Ensurepass

 

QUESTION 651

Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:

 

A.

protect the organization from viruses and nonbusiness materials.

B.

maximize employee performance.

C.

safeguard the organization’s image.

D.

assist the organization in preventing legal issues

 

Correct Answer: A

Explanation:

The main reason for investing in web and e-mail filtering tools is that they significantly reduce risks related to viruses, spam, mail chains, recreational surfing and recreational e- mail. Choice B could be true in some circumstances (i.e., it wouldneed to be implemented along with an awareness program, so that employee performance
can be significantly improved). However, in such cases, it would not be as relevant as choice A.Choices C and D are secondary or indirect benefits.

 

 

 

 

 

QUESTION 652

In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability?

 

A.

Appliances

B.

Operating system-based

C.

Host-based

D.

Demilitarized

 

Correct Answer: A

Explanation:

The software for appliances is embedded into chips. Firmware-based firewall products cannot be moved to higher capacity servers. Firewall software that sits on an operating system can always be scalable due to its ability to enhance the power of servers. Host- based firewalls operate on top of the server operating system and are scalable. A demilitarized zone is a model of firewall implementation and is not a firewall architecture.

 

 

QUESTION 653

Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?

 

A.

A user from within could send a file to an unauthorized person.

B.

FTP services could allow a user to download files from unauthorized sources.

C.

A hacker may be able to use the FTP service to bypass the firewall.

D.

FTP could significantly reduce the performance of a DMZ server.

 

Correct Answer: C

Explanation:

Since file transfer protocol (FTP) is considered an insecure protocol, it should not be installed on a server in a demilitarized zone (DMZ). FTP could allow an unauthorized user to gain access to the network. Sending files to an unauthorized person and the risk of downloading unauthorized files are not as significant as having a firewall breach. The presence of the utility does not reduce the performance of a DMZ server; therefore, performance degradation is not a threat.

 

 

QUESTION 654

Neural networks are effective in detecting fraud because they can:

 

A.

discover new trends since they are inherently linear.

B.

solve problems where large and general sets of training data are not obtainable.

C.

attack problems that require consideration of a large number of input variables.

D.

make assumptions about the shape of any curve relating variables to the output.

 

Correct Answer: C

Explanation:

Neural networks can be used to attack problems that require consideration of numerous input variables. They are capable of capturing relationships and patterns often missed by other statistical methods, but they will not discover new trends. Neural networks are inherently nonlinear and make no assumption about the shape of any curve relating variables to the output. Neural networks will not work well at solving problems for which sufficiently large and general sets of training data are not obtainable.

 

QUESTION 655

The MAIN criterion for determining the severity level of a service disruption incident is:

 

A.

cost of recovery.

B.

negative public opinion.

C.

geographic location.

D.

downtime.

 

Correct Answer: D

Explanation:

The longer the period of time a client cannot be serviced, the greater the severity of the incident. The cost of recovery could be minimal yet the service downtime could have a major impact. Negative public opinion is a symptom of an incident. Geographic location does not determine the severity of the incident.

 

 

QUESTION 656

Which of the following is widely accepted as one of the critical components in networking management?

 

A.

Configuration management

B.

Topological mappings

C.

Application of monitoring tools

D.

Proxy server troubleshooting

 

Correct Answer: A

Explanation:

Configuration management is widely accepted as one of the key components of any network, since it establishes how the network will function internally and externally, it also deals with the management of configuration and monitoring performance. Topological mappings provide outlines of the components of the network and its connectivity. Application monitoring is not essential and proxy server troubleshooting is used for troubleshooting purposes.

 

 

QUESTION 657

Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?

 

A.

Parity check

B.

Echo check

C.

Block sum check

D.

Cyclic redundancy check

 

Correct Answer: D

Explanation:

The cyclic redundancy check (CRC) can check for a block of transmitted datA. The workstations generate the CRC and transmit it with the datA. The receiving workstation computes a CRC and compares it to the transmitted CRC. if both of them are equal.then the block is assumed error free, in this case (such as in parity error or echo check), multiple errors can be detected. In general, CRC can detect all single-bit and bubble-bit errors. Parity check (known as vertical redundancy check) also involves adding a bit (known as the parity bit) to each character during transmission. In this case, where there is a presence of bursts of errors (i.e., impulsing noise during high transmission rates), it has a reliability of approximately 50 percent. Inhigher transmission rates, this limitation is significant. Echo checks detect line errors by retransmitting data to the sending device for comparison with the original transmission.

 

 

QUESTION 658

Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors?

 

A.

A security information event management (SIEM) product

B.


An open-source correlation engine

C.

A log management tool

D.

An extract, transform, load (ETL) system

 

Correct Answer: C

Explanation:

A log management tool is a product designed to aggregate events from many log files (with distinct formats and from different sources), store them and typically correlate them offline to produce many reports (e.g., exception reports showing differentstatistics including anomalies and suspicious activities), and to answer time-based queries (e.g., how many users have entered the system between 2 a.m. and 4 a.m. over the past three weeks?). A SIEM product has some similar features. It correlatesevents from log files, but does it online and normally is not oriented to storing many weeks of historical information and producing audit reports. A correlation engine is part of a SIEM product. It is oriented to making an online correlation of events. An extract, transform, load (ETL) is part of a business intelligence system, dedicated to extracting operational or production data, transforming that data and loading them to a central repository (data warehouse or data mart); an ETL does not correlate data or produce reports, and normally it does not have extractors to read log file formats.

 

 

QUESTION 659

Change management procedures are established by IS management to:

 

A.

control the movement of applications from the test environment to the production e
nvironment.

B.

control the interruption of business operations from lack of attention to unresolved problems.

C.

ensure the uninterrupted operation of the business in the event of a disaster.

D.

verify that system changes are properly documented.

 

Correct Answer: A

Explanation:

Change management procedures are established by IS management to control the movement of applications from the test environment to the production environment. Problem escalation procedures control the interruption of business operations from lack of attention to unresolved problems, and quality assurance procedures verify that system changes are authorized and tested.

 

 

QUESTION 660

Which of the following should be of PRIMARY concern to an IS auditor reviewing the management of external IT service providers?

 

A.

Minimizing costs for the services provided

B.

Prohibiting the provider from subcontracting services

C.

Evaluating the process for transferring knowledge to the IT department

D.

Determining if the services were provided as contracted

Correct Answer: D

Explanation:

From an IS auditor’s perspective, the primary objective of auditing the management of service providers should be to determine if the services that were requested were provided in a way that is acceptable, seamless and in line with contractual agreements. Minimizing costs, if applicable and achievable (depending on the customer’s need) is traditionally not part of an IS auditor’s job. This would normally be done by a line management function within the IT department. Furthermore, during an audit, it is too late to minimize the costs for existing provider arrangements. Subcontracting providers could be a concern, but it would not be the primary concern. Transferring knowledge to the internal IT department might be desirable under certain circumstances, but should not be the primary concern of an IS auditor when auditing IT service providers and the management thereof.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.