Ensurepass

 

QUESTION 21

What are trojan horse programs? Choose the BEST answer.

 

A.

A common form of internal attack

B.

Malicious programs that require the aid of a carrier program such as email

C.

Malicious programs that can run independently and can propagate without the aid of a carrier program such as email

D.

A common form of Internet attack

 

Correct Answer: D

Explanation:

Trojan horse programs are a common form of Internet attack.

 

 

QUESTION 22

What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management? Choose the BEST answer.

 

A.

The software can dynamically readjust network traffic capabilities based upon current usage.

B.

The software produces nice reports that really impress management.

C.

It allows users to properly allocate resources and ensure continuous efficiency of operations.

D.

It allows management to properly allocate resources and ensure continuous efficiency of operations.

 

Correct Answer: D

Explanation:

Using capacity-monitoring
software to monitor usage patterns and trends enables management to properly allocate resources and ensure continuous efficiency of operations.

 

 

QUESTION 23

To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following? Choose the BEST answer.

 

A.

The business objectives of the organization

B.

The effect of segregation of duties on internal controls

C.

The point at which controls are exercised as data flows through the system

D.

Organizational control policies

 

Correct Answer: C

Explanation:

When evaluating the collective effect of preventive, detective, or corrective controls within a process, an IS auditor should be aware of the point at which controls are exercised as data flows through the system.

 

 

QUESTION 24

Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?

 

A.

Failing to perform user acceptance testing

B.

Lack of user training for the new system

C.

Lack of software documentation and run manuals

D.

Insufficient unit, module, and systems testing

 

Correct Answer: A

Explanation:

Above almost all other concerns, failing to perform user acceptance testing often results in the greatest negative impact on the implementation of new application software.

 

 

 

 

 

 

QUESTION 25

Ensuring that security and control policies support business and IT objectives is a primary objective of:

 

A.

An IT security policies audit

B.

A processing audit

C.

A software audit

D.

A vulnerability assessment

 

Correct Answer: A

Explanation:

Ensuring that security and control policies support business and IT objectives is a primary objective of an IT security policies audit.

 

 

QUESTION 26

To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:

 

A.

the entire message and thereafter enciphering the message digest using the sender’s private key.

B.

any arbitrary part of the message and thereafter enciphering the message digest using the sender’s private key.

C.

the entire message and thereafter enciphering the message using the sender’s private key.

D.

the entire message and thereafter enciphering the message along with the message digest using the sender’s private key.

 

Correct Answer: A

Explanation:

A digital signature is a cryptographic method that ensures data integrity, authentication of the message, and non-repudiation. To ensure these, the sender first creates a message digest by applying a cryptographic hashing algorithm against the entire message and thereafter enciphers the message digest using the sender’s private key. A message digest is created by applying a cryptographic hashing algorithm against the entire message not on any arbitrary part of the message. After creating the message digest, only the message digest is enciphered using the sender’s private key, not the message.

 

 

QUESTION 27

How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?

 

A.

By implementing redundant systems and applications onsite

B.

By geographically dispersing resources

C.

By retaining onsite data backup in fireproof vaults

D.

By preparing BCP and DRP documents for commonly identified disasters

 

Correct Answer: B

Explanation:

Minimizing single points of failure or vulnerabilities of a common disaster is mitigated by geographically dispersing resources.

 

 

 

 

QUESTION 28

Why does an IS auditor review an organization chart?

 

A.

To optimize the responsibilities and authority of individuals

B.

To control the responsibilities and authority of individuals

C.

To better understand the responsibilities and authority of individuals

D.

To identify project sponsors

 

Correct Answer: C

Explanation:

The primary reason an IS auditor reviews an organization chart is to better understand the responsibilities and authority of individuals.

 

 

QUESTION 29

A core tenant of an IS strategy is that it must:

 

A.

Be inexpensive

B.

Be protected as sensitive confidential information

C.

Protect information confidentiality, integrity, and availability

D.

Support the business objectives of the organization

 

Correct Answer: D

Explanation:

Above all else, an IS strategy must support the business objectives of the organization.

 

 

QUESTION 30

Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?

 

A.

Router

B.

Bridge< /p>

C.

Repeater

D.

Gateway

 

Correct Answer: B

Explanation:

A bridge connects two separate networks to form a logical network (e.g., joining an ethernet and token network) and has the storage capacity to store frames and act as a storage and forward device. Bridges operate at the OSI data link layer by examining the media access control header of a data packet.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.