Download New Updated (July) Isaca CISA Actual Test 791-800

Ensurepass

 

 

QUESTION 791

Disabling which of the following would make wireless local area networks more secure against unauthorized access?

 

A.

MAC (Media Access Control) address filtering

B.

WPA (Wi-Fi Protected Access Protocol)

C.

LEAP (Lightweight Extensible Authentication Protocol)

D.

SSID (service set identifier) broadcasting

 

Correct Answer: D

Explanation:

Disabling SSID broadcasting adds security by making it more difficult for unauthorized users to find the name of the access point. Disabling MAC address filtering would reduce security. Using MAC filtering makes it more difficult to access a WLAN, because it would be necessary to catch traffic and forge the MAC address. Disabling WPA reduces security. Using WPA adds security by encrypting the traffic. Disabling LEAP reduces security. Using LEAP adds security by encrypting the wireless traffic.

 

 

QUESTION 792

The network of an organization has been the victim of several intruders’ attacks. Which of the following measures would allow for the early detection of such incidents?

 

A.

Antivirus software

B.

Hardening the servers

C.

Screening routers

D.

Honeypots

 

Correct Answer: D

Explanation:

Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks.

 

 

QUESTION 793

To protect a VoIP infrastructure against a denial-of-service (DoS) attack, it is MOST important to secure the:

 

A.

access control servers.

B.

session border controllers.

C.

backbone gateways.

D.

intrusion detection system (IDS).

 

Correct Answer: B

Explanation:

Session border controllers enhance the security in the access network and in the core. In the access network, they hide a user’s real address and provide a managed public address. This public address can be monitored, minimizing the opportunities forscanning and denial-of-service (DoS) attacks. Session border controllers permit access to clients behind firewalls while maintaining the firewall’s effectiveness. In the core, session border controllers protect the users and the network. They hide network topology and users’ real addresses. They can also monitor bandwidth and quality of service. Securing the access control server, backbone gateways and intrusion detection systems (IDSs) does not effectively protect against DoS attacks.

 

 

QUESTION 794

Which of the following satisfies a two-factor user authentication?

 

A.

Iris scanning plus fingerprint scanning

B.

Terminal ID plus global positioning system (GPS)

C.

A smart card requiring the user’s PIN

D.

User ID along with password

 

Correct Answer: C

Explanation:

A smart card addresses what the user has. This is generally used in conjunction with testing what the user knows, e.g., a keyboard password or personal identification number (PIN). Proving who the user is usually requires a biometrics method, such as fingerprint, iris scan or voice verification, to prove biology. This is not a two-factor user authentication, because it proves only who the user is. A global positioning system (GPS) receiver reports on where the user is. The use of an ID and password (what the user knows) is a single- factor user authentication.

 

 

QUESTION 795

Which of the following is a general operating system access control function?

 

A.

Creating database profiles

B.

Verifying user authorization at a field level

C.

Creating individual accountability

D.

Logging database access activities for monitoring access violation

 

Correct Answer: C

Explanation:

Creating individual accountability is the function of the general operating system. Creating database profiles, verifying user authorization at a field level and logging database access activities for monitoring access violations are all database-level access control functions.

 

 

QUESTION 796

Naming conventions for system resources are important for access control because they:

 

A.

ensure that resource names are not ambiguous.

B.

reduce the number of rules required to adequately protect resources.

C.

ensure that user access to resources is clearly and uniquely identified.

D.

ensure that internationally recognized names are used to protect resources.

 

Correct Answer: B

Explanation:

Naming conventions for system resources are important for the efficient administration of security controls. The conventions can be structured, so resources beginning with the same high-level qualifier can be governed by one or more generic rules. This reduces the number of rules required to adequately protect resources, which in turn facilitates security administration and maintenance efforts. Reducing the number of rules required to protect resources allows for the grouping of resources and files by application, which makes it easier to provide access. Ensuring that resource names are not ambiguous cannot be achieved through the use of naming conventions. Ensuring the clear and unique identification of user access to resources is handledby access control rules, not naming conventions. Internationally recognized names are not required to control access to resources. Naming conventions tend to be based on how each organization wants to identify its resources.

 

 

QUESTION 797

With the help of a security officer, granting access to data is the responsibility of:

 

A.

data owners.

B.

programmers.

C.

system analysts.

D.

librarians.

 

Correct Answer: A

Explanation:

Data owners are responsible for the use of datA. Written authorization for users to gain access to computerized information should be provided by the data owners. Security administration with the owners’ approval sets up access rules stipulating which users or group of users are authorized to access data or files and the level of authorized access (e.g., read or update).

 

 

QUESTION 798

A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?

 

A.

Dump the volatile storage data to a disk.

B.

Run the server in a fail-safe mode.

C.

Disconnect the web server from the network.

D.

Shut down the web server.

 

Correct Answer: C

Explanation:

The first action is to disconnect the web server from the network to contain the damage and prevent more actions by the attacker. Dumping the volatile storage data to a disk may be used at the investigation stage but does not contain an attack in progress. To run the server in a fail-safe mode, the server needs to be shut down. Shutting down the server could potentially erase information that might be needed for a forensic investigation or to develop a strategy to prevent future similar attacks.

 

 

QUESTION 799

Which of the following presents an inherent risk with no distinct identifiable preventive controls?

 

A.

Piggybacking

B.

Viruses

C.

Data diddling

D.

Unauthorized application shutdown

 

Correct Answer: C

Explanation:

Data diddling involves changing data before they are entered into the computer. It is one of the most common abuses, because it requires limited technical knowledge and occurs before computer security can protect the datA. There are only compensatingcontrols for data diddling. Piggybacking is the act of following an authorized person through a secured door and can be prevented by the use of deadman doors. Logical piggybacking is an attempt to gain access through someone who has the rights, e.g., electronically attaching to an authorized telecommunication link to possibly intercept transmissions. This could be prevented by encrypting the message. Viruses are malicious program code inserted into another executable code that can self-re plicate and spread from computer to computer via sharing of computer diskettes, transfer of logic over telecommunication lines or direct contact with an infected machine. Antiviral software can be used to protect the computer against viruses. The shutdownof an application can be initiated through terminals or microcomputers connected directly (online) or indirectly (dial-up line) to the computer. Only individuals knowing the high-level logon ID and password can initiate the shutdown process, which iseffective if there are proper access controls.

 

 

QUESTION 800

What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)?

 

A.

The copying of sensitive data on them

B.

The copying of songs and videos on them

C.

The cost of these devices multiplied by all the employees could be high

D.

They facilitate the spread of malicious code through the corporate network

 

Correct Answer: A

Explanation:

The MAIN concern with MP3 players and flash drives is data leakage, especially sensitive information. This could occur if the devices were lost or stolen. The risk when copying songs and videos is copyright infringement, but this is normally aless important risk than information leakage. Choice C is hardly an issue because employees normally buy the portable media with their own funds. Choice D is a possible risk, but not as important as information leakage and can be reduced by other controls.

 

 

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …