Domain 5 (CISA Review Questions, Answers & Explanations
Manual, 12th Edition | Print | English)
Web application developers sometimes use hidden fields on web pages to save information about a
client session. This technique is used, in some cases, to store session variables that enable persist...
Domain 5 (CISA Review Questions, Answers & Explanations
Manual, 12th Edition | Print | English)
Web application developers sometimes use hidden fields on web pages to save information about a
client session. This technique is used, in some cases, to store session variables that enable persistence
across web pages, such as maintaining the, contents of a shopping cart on a retail web site application.
The MOST likely web-based attack due to this practice is
A. parameter tampering.
B. cross-site scripting.
C. cookie poisoning.
D. stealth commanding.
A is the correct answer. Justification:
A. Web application developers sometimes use hidden fields to save information about a client session or
to submit hidden parameters, such as the language of the end user; to the underlying application.
Because hidden form fields do not display in the browser, developers may feel safe passing unvalidated
data in the hidden fields (to be validated later). This practice is not safe because an attacker can
intercept, modify and submit requests, which can discover information or perform functions that the
web developer never intended. The malicious modification of web application parameters is known as
parameter tampering.
B. Cross-site scripting involves the compromise of the web page to redirect users to content on the
attacker web site. The use of hidden fields has no impact on the likelihood of a cross-site scripting attack
because these fields are static content that cannot ordinarily be modified to create this type of attack.
Web applications use cookies to save session state information on the client machine so that the user
does not need to log on every time a page is visited.
C. Cookie poisoning refers to the interception and modification of session cookies to impersonate the
user or steal logon credentials. The use of hidden fields has no relation to cookie poisoning.
D. Stealth commanding is the hijacking of a web server by the installation of unauthorized code. While
the use of hidden forms may increase the risk of server compromise, the most conunon server exploits
involve vulnerabilities of the server operating system or web server.
AS-2 Which control is the BEST way to ensure that the data in a file have not been changed during
transmission?
A. Reasonableness check
B. Parity bits
C. Hash values
D. Check digits
C is the correct answer. Justification:
A. A reasonableness check is used to ensure that input data is within expected values, not to ensure
integrity of data transmission. Data can be changed and still pass a reasonableness test.
B. Parity bits are a weak form of data integrity checks used to detect errors in transmission, but they are
not as good as using a hash.
C. Hash values are calculated on the file and are very sensitive to any changes in the data values in
,the file. Thus, they are the best way to ensure that data has not changed.
D. Check digits are used to detect an error in a numeric field such as an account number and is usually
related to a transposition or transcribing error.
Previous
Play
Next
Rewind 10 seconds
Move forward 10 seconds
Unmute
0:00
/
0:15
Full screen
Brainpower
Read More
A5-3 The PRIMARY purpose of audit trails is to:
A. improve response time for users.
B. establish accountability for processed transactions.
C. improve the operational efficiency of the system.
D. provide information to auditors who wish to track transactions.
B is the correct answer.
Justification:
A. The objective of enabling software to provide audit trails is not to improve system efficiency because
it often involves additional processing which may, in fact, reduce response time for users.
B. Enabling audit trails
helps in establishing the accountability and responsibility of processed transactions by tracing
transactions through the system.
C. Enabling audit trails involves Storage and, thus, occupies disk space and may decrease operational
efficiency.
D. Audit trails are used to track transactions for various purposes, not just for audit. The use of audit
trails for IS auditors is valid; however, it is not the primary reason.
A5-4 Which of the following systems or tools can recognize that a credit card transaction is more likely
to have resulted from a stolen credit card than from the holder of the credit card?
A. Intrusion detection systems
B. Data mining techniques
,C. Stateful inspection firewalls
D. Packet filtering routers
B is the correct answer. Justification:
A. An intrusion detection system is effective in detecting network or host-based errors but not effective
in
measuring fraudulent transactions.
B. Data mining is a technique used to detect trends or patterns of transactions or data. If the historical
pattern of charges against a credit card account is changed, then it is a flag that the transaction may
have resulted from a fraudulent use of the card.
C. A firewall is an excellent tool for protecting networks and systems but not effective in detecting
fraudulent transactions.
D. A packet filtering router operates at a network level and cannot see a transaction.
A5-5 Which of the following BEST ensures the integrity of a server's operating system?
A. Protecting the server in a secure location
B. Setting a boot password
C. Hardening the server configuration
D. Implementing activity logging
C is the correct answer. Justification:
A. Protecting the server in a secure location is a good practice, but it does not ensure that a user will not
try to exploit logical vulnerabilities and compromise the operating system (OS).
B. Setting a boot password is a good practice but does not ensure that a user will not try to exploit
logical
vulnerabilities and compromise the OS.
C. Hardening a system means to configure it in the most secure manner (install latest security patches,
properly define access authorization for users and administrators, disable insecure options and uninstall
unused services) to prevent nonprivileged users from gaining the right to execute privileged instructions
and, thus, take control of the entire machine, jeopardizing the integrity of the OS.
D. Activity logging has two weaknesses in this scenario-it is a detective control (not a preventive one),
and the attacker who already gained privileged access can modify logs or disable them.
A5-6 Which of the following network components is PRIMARILY set up to serve as a security measure by
preventing unauthorized traffic between different segments of the network?
A. Firewalls
B. Routers
C. Layer 2 switches
D. Virtual local area networks
A is the correct answer.
A. Firewall systems are the primary tool that enables an organization to prevent unauthorized access
between networks. An organization may choose to deploy one or more systems that function as
firewalls.
B. Routers can filter packets based on parameters, such as source address but are not primarily a
security tool. C. Based on Media Access Control addresses, layer 2 switches separate traffic without
, determining
whether it is authorized or unauthorized traffic.
D. A virtual local area network is a functionality of some switches that allows them to control traffic
between different ports even though they are in the same physical local access network. Nevertheless,
they do not effectively deal with authorized versus unauthorized traffic.
AS-7 An IS auditor discovers that the chief information officer (CIO) of an organization is using a wireless
broadband modem using global system for mobile communications (GSM) technology. This modem is
being used to connect the CIO's laptop to the corporate virtual private network when the CIO travels
outside of the office. The IS auditor should:
A. do nothing because the inherent security features of GSM technology are appropriate.
B. recommend that the CIO stop using the laptop computer until encryption is enabled.
C. ensure that media access control address filtering is enabled on the network so unauthorized wireless
users cannot connect.
D. suggest that two-factor authentication be used over the wireless link to prevent unauthorized
communications.
A is the correct answer. Justification:
A. The inherent security features of global system for mobile communications (GSM) technology
combined with the use of a virtual private network (VPN) are appropriate. The confidentiality
of the communication on the GSM radio link is ensured by the use of encryption and the use of a VPN
signifies that an encrypted session is established between the laptop and the corporate network. GSM is
a global standard for cellular telecommunicatiens that can be used for both voice and data. Currently
deployed commercial GSM technology has multiple overlapping security features which prevent
eavesdropping, session hijacking or unauthorized use of the GSM carrier network. While other wireless
technologies such as 802.11 wireless local area network (LAN) technologies have been designed to allow
the user to adjust or even disable security settings, GSM does not allow any devices to connect to the
system unless all relevant security features are active and enabled.
B. Because the chief information officer (CIO) is using a VPN it can be assumed that encryption is
enabled in addition to the security features in GSM. In addition, VPNs will not allow the transfer of data
for storage on the remote device (such as the ClO's laptop).
C. Media access control (MAC) filtering can be used on a wireless LAN but does not apply to a GSM
network device.
D. Because the GSM network is being used rather than a wireless LAN, it is not possible to configure
settings for two-factor authentication over the wireless link. However, two-factor authentication is
recommended as it will better protect against unauthorized access than single factor authentication.
AS-8 Which of the following is the BEST way to minimize unauthorized access to unattended end - user
PC systems?
A. Enforce use of a Password protected screen saver
B. Implement proximity-based authentication system
C. Terminate user session at predefined intervals
D. Adjust power management settings so the monitor screen is blank
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CertifiedGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.39. You're not tied to anything after your purchase.
