ISACA CISA Exam Dumps - PDF Questions and Testing Engine
Latest CISA Exam Dumps for Pass Guaranteed
The benefits of Obtaining the ISACA CISA Exam Certification
ISACA CISA certification is often preferred by employers. You can have many benefits of obtaining the ISACA CISA exam by doing preparation from ISACA CISA Dumps. Candidates who have obtained any of the following certifications are eligible to apply for the CISA credential: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Software Development Asset Manager(CSDAM), International Information Systems Security Certification Consortium's Certified Internet Webmaster.
Topics of ISACA CISA Certification Exam
The CISA certification exam covers the following topics like Regulation and manage, Information Security Governance and Risk Management, Technology Infrastructure Security, Access Control and Identity Management, Cryptography and Data Security, Information Assurance and Information Lifecycle Management, Information System Audit and Control, Incident Handling and Incident Response, Computer Forensics and Incident Response, Communications Security (CISSP certification exam only) and Computer Networking Defense (CNSSP certification exam only).
NEW QUESTION 161
You may reduce a cracker's chances of success by:
(Choose all that apply.)
- A. using multiple firewalls and IDS.
- B. None of the choices.
- C. keeping your systems up to date using a security scanner.
- D. hiring competent people responsible for security to scan and update your systems.
- E. using multiple firewalls.
Answer: C,D
Explanation:
Section: Protection of Information Assets
Explanation:
Only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it is quite possible for a determined cracker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. You may reduce a cracker's chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security.
NEW QUESTION 162
Which of the following attack involves slicing small amount of money from a computerize transaction or account?
- A. Masquerading
- B. Salami
- C. Eavesdropping
- D. Traffic Analysis
Answer: B
Explanation:
Explanation/Reference:
Salami slicing or Salami attack refers to a series of many small actions, often performed by clandestine means, that as an accumulated whole produces a much larger action or result that would be difficult or unlawful to perform all at once. The term is typically used pejoratively. Although salami slicing is often used to carry out illegal activities, it is only a strategy for gaining an advantage over time by accumulating it in small increments, so it can be used in perfectly legal ways as well.
An example of salami slicing, also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected.
In information security, a salami attack is a series of minor attacks that together results in a larger attack.
Computers are ideally suited to automating this type of attack.
The following answers are incorrect:
Eavesdropping - is the act of secretly listening to the private conversation of others without their consent, as defined by Black's Law Dictionary. This is commonly thought to be unethical and there is an old adage that "eavesdroppers seldom hear anything good of themselves...eavesdroppers always try to listen to matters that concern them." Traffic analysis - is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence, counter-intelligence, or pattern-of-life analysis, and is a concern in computer security.
Masquerading - A masquerade attack is an attack that uses a fake identity, such as a network identity, to gain unauthorized access to personal computer information through legitimate access identification. If an authorization process is not fully protected, it can become extremely vulnerable to a masquerade attack.
Masquerade attacks can be perpetrated using stolen passwords and logons, by locating gaps in programs, or by finding a way around the authentication process. The attack can be triggered either by someone within the organization or by an outsider if the organization is connected to a public network. The amount of access masquerade attackers get depends on the level of authorization they've managed to attain. As such, masquerade attackers can have a full smorgasbord of cybercrime opportunities if they've gained the highest access authority to a business organization. Personal attacks, although less common, can also be harmful.
The following reference(s) were/was used to create this question:
http://searchfinancialsecurity.techtarget.com/definition/eavesdropping
http://en.wikipedia.org/wiki/Salami_slicing
http://en.wikipedia.org/wiki/Eavesdropping
http://en.wikipedia.org/wiki/Traffic_analysis
http://www.techopedia.com/definition/4020/masquerade-attack
NEW QUESTION 163
Which of the following would be MOST impacted if an IS auditor were to assist with the implementation of recommended control enhancements?
- A. Integrity
- B. Materiality
- C. Independence
- D. Accountability
Answer: C
NEW QUESTION 164
An IS audit reveals an organization's IT department reports any deviations from its security standards to an internal IT risk committee involving IT senior management. Which of the following should be the IS auditor's GREATEST concern?
- A. The chief information officer (CIO) did not attend a number of IT risk committee meetings during the past year.
- B. The IT risk committee meeting minutes are not signed off by all participants.
- C. The list of IT risk committee members does not include the board member responsible for IT.
- D. The IT risk committee has no reporting line to any governance committee outside IT.
Answer: D
NEW QUESTION 165
A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them.
zombie computers are being HEAVILY relied upon on by which of the following types of attack?
- A. DDoS
- B. None of the choices.
- C. ATP
- D. Eavedropping
- E. DoS
- F. Social Engineering
Answer: A
Explanation:
Explanation/Reference:
Explanation:
Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (""zombie computers"") are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion.
NEW QUESTION 166
Active radio frequency ID (RFID) tags are subject to which of the following exposures?
- A. Session hijacking
- B. Malicious code
- C. Phishing
- D. Eavesdropping
Answer: D
Explanation:
Section: Protection of Information Assets
Explanation:
Like wireless devices, active RFID tags are subject to eavesdropping. They are by nature not subject to
session hijacking, malicious code or phishing.
NEW QUESTION 167
An IS auditor reviewing a new application for compliance with information privacy principles should be the MOST concerned with:
- A. nonrepudiation
- B. availability
- C. awareness
- D. collection limitation
Answer: D
Explanation:
Section: The process of Auditing Information System
NEW QUESTION 168
Applying a retention date on a file will ensure that:
- A. data cannot be read until the date is set.
- B. datasets having the same name are differentiated.
- C. data will not be deleted before that date.
- D. backup copies are not retained after that date.
Answer: C
Explanation:
A retention date will ensure that a file cannot be overwritten before that date has passed. The retention date will not affect the ability to read the file. Backup copies would be expected to have a different retention date and therefore may be retained after the file has been overwritten. The creation date, not the retention date, will differentiate files with the same name.
NEW QUESTION 169
The reliability of an application system's audit trail may be questionable if:
- A. user IDs are recorded in the audit trail.
- B. the security administrator has read-only rights to the audit file.
- C. users can amend audit trail records when correcting system errors.
- D. date and time stamps are recorded when an action occurs.
Answer: C
Explanation:
Explanation/Reference:
Explanation:
An audit trail is not effective if the details in it can be amended.
NEW QUESTION 170
Which of the following is the PRIMARY risk when business units procure IT assets without IT involvement?
- A. System inventory becomes inaccurate.
- B. The business units want IT to be responsible for maintenance costs
- C. Data security requirements are not considered.
- D. Corporate procurement standards are not followed
Answer: A
NEW QUESTION 171
When should an application-level edit check to verify that availability of funds was completed at the electronic funds transfer (EFT) interface?
- A. Before transaction completion
- B. Before an EFT is initiated
- C. Immediately after an EFT is initiated
- D. During run-to-run total testing
Answer: B
Explanation:
Explanation/Reference:
An application-level edit check to verify availability of funds should be completed at the electronic funds transfer (EFT) interface before an EFT is initiated.
NEW QUESTION 172
Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility?
- A. Reading the security policy
- B. Logical access controls
- C. Security awareness
- D. Security committee
Answer: B
Explanation:
Section: Protection of Information Assets
Explanation:
To retain a competitive advantage and meet basic business requirements, organizations must ensure that the integrity of the information stored on their computer systems preserve the confidentiality of sensitive data and ensure the continued availability of their information systems. To meet these goals, logical access controls must be in place. Awareness (choice A) itself does not protect against unauthorized access or disclosure of information. Knowledge of an information systems security policy (choice B), which should be known by the organization's employees, would help to protect information, but would not prevent the unauthorized access of information. A security committee (choice C) is key to the protection of information assets, but would address security issues within a broader perspective.
NEW QUESTION 173
Which of the following is a substantive test procedure?
- A. Test of invoice calculation process
- B. Observing that user IDs and passwords are required to sign on to the online system
- C. verifying that appropriate approvals are documented m a sample of program changes
- D. Using audit software to verify The total of an accounts receivable file
Answer: A
NEW QUESTION 174
An IS auditor discovers an option in a database that allows the administrator to directly modify any table This option is necessary to overcome Dugs in the software, but is rarely used Changes to tables are automatically logged The IS auditors FIRST action should be to:
- A. determine whether the log of changes lo the tables is backed up
- B. determine whether the audit trail is secured and reviewed
- C. recommend that the option to directly modify the database be removed immediately
- D. recommend that the system require two persons to be involved in modifying the database
Answer: B
NEW QUESTION 175
Which of the following is the BEST source of information when assessing the amount of time a project will
take?
- A. Workforce estimate
- B. Critical path analysis
- C. Scheduling budget
- D. GANTT chart
Answer: D
Explanation:
Section: Information System Acquisition, Development and Implementation
NEW QUESTION 176
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm it in place?
- A. The default administration account is used after changing the account password.
- B. The default configurations have been changed.
- C. All tables in the database are normalized.
- D. The service port used by the database server has been changed.
Answer: C
Explanation:
Section: The process of Auditing Information System
NEW QUESTION 177
Why does an IS auditor review an organization chart?
- A. To identify project sponsors
- B. To optimize the responsibilities and authority of individuals
- C. To control the responsibilities and authority of individuals
- D. To better understand the responsibilities and authority of individuals
Answer: D
Explanation:
Section: Protection of Information Assets
Explanation:
The primary reason an IS auditor reviews an organization chart is to better understand the responsibilities and authority of individuals.
NEW QUESTION 178
......
Reliable Certified Information Systems Auditor CISA Dumps PDF May 06, 2023 Recently Updated Questions: https://topexamcollection.pdfvce.com/ISACA/CISA-exam-pdf-dumps.html