Exam (elaborations)
CISA Practice Questions And Answers Latest Update
- Course
- Institution
CISA Practice Questions And Answers Latest Update
[Show more]
Seller
Follow
Schoolflix
Reviews received
Content preview
CISA Practice Questions And AnswersLatest Update
In a public key infrastructure (PKI), which of the following may be relied upon to
prove that an online transaction was authorized by a specific customer?
Correct A. Nonrepudiation
B. Encryption
C. Authentication
D. Integrity
. - correct answers You are correct, the answer is A.
A. Nonrepudiation, achieved through the use of digital signatures, prevents the
senders from later denying that they generated and sent the message.
B. Encryption may protect the data transmitted over the Internet, but may not
prove that the transactions were made.
C. Authentication is necessary to establish the identification of all parties to a
communication.
,D. Integrity ensures that transactions are accurate but does not provide the
identification of the customer
Which of the following BEST ensures the integrity of a server's operating system
(OS)?
A. Protecting the server in a secure location
B. Setting a boot password
Correct C. Hardening the server configuration
D. Implementing activity logging - correct answers You are correct, the answer is
C.
A. Protecting the server in a secure location is a good practice, but does not
ensure that a user will not try to exploit logical vulnerabilities and compromise the
operating system (OS).
B. Setting a boot password is a good practice, but does not ensure that a user will
not try to exploit logical vulnerabilities and compromise the OS.
C. Hardening a system means to configure it in the most secure manner (install
latest security patches, properly define access authorization for users and
administrators, disable insecure options and uninstall unused services) to prevent
,nonprivileged users from gaining the right to execute privileged instructions and,
thus, take control of the entire machine, jeopardizing the integrity of the OS.
D. Activity logging has two weaknesses in this scenario—it is a detective control
(not a preventive one), and the attacker who already gained privileged access can
modify logs or disable them.
The IS auditor is reviewing an organization's human resources (HR) database
implementation. The IS auditor discovers that the database servers are clustered
for high availability, all default database accounts have been removed and
database audit logs are kept and reviewed on a weekly basis. What other area
should the IS auditor check to ensure that the databases are appropriately
secured?
A. Database digital signatures
Incorrect B. Database encryption nonces and other variables
C. Database media access control (MAC) address authentication
D. Database initialization parameters - correct answers You answered B. The
correct answer is D.
A. Digital signatures are used for authentication and nonrepudiation, and are not
commonly used in databases. As a result, this is not an area in which the IS auditor
should investigate.
, B. A nonce is defined as a "parameter that changes over time" and is similar to a
number generated to authenticate one specific user session. Nonces are not
related to database security (they are commonly used in encryption schemes).
C. A media access control (MAC) address is the hardware address of a network
interface. MAC address authentication is sometimes used with wireless local area
network (WLAN) technology, but is not related to database security.
D. When a database is opened, many of its configuration options are governed by
initialization parameters. These parameters are usually governed by a file
("init.ora" in the case of Oracle DBMS), which contains many settings. The system
initialization parameters address many "global" database settings, including
authentication, remote access and other critical security areas. To effectively audit
a database implementation, the IS auditor must examine the database
initialization parameters.
Which of the following processes will be MOST effective in reducing the risk that
unauthorized software on a backup server is distributed to the production server?
A. Manually copy files to accomplish replication.
B. Review changes in the software version control system.
Incorrect C. Ensure that developers do not have access to the backup server.
D. Review the access control log of the backup server. - correct answers You
answered C. The correct answer is B.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Schoolflix. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73091 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now