Ensurepass

 

QUESTION 201

Digital signatures require the sender to “sign” the data by encrypting the data with the sender’s public key, to then be decrypted by the recipient using the recipient’s private key.

True or false?

 

A.

False

B.

True

 

Correct Answer: B

Explanation:

Digital signatures require the sender to “sign” the data by encrypting the data with the sender’s private key, to then be decrypted by the recipient using the sender’s public key.

 

 

QUESTION 202

What uses questionnaires to lead the user through a series of choices to reach a conclusion? Choose the BEST answer.

 

A.

Logic trees

B.

Decision trees

C.

Decision algorithms

D.

Logic algorithms

 

Correct Answer: B

Explanation:

Decision trees use questionnaires to lead the user through a series of choices to reach a conclusion.

 

 

QUESTION 203

________________ (fill in the blank) should be implemented as early as data preparation to support data integrity at the earliest point possible.

 

A.

Control totals

B.

Authentication controls

C.

Parity bits

D.

Authorization controls

 

Correct Answer: A

Explanation:

Control totals should be implemented as early as data preparation to support data integrity at the earliest point possible.

 

 

QUESTION 204

Which of the following BEST characterizes a mantrap or deadman door, which is used as a deterrent control for the vulnerability of piggybacking?

 

A.

A monitored double-doorway entry system

B.

A monitored turnstile entry system

C.

A monitored doorway entry system

D.

A one-way door that does not allow exit after entry

 

Correct Answer: A

Explanation:

A monitored double-doorway entry system, also referred to as a mantrap or deadman door, is used as a deterrent control for the vulnerability of piggybacking.

 

 

QUESTION 205

When reviewing print systems spooling, an IS auditor is MOST concerned with which of the following vulnerabilities?

 

A.

The potential for unauthorized deletion of report copies

B.

The potential for unauthorized modification of report copies

C.

The potential for unauthorized printing of report copies

D.

The potential for unauthorized editing of report copies

 

Correct Answer: C

Explanation:

When reviewing print systems spooling, an IS auditor is most concerned with the potential for unauthorized printing of report copies.

 

 

QUESTION 206

What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST answer.

 

A.

Accuracy check

B.

Completeness check

C.

Reasonableness check

D.

Redundancy check

 

Correct Answer: C

Explanation:

A reasonableness check is a data validation edit control that matches input data to an occurrence rate.

 

 

 

 

 

 

QUESTION 207

In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:

 

A.

registration authority (RA).

B.

issuing certification authority (CA).

C.

subject CA.

D.

policy management authority.

 

Correct Answer: A

Explanation:

A RA is an entity that is responsible for identification and authentication of certificate subjects, but the RA does not sign or issue certificates. The certificate subject usually interacts with the RA for completing the process of subscribing to the services of the certification authority in terms of getting identity validated with standard identification documents, as detailed in the certificat
e policies of the CA. In the context of a particular certificate, the issuing CA is the CA that issued the certificate. In the context of a particular CA certificate, the subject CA is the CA whose public key is certified in the certificate.

 

 

QUESTION 208

Which of the following is a data validation edit and control?

 

A.

Hash totals

B.

Reasonableness checks

C.

Online access controls

D.

Before and after image reporting

 

Correct Answer: B

Explanation:

A reasonableness check is a data validation edit and control, used to ensure that data conforms to predetermined criteriA.

 

 

QUESTION 209

In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized?

 

A.

The data should be deleted and overwritten with binary 0s.

B.

The data should be demagnetized.

C.

The data should be low-level formatted.

D.

The data should be deleted.

 

Correct Answer: B

Explanation:

To properly protect against unauthorized disclosure of sensitive data, hard disks should be demagnetized before disposal or release.

 

 

QUESTION 210

What is a common vulnerability, allowing denial-of-service attacks?

 

A.

Assigning access to users according to the principle of least privilege

B.

Lack of employee awareness of organizational security policies

C.

Improperly configured routers and router access lists

D.

Configuring firewall access rules

 

Correct Answer: C

Explanation:

Improperly configured routers and router access lists are a common vulnerability for denial-of-service attacks.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.