• Home
  • Articles
  • CISA Certification Overview - [Jun 02, 2024] Latest CISA PDF Dumps [Q206-Q229]

CISA Certification Overview - [Jun 02, 2024] Latest CISA PDF Dumps [Q206-Q229]

Share

CISA Certification Overview - [Jun 02, 2024] Latest CISA PDF Dumps

The Best ISACA CISA Study Guides and Dumps of 2024

NEW QUESTION # 206
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:

  • A. sender's public key and encrypting the message using the receiver's private key.
  • B. receiver's public key and encrypting the message using the sender's private key.
  • C. receiver's private key and encrypting the message using the sender's public key.
  • D. sender's private key and encrypting the message using the receiver's public key.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
By signing the message with the sender's private key, the receiver can verify its authenticity using the sender's public key. By encrypting the message with the receiver's public key, only the receiver can decrypt the message using their own private key. The receiver's private key is confidential and, therefore, unknown to the sender. Messages encrypted using the sender's private key can be read by anyone with the sender's public key.


NEW QUESTION # 207
In which of the following transmission media it is MOST difficult to modify the information traveling across the network?

  • A. Fiber Optics
  • B. Coaxial cable
  • C. Copper cable
  • D. Satellite Radio Link

Answer: A

Explanation:
Explanation/Reference:
Fiber optics cables are used for long distance, hard to splice, not vulnerable to cross talk and difficult to tap. It supports voice data, image and video.
For your exam you should know below information about transmission media:
Copper Cable
Copper cable is very simple to install and easy to tap. It is used mostly for short distance and supports voice and data.
Copper has been used in electric wiring since the invention of the electromagnet and the telegraph in the
1820s.The invention of the telephone in 1876 created further demand for copper wire as an electrical conductor.
Copper is the electrical conductor in many categories of electrical wiring. Copper wire is used in power generation, power transmission, power distribution, telecommunications, electronics circuitry, and countless types of electrical equipment. Copper and its alloys are also used to make electrical contacts.
Electrical wiring in buildings is the most important market for the copper industry. Roughly half of all copper mined is used to manufacture electrical wire and cable conductors.
Copper Cable

Coaxial cable
Coaxial cable, or coax (pronounced 'ko.aks), is a type of cable that has an inner conductor surrounded by a tubular insulating layer, surrounded by a tubular conducting shield. Many coaxial cables also have an insulating outer sheath or jacket. The term coaxial comes from the inner conductor and the outer shield sharing a geometric axis. Coaxial cable was invented by English engineer and mathematician Oliver Heaviside, who patented the design in 1880.Coaxial cable differs from other shielded cable used for carrying lower-frequency signals, such as audio signals, in that the dimensions of the cable are controlled to give a precise, constant conductor spacing, which is needed for it to function efficiently as a radio frequency transmission line.
Coaxial cable is expensive and does not support many LAN's. It supports data and video.
Coaxial Cable

Fiber optics
An optical fiber cable is a cable containing one or more optical fibers that are used to carry light. The optical fiber elements are typically individually coated with plastic layers and contained in a protective tube suitable for the environment where the cable will be deployed. Different types of cable are used for different applications, for example long distance telecommunication, or providing a high-speed data connection between different parts of a building.
Fiber optics used for long distance, hard to splice, not vulnerable to cross talk and difficult to tap. It supports voice data, image and video.
Radio System
Radio systems are used for short distance, cheap and easy to tap.
Radio is the radiation (wireless transmission) of electromagnetic signals through the atmosphere or free space.
Information, such as sound, is carried by systematically changing (modulating) some property of the radiated waves, such as their amplitude, frequency, phase, or pulse width. When radio waves strike an electrical conductor, the oscillating fields induce an alternating current in the conductor. The information in the waves can be extracted and transformed back into its original form.
Fiber Optics

Microwave radio system
Microwave transmission refers to the technology of transmitting information or energy by the use of radio waves whose wavelengths are conveniently measured in small numbers of centimeter; these are called microwaves.
Microwaves are widely used for point-to-point communications because their small wavelength allows conveniently-sized antennas to direct them in narrow beams, which can be pointed directly at the receiving antenna. This allows nearby microwave equipment to use the same frequencies without interfering with each other, as lower frequency radio waves do. Another advantage is that the high frequency of microwaves gives the microwave band a very large information-carrying capacity; the microwave band has a bandwidth 30 times that of all the rest of the radio spectrum below it. A disadvantage is that microwaves are limited to line of sight propagation; they cannot pass around hills or mountains as lower frequency radio waves can.
Microwave radio transmission is commonly used in point-to-point communication systems on the surface of the Earth, in satellite communications, and in deep space radio communications. Other parts of the microwave radio band are used for radars, radio navigation systems, sensor systems, and radio astronomy.
Microwave radio systems are carriers for voice data signal, cheap and easy to tap.
Microwave Radio System

Satellite Radio Link
Satellite radio is a radio service broadcast from satellites primarily to cars, with the signal broadcast nationwide, across a much wider geographical area than terrestrial radio stations. It is available by subscription, mostly commercial free, and offers subscribers more stations and a wider variety of programming options than terrestrial radio.
Satellite radio link uses transponder to send information and easy to tap.
The following answers are incorrect:
Copper Cable- Copper cable is very simple to install and easy to tap. It is used mostly for short distance and supports voice and data.
Satellite Radio Link - Satellite radio link uses transponder to send information and easy to tap.
Coaxial cable - Coaxial cable are expensive and does not support many LAN's. It supports data and video The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 265


NEW QUESTION # 208
An IS auditor is providing input to an RFP to acquire a financial application system. Which of the following is MOST important for the auditor to recommend?

  • A. Audit trails should be included in the design.
  • B. The application should meet the organization's requirements.
  • C. Vendor employee background checks should be conducted regularly.
  • D. Potential suppliers should have experience in the relevant area.

Answer: A


NEW QUESTION # 209
Which of the following BEST indicates that an incident management process is effective?

  • A. Decreased number of calls to the help desk
  • B. Decreased time for incident resolution
  • C. increased number of incidents reviewed by IT management
  • D. Increased number of reported critical incidents

Answer: B


NEW QUESTION # 210
When reviewing IS strategies, an IS auditor can BEST assess whether IS strategy supports the organizations' business objectives by determining if IS:

  • A. has sufficient excess capacity to respond to changing directions.
  • B. uses its equipment and personnel efficiently and effectively.
  • C. plans are consistent with management strategy.
  • D. has all the personnel and equipment it needs.

Answer: C

Explanation:
Determining if the IS plan is consistent with management strategy relates IS/IT planning to business plans. Choices A, C and D are effective methods for determining the alignment of IS plans with business objectives and the organization's strategies.


NEW QUESTION # 211
An IS auditor is observing transaction processing and notes that a high-priority update job ran out of
sequence. What is the MOST significant risk from this observation?

  • A. Previous jobs may have failed.
  • B. Daily schedules may not be accurate.
  • C. The job may not have run to completion.
  • D. The job competes with invalid data.

Answer: D

Explanation:
Section: The process of Auditing Information System


NEW QUESTION # 212
Which of the following are valid choices for the Apache/SSL combination (choose all that apply):

  • A. the mod_ssl module
  • B. third-party SSL patches
  • C. None of the choices.
  • D. the Apache-SSL project
  • E. the mod_css module

Answer: A,B,D

Explanation:
Explanation/Reference:
Explanation:
On Linux you have Apache which is supposed to be a safer choice of web service. In fact you have several choices for the Apache/SSL combination, such as the Apache-SSL project (www.apache-ssl.org) using third-party SSL patches, or have Apache compiled with the mod_ssl module.


NEW QUESTION # 213
Which of the following security testing techniques is MOST effective in discovering unknown malicious attacks?

  • A. Reverse engineering
  • B. Vulnerability testing
  • C. Sandboxing
  • D. Penetration testing

Answer: B


NEW QUESTION # 214
Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?

  • A. Privacy training and awareness program for employees
  • B. Industry practice and regulatory compliance guidance
  • C. Policies and procedures consistent with privacy guidelines
  • D. Information security and incident management practices

Answer: B


NEW QUESTION # 215
Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?

  • A. Present the issue to executive management.
  • B. Accept management's decision and continue the follow-up.
  • C. Report the issue to IS audit management.
  • D. Report the disagreement to the board.

Answer: C

Explanation:
Explanation
Prior to a follow-up engagement, if an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation, the IS auditor should report the issue to IS audit management. This is because IS audit management is responsible for ensuring that audit findings are properly communicated and resolved. Accepting management's decision and continuing the follow-up would not address the IS auditor's concern. Reporting the disagreement to the board or executive management would be premature and inappropriate without consulting IS audit management first. References: CISA Review Manual (Digital Version), Chapter 1, Section 1.6


NEW QUESTION # 216
A CFO has requested an audit of IT capacity management due to a series of finance system slowdowns during month-end reporting. What would be MOST important to consider before including this audit in the program?

  • A. Whether the system's performance poses a significant risk to the organization
  • B. Whether system delays result in more frequent use of manual processing
  • C. Whether stakeholders are committed to assisting with the audit
  • D. Whether internal auditors have the required skills to perform the audit

Answer: A


NEW QUESTION # 217
.Which of the following is MOST is critical during the business impact assessment phase of business continuity planning?

  • A. IS auditing involvement
  • B. End-user involvement
  • C. Security administration involvement
  • D. Senior management involvement

Answer: B

Explanation:
End-user involvement is critical during the business impact assessment phase of business continuity planning.


NEW QUESTION # 218
When reviewing an organization's IT governance processes, which of the following provides the BEST Indication tut Information security expectations are being met at all levels?

  • A. Utilization of an internationally recognised security standard
  • B. Implementation of a comprehensive security awareness program
  • C. Approval of the security program by senior management
  • D. Achievement of established security metrics

Answer: C


NEW QUESTION # 219
Which of the following terms refers to systems designed to detect and prevent the unauthorized
transmission of information from the computer systems of an organization to outsiders?

  • A. ILR&D
  • B. ICT&P
  • C. ILD&P
  • D. ILP&C
  • E. None of the choices.

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
Information Leakage Detection and Prevention (ILD&P) is a computer security term referring to systems
designed to detect and prevent the unauthorized transmission of information from the computer systems of
an organization to outsiders. Network ILD&P are gateway-based systems installed on the organization's
internet network connection and analyze network traffic to search for unauthorized information
transmissions. Host Based ILD&P systems run on end-user workstations to monitor and control access to
physical devices and access information before it has been encrypted.


NEW QUESTION # 220
At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?

  • A. The employee who deletes temporary files from the local PC, after usage, is authorized to maintain PCs.
  • B. The usage of the handheld computers is allowed by the hospital policy.
  • C. Timely synchronization is ensured by policies and procedures.
  • D. The handheld computers are properly protected to prevent loss of data confidentiality, in case of theft or loss.

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation
Explanation:
Data confidentiality is a major requirement of privacy regulations. Choices B, C and D relate to internal security requirements, and are secondary when compared to compliance with data privacy laws.


NEW QUESTION # 221
In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as:

  • A. spynets
  • B. botnets
  • C. wormnets
  • D. trojannets
  • E. rootnets
  • F. backdoor

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
In order to coordinate the activity of many infected computers, attackers are used coordinating systems known as botnets. In a botnet, the malware or mailbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.


NEW QUESTION # 222
Which of the following is an advantage of prototyping?

  • A. Prototype systems can provide significant time and cost savings.
  • B. Change control is often less complicated with prototype systems.
  • C. The finished system normally has strong internal controls.
  • D. it ensures that functions or extras are not added to the intended system.

Answer: A


NEW QUESTION # 223
Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?

  • A. Reviewing the actual procedures
  • B. Interviewing the firewall administrator
  • C. Reviewing the parameter settings
  • D. Reviewing the system log

Answer: A


NEW QUESTION # 224
Which of the following would BEST enable effective IT resource management?

  • A. Automating business processes
  • B. Establishing business priorities
  • C. Outsourcing IT processes and activities
  • D. Assessing the risk associated with IT resources

Answer: B


NEW QUESTION # 225
Which of the following should be of GREATEST concern to an |$ auditor reviewing data conversion and migration during the implementation of a new application system?

  • A. Backups of the old system and data are not available online
  • B. Unauthorized data modifications occurred during conversion,
  • C. Data conversion was performed using manual processes
  • D. The change management process was not formally documented

Answer: B

Explanation:
Explanation
The finding that should be of greatest concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system is that unauthorized data modifications occurred during conversion. Data conversion and migration is a process that involves transferring data from one system to another, ensuring its accuracy, completeness, integrity, and usability. Unauthorized data modifications during conversion can result in data loss, corruption, inconsistency, or duplication, which can affect the functionality, performance, reliability, and security of the new system. Unauthorized data modifications can also have serious business implications, such as affecting decision making, reporting, compliance, customer service, and revenue. The IS auditor should verify that adequate controls are in place to prevent, detect, and correct unauthorized data modifications during conversion, such as access control, data validation, reconciliation, audit trail, and backup and recovery. The other findings (A, B and D) are less concerning, as they can be mitigated by documenting the change management process, restoring the backups of the old system and data from offline storage, or automating the data conversion process. References: CISA Review Manual (Digital Version), Chapter 3: Information Systems Acquisition, Development & Implementation, Section 3.4: System Implementation


NEW QUESTION # 226
An IS auditor is planning on utilizing attribute sampling to determine the error rate for health care claims processed. Which of the following factors will cause the sample size to decrease?

  • A. Tolerable error rate increase
  • B. Expected error rate increase
  • C. Acceptable risk level decrease
  • D. Population size increase

Answer: A


NEW QUESTION # 227
Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?

  • A. Ensure corrected program code is compiled in a dedicated server.
  • B. Ensure programmers cannot access code after the completion of program edits.
  • C. Ensure change management reports are independently reviewed.
  • D. Ensure the business signs off on end-to-end user acceptance test results.

Answer: A

Explanation:
Section: Information System Operations, Maintenance and Support


NEW QUESTION # 228
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?

  • A. Multiple cycles of backup files remain available.
  • B. Within the enterprise, a clear policy for using e-mail ensures that evidence is available.
  • C. Access controls establish accountability for e-mail activity.
  • D. Data classification regulates what information should be communicated via e-mail.

Answer: A

Explanation:
Backup files containing documents that supposedly have been deleted could be recovered from these files. Access controls may help establish accountability for the issuance of a particular document, but this does not provide evidence of the e-mail. Data classification standards may be in place with regards to what should be communicated via e-mail, but the creation of the policy does not provide the information required for litigation purposes.


NEW QUESTION # 229
......

Valid CISA Exam Updates - 2024 Study Guide: https://itcert-online.newpassleader.com/ISACA/CISA-exam-preparation-materials.html

Related Articles

more
ISACA CISA Certification Practice Exam