Download New Updated (July) Isaca CISA Actual Test 631-640

Ensurepass

 

QUESTION 631

In the 2c area of the diagram, there are three hubs connected to each other. What potential risk might this indicate?

 

clip_image002

 

A.

Virus attack

B.

Performance degradation

C.

Poor management controls

D.

Vulnerability to external hackers

 

Correct Answer: B

Explanation:

Hubs are internal devices that usually have no direct external connectivity, and thus are not prone to hackers. There are no known viruses that are specific to hub attacks. While this situation may be an indicator of poor management controls, choiceB is more likely when the practice of stacking hubs and creating more terminal connections is used.

 

 

QUESTION 632

The PRIMARY objective of performing a postincident review is that it presents an opportunity to:

 

A.

improve internal control procedures.

B.

harden the network to industry best practices.

C.

highlight the importance of incident response management to management.

D.

improve employee awareness of the incident response process.

 

Correct Answer: A

Explanation:

A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls. Understanding the purpose and structure of postincident reviews and follow-up procedures enablesthe information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control. The network may already be hardened to industry best practices. Additionally, the network may not be the source of the incident. The primary objective is to improve internal control procedures, not to highlight the importance of incident response management (IRM), and an incident response (IR) review does not improveemployee awareness.

 

 

QUESTION 633

Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?

 

A.

Install the vendor’s security fix for the vulnerability.

B.

Block the protocol traffic in the perimeter firewall.

C.

Block the protocol traffic between internal network segments.

D.

Stop the service until an appropriate security fix is installed.

 

Correct Answer: D

Explanation:

Stopping the service and installing the security fix is the safest way to prevent the worm from spreading, if the service is not stopped, installing the fix is not the most effective method because the worm continues spreading until the fix becomes effective. Blocking the protocol on the perimeter does not stop the worm from spreading to the internal network(s). Blocking the protocol helps to slow down the spreading but also prohibits any software that utilizes it from working between segments.

 

 

QUESTION 634

IT best practices for the availability and continuity of IT services should:

 

A.

minimize costs associated with disaster-resilient components.

B.

provide for sufficient capacity to meet the agreed upon demands of the business.

C.

provide reasonable assurance that agreed upon obligations to customers can be met.

D.

produce timely performance metric reports.

 

Correct Answer: C

Explanation:

It is important that negotiated and agreed commitments (i.e., service level agreements [SLAs]) can be fulfilled all the time. If this were not achievable, IT should not have agreed to these requirements, as entering into such a commitment would be misleading to the business. ‘All the time’ in this context directly relates to the ‘agreed obligations’ and does not imply that a service has to be available 100 percent of the time. Costs are a result of availability and service continuity management and may only be partially controllable. These costs directly reflect the agreed upon obligations. Capacity management is a necessary, but not sufficient, condition of availability. Despite the possibility that a lack of capacity may result in an availability issue, providing the capacity necessary for seamless operations of services would be done within capacity management, and not within availability management. Generating reports might be a task of availability and service continuity management, but that is true for many other areas of interest as well (e.g., incident, problem, capacity and change management).

 

 

QUESTION 635

An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls wou Id BEST mitigate the risk of undetected and unauthorized program changes to the production environment?

 

A.

Commands typed on the command line are logged

B.

Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs

C.

Access to the operating system command line is granted through an access restriction tool with preapproved rights

D.

Software development tools and compilers have been removed from the production environment

 

Correct Answer: B

Explanation:

The matching of hash keys over time would allow detection of changes to files. Choice A is incorrect because having a log is not a control, reviewing the log is a control. Choice C is incorrect because the access was already granted-it does notmatter how. Choice D is wrong because files can be copied to and from the production environment.

 

 

QUESTION 636

An IS auditor reviewing an organization’s data file control procedures finds that transactions are applied to the most current files, while restart procedures use earlier versions. The IS auditor should recommend the implementation of:

 

A.

source documentation retention.

B.

data file security.

C.

version usage control.

D.

one-for-one checking.

 

Correct Answer: C

Explanation:

For processing to be correct, it is essential that the proper version of a file is used. Transactions should be applied to the most current database, while restart procedures should use earlier versions. Source documentation should be retained for anadequate time period to enable documentation retrieval, reconstruction or verification of data, but it does not aid in ensuring that the correct version of a file will be used. Data file security controls prevent access by unauthorized users who could then alter the data files; however, it does not ensure that the correct file will be used. It is necessary to ensure that all documents have been received for processing, one-for-one; however, this does not ensure the use of the correct file.

 

 

QUESTION 637

Which of the following types of firewalls provide the GREATEST degree and granularity of control?

 

A.

Screening router

B.

Packet filter

C.

Application gateway

D.

Circuit gateway

 

Correct Answer: C

Explanation:

The application gateway is similar to a circuit gateway, but it has specific proxies for each service. To handle web services, it has an HTTP proxy that acts as an intermediary between externals and internals, but is specifically for HTTP. This meansthat it not only checks the packet IP addresses (layer 3) and the ports it is directed to (in this case port 80, or layer 4), it also checks every HTTP command (layers 5 and 7). Therefore, it works in a more detailed (granularity) way than the others. Screening router and packet filter (choices A and BJ work at the protocol, service and/or port level. This means that they analyze packets from layers 3 and 4, and not from higher levels. A circuit gateway (choice D) is based on a proxy or programthat acts as an intermediary between external and internal accesses. This means that during an external access, instead of opening a single connection to the internal server, two connections are established-one from the external server to the proxy(which conforms the circuit-gateway) and one from the proxy to the internal server. Layers 3 and 4 (IP and TCP) and some general features from higher protocols are used to perform these tasks.

 

 

QUESTION 638

The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in:

 

A.

loss of confidentiality.

B.

increased redundancy.

C.

unauthorized accesses.

D.

application malfunctions.

 

Correct Answer: B

Explanation:

Normalization is a design or optimization process for a relational database (DB) that minimizes redundancy; therefore, denormalization would increase redundancy. Redundancy which is usually considered positive when it is a question of resource availability is negative in a database environment, since it demands additional and otherwise unnecessary data handling efforts. Denormalization is sometimes advisable for functional reasons. It should not cause loss of confidentiality, unauthorized accesses or application malfunctions.

 

 

QUESTION 639

Doing which of the following during peak production hours could result in unexpected downtime?

 

A.

Performing data migration or tape backup

B.

Performing preventive maintenance on electrical systems

C.

Promoting applications from development to the staging environment

D.

Replacing a failed power supply in the core router of the data center

 

Correct Answer: B

Explanation:

Choices A and C are processing events which may impact performance, but would not cause downtime. Enterprise-class routers have redundant hot-swappable power supplies, so replacing a failed power supply should not be an issue. Preventive maintenanceactivities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime.

 

 

QUESTION 640

Which of the following is MOST directly affected by network performance monitoring tools?

 

A.

Integrity

B.

Availability

C.

Completeness

D.

Confidentiality

 

Correct Answer: B

Explanation:

In case of a disruption in service, one of the key functions of network performance monitoring tools is to ensure that the information has remained unaltered. It is a function of security monitoring to assure confidentiality by using such tools as encryption. However, the most important aspect of network performance is assuring the ongoing dependence on connectivity to run the business. Therefore, the characteristic that benefits the most from network monitoring is availability.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware |
SAP …

Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.