Ensurepass

 

QUESTION 681

To prevent unauthorized entry to the data maintained in a dial-up, fast response system, an IS auditor should recommend:

 

A.

online terminals are placed in restricted areas.

B.

online terminals are equipped with key locks.

C.

ID cards are required to gain access to online terminals.

D.

online access is terminated after a specified number of unsuccessful attempts.

 

Correct Answer: D

Explanation:

The most appropriate control to prevent unauthorized entry is to terminate connection after a specified number of attempts. This will deter access through the guessing of IDs and passwords. The other choices are physical controls, which are not effect
ive in deterring unauthorized accesses via telephone lines.

 

 

QUESTION 682

Which of the following physical access controls effectively reduces the risk of piggybacking?

 

A.

Biometric door locks

B.

Combination door locks

C.

Deadman doors

D.

Bolting door locks

 

Correct Answer: C

Explanation:

Deadman doors use a pair of doors. For the second do
or to operate, the first entry door must close and lock with only one person permitted in the holding areA. This effectively reduces the risk of piggybacking. An individual’s unique body features such as voice, retina, fingerprint or signature activate biometric door locks; however, they do not prevent or reduce the risk of piggybacking. Combination door locks, also known as cipher locks, use a numeric key pad or dial to gain entry. They do notprevent or reduce the risk of piggybacking since unauthorized individuals may still gain access to the processing center. Bolting door locks require the traditional metal key to gain entry. Unauthorized individuals could still gain access to the processing center along with an authorized individual.

 

 

QUESTION 683

When reviewing an organization’s logical access security, which of the following should be of MOST concern to an IS auditor?

 

A.

Passwords are not shared.

B.

Password files are not encrypted.

C.

Redundant logon IDs are deleted.

D.

The allocation of logon IDs is controlled.

 

Correct Answer: B

Explanation:

When evaluating the technical aspects of logical security, unencrypted files represent the greatest risk. The sharing of passwords, checking for the redundancy of logon IDs and proper logon ID procedures are essential, but they are less important than ensuring that the password files are encrypted.

 

 

QUESTION 684

Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices?

 

A.

Policies that require instant dismissal if such devices are found

B.

Software for tracking and managing USB storage devices

C.

Administratively disabling the USB port

D.

Searching personnel for USB storage devices at the facility’s entrance

 

Correct Answer: B

Explanation:

Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user based on changing business requirements, and would provide for monitoring and reporting exceptions to management. A policy requiring dismissalmay result in increased employee attrition and business requirements would not be properly addressed. Disabling ports would be complex to manage and might not allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility is not a practical solution since these devices are small and could be easily hidden.

 

 

QUESTION 685

Which of the following virus prevention techniques can be implemented through hardware?

 

A.

Remote booting

B.

Heuristic scanners

C.

Behavior blockers

D.

Immunizers

 

Correct Answer: A

Explanation:

Remote booting (e.g., diskless workstations) is a method of preventing viruses, and can be implemented through hardware. Choice C is a detection, not a prevention, although it is hardware-based. Choices B and D are not hard ware-based.

 

 

 

 

QUESTION 686

Which of the following aspects of symmetric key encryption influenced the development of asymmetric encryption?

 

A.

Processing power

B.

Volume of data

C.

Key distribution

D.

Complexity of the algorithm

 

Correct Answer: C

Explanation:

Symmetric key encryption requires that the keys be distributed. The larger the user group, the more challenging the key distribution. Symmetric key cryptosystems are generally less complicated and, therefore, use less processing power than asymmetrictechniques, thus making it ideal for encrypting a large volume of datA. The major disadvantage is the need to get the keys into the hands of those with whom you want to exchange data, particularly in e-commerce environments, where customers are unknown, untrusted entities.

 

 

QUESTION 687

What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?

 

A.

Malicious code could be spread across the network

B.

VPN logon could be spoofed

C.

Traffic could be sniffed and decrypted

D.

VPN gateway could be compromised

 

Correct Answer: A

Explanation:

VPN is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client could spread to the organization’s network. Though choices B, C and D are security risks, VPN technology largely mitigates these risks.

 

 

QUESTION 688

A digital signature contains a message digest to:

 

A.

show if the message has been altered after transmission.

B.

define the encryption algorithm.

C.

confirm the identity of the originator.

D.

enable message transmission in a digital format.

 

Correct Answer: A

Explanation:

The message digest is calculated and included in a digital signature to prove that the message has not been altered. It should be the same value as a recalculation performed upon receipt. It does not define the algorithm or enable the transmission indigital format and has no effect on the identity of the user; it is there to ensure integrity rather than identity.

 

 

 

 

 

QUESTION 689

An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?

 

A.

Run a low-level data wipe utility on all hard drives

B.

Erase all data file directories

C.

Format all hard drives

D.

Physical destruction of the hard drive

 

Correct Answer: D

Explanation:

The most effective method is physical destruction. Running a low-level data wipe utility may leave some residual data that could be recovered; erasing data directories and formatting hard drives are easily reversed, exposing all data on the drive to unauthorized individuals.

 

 

QUESTION 690

An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?

 

A.

The tools used to conduct the test

B.

Certifications held by the IS auditor

C.

Permission from the data owner of the server

D.

An intrusion detection system (IDS) is enabled

 

Correct Answer: C

Explanation:

The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owner’s responsibility for the security of the data assets.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.