67%.CISA Second Pass Quiz.Protection of Information Assets
Which of the following is the BEST control to mitigate the risk of pharming attacks to an Internet banking application? User registration and password policies User security awareness Use of intrusion detection/intrusion prevention systems Domain name system server security hardening
Domain name system server security hardening
The IS management of a multinational company is considering upgrading its existing virtual private network to support Voice-over Internet Protocol communication via tunneling. Which of the following considerations should be PRIMARILY addressed? Reliability and quality of service Means of authentication Privacy of voice transmissions Confidentiality of data transmissions
Reliability and quality of service
Which of the following types of firewalls would BEST protect a network from an Internet attack? Screened subnet firewall Application filtering gateway Packet filtering router Circuit-level gateway
Screened subnet firewall
Which of the following is an effective preventive control to ensure that a database administrator complies with the custodianship of the enterprise's data? Exception reports Segregation of duties Review of access logs and activities Management supervision
Segregation of duties
Which of the following components is responsible for the collection of data in an intrusion detection system? Analyzer Administration console User interface Sensor
Sensor
Which of the following intrusion detection systems will MOST likely generate false alarms resulting from normal network activity? Statistical-based Signature-based Neural network Host-based
Statistical-based
A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment? Reviewing logs frequently Testing and validating the rules Training a local administrator at the new location Sharing firewall administrative duties
Testing and validating the rules
An organization is planning to deploy an outsourced cloud-based application that is used to track job applicant data for the human resources department. Which of the following should be the GREATEST concern to an IS auditor? The service level agreement (SLA) ensures strict limits for uptime and performance. The cloud provider will not agree to an unlimited right-to-audit as part of the SLA. The SLA is not explicit regarding the disaster recovery plan capabilities of the cloud provider. The cloud provider's data centers are in multiple cities and countries.
The cloud provider's data centers are in multiple cities and countries.
When planning an audit of a network setup, an IS auditor should give HIGHEST priority to obtaining which of the following network documentation? Wiring and schematic diagram Users' lists and responsibilities Application lists and their details Backup and recovery procedures
Wiring and schematic diagram
A Transmission Control Protocol/Internet Protocol (TCP/IP)-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? Work is completed in tunnel mode with IP security. A digital signature with RSA has been implemented. Digital certificates with RSA are being used. Work is being completed in TCP services.
Work is completed in tunnel mode with IP security.
The GREATEST benefit of having well-defined data classification policies and procedures is: a more accurate inventory of information assets. a decreased cost of controls. a reduced risk of inappropriate system access. an improved regulatory compliance.
a decreased cost of controls.
Neural networks are effective in detecting fraud because they can: discover new trends because they are inherently linear. solve problems where large and general sets of training data are not obtainable. address problems that require consideration of a large number of input variables. make assumptions about the shape of any curve relating variables to the output.
address problems that require consideration of a large number of input variables.
The implementation of access controls FIRST requires: a classification of IS resources. the labeling of IS resources. the creation of an access control list. an inventory of IS resources.
an inventory of IS resources.
During an access control review for a mainframe application, an IS auditor discovers user security groups without designated owners. The PRIMARY reason that this is a concern to the IS auditor is that without ownership, there is no one with clear responsibility for: updating group metadata. reviewing existing user access. approval of user access. removing terminated users.
approval of user access.
Which of the following choices is the MOST effective control that should be implemented to ensure accountability for application users accessing sensitive data in the human resource management system (HRMS) and among interfacing applications to the HRMS? Two-factor authentication A digital certificate Audit trails Single sign-on authentication
Audit trails
Which of the following public key infrastructure (PKI) elements describes procedure for disabling a compromised private key? Certificate revocation list Certification practice statement Certificate policy PKI disclosure statement
Certification practice statement
While auditing an internally developed web application, an IS auditor determines that all business users share a common access profile. Which of the following is the MOST relevant recommendation to prevent the risk of unauthorized data modification? Enable detailed logging of user actions. Customize user access profiles per job responsibility. Enforce strong password policy for all accounts. Implement regular access rights review.
Customize user access profiles per job responsibility.
Which of the following is the BEST way to minimize unauthorized access to unattended end-user PC systems? Enforce use of a password-protected screen saver Implement proximity-based authentication system Terminate user session at predefined intervals Adjust power management settings so the monitor screen is blank
Enforce use of a password-protected screen saver
Which of the following would be an indicator of the effectiveness of a computer security incident response team? Financial impact per security incident Number of security vulnerabilities that were patched Percentage of business applications that are being protected Number of successful penetration tests
Financial impact per security incident
Which of the following BEST ensures the integrity of a server's operating system? Protecting the server in a secure location Setting a boot password Hardening the server configuration Implementing activity logging
Hardening the server configuration
Which of the following functions is performed by a virtual private network? Hiding information from sniffers on the net Enforcing security policies Detecting misuse or mistakes Regulating access
Hiding information from sniffers on the net
An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access? Implement Wired Equivalent Privacy. Permit access to only authorized media access control addresses. Disable open broadcast of service set identifiers. Implement Wi-Fi Protected Access 2.
Implement Wi-Fi Protected Access 2.
Which of the following is the MOST significant function of a corporate public key infrastructure and certificate authority employing X.509 digital certificates? It provides the public/private key set for the encryption and signature services used by email and file space. It binds a digital certificate and its public key to an individual subscriber's identity. It provides the authoritative source for employee identity and personal details. It provides the authoritative authentication source for object access.
It binds a digital certificate and its public key to an individual subscriber's identity.
Which of the following BEST describes the role of a directory server in a public key infrastructure? Encrypts the information transmitted over the network Makes other users' certificates available to applications Facilitates the implementation of a password policy Stores certificate revocation lists
Makes other users' certificates available to applications
Two-factor authentication can be circumvented through which of the following attacks? Denial-of-service Man-in-the-middle Key logging Brute force
Man-in-the-middle
Which of the following features of a public key infrastructure is MOST closely associated with proving that an online transaction was authorized by a specific customer? Nonrepudiation Encryption Authentication Integrity
Nonrepudiation
Which of the following is the BEST control to prevent the deletion of audit logs by unauthorized individuals in an organization? Actions performed on log files should be tracked in a separate log. Write access to audit logs should be disabled. Only select personnel should have rights to view or delete audit logs. Backups of audit logs should be performed periodically.
Only select personnel should have rights to view or delete audit logs.
An organization is proposing to establish a wireless local area network (WLAN). Management asks the IS auditor to recommend security controls for the WLAN. Which of the following would be the MOST appropriate recommendation? Physically secure wireless access points to prevent tampering. Use service set identifiers that clearly identify the organization. Encrypt traffic using the Wired Equivalent Privacy mechanism. Implement the Simple Network Management Protocol to allow active monitoring.
Physically secure wireless access points to prevent tampering.
Which of the following findings would be of GREATEST concern to an IS auditor during a review of logical access to an application? Some developers have update access to production data. The file storing the application ID password is in cleartext in the production code. The change control team has knowledge of the application ID password. The application does not enforce the use of strong passwords.
The file storing the application ID password is in cleartext in the production code.
In wireless communication, which of the following controls allows the receiving device to verify that the received communications have not been altered in transit? Device authentication and data origin authentication Wireless intrusion detection and intrusion prevention systems The use of cryptographic hashes Packet headers and trailers
The use of cryptographic hashes
Which of the following choices BEST helps information owners to properly classify data? Understanding of technical controls that protect data Training on organizational policies and standards Use of an automated data leak prevention tool Understanding which people need to access the data
Training on organizational policies and standards
What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks? Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. The contingency plan for the organization cannot effectively test controlled access practices. Access cards, keys and pads can be easily duplicated allowing easy compromise of the control. Removing access for those who are no longer authorized is complex.
Unauthorized individuals wait for controlled doors to open and walk in behind those authorized.
Which of the following controls would BEST detect intrusion? User IDs and user privileges are granted through authorized procedures. Automatic logoff is used when a workstation is inactive for a particular period of time. Automatic logoff of the system occurs after a specified number of unsuccessful attempts. Unsuccessful logon attempts are monitored by the security administrator.
Unsuccessful logon attempts are monitored by the security administrator.
When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated? Using a cryptographic hashing algorithm Enciphering the message digest Calculating a checksum of the transaction Using a sequence number and time stamp
Using a sequence number and time stamp
Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems? Proxy server Firewall installation Demilitarized zone Virtual private network
Virtual private network
In transport mode, the use of the Encapsulating Security Payload protocol is advantageous over the authentication header protocol because it provides: connectionless integrity. data origin authentication. antireplay service. confidentiality.
confidentiality.
The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when: connecting points are available in the facility to connect laptops to the network. users take precautions to keep their passwords confidential. terminals with password protection are located in insecure locations. terminals are located within the facility in small clusters under the supervision of an administrator.
connecting points are available in the facility to connect laptops to the network.
An IS auditor performing detailed network assessments and access control reviews should FIRST: determine the points of entry into the network. evaluate users' access authorization. assess users' identification and authorization. evaluate the domain-controlling server configuration.
determine the points of entry into the network.
The FIRST step in data classification is to: establish ownership. perform a criticality analysis. define access rules. create a data dictionary.
establish ownership.
An IS auditor reviewing access controls for a client-server environment should FIRST: evaluate the encryption technique. identify the network access points. review the identity management system. review the application level access controls.
identify the network access points.
To ensure that an organization is complying with privacy requirements, an IS auditor should FIRST review: the IT infrastructure. organizational policies, standards and procedures. legal and regulatory requirements. adherence to organizational policies, standards and procedures.
legal and regulatory requirements.
The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called: data integrity. authentication. nonrepudiation. replay protection.
nonrepudiation.
A benefit of quality of service is that the: entire network's availability and performance will be significantly improved. telecom carrier will provide the company with accurate service-level compliance reports. participating applications will have bandwidth guaranteed. communications link will be supported by security controls to perform secure online transactions.
participating applications will have bandwidth guaranteed.
An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice: reduces the risk of unauthorized access to the network. is not suitable for small networks. automatically provides an IP address to anyone. increases the risk associated with Wireless Encryption Protocol.
reduces the risk of unauthorized access to the network.
Email message authenticity and confidentiality is BEST achieved by signing the message using the: sender's private key and encrypting the message using the receiver's public key. sender's public key and encrypting the message using the receiver's private key. receiver's private key and encrypting the message using the sender's public key. receiver's public key and encrypting the message using the sender's private key.
sender's private key and encrypting the message using the receiver's public key.
A digital signature contains a message digest to: show if the message has been altered after transmission. define the encryption algorithm. confirm the identity of the originator. enable message transmission in a digital format.
show if the message has been altered after transmission.
he MAIN reason for requiring that all computer clocks across an organization are synchronized is to: prevent omission or duplication of transactions. ensure smooth data transition from client machines to servers. ensure that email messages have accurate time stamps. support the incident investigation process.
support the incident investigation process.
When reviewing the configuration of network devices, an IS auditor should FIRST identify: the good practices for the type of network devices deployed. whether components of the network are missing. the importance of the network devices in the topology. whether subcomponents of the network are being used appropriately.
the importance of the network devices in the topology.
The cryptographic hash sum of a message is recalculated by the receiver. This is to ensure: the confidentiality of the message. nonrepudiation by the sender. the authenticity of the message. the integrity of data transmitted by the sender.
the integrity of data transmitted by the sender.
When using public key encryption to secure data being transmitted across a network: both the key used to encrypt and decrypt the data are public. the key used to encrypt is private, but the key used to decrypt the data is public. the key used to encrypt is public, but the key used to decrypt the data is private. both the key used to encrypt and decrypt the data are private.
the key used to encrypt is public, but the key used to decrypt the data is private.
An IS auditor reviewing a cloud computing environment that is managed by a third party should be MOST concerned when: the organization is not permitted to assess the controls in the participating vendor's site. the service level agreement does not address the responsibility of the vendor in the case of a security breach. laws and regulations are different in the countries of the organization and the vendor. the organization is using an older version of a browser and is vulnerable to certain types of security risk.
the service level agreement does not address the responsibility of the vendor in the case of a security breach.
Java applets and Active X controls are distributed programs that execute in the background of a client web browser. This practice is considered reasonable when: a firewall exists. a secure web connection is used. the source of the executable file is certain. the host web site is part of the organization.
the source of the executable file is certain.
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: the users may not remember to manually encrypt the data before transmission. the site credentials were sent to the financial services company via email. personnel at the consulting firm may obtain access to sensitive data. the use of a shared user ID to the FTP site does not allow for user accountability.
the users may not remember to manually encrypt the data before transmission.
A cyclic redundancy check is commonly used to determine the: accuracy of data input. integrity of a downloaded program. adequacy of encryption. validity of data transfer.
validity of data transfer.
