telecommuters and the organizations' servers, regardless of where the telecommuters are located. A VPN can even be established within a single network to protect particularly sensitive communications from other parties on the same network. INCORRECT The other answer choices are incorrect: Encrypted firewalls and encrypted routers are effective controls, but these are not the best controls to establish a secure internet connection. Private tunnels can be created over the internet using encryption devices, encrypting firewalls, or encrypting routers. Implementing password controls to the private web server for each user is a weak control because password administration would be difficult, if not an impossible task. Group passwords would not be effective either. In public key infrastructure (PKI), the registration authority is responsible for: A. receiving and validating requests for digital certificates and public/private key pairs. B. performing other certificate lifecycle management functions (certificate revocation). C. securely storing all the certificates that are requested, received, and revoked by both the certificate authority and the registration authority. D. All of the answer choices are correct. - CORRECT ANSWER D. All of the answer choices are correct. All of the answer choices are correct. A registration authority (RA) is an organization that is responsible for receiving and validating requests for digital certificates and public/private key pairs. The RA is authorized by the certificate authority (CA). It is also responsible for performing other certificate lifecycle management functions (certificate revocation). All the certificates that are requested, received, and revoked by both the certificate authority and registration authority are stored in an encrypted certificate database. Which of the following is NOT a property of S/MIME? A. Least privilege access B. Nonrepudiation C. Authentication D. Message integrity - CORRECT ANSWER A. Least privilege access CORRECT The correct answer is "least privilege access." Least privilege access is an important security principle and means granting the minimum permission required for a user account to enable the account holder (user) to perform his/her duties. Least privilege, however, is not a property of Secure/Multipurpose Internet Mail Extensions (S/MIME), which is concerned with message authentication, integrity, nonrepudiation, and security/privacy. Which of the following is an example of single point of failure when accessing an application? A. Multiple passwords B. Single sign-on C. Multifactor authentication D. Redundancy - CORRECT ANSWER B. Single sign-on The correct answer is "single sign-on." This is an example of single point of failure because if the sign-on system is compromised, the entire system is exposed to unauthorized parties. INCORRECT The other answer choices are incorrect: -Multifactor authentication and multiple passwords are examples of multiple points of failure since the perpetrator will require more than one password or a combination of a password and a second piece of authentication (such as mobile-generated code or an answer to a secret question) before getting access to the network. -Redundancy offers failover to avoid single point of failure. A digital envelope uses: A. neither symmetric encryption nor asymmetric encryption. B. both symmetric and asymmetric encryption. C. only asymmetric encryption. D. only symmetric encryption. - CORRECT ANSWER B. both symmetric and asymmetric encryption. The correct answer is "both symmetric and asymmetric encryption." A digital envelope uses both secret-key (symmetric) and public-key (asymmetric) encryption. It is the electronic equivalent of putting your message/document in a sealed envelope for privacy and resistance to tampering. Which of the following is an example of a corrective control? A. Deadman doors B. Water sprinkler systems C. Smoke detectors D. Lock keys - CORRECT ANSWER B. Water sprinkler systems CORRECT The correct answer is "water sprinkler systems." A water sprinkler system is activated and sprays water on a fire to extinguish it, and hence is a corrective control. INCORRECT Lock keys and deadman doors are preventive controls as they are meant to prevent unauthorized personnel from entering the facility. Smoke detectors are a detective control as they detect smoke and activate fire suppression controls. Which of the following is the weakest link in information security? A. People B. Software C. Hardware D. Networks - CORRECT ANSWER A. People The correct answer is "people." People are usually recognized as one of the weakest links in securing systems and data. People have emotions, memory loss, disinterest in work, low motivation levels to excel, or greed, which may adversely impact information security. User behavior is a critical driver in implementing an effective security program in an organization. Altering users' existing behavior requires an organization to implement an environment where users are aware of and take responsibility for keeping a company's IT assets and data secure. The principle of least privilege refers to the security objective of granting users only those accesses they need to perform their job duties. Which of the following is a result of employees maintaining access rights for previously held positions? A. Users have little access to systems B. Users have significant access to systems C. Reauthorization when employees change positions D. Authorization creep - CORRECT ANSWER D. Authorization creep CORRECT The correct answer is "authorization creep." This occurs when employees continue to maintain access rights for previously held positions within an organization. This practice is inconsistent with the principle of least privilege. INCORRECT The other options are incorrect. Reauthorization when employees change positions, users having little access to systems, and users having significant access to systems are consistent with the principle of least privilege. -Reauthorization will eliminate authorization creep, and it does not matter how much users have access to the system if their access is based on the need to know. When users have little access to systems, it means granting access is based on a need-to-know basis. -Users have significant access to systems means that users have privileged (superuser) access to the system. What is the main drawback of the RSA algorithm? A. The complexity of the calculations involved and the time needed to complete them B. Key exchange is difficult. C. It is no longer supported by the creators of the algorithm. D. All of the answer choices are correct. - CORRECT ANSWER A. The complexity of the calculations involved and the time needed to complete them The correct answer is "the complexity of the calculations involved and the time needed to complete them." As malicious actors get better at tools and techniques used to break the encryption, longer keys should be used to strengthen the algorithm. When the key length is increased, the computation becomes more complex and takes longer to complete. Jack is a college dropout who is looking for passwords without the assistance of a software program or tool. Which of the following techniques should Jack use? A. War dialing B. Eavesdropping C. Alteration attack D. Social engineering - CORRECT ANSWER D. Social engineering The correct answer is "social engineering." Social engineering uses persuasion and/or deception to gain access to IT systems. It is typically implemented through human interaction over the phone or by email. Examples of social engineering include impersonation through a telephone call or email, dumpster diving, and shoulder surfing. The best way to prevent and defend against social engineering attacks is to implement a robust security awareness program to ensure staff are educated about social engineering attacks. INCORRECT The other answer choices are incorrect as they require the use of a computer software or tool: Eavesdropping is a passive attack whereby an intruder taps into communication traffic to acquire sensitive data (e.g., credit card numbers). An alteration attack occurs when a program code is altered without authorization, hence impacting the code integrity. The war dialing technique involves dialing all possible telephone numbers in a particular area code to locate active modems and computers. Perpetrators use war dialing for various reasons, including guessing user IDs by listening to voicemail greetings or finding modems that potentially help access an IT network. Digitally signing and publishing the public keys is primarily related to which PKI component? A. Public key attestation B. Publishing authority C. Certificate authority D. Registration authority - CORRECT ANSWER C. Certificate authority The correct answer is certificate authority (CA). The primary role of the CA is to digitally sign and publish the public key bound to a given organization. INCORRECT The other answer choices are incorrect: A registration authority is an organization that is responsible for receiving and validating requests for digital certificates and public/private key pairs. Publishing authority and public key attestation are made-up terms and therefore not relevant to the role of signing and publishing public keys in public key infrastructure (PKI). The business owner of a new application has requested that the different types of reports be viewed on a "need to know" basis. Which of the following access control methods would be the MOST effective to achieve this request? A. Discretionary B. Rule-based C. Role-based (RBAC) D. Single sign-on - CORRECT ANSWER C. Role-based (RBAC) The correct answer is "role-based." Role-based access control (RBAC) restricts access according to job roles and responsibilities. RBAC would be the best method to view reports on a need-to-know basis for authorized users. Access control decisions are based on the roles individual users are taking in an organization. These include the specification of duties, responsibilities, obligations, and qualifications (e.g., a teller or loan officer associated with a banking system). Which of the following login procedures provides the strongest security control when using a smart card with a template? A. Transmitting a positive response to the workstation in place of the cryptographic handshake B. Cryptographic handshake after successful comparison with the workstation C. Transmitting a negative response to the workstation in place of the cryptographic handshake D. Encrypting the current date and time and transmitting this value to the workstation - CORRECT ANSWER D. Encrypting the current date and time and transmitting this value to the workstation The correct answer is "encrypting the current date and time and transmitting this value to the workstation." No two encryptions contain the same date and time, so playback attempts could be easily detected. When a user wishes to log onto the system, they insert their smart card into a reader/writer attached to a workstation. The user then provides a live fingerprint scan through the scanning mechanism built into the reader/writer. The reader/writer sends the live scan to the smart card, which compares it to the template stored during enrollment. If the comparison is successful, the smart card engages the workstation in a cryptographic handshake, using its key shares with the workstation. INCORRECT The other answer choices are incorrect: The cryptographic handshake occurs after successful comparison with the template. An alternative to the cryptographic handshake would be for the card to transmit a straightforward positive signal to the workstation. However, suppose the smart card transmitted a simple positive/negative response to the workstation in place of the cryptographic handshake. In that case, an attacker might be able to duplicate the positive response and gain unauthorized access to the system. Which of the following is an advantage of asymmetric key cryptography? A. Its execution is very fast. B. It is an out-of-band exchange. C. It is relatively easy to distribute keys. D. Both keys are the same. - CORRECT ANSWER C. It is relatively easy to distribute keys. The correct answer is "it is relatively easy to distribute keys." Asymmetric encryption is a type of encryption that uses two separate yet mathematically related keys: the "public key" and the "private key." Typically, the public key is used to encrypt data, and its corresponding private key is used to decrypt it. Thus, this encryption method is also known as public‐key encryption, public‐key cryptography, and asymmetric‐key encryption. The public key is typically available to everyone and can be used to encrypt data. INCORRECT The answer choice "both keys are the same" is incorrect as asymmetric encryption is a type of encryption that uses two separate yet mathematically related keys: the "public key" and the "private key." -Typically, the public key is used to encrypt data, and its corresponding private key is used to decrypt it. The answer choice "it is an out-of-band exchange" is incorrect as asymmetric encryption is an in-band exchange. -The answer choice "its execution is very fast" is incorrect as the execution of asymmetric encryption is slow. Which of the following is NOT part of the TLS handshake? A. The server picks a cipher and hash function that it also supports from this list and notifies the client of the decision. B. The server always checks and confirms the validity of the client certificate. C. The client always checks and confirms the validity of the server certificate. D. The client requests a secure connection from the server and presents a list of supported cipher suites. - CORRECT ANSWER B. The server always checks and confirms the validity of the client certificate. The correct answer is "the server always checks and confirms the validity of the client certificate." Client certificate validation is an optional part of the Transport Layer Security (TLS) handshake and does not happen all the time. INCORRECT The other answer choices are part of the TLS handshake. The handshake begins when a client connects to a TLS-enabled server requesting a secure connection, and the client presents a list of supported cipher suites. The cipher suite consists of a code representing four parameters: the authentication algorithm, critical exchange method, encryption cipher and hashing algorithm. Which of the following open system interconnection (OSI) layers provides nonrepudiation services? A. Data link B. Transport C. Application D. Presentation - CORRECT ANSWER C. Application The correct answer is "application." The application layer provides nonrepudiation services, meaning that entities involved in a communication cannot deny having participated. It is a technique that ensures genuine communication and cannot subsequently be negated. Regarding voice over Internet Protocol (VoIP), packet loss can result from which of the following? A. Latency B. Wireless C. Wide bandwidth D. Speed - CORRECT ANSWER A. Latency CORRECT The correct answer is latency. The latency often associated with tasks in data networks will not be tolerated in VoIP. INCORRECT Wireless is not a factor for packet loss, and VoIP works fine over a good wireless connection. Every facet of network traversal must be completed quickly in VoIP, so speed is not an issue. Wide bandwidth, like speed, will improve communication. The web server can best be authenticated by which of the following? A. Transport Layer Security (TLS) B. Transport Control Protocol (TCP) C. Internet Protocol (IP) D. Hypertext Transfer Protocol (HTTP) - CORRECT ANSWER A. Transport Layer Security (TLS) The correct answer is Transport Layer Security (TLS). The TLS protocol can be configured to authenticate the web server or to authenticate both the server and the client. Authentication in TLS is performed as part of the handshaking protocol. A digital certificate, issued by a third party, is involved here to indicate that both the web client and the web server can be trusted. INCORRECT "Transport Control Protocol (TCP)" and "Internet Protocol (IP)" are incorrect because TCP/IP is the standard internet protocol and is not used to authenticate the web server. "Hypertext Transfer Protocol (HTTP)" is incorrect because HTTP does not provide any secure properties such as authentication for web sessions. Which of the following describes a software as a service (SaaS) cloud-based service shared by a limited number of organizations? A. Hybrid B. Private C. Community D. Public - CORRECT ANSWER C. Community The correct answer is "community." A community cloud provides a cloud computing solution to a limited number of organizations. This deployment model is a multi-tenant platform that enables multiple entities to work on the same platform. Which of the following statements does NOT correctly describe the certificate authority (CA)? A. The CA is used to authenticate the digital identities of the users and/or machines. B. The CA uses its own private key to sign the public keys. C. The primary role of the CA is to digitally sign and publish the public key bound to a given organization. D. The CA uses its own public key to sign the private keys. - CORRECT ANSWER D. The CA uses its own public key to sign the private keys. The correct answer is "the CA uses its own public key to sign the private keys." The CA uses its own private key to sign the public keys. David is an IS auditor who discovers that the password control configuration is more rigorous for business users than IT administrators. Which of the following is the IMMEDIATE action for David to take? A. Document the discovery as an exception in the audit report. B. Recommend that all password configuration settings be identical. C. Recommend that logs of IT administrator access are reviewed regularly. D. Validate whether this is a policy violation. - CORRECT ANSWER D. Validate whether this is a policy violation. The correct answer is to validate whether this is a policy violation. David needs to validate whether the approved policy was followed and appropriate approvals were granted in this situation, and he should also document his observation. elecommuting from home requires special considerations to ensure integrity and confidentiality of corporate data accessed by employees. Which of the following is an effective control? A. Logging and monitoring B. Virtual private network (VPN) C. Firewalls D. Browser encryption - CORRECT ANSWER B. Virtual private network (VPN) The correct answer is virtual private network (VPN). For a remote access VPN to be as secure as possible, the traffic should be both encrypted and integrity-protected. Without encryption, an unauthorized person could access the data, and without integrity protection, encrypted traffic is susceptible to attacks and modification of data. INCORRECT Logging and monitoring are the security services by which the use of all levels of access attempts are logged and reported, and therefore are not effective controls. A firewall can be turned off and is not an effective control for employees' remote access. Browser encryption does not provide a control for data used and stored at home. The web browser creates a session key, encrypts it with the server's public key, and sends the encrypted key to the server. The server uses its private key to decrypt the session key. The client and server use the session key to encrypt further communications. Browser encryption helps to capture and secure data entered into the website before it reaches the internal systems. Which of the following is an effective means of preventing and detecting computer viruses? A. Train all employees about potential risks B. Install an antivirus program on network servers C. Only company-certified portable storage devices should be used. D. Install an antivirus program on each personal computer - CORRECT ANSWER B. Install an antivirus program on network servers The correct answer is "install an antivirus program on each personal computer." Virus scanning programs are effective against viruses that have been reported, usually have additional features to protect the computer, and provide the best protection against viruses. Virus protection software does not provide 100% protection (for example, against new viruses or viruses written to attack a specific organization), so it is essential to also provide awareness training for employees. INCORRECT The answer choice "install an antivirus program on network servers" is incorrect. While installing an antivirus program on network servers is a good practice, employees' personal computers frequently connect directly to the network and can become infected with a virus. The server's antivirus program would not prevent this common method of infection. The answer choice "train all employees about potential risks" is incorrect. Trained employees alone cannot prevent or detect computer viruses. The answer choice "only company-certified portable storage devices should be used" is incorrect. Viruses are primarily downloaded through the internet nowadays and not only through portable storage media. Which of the following is the PRIMARY benefit of security awareness, training, and education programs? A. Improving employee behavior B. Reducing unauthorized actions C. Reducing errors and omissions D. Reducing fraud - CORRECT ANSWER A. Improving employee behavior The correct answer is "improving employee behavior." User behavior is a critical driver in implementing an effective security program in an organization. Altering users' existing behavior requires an organization to implement an environment where users are aware of and take responsibility for keeping a company's IT assets and data secure. The other answer choices are incorrect as a reduction in fraud, unauthorized actions, errors, and omissions happens due to a change in user behavior. Which of the following open system interconnection (OSI) layers establishes, manages, and terminates connections between applications? A. Transport B. Presentation C. Session D. Network - CORRECT ANSWER C. Session The correct answer is "session." The session layer establishes, manages, and terminates connections between applications, and provides checkpoint recovery services. It helps users interact with the system and other users. INCORRECT The presentation layer provides authentication and confidentiality services. It defines and transforms the format of data to make it useful to the receiving application. It provides a common means of representing a data structure in transit from one end system to another. The transport layer provides confidentiality, authentication, dat