Isaca CISA CISA Certified Information Systems Auditor Practice Test Model three. eight Isaca CISA: Practice Examination QUESTION NO: 1 IS administration has determined to rewrite a legacy buyer relations system utilizing fourth era languages (4GLs). Which of the next dangers is MOST typically related to system improvement utilizing 4GLs? A. Insufficient display screen/report design amenities B. Complicated programming language subsets C. Lack of portability throughout working programs D. Incapacity to carry out information intensive operations Reply: D Rationalization: 4GLs are normally not appropriate for information intensive operations.
As a substitute, they’re used primarily for graphic consumer interface (GUI) design or as easy question/report mills. Incorrect solutions: A, B. Display/report design amenities are one of many primary benefits of 4GLs, and 4GLs have easy programming language subsets. C. Portability can also be one of many primary benefits of 4GLs. QUESTION NO: 2 Which of the next could be the BEST technique for guaranteeing that vital fields in a grasp report have been up to date correctly? A. Discipline checks B. Management totals C. Reasonableness checks D. A before-and-after upkeep report Reply: D
Rationalization: A before-and-after upkeep report is one of the best reply as a result of a visible assessment would offer probably the most optimistic verification that updating was correct. QUESTION NO: three Which of the next is a dynamic Assessment software for the aim of testing software program modules? A. Blackbox check “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua lTe sts .co m 2 Isaca CISA: Practice Examination B. Desk checking C. Structured walk-through D. Design and code Reply: A Rationalization: A blackbox check is a dynamic Assessment software for testing software program modules.

Throughout the testing of software program modules a blackbox check works first in a cohesive method as one single unit/entity, consisting of quite a few modules and second, with the consumer information that flows throughout software program modules. In some instances, this even drives the software program conduct. Incorrect solutions: In decisions B, C and D, the software program (design or code) stays static and anyone merely intently examines it by making use of his/her thoughts, with out really activating the software program. Therefore, these can’t be known as dynamic Assessment instruments. QUESTION NO: four Reply: A
Rationalization: A BPR venture extra typically results in an elevated variety of individuals utilizing know-how, and this is able to be a trigger for concern. Incorrect solutions: B. As BPR is usually know-how oriented, and this know-how is normally extra complicated and unstable than up to now, value financial savings don’t typically materialize on this areA . D. There is no such thing as a purpose for IP to battle with a BPR venture, except the venture just isn’t run correctly. QUESTION NO: 5 Which of the next gadgets extends the community and has the capability to retailer frames and act as a storage and ahead gadget? A. Router B.
Bridge “Go Any Examination. Any Time. ” – www. actualtests. com three Ac tua lTe A. An elevated variety of individuals utilizing know-how B. Important value financial savings, by means of a discount within the complexity of data know-how C. A weaker organizational buildings and fewer accountability D. Elevated info safety (IP) danger will improve sts Which of the next is MOST more likely to consequence from a enterprise course of reengineering (BPR) venture? .co m Isaca CISA: Practice Examination C. Repeater D. Gateway Reply: B Rationalization: A bridge connects two separate networks to type a logical community (e. . , becoming a member of an ethernet and token community) and has the storage capability to retailer frames and act as a storage and ahead gadget. Bridges function on the OSI information hyperlink layer by analyzing the media entry management header of an information packet. Incorrect solutions: A. Routers are switching gadgets that function on the OSI community layer by analyzing community addresses (i. e. , routing info encoded in an IP packet). The router, by analyzing the IP tackle, could make clever selections in directing the packet to its vacation spot. C.
Repeaters amplify transmission indicators to succeed in distant gadgets by taking a sign from a LAN, reconditioning and retiming it, and sending it to a different. This performance is encoded and happens on the OSI bodily layer. D. Gateways present entry paths to international networks. QUESTION NO: 6 Rationalization: A callback function hooks into the entry management software program and logs all approved and unauthorized entry makes an attempt, allowing the follow-up and additional assessment of potential breaches. Name forwarding (alternative D) is a way of probably bypassing callback management.
By dialing by means of a licensed telephone quantity from an unauthorized telephone quantity, a perpetrator can acquire laptop entry. This vulnerability might be managed by means of callback programs which are out there. QUESTION NO: 7 A call-back system requires that a consumer with an id and password name a distant server by means of a dial-up line, then the server disconnects and: “Go Any Examination. Any Time. ” – www. actualtests. com Ac Reply: A tua A. Present an audit path B. Can be utilized in a switchboard atmosphere C. Allow limitless consumer mobility D. Enable name forwarding lTe
Which of the next is a good thing about utilizing callback gadgets? sts .co m four Isaca CISA: Practice Examination A. dials again to the consumer machine primarily based on the consumer id and password utilizing a phone quantity from its database. B. dials again to the consumer machine primarily based on the consumer id and password utilizing a phone quantity offered by the consumer throughout this connection. C. waits for a redial again from the consumer machine for reconfirmation after which verifies the consumer id and password utilizing its database. D. waits for a redial again from the consumer machine for reconfirmation after which verifies the consumer id and password utilizing the sender’s database.
Reply: A Rationalization: A call-back system in a web centric atmosphere would imply that a consumer with an id and password calls a distant server by means of a dial-up line first, after which the server disconnects and dials again to the consumer machine primarily based on the consumer id and password utilizing a phone quantity from its database. Though the server can rely upon its personal database, it can not know the authenticity of the dialer when the consumer dials once more. The server can not rely upon the sender’s database to dial again as the identical may very well be manipulated. QUESTION NO: eight Reply: B
Rationalization: A attribute of structured programming is smaller, workable models. Structured programming has advanced as a result of smaller, workable models are simpler to keep up. Structured programming is a mode of programming which restricts the sorts of management buildings. This limitation just isn’t crippling. Any program might be written with allowed management buildings. Structured programming is usually known as go-to-less programming, since a go-to assertion just isn’t allowed. That is maybe probably the most well-known restriction of the model, since go-to statements had been widespread on the time tructured programming was rising in popularity. Assertion labels additionally change into pointless, besides in languages the place subroutines are recognized by labels. “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua A. supplies data of program capabilities to different programmers by way of peer critiques. B. reduces the upkeep time of applications by means of small-scale program modules. C. makes the readable coding mirror as intently as attainable the dynamic execution of this system. D. controls the coding and testing of the high-level capabilities of this system within the improvement course of. lTe
Structured programming is BEST described as a way that: sts .co m 5 Isaca CISA: Practice Examination QUESTION NO: 9 Which of the next information validation edits is efficient in detecting transposition and transcription errors? A. Vary examine B. Examine digit C. Validity examine D. Duplicate examine Reply: B Rationalization: A examine digit is a numeric worth that’s calculated mathematically and is appended to information to make sure that the unique information haven’t been altered or an incorrect, however legitimate, worth substituted. This management is efficient in detecting transposition and transcription errors.
Incorrect solutions: A. A variety examine is checking information that matches a predetermined vary of values. C. A validity examine is programmed checking of the information validity in accordance with predetermined criteriA . D. In a reproduction examine, new or recent transactions are matched to these beforehand entered to make sure that they don’t seem to be already within the system. QUESTION NO: 10 A. chilly website. B. heat website. C. dial-up website. D. duplicate processing facility. Reply: A Rationalization: A chilly website is able to obtain gear however doesn’t provide any elements on the website prematurely of the necessity. Incorrect solutions: B.
A heat website is an offsite backup facility that’s configured partially with community connections and chosen peripheral gear, akin to disk and tape models, controllers and CPUs, to function an info processing facility. D. A replica info processing facility is a devoted, self-developed restoration website that may again up vital purposes. “Go Any Examination. Any Time. ” – www. actualtests. com 6 Ac tua An offsite info processing facility having electrical wiring, air con and flooring, however no laptop or communications gear is a: lTe sts .co m Isaca CISA: Practice Examination
QUESTION NO: 11 Plenty of system failures are occurring when corrections to beforehand detected errors are resubmitted for acceptance testing. This might point out that the upkeep workforce might be not adequately performing which of the next forms of testing? A. Unit testing B. Integration testing C. Design walk-throughs D. Configuration administration Reply: B Rationalization: A standard system upkeep downside is that errors are sometimes corrected rapidly (particularly when deadlines are tight), models are examined by the programmer, after which transferred to the acceptance check areA .
This typically ends in system issues that ought to have been detected throughout integration or system testing. Integration testing goals at guaranteeing that the foremost elements of the system interface accurately. QUESTION NO: 12 In an EDI course of, the gadget which transmits and receives digital paperwork is the: A. communications handler. B. EDI translator. C. software interface. D. EDI interface. Reply: A Rationalization: A communications handler transmits and receives digital paperwork between buying and selling companions and/or huge space networks (WANs). Incorrect solutions: B.
An EDI translator interprets information between the usual format and a buying and selling companion’s proprietary format. C. An software interface strikes digital transactions to, or from, the appliance system and performs information mapping. D. An EDI interface manipulates and routes information between the appliance system and the communications handler. “Go Any Examination. Any Time. ” – www. actualtests. com 7 Ac tua lTe sts .co m Isaca CISA: Practice Examination QUESTION NO: 13 The MOST important degree of effort for enterprise continuity planning (BCP) usually is required throughout the: A. testing stage. B. analysis stage. C. upkeep stage. D. arly levels of planning. Reply: D Rationalization: Firm. com within the early levels of a BCP will incur probably the most important degree of program improvement effort, which can degree out because the BCP strikes into upkeep, testing and analysis levels. It’s throughout the starting stage that an IS auditor will play an necessary position in acquiring senior administration’s dedication to sources and task of BCP obligations. QUESTION NO: 14 Reply: D Rationalization: A very related mesh configuration creates a direct hyperlink between any two host machines. Incorrect solutions: A. A bus configuration hyperlinks all stations alongside one transmission line.
B. A hoop configuration types a circle, and all stations are hooked up to some extent on the transmission circle. D. In a star configuration every station is linked on to a primary hub. QUESTION NO: 15 “Go Any Examination. Any Time. ” – www. actualtests. com Ac A. Bus B. Ring C. Star D. Fully related (mesh) tua lTe Which of the next community configuration choices accommodates a direct hyperlink between any two host machines? sts .co m eight Isaca CISA: Practice Examination Which of the next forms of information validation modifying checks is used to find out if a subject accommodates information, and never zeros or blanks?
A. Examine digit B. Existence examine C. Completeness examine D. Reasonableness examine Reply: C Rationalization: A completeness examine is used to find out if a subject accommodates information and never zeros or blanks. Incorrect solutions: A. A examine digit is a digit calculated mathematically to make sure authentic information was not altered. B. An existence examine additionally checks entered information for settlement to predetermined criteriA . D. A reasonableness examine matches enter to predetermined affordable limits or prevalence charges. QUESTION NO: 16 Reply: B
Rationalization: A compliance check determines if controls are working as designed and are being utilized in a way that complies with administration insurance policies and procedures. For instance, if the IS auditor is worried whether or not program library controls are working correctly, the IS auditor may choose a pattern of applications to find out if the supply and object variations are the identical. In different phrases, the broad goal of any compliance check is to offer auditors with affordable assurance that a specific management on which the auditor plans to rely is working because the auditor perceived it within the preliminary analysis.
QUESTION NO: 17 An information administrator is answerable for: “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua A. A substantive check of program library controls B. A compliance check of program library controls C. A compliance check of this system compiler controls D. A substantive check of this system compiler controls lTe sts Which of the next assessments is an IS auditor performing when a pattern of applications is chosen to find out if the supply and object variations are the identical? .co m 9 Isaca CISA: Practice Examination A. sustaining database system software program. B. efining information components, information names and their relationship. C. growing bodily database buildings. D. growing information dictionary system software program. Reply: B Rationalization: An information administrator is answerable for defining information components, information names and their relationship. Decisions A, C and D are capabilities of a database administrator (DBA) QUESTION NO: 18 A database administrator is answerable for: A. defining information possession. B. establishing operational requirements for the information dictionary. C. creating the logical and bodily database. D. establishing floor guidelines for guaranteeing information integrity and safety.
Reply: C QUESTION NO: 19 An IS auditor reviewing the important thing roles and obligations of the database administrator (DBA) is LEAST more likely to count on the job description of the DBA to incorporate: A. defining the conceptualschemA. B. defining safety and integrity checks. C. liaising with customers in growing information mannequin. D. mapping information mannequin with the internalschemA. Reply: D “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua Rationalization: A database administrator is answerable for creating and controlling the logical and bodily database.
Defining information possession resides with the pinnacle of the consumer division or prime administration if the information is widespread to the group. IS administration and the information administrator are answerable for establishing operational requirements for the information dictionary. Establishing floor guidelines for guaranteeing information integrity and safety in step with the company safety coverage is a operate of the safety administrator. lTe sts .co m 10 Isaca CISA: Practice Examination Rationalization: A DBA solely in uncommon cases must be mapping information components from the information mannequin to the inner schema (bodily information storage definitions).
To take action would eradicate information independence for software programs. Mapping of the information mannequin happens with the conceptual schema for the reason that conceptual schema represents the enterprisewide view of knowledge inside a corporation and is the premise for deriving an end-user division information mannequin. QUESTION NO: 20 To affix a digital signature to a message, the sender should first create a message digest by making use of a cryptographic hashing algorithm towards: A. the complete message and thereafter enciphering the message digest utilizing the sender’s non-public key. B. ny arbitrary a part of the message and thereafter enciphering the message digest utilizing the sender’s non-public key. C. the complete message and thereafter enciphering the message utilizing the sender’s non-public key. D. the complete message and thereafter enciphering the message together with the message digest utilizing the sender’s non-public key. Reply: A QUESTION NO: 21 A sequence of bits appended to a digital doc that’s used to safe an e-mail despatched by means of the Web is known as a: A. digest signature. B. digital signature. C. digital signature. D. hash signature. “Go Any Examination. Any Time. ” – www. actualtests. com
Ac Rationalization: A digital signature is a cryptographic technique that ensures information integrity, authentication of the message, and non-repudiation. To make sure these, the sender first creates a message digest by making use of a cryptographic hashing algorithm towards the complete message and thereafter enciphers the message digest utilizing the sender’s non-public key. A message digest is created by making use of a cryptographic hashing algorithm towards the complete message not on any arbitrary a part of the message. After creating the message digest, solely the message digest is enciphered utilizing the sender’s non-public key, not the message. ua lTe sts .co m 11 Isaca CISA: Practice Examination Reply: C Rationalization: A digital signature by means of the non-public cryptographic key authenticates a transmission from a sender by means of the non-public cryptographic key. It’s a string of bits that uniquely signify one other string of bits, a digital doc. An digital signature refers back to the string of bits that digitally represents a handwritten signature captured by a pc system when a human applies it on an digital pen pad, related to the system. QUESTION NO: 22 A vital operate of a firewall is to behave as a: A. pecial router that connects the Web to a LAN. B. gadget for stopping approved customers from accessing the LAN. C. server used to attach approved customers to non-public trusted community sources. D. proxy server to extend the velocity of entry to approved customers. Reply: B QUESTION NO: 23 Which of the next gadgets relieves the central laptop from performing community management, format conversion and message dealing with duties? A. Spool B. Cluster controller C. Protocol converter D. Entrance finish processor Reply: D “Go Any Examination. Any Time. ” – www. actualtests. com 12
Ac Rationalization: A firewall is a set of associated applications, positioned at a community gateway server, that protects the sources of a personal community from customers of different networks. An enterprise with an intranet that permits its employees entry to the broader Web installs a firewall to forestall outsiders from accessing its personal non-public information sources and for controlling the skin sources to which its personal customers have entry. Mainly, a firewall, working intently with a router program, filters all community packets to find out whether or not or to not ahead them towards their vacation spot.
A firewall contains or works with a proxy server that makes community requests on behalf of workstation customers. A firewall is usually put in in a specifically designated laptop separate from the remainder of the community so no incoming request can get directed to non-public community sources. tua lTe sts .co m Isaca CISA: Practice Examination Rationalization: A front-end processor is a gadget that connects all communication strains to a central laptop to alleviate the central laptop. QUESTION NO: 24 Using a GANTT chart can: A. support in scheduling venture duties. B. decide venture checkpoints.
C. guarantee documentation requirements. D. direct the post-implementation assessment. Reply: A Rationalization: A GANTT chart is utilized in venture management. It could support within the identification of wanted checkpoints however its major use is in scheduling. It is not going to make sure the completion of documentation nor will it present route for the post-implementation assessment. QUESTION NO: 25 Which of the next interprets e-mail codecs from one community to a different in order that the message can journey by means of all of the networks? A. Gateway B. Protocol converter C. Entrance-end communication processor D.
Concentrator/multiplexor Reply: A Rationalization: A gateway performs the job of translating e-mail codecs from one community to a different so messages could make their approach by means of all of the networks. Incorrect solutions: B. A protocol converter is a gadget that converts between two various kinds of transmissions, akin to asynchronous and synchronous transmissions. C. A front-end communication processor connects all community communication strains to a central laptop to alleviate the central laptop from performing community management, format conversion and message dealing with duties.
D. A concentrator/multiplexor is a tool used for combining a number of lower-speed channels right into a higher-speed channel. “Go Any Examination. Any Time. ” – www. actualtests. com 13 Ac tua lTe sts .co m Isaca CISA: Practice Examination QUESTION NO: 26 Which of the next BEST describes the mandatory documentation for an enterprise product reengineering (EPR) software program set up? A. Particular developments solely B. Enterprise necessities solely C. All phases of the set up have to be documented D.
No have to develop a buyer particular documentation Reply: C Rationalization: A world enterprise product reengineering (EPR) software program bundle might be utilized to a enterprise to exchange, simplify and enhance the standard of IS processing. Documentation is meant to Help perceive how, why and which options which have been chosen and applied, and due to this fact have to be particular to the venture. Documentation can also be meant to help high quality assurance and have to be complete. QUESTION NO: 27 A hub is a tool that connects: Reply: D
Rationalization: A hub is a tool that connects two segments of a single LAN. A hub is a repeater. It supplies clear connectivity to customers on all segments of the identical LAN. It’s a degree 1 gadget. Incorrect solutions: A. A bridge operates at degree 2 of the OSI layer and is used to attach two LANs utilizing completely different protocols (e. g. , becoming a member of an ethernet and token community) to type a logical community. B. A gateway, which is a degree 7 gadget, is used to attach a LAN to a WAN. C. A LAN is related with a MAN utilizing a router, which operates within the community layer. “Go Any Examination. Any Time. – www. actualtests. com Ac A. two LANs utilizing completely different protocols. B. a LAN with a WAN. C. a LAN with a metropolitan space community (MAN). D. two segments of a single LAN. tua lTe sts .co m 14 Isaca CISA: Practice Examination QUESTION NO: 28 A LAN administrator usually could be restricted from: A. having end-user obligations. B. reporting to the end-user supervisor. C. having programming obligations. D. being answerable for LAN safety administration. Reply: C Rationalization: A LAN administrator mustn’t have programming obligations however could have end- consumer obligations.
The LAN administrator could report back to the director of the IPF or, in a decentralized operation, to the end-user supervisor. In small organizations, the LAN administrator additionally could also be answerable for safety administration over the LAN. QUESTION NO: 29 Reply: B QUESTION NO: 30 Which of the next systems-based approaches would a monetary processing firm make use of to watch spending patterns to establish irregular patterns and report them? A. A neural community B. Database administration software program C. Administration info programs D.
Laptop Helped audit methods Reply: A “Go Any Examination. Any Time. ” – www. actualtests. com 15 Ac Rationalization: A modem is a tool that interprets information from digital to analog and again to digital. tua lTe A. Multiplexer B. Modem C. Protocol converter D. Concentrator sts Which of the next is a telecommunication gadget that interprets information from digital type to analog type and again to digital? .co m Isaca CISA: Practice Examination Rationalization: A neural community will monitor and study patterns, reporting exceptions for investigation. Incorrect solutions: B.
Database administration software program is a technique of storing and retrieving datA . C. Administration info programs present administration statistics however don’t usually have a monitoring and detection operate. D. Laptop-Helped audit methods detect particular conditions, however aren’t meant to study patterns and detect abnormalities. QUESTION NO: 31 A management that helps to detect errors when information are communicated from one laptop to a different is called a: A. duplicate examine. B. desk lookup. C. validity examine. D. parity examine. Reply: D QUESTION NO: 32
For which of the next purposes would speedy restoration be MOST essential? A. Level-of-sale system B. Company planning C. Regulatory reporting D. Departmental chargeback Reply: A Rationalization: Some extent-of-sale system is a vital on-line system that when inoperable will jeopardize the power of Firm. com to generate income and monitor stock correctly. “Go Any Examination. Any Time. ” – www. actualtests. com 16 Ac tua Rationalization: A parity examine will Help to detect information errors when information are learn from reminiscence or communicated from one laptop to a different.
A one-bit digit (both zero or 1) is added to a knowledge merchandise to point whether or not the sum of that information merchandise’s bit is odd and even. When the parity bit disagrees with the sum of the opposite bits, an error report is generated. Incorrect solutions: Decisions A, B and C are forms of information validation and modifying controls. lTe sts .co m Isaca CISA: Practice Examination QUESTION NO: 33 The preliminary step in establishing an info safety program is the: A. improvement and implementation of an info safety requirements handbook. B. efficiency of a complete safety management assessment by the IS auditor.
C. adoption of a company info safety coverage assertion. D. buy of safety entry management software program. Reply: C Rationalization: A coverage assertion displays the intent and help offered by government administration for correct safety and establishes a place to begin for growing the safety program. QUESTION NO: 34 Reply: D Rationalization: A polymorphic virus has the aptitude of fixing its personal code, enabling it to have many alternative variants. Since they don’t have any constant binary sample, such viruses are exhausting to establish. Incorrect solutions: A.
A logic bomb is code that’s hidden in a program or system which can trigger one thing to occur when the consumer performs a sure motion or when sure circumstances are met. A logic bomb, which might be downloaded together with a corrupted shareware or freeware program, could destroy information, violate system safety, or erase the exhausting drive. B. A stealth virus is a virus that hides itself by intercepting disk entry requests. When an antivirus program tries to learn information or boot sectors to seek out the virus, the stealth virus feeds the antivirus program a clear picture of the file or boot sector. C.
A malicious program is a virus program that seems to be helpful and innocent however which has dangerous unwanted effects akin to destroying information or breaking the safety of the system on which it’s run. “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua lTe A. logic bomb. B. stealth virus. C. malicious program. D. polymorphic virus. sts A malicious code that modifications itself with every file it infects is known as a: .co m 17 Isaca CISA: Practice Examination QUESTION NO: 35 Which of the next is a continuity plan check that makes use of precise sources to simulate a system crash to cost-effectively receive proof concerning the plan’s effectiveness? A.
Paper check B. Put up check C. Preparedness check D. Stroll-through Reply: C Rationalization: A preparedness check is a localized model of a full check, whereby sources are expended within the simulation of a system crash. This check is carried out frequently on completely different facets of the plan and is usually a cost-effective option to steadily receive proof concerning the plan’s effectiveness. It additionally supplies a way to enhance the plan in increments. Incorrect solutions: A. A paper check is a walkthrough of the plan, involving main gamers within the plan’s execution who try to find out what may occur in a selected sort of service disruption.
A paper check normally precedes the preparedness check. B. A post-test is definitely a check section and is comprised of a gaggle of actions, akin to returning all sources to their correct place, disconnecting gear, returning personnel and deleting all firm information from third- social gathering programs. D. A walk-through is a check involving a simulated catastrophe state of affairs that assessments the preparedness and understanding of administration and workers, fairly than the precise sources. QUESTION NO: 36 A company having a lot of workplaces throughout a large geographical space has developed a catastrophe restoration plan (DRP).
Utilizing precise sources, which of the next is the MOST costeffective check of the DRP? A. Full operational check B. Preparedness check C. Paper check D. Regression check Reply: B Rationalization: A preparedness check is carried out by every native workplace/space to check the adequacy of the preparedness of native operations for the catastrophe restoration. Incorrect solutions: “Go Any Examination. Any Time. ” – www. actualtests. com 18 Ac tua lTe sts .co m Isaca CISA: Practice Examination A. A full operational check is carried out after the paper and preparedness check. C. A paper check is a structured walkthrough of the DRP and must be carried out earlier than a preparedness check.
D. A regression check just isn’t a DRP check and is utilized in software program upkeep. QUESTION NO: 37 The IS auditor learns that when gear was introduced into the information middle by a vendor, the emergency energy shutoff swap was unintentionally pressed and the uswas engaged. Which of the next audit suggestions ought to the IS auditor recommend? A. Relocate the shut off swap. B. Set up protecting covers. C. Escort guests. D. Log environmental failures. Reply: B QUESTION NO: 38 Firm. com has contracted with an exterior consulting agency to implement a business monetary system to exchange its present in-house developed system.
In reviewing the proposed improvement strategy, which of the next could be of GREATEST concern? A. Acceptance testing is to be managed by customers. B. A high quality plan just isn’t a part of the contracted deliverables. C. Not all enterprise capabilities can be out there on preliminary implementation. D. Prototyping is getting used to verify that the system meets enterprise necessities. Reply: B Rationalization: A high quality plan is an important component of all initiatives. It’s vital that the contracted provider be required to supply such a plan. The standard plan for the roposed improvement contract ought to “Go Any Examination. Any Time. ” – www. actualtests. com 19 Ac tua Rationalization: A protecting cowl over the swap would enable it to be accessible and visual, however would forestall unintentional activation. Incorrect Solutions: A: Relocating the shut off swap would defeat the aim of getting it readily accessible. C: Escorting the personnel shifting the gear could not have prevented this incident. D: Logging of environmental failures would offer administration with a report of incidents, however reporting alone wouldn’t forestall a reoccurrence. lTe sts .co m
Isaca CISA: Practice Examination be complete and embody all phases of the event and embody which enterprise capabilities can be included and when. Acceptance is generally managed by the consumer space, since they have to be glad that the brand new system will meet their necessities. If the system is massive, a phased-in strategy to implementing the appliance is an affordable strategy. Prototyping is a sound technique of guaranteeing that the system will meet enterprise necessities. QUESTION NO: 39 In a public key infrastructure (PKI), the authority answerable for the identification and authentication of an applicant for a digital certificates (i. . , certificates topics) is the: A. registration authority (RA). B. issuing certification authority (CA). C. topic CA. D. coverage administration authority. Reply: A QUESTION NO: 40 Which of the next is an information validation edit and management? A. Hash totals B. Reasonableness checks C. On-line entry controls D. Earlier than and after picture reporting Reply: B Rationalization: A reasonableness examine is an information validation edit and management, used to make sure that information conforms to predetermined criteriA . Incorrect solutions: A.
A hash complete is a complete of any numeric information subject or collection of knowledge components in an information file. This “Go Any Examination. Any Time. ” – www. actualtests. com 20 Ac tua Rationalization: A RA is an entity that’s answerable for identification and authentication of certificates topics, however the RA doesn’t signal or challenge certificates. The certificates topic normally interacts with the RA for finishing the method of subscribing to the providers of the certification authority by way of getting id validated with normal identification paperwork, as detailed within the certificates insurance policies of the CA.
Within the context of a selected certificates, the issuing CA is the CA that issued the certificates. Within the context of a selected CA certificates, the topic CA is the CA whose public secret is licensed within the certificates. lTe sts .co m Isaca CISA: Practice Examination complete is checked towards a management complete of the identical subject or fields to make sure completeness of processing. B. On-line entry controls are designed to forestall unauthorized entry to the system and datA . C. Earlier than and after picture reporting is a management over information information that makes it attainable to hint modifications.
QUESTION NO: 41 A management that detects transmission errors by appending calculated bits onto the tip of every section of knowledge is called a: A. reasonableness examine. B. parity examine. C. redundancy examine. D. examine digits. Reply: C QUESTION NO: 42 .What’s the major goal of a management self-assessment (CSA) program? A. Enhancement of the audit duty B. Elimination of the audit duty C. Alternative of the audit duty D. Integrity of the audit duty Reply: A Rationalization: Audit duty enhancement is an goal of a management self-assessment (CSA) program. Go Any Examination. Any Time. ” – www. actualtests. com Ac tua Rationalization: A redundancy examine detects transmission errors by appending calculated bits onto the tip of every section of datA . Incorrect solutions: A. A reasonableness examine compares information to predefined reasonability limits or prevalence charges established for the datA . B. A parity examine is a management that detects information errors when information are learn from one laptop to a different, from reminiscence or throughout transmission. D. Examine digits detect transposition and transcription errors. lTe sts .co m 21 Isaca CISA: Practice Examination QUESTION NO: 43 .
IS auditors are MOST more likely to carry out compliance assessments of inside controls if, after their preliminary analysis of the controls, they conclude that management dangers are inside the acceptable limits. True or false? A. True B. False Reply: A Rationalization: IS auditors are probably to carry out compliance assessments of inside controls if, after their preliminary analysis of the controls, they conclude that management dangers are inside the acceptable limits. Consider it this manner: If any reliance is positioned on inside controls, that reliance have to be validated by means of compliance testing.
Excessive management danger ends in little reliance on inside controls, which leads to further substantive testing. QUESTION NO: 44 .As in comparison with understanding a corporation’s IT course of from proof straight collected, how helpful are prior audit experiences as proof? A. The identical worth. B. Better worth. C. Lesser worth. D. Prior audit experiences aren’t related. Reply: C Rationalization: Prior audit experiences are thought of of lesser worth to an IS auditor trying to achieve an understanding of a corporation’s IT course of than proof straight collected. QUESTION NO: 45 . What’s the PRIMARY objective of audit trails?
A. To doc auditing efforts B. To right information integrity errors C. To determine accountability and duty for processed transactions D. To forestall unauthorized entry to information “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua lTe sts .co m 22 Isaca CISA: Practice Examination Reply: C Rationalization: The first objective of audit trails is to ascertain accountability and duty for processed transactions. QUESTION NO: 46 . How does the method of programs auditing profit from utilizing a risk-based strategy to audit planning? A. Controls testing begins earlier. B.
Auditing sources are allotted to the areas of highest concern. C. Auditing danger is diminished. D. Controls testing is extra thorough. QUESTION NO: 47 Reply: A Rationalization: After an IS auditor has recognized threats and potential impacts, the auditor ought to then establish and consider the prevailing controls. QUESTION NO: 48 . Using statistical sampling procedures helps decrease: A. Detection danger “Go Any Examination. Any Time. ” – www. actualtests. com 23 Ac A. Establish and consider the prevailing controls B. Conduct a enterprise influence Assessment (BIA) C. Report on present controls D. Suggest new controls ua .After an IS auditor has recognized threats and potential impacts, the auditor ought to: lTe sts Rationalization: Allocation of auditing sources to the areas of highest concern is a good thing about a risk-based strategy to audit planning. .co Reply: B m Isaca CISA: Practice Examination B. Enterprise danger C. Controls danger D. Compliance danger Reply: A Rationalization: Using statistical sampling procedures helps decrease detection danger. QUESTION NO: 49 . What sort of danger outcomes when an IS auditor makes use of an insufficient check process and concludes that materials errors don’t exist when errors really exist? A.
Enterprise danger B. Detection danger C. Residual danger D. Inherent danger Reply: B QUESTION NO: 50 A. Establish high-risk areas which may want an in depth assessment later B. Cut back audit prices C. Cut back audit time D. Improve audit accuracy Reply: C Rationalization: A major profit derived from a corporation using management self-assessment (CSA) methods is that it could establish high-risk areas which may want an in depth assessment later. “Go Any Examination. Any Time. ” – www. actualtests. com Ac .A major profit derived from a corporation using management self-assessment (CSA) methods is that it could: tua Te Rationalization: Detection danger outcomes when an IS auditor makes use of an insufficient check process and concludes that materials errors don’t exist when errors really exist. sts .co m 24 Isaca CISA: Practice Examination QUESTION NO: 51 . What sort of strategy to the event of organizational insurance policies is usually pushed by danger Assessment? A. Backside-up B. High-down C. Complete D. Built-in Reply: B Rationalization: A bottom-up strategy to the event of organizational insurance policies is usually pushed by danger Assessment. .Who’s accountable for sustaining applicable safety measures over info property? A.
Knowledge and programs house owners B. Knowledge and programs customers C. Knowledge and programs custodians D. Knowledge and programs auditors Reply: A QUESTION NO: 53 . Correct segregation of duties prohibits a system analyst from performing quality-assurance capabilities. True or false? A. True B. False Reply: A Rationalization: Correct segregation of duties prohibits a system analyst from performing quality-assurance capabilities. “Go Any Examination. Any Time. ” – www. actualtests. com 25 Ac Rationalization: Knowledge and programs house owners are accountable for sustaining applicable safety measures over info property. tua lTe sts .co QUESTION NO: 52 Isaca CISA: Practice Examination QUESTION NO: 54 . What ought to an IS auditor do if she or he observes that project-approval procedures don’t exist? A. Advise senior administration to put money into project-management coaching for the workers B. Create project-approval procedures for future venture implementations C. Assign venture leaders D. Suggest to administration that formal approval procedures be adopted and documented Reply: D Rationalization: If an IS auditor observes that project-approval procedures don’t exist, the IS auditor ought to suggest to administration that formal approval procedures be adopted and ocumented. QUESTION NO: 55 Reply: A QUESTION NO: 56 . Correct segregation of duties usually doesn’t prohibit a LAN administrator from additionally having programming obligations. True or false? A. True B. False Reply: B Rationalization: Correct segregation of duties usually prohibits a LAN administrator from additionally having programming obligations. “Go Any Examination. Any Time. ” – www. actualtests. com 26 Ac Rationalization: The board of administrators is finally accountable for the event of an IS safety coverage. tua lTe A. The board of administrators B. Center administration C. Safety directors D.
Community directors sts .Who’s finally accountable for the event of an IS safety coverage? .co m Isaca CISA: Practice Examination QUESTION NO: 57 . A core tenant of an IS technique is that it should: A. Be cheap B. Be protected as delicate confidential info C. Defend info confidentiality, integrity, and availability D. Help the enterprise aims of the group Reply: D Rationalization: Above all else, an IS technique should help the enterprise aims of the group. Reply: D QUESTION NO: 59 . Key verification is without doubt one of the greatest controls for guaranteeing that: A.
Knowledge is entered accurately B. Solely approved cryptographic keys are used C. Enter is allowed D. Database indexing is carried out correctly Reply: A “Go Any Examination. Any Time. ” – www. actualtests. com Ac Rationalization: Batch management reconciliations is a compensatory management for mitigating danger of insufficient segregation of duties. tua lTe A. Detective B. Corrective C. Preventative D. Compensatory sts .Batch management reconciliation is a _____________________ (fill within the clean) management for mitigating danger of insufficient segregation of duties. .co QUESTION NO: 58 m 27
Isaca CISA: Practice Examination Rationalization: Key verification is without doubt one of the greatest controls for guaranteeing that information is entered accurately. QUESTION NO: 60 . If senior administration just isn’t dedicated to strategic planning, how seemingly is it that an organization’s implementation of IT can be profitable? A. IT can’t be applied if senior administration just isn’t dedicated to strategic planning. B. Extra seemingly. C. Much less seemingly. D. Strategic planning doesn’t have an effect on the success of an organization’s implementation of IT. Reply: C Rationalization: An organization’s implementation of IT can be much less more likely to succeed if senior administration just isn’t dedicated to strategic planning.
QUESTION NO: 61 Reply: A Rationalization: Lack of worker consciousness of an organization’s info safety coverage might result in an unintentional lack of confidentiality. QUESTION NO: 62 . What topology supplies the best redundancy of routes and the best community fault tolerance? A. A star community topology “Go Any Examination. Any Time. ” – www. actualtests. com Ac A. Lack of worker consciousness of an organization’s info safety coverage B. Failure to adjust to an organization’s info safety coverage C. A momentary lapse of purpose D. Lack of safety coverage enforcement procedures tua lTe Which of the next might result in an unintentional lack of confidentiality? Select the BEST reply. sts .co m 28 Isaca CISA: Practice Examination B. A mesh community topology with packet forwarding enabled at every host C. A bus community topology D. A hoop community topology Reply: B Rationalization: A mesh community topology supplies a point-to-point hyperlink between each community host. If every host is configured to route and ahead communication, this topology supplies the best redundancy of routes and the best community fault tolerance. QUESTION NO: 63 . An IS auditor normally locations extra reliance on proof straight collected.
What’s an instance of such proof? A. Proof collected by means of private commentary B. Proof collected by means of programs logs offered by the group’s safety administration C. Proof collected by means of surveys collected from inside workers D. Proof collected by means of transaction experiences offered by the group’s IT administration Reply: A Rationalization: An IS auditor normally locations extra reliance on proof straight collected, akin to by means of private commentary. .What sort of protocols does the OSI Transport Layer of the TCP/IP protocol suite present to make sure dependable communication?
A. Nonconnection-oriented protocols B. Connection-oriented protocols C. Session-oriented protocols D. Nonsession-oriented protocols Reply: B Rationalization: The transport layer of the TCP/IP protocol suite supplies for connection-oriented protocols to make sure dependable communication. “Go Any Examination. Any Time. ” – www. actualtests. com Ac QUESTION NO: 64 tua lTe sts .co m 29 Isaca CISA: Practice Examination QUESTION NO: 65 . How is the time required for transaction processing assessment normally affected by correctly applied Digital Knowledge Interface (EDI)? A. EDI normally decreases the time vital for assessment.
B. EDI normally will increase the time vital for assessment. C. Can’t be decided. D. EDI doesn’t have an effect on the time vital for assessment. Reply: A Rationalization: Digital information interface (EDI) helps intervendor communication whereas lowering the time vital for assessment as a result of it’s normally configured to readily establish errors requiring follow-up. QUESTION NO: 66 .What would an IS auditor anticipate finding within the console log? Select the BEST reply. A. Proof of password spoofing B. System errors C. Proof of knowledge copy actions D. Proof of password sharing Reply: B QUESTION NO: 67 .
Atomicity enforces information integrity by guaranteeing that a transaction is both accomplished in its completely or in no way. Atomicity is a part of the ACID check reference for transaction processing. True or false? A. True B. False Reply: A Rationalization: “Go Any Examination. Any Time. ” – www. actualtests. com 30 Ac Rationalization: An IS auditor can anticipate finding system errors to be detailed within the console log. tua lTe sts .co m Isaca CISA: Practice Examination Atomicity enforces information integrity by guaranteeing that a transaction is both accomplished in its completely or in no way. Atomicity is a part of the ACID check reference for transaction processing.
QUESTION NO: 68 . Why does the IS auditor typically assessment the system logs? A. To get proof of password spoofing B. To get proof of knowledge copy actions C. To find out the existence of unauthorized entry to information by a consumer or program D. To get proof of password sharing Reply: C Rationalization: When making an attempt to find out the existence of unauthorized entry to information by a consumer or program, the IS auditor will typically assessment the system logs. .What is important for the IS auditor to acquire a transparent understanding of community administration? A. Safety administrator entry to programs B. Systems logs of all hosts offering software providers C.
A graphical map of the community topology D. Administrator entry to programs Reply: C Rationalization: A graphical interface to the map of the community topology is important for the IS auditor to acquire a transparent understanding of community administration. QUESTION NO: 70 . How is danger affected if customers have direct entry to a database on the system degree? A. Danger of unauthorized entry will increase, however danger of untraceable modifications to the database decreases. B. Danger of unauthorized and untraceable modifications to the database will increase. C. Danger of unauthorized entry decreases, however danger of untraceable modifications to the database will increase. Go Any Examination. Any Time. ” – www. actualtests. com 31 Ac tua lTe sts QUESTION NO: 69 .co m Isaca CISA: Practice Examination D. Danger of unauthorized and untraceable modifications to the database decreases. Reply: B Rationalization: If customers have direct entry to a database on the system degree, danger of unauthorized and untraceable modifications to the database will increase. QUESTION NO: 71 . What’s the commonest objective of a digital non-public community implementation? A. A digital non-public community (VPN) helps to safe entry between an enterprise and its companions when speaking over an in any other case unsecured channel such because the Web. B.
A digital non-public community (VPN) helps to safe entry between an enterprise and its companions when speaking over a devoted T1 connection. C. A digital non-public community (VPN) helps to safe entry inside an enterprise when speaking over a devoted T1 connection between community segments inside the identical facility. D. A digital non-public community (VPN) helps to safe entry between an enterprise and its companions when speaking over a wi-fi connection. QUESTION NO: 72 .What profit does utilizing capacity-monitoring software program to watch utilization patterns and tendencies present to administration? Select the BEST reply. A.
The software program can dynamically readjust community site visitors capabilities primarily based upon present utilization. B. The software program produces good experiences that basically impress administration. C. It permits customers to correctly allocate sources and guarantee steady effectivity of operations. D. It permits administration to correctly allocate sources and guarantee steady effectivity of operations. Reply: D Rationalization: “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua Rationalization: A digital non-public community (VPN) helps to safe entry between an enterprise and its companions when speaking over an in any other case unsecured channel such because the Web. lTe Reply: A sts co m 32 Isaca CISA: Practice Examination Utilizing capacity-monitoring software program to watch utilization patterns and tendencies allows administration to correctly allocate sources and guarantee steady effectivity of operations. QUESTION NO: 73 . What might be very useful to an IS auditor when figuring out the efficacy of a programs upkeep program? Select the BEST reply. A. Community-monitoring software program B. A system downtime log C. Administration exercise experiences D. Help-desk utilization development experiences Reply: B Rationalization: A system downtime log might be very useful to an IS auditor when figuring out the efficacy of a programs upkeep program. QUESTION NO: 74
Reply: A Rationalization: Concurrency controls are used as a countermeasure for potential database corruption when two processes try and concurrently edit or replace the identical info. QUESTION NO: 75 . What will increase encryption overhead and price probably the most? A. An extended symmetric encryption key B. An extended uneven encryption key “Go Any Examination. Any Time. ” – www. actualtests. com Ac A. Referential integrity controls B. Normalization controls C. Concurrency controls D. Run-to-run totals tua lTe .What are used as a countermeasure for potential database corruption when two processes try and concurrently edit or replace the identical info?
Select the BEST reply. sts .co m 33 Isaca CISA: Practice Examination C. An extended Advance Encryption Normal (AES) key D. An extended Knowledge Encryption Normal (DES) key Reply: B Rationalization: An extended uneven encryption key (public key encryption) will increase encryption overhead and price. All different solutions are single shared symmetric keys. QUESTION NO: 76 . Which of the next greatest characterizes “worms”? A. Malicious applications that may run independently and might propagate with out the help of a service program akin to e mail B.
Programming code errors that trigger a program to repeatedly dump information C. Malicious applications that require the help of a service program akin to e mail D. Malicious applications that masquerade as widespread purposes akin to screensavers or macroenabled Phrase paperwork Reply: A QUESTION NO: 77 .What’s an preliminary step in creating a correct firewall coverage? A. Assigning entry to customers in accordance with the precept of least privilege B. Figuring out applicable firewall and software program C. Figuring out community purposes akin to mail, net, or FTP servers D.
Configuring firewall entry guidelines Reply: C Rationalization: Figuring out community purposes akin to mail, net, or FTP servers to be externally accessed is an preliminary step in creating a correct firewall coverage. “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua lTe Rationalization: Worms are malicious applications that may run independently and might propagate with out the help of a service program akin to e mail. sts .co m 34 Isaca CISA: Practice Examination QUESTION NO: 78 . What sort of cryptosystem is characterised by information being encrypted by the sender utilizing the recipient’s public key, and the information then being decrypted utilizing the recipient’s non-public key?
A. With public-key encryption, or symmetric encryption B. With public-key encryption, or uneven encryption C. With shared-key encryption, or symmetric encryption D. With shared-key encryption, or uneven encryption Reply: B Rationalization: With public key encryption or uneven encryption, information is encrypted by the sender utilizing the recipient’s public key; the information is then decrypted utilizing the recipient’s non-public key. .How does the SSL community protocol present confidentiality? Reply: D QUESTION NO: 80 . What are used because the framework for growing logical entry controls?
A. Information programs safety insurance policies B. Organizational safety insurance policies C. Entry Management Lists (ACL) D. Organizational charts for figuring out roles and obligations Reply: A Rationalization: “Go Any Examination. Any Time. ” – www. actualtests. com Ac Rationalization: The SSL protocol supplies confidentiality by means of symmetric encryption akin to Knowledge Encryption Normal, or DES. tua lTe A. By symmetric encryption akin to RSA B. By uneven encryption akin to Knowledge Encryption Normal, or DES C. By uneven encryption akin to Superior Encryption Normal, or AES D.
By symmetric encryption akin to Knowledge Encryption Normal, or DES sts .co QUESTION NO: 79 m 35 Isaca CISA: Practice Examination Information programs safety insurance policies are used because the framework for growing logical entry controls. QUESTION NO: 81 . Which of the next are efficient controls for detecting duplicate transactions akin to funds made or obtained? A. Concurrency controls B. Reasonableness checks C. Time stamps D. Referential integrity controls Reply: C Rationalization: Time stamps are an efficient management for detecting duplicate transactions akin to funds made or obtained.
QUESTION NO: 82 Reply: C Rationalization: File encryption is an efficient management for safeguarding confidential information residing on a PC. QUESTION NO: 83 . Which of the next is a guiding greatest observe for implementing logical entry controls? A. Implementing theBiba Integrity Mannequin B. Entry is granted on a least-privilege foundation, per the group’s information house owners C. Implementing the Take-Grant entry management mannequin D. Classifying information in accordance with the topic’s necessities “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua A. Private firewall B. File encapsulation C. File encryption D.
Host-based intrusion detection lTe .Which of the next is an efficient management for safeguarding confidential information residing on a PC? sts .co m 36 Isaca CISA: Practice Examination Reply: B Rationalization: Logical entry controls must be reviewed to make sure that entry is granted on a least-privilege foundation, per the group’s information house owners. QUESTION NO: 84 . What does PKI use to offer a few of the strongest total management over information confidentiality, reliability, and integrity for Web transactions? A. A mixture of public-key cryptography and digital certificates and two-factor authentication B.
A mixture of public-key cryptography and two-factor authentication C. A mixture of public-key cryptography and digital certificates D. A mixture of digital certificates and two-factor authentication QUESTION NO: 85 Reply: A Rationalization: The first objective of digital signatures is to offer authentication and integrity of datA . QUESTION NO: 86 . Relating to digital signature implementation, which of the next solutions is right? A. A digital signature is created by the sender to show message integrity by encrypting the message with the sender’s non-public key.
Upon receiving the information, the recipient can decrypt the information utilizing the sender’s public key. “Go Any Examination. Any Time. ” – www. actualtests. com 37 Ac A. Authentication and integrity of knowledge B. Authentication and confidentiality of knowledge C. Confidentiality and integrity of knowledge D. Authentication and availability of knowledge tua .Which of the next do digital signatures present? lTe sts Rationalization: PKI makes use of a mix of public-key cryptography and digital certificates to offer a few of the strongest total management over information confidentiality, reliability, and integrity for Web transactions. co Reply: C m Isaca CISA: Practice Examination B. A digital signature is created by the sender to show message integrity by encrypting the message with the recipient’s public key. Upon receiving the information, the recipient can decrypt the information utilizing the recipient’s public key. C. A digital signature is created by the sender to show message integrity by initially utilizing a hashing algorithm to supply a hash worth or message digest from the complete message contents. Upon receiving the information, the recipient can independently create it. D.
A digital signature is created by the sender to show message integrity by encrypting the message with the sender’s public key. Upon receiving the information, the recipient can decrypt the information utilizing the recipient’s non-public key. Reply: C Rationalization: A digital signature is created by the sender to show message integrity by initially utilizing a hashing algorithm to supply a hash worth, or message digest, from the complete message contents. Upon receiving the information, the recipient can independently create its personal message digest from the information for comparability and information integrity validation.
Private and non-private are used to implement confidentiality. Hashing algorithms are used to implement integrity. QUESTION NO: 87 Rationalization: A fingerprint scanner facilitating biometric entry management can present a really excessive diploma of server entry management. QUESTION NO: 88 . What are sometimes the first safeguards for programs software program and information? A. Administrative entry controls B. Logical entry controls C. Bodily entry controls D. Detective entry controls “Go Any Examination. Any Time. ” – www. actualtests. com 38 Ac Reply: D tua A. A mantrap-monitored entryway to the server room B.
Host-based intrusion detection mixed with CCTV C. Community-based intrusion detection D. A fingerprint scanner facilitating biometric entry management lTe .Which of the next would offer the best diploma of server entry management? sts .co m Isaca CISA: Practice Examination Reply: B Rationalization: Logical entry controls are sometimes the first safeguards for programs software program and datA . QUESTION NO: 89 . Which of the next is usually used as a detection and deterrent management towards Web assaults? A. Honeypots B. CCTV C. VPN D. VLAN QUESTION NO: 90 Reply: A
Rationalization: A monitored double-doorway entry system, additionally known as a mantrap or deadman door, is used as a deterrent management for the vulnerability of piggybacking. QUESTION NO: 91 . Which of the next is an efficient technique for controlling downloading of information by way of FTP? Select the BEST reply. A. An application-layer gateway, or proxy firewall, however notstateful inspection firewalls B. An application-layer gateway, or proxy firewall “Go Any Examination. Any Time. ” – www. actualtests. com 39 Ac tua A. A monitored double-doorway entry system B. A monitored turnstile entry system C.
A monitored doorway entry system D. A one-way door that doesn’t enable exit after entry lTe .Which of the next BEST characterizes a mantrap or deadman door, which is used as a deterrent management for the vulnerability of piggybacking? sts .co Rationalization: Honeypots are sometimes used as a detection and deterrent management towards Web assaults. m Reply: A Isaca CISA: Practice Examination C. A circuit-level gateway D. A primary-generation packet-filtering firewall Reply: B Rationalization: Software-layer gateways, or proxy firewalls, are an efficient technique for controlling downloading of information by way of FTP.
As a result of FTP is an OSI application-layer protocol, the simplest firewall must be able to inspecting by means of the appliance layer. QUESTION NO: 92 . Which of the next supplies the strongest authentication for bodily entry management? A. Signal-in logs B. Dynamic passwords C. Key verification D. Biometrics Reply: D .What’s an efficient countermeasure for the vulnerability of knowledge entry operators doubtlessly leaving their computer systems with out logging off? Select the BEST reply. A. Worker safety consciousness coaching B. Administrator alerts C. Screensaver passwords D.
Shut supervision Reply: C Rationalization: Screensaver passwords are an efficient management to implement as a countermeasure for the vulnerability of knowledge entry operators doubtlessly leaving their computer systems with out logging off. QUESTION NO: 94 “Go Any Examination. Any Time. ” – www. actualtests. com Ac tua QUESTION NO: 93 lTe Rationalization: Biometrics can be utilized to offer glorious bodily entry management. sts .co m 40 Isaca CISA: Practice Examination . What can ISPs use to implement inbound site visitors filtering as a management to establish IP packets transmitted from unauthorized sources?
Select the BEST reply. A. OSI Layer 2 switches with packet filtering enabled B. Digital Non-public Networks C. Entry Management Lists (ACL) D. Level-to-Level Tunneling Protocol Reply: C Rationalization: ISPs can use entry management lists to implement inbound site visitors filtering as a management to establish IP packets transmitted from unauthorized sources. Reply: B QUESTION NO: 96 .Which of the next is BEST characterised by unauthorized modification of knowledge earlier than or throughout programs information entry? A. Knowledge diddling B. Skimming C.

Published by
Write
View all posts