CISA: Domain #2, Part A: IT Governance
All documents for this subject (37)
Seller
Follow
lydiaomutho
Content preview
CISA - Domain 4 Questions
An IS auditor discovers that the chief information officer (CIO) of an organization is
using a wireless broadband modem using global system for mobile communications
(GSM) technology. This modem is being used to connect the CIO's laptop to the
corporate virtual private network when the CIO travels outside of the office. The IS
auditor should:
a) do nothing because the inherent security features of GSM technology are
appropriate.
b) recommend that the CIO stop using the laptop computer until encryption is enabled.
c) ensure that media access control address filtering is enabled on the network so
unauthorized wireless users cannot connect.
d) suggest that two-factor authentication be used over the wireless link to prevent
unauthorized communications. - ANS-Do nothing because the inherent security features
of GSM technology are appropriate is correct. The inherent security features of global
system for mobile communications (GSM) technology combined with the use of a virtual
private network (VPN) are appropriate. The confidentiality of the communication on the
GSM radio link is ensured by the use of encryption and the use of a VPN signifies that
an encrypted session is established between the laptop and the corporate network.
GSM is a global standard for cellular telecommunications that can be used for both
voice and data. Currently deployed commercial GSM technology has multiple
overlapping security features which prevent eavesdropping, session hijacking or
unauthorized use of the GSM carrier network. While other wireless technologies such
as 802.11 wireless local area network (LAN) technologies have been designed to allow
the user to adjust or even disable security settings, GSM does not allow any devices to
connect to the system unless all relevant security features are active and enabled.
Recommend that the chief information officer (CIO) stop using the laptop computer until
encryption is enabled is incorrect. Because the CIO is using a VPN it can be assumed
that encryption is enabled in addition to the security features in GSM. In addition, VPNs
will not allow the transfer of data for storage on the remote device (such as the CIO's
laptop).
Ensure that media access control (MAC) address filtering is enabled on the network so
unauthorized wireless users cannot connect is incorrect. MAC filtering can be used on a
wireless LAN but does not apply to a GSM network device.
Suggest that two-factor authentication be used over the wireless link to prevent
unauthorized communications is incorrect. Because the GSM network is being used
rather than a wireless LAN, it is not poss
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lydiaomutho. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.