Download New Updated (July) Isaca CISA Actual Test 721-730

Ensurepass

 

QUESTION 721

The responsibility for authorizing access to application data should be with the:

 

A.

data custodian.

B.

database administrator (DBA).

C.

data owner.

D.

security administrator.

 

Correct Answer: C

Explanation:

Data owners should have the authority and responsibility for granting access to the data and applications for which they are responsible. Data custodians are responsible only for storing and safeguarding the datA. The database administrator (DBA) isresponsible for managing the database and the security administrator is responsible for implementing and maintaining IS security. The ultimate responsibility for data resides with the data ow
ner.

 

 

QUESTION 722

In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?

 

A.

Nonrepudiation

B.

Encryption

C.

Authentication

D.

Integrity

 

Correct Answer: A

Explanation:

Nonrepudiation, achieved through the use of digital signatures, prevents
the claimed sender from later denying that they generated and sent the message. Encryption may protect the data transmitted over the Internet, but may not prove that the transactions were made. Authentication is necessary to establish the identification of all parties to a communication. Integrity ensures that transactions are accurate but does not provide the identification of the customer.

 

 

QUESTION 723

Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity and traffic on a network and creates a database?

 

A.

Signature-based

B.

Neural networks-based

C.

Statistical-based

D.

Host-based

 

Correct Answer: B

Expla
nation:

The neural networks-based IDS monitors the general patterns of activity and traffic on the network and creates a database. This is similar to the statistical model but has the added function of self-learning. Signature-based systems are a type of IDS in which the intrusive patterns identified are stored in the form of signatures. These IDS systems protect against detected intrusion patterns. Statistical-based systems need a comprehensive definition of the known and expected behavior of systems. Host-based systems are not a type of IDS, but a category of IDS, and are configured for a specific environment. They will monitor various internal resources of the operating system to warn of a possible attack.

 

 

QUESTION 724

Two-factor authentication can be circumvented through which of the following attacks?

 

A.

Denial-of-service

B.

Man-in-the-middle

C.

Key logging

D.

Brute force

 

Correct Answer: B

Explanation:

A man-in-the-middle attack is similar to piggybacking, in that the attacker pretends to be the legitimate destination, and then merely retransmits whatever is sent by the authorized user along with additional transactions after authentication has been accepted. A denial-of- service attack does not have a relationship to authentication. Key logging and brute force could circumvent a normal authentication but not a two-factor authentication.

 

 

QUESTION 725

Which of the following is a benefit of using a callback device?

 

A.

Provides an audit trail

B.

Can be used in a switchboard environment

C.

Permits unlimited user mobility

D.

Allows call forwarding

 

Correct Answer: A

Explanation:

A callback feature hooks into the access control software and logs all authorized and unauthorized access attempts, permitting the follow-up and further review of potential breaches. Call forwarding (choice D) is a means of potentially bypassing callback control. By dialing through an authorized phone number from an unauthorized phone number, a perpetrator can gain computer access. This vulnerability can be controlled through callback systems that are available.

 

 

QUESTION 726

When installing an intrusion detection system (IDS), which of the following is MOST important?

 

A.

Properly locating it in the network architecture

B.

Preventing denial-of-service (DoS) attacks

C.

Identifying messages that need to be quarantined

D.

Minimizing the rejection errors

 

Correct Answer: A

Explanation:

Proper location of an intrusion detection system (IDS) in the network is the most important decision during installation. A poorly located IDS could leave key areas of the network unprotected. Choices B, C and D are concerns during the configuration of an IDS, but if the IDS is not placed correctly, none of them would be adequately addressed.

 

 

QUESTION 727

Which of the following encryption techniques will BEST protect a wireless network from a man-in-the-middle attack?

 

A.

128-bit wired equivalent privacy (WEP)

B.

MAC-basedpre-sharedkey(PSK)

C.

Randomly generated pre-shared key (PSKJ

D.

Alphanumeric service set identifier (SSID)

 

Correct Answer: C

Explanation:

A randomly generated PSK is stronger than a MAC-based PSK, because the MAC address of a computer is fixed and often accessible. WEP has been shown to be a very weak encryption technique and can be cracked within minutes. The SSID is broadcast on the wireless network in plaintext.

 

 

QUESTION 728

Which of the following concerns associated with the World Wide Web would be addressed by a firewall?

 

A.

Unauthorized access from outside the organization

B.

Unauthorized access from within the organization

C.

A delay in Internet connectivity

D.

A delay in downloading using File Transfer Protocol (FTP)

 

Correct Answer: A

Explanation:

Firewalls are meant to prevent outsiders from gaining access to an organization’s computer systems through the internet gateway. They form a barrier with the outside world, but are not intended to address access by internal users; they are more likely to cause delays than address such concerns.

 

 

QUESTION 729

Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?

 

A.

The buyer is assured that neither the merchant nor any other party can misuse their credit card data.

B.

All personal SET certificates are stored securely in the buyer’s computer.

C.

The buyer is liable for any transaction involving his/her personal SET certificates.

D.

The payment process is simplified, as the buyer is not required to enter a credit card number and an expiration date.

 

Correct Answer: C

Explanation:

The usual agreement between the credit card issuer and the cardholder stipulates that the cardholder assumes responsibility for any use of their personal SET certificates for e- commerce transactions. Depending upon the agreement between the merchant and the buyer’s credit card issuer, the merchant will have access to the credit card number and expiration date. Secure data storage in the buyer’s computer (local computer security) is not part of the SET standard. Although the buyer is not required to enter their credit card data, they will have to handle the wallet software.

 

 

QUESTION 730

An IS auditor has completed a network audit. Which of the following is the MOST significant logical security finding?

 

A.

Network workstations are not disabled automatically after a period of inactivity.

B.

Wiring closets are left unlocked

C.

Network operating manuals and documentation are not properly secured.

D.

Network components are not equipped with an uninterruptible power supply.

 

Correct Answer: A

Explanation:

Choice A is the only logical security finding. Network logical security controls should be in place to restrict, identify, and report authorized and unauthorized users of the network. Disabling inactive workstations restricts users of the network. Choice D is an environmental issue and choices B and C are physical security issues. Choices B, C and D should be reported to the appropriate entity.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …