Download New Updated (July) Isaca CISA Actual Test 661-670

Ensurepass

 

QUESTION 661

An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. Inthis situation, which of the following would be considered an adequate set of compensating controls?

 

A.

Allow changes to be made only with the DBA user account.

B.

Make changes to the database after granting access to a normal user account.

C.

Use the DBA user account to make changes, log the changes and review the change log the following day.

D.

Use the normal user account to make changes, log the changes and review the change log the following day.

 

Correct Answer: C

Explanation:

The use of a database administrator (DBA) user account is normally set up to log all changes made and is most appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows changes to be reviewed. The use ofthe DBA user account without logging would permit uncontrolled changes to be made to databases once access to the account was obtained. The use of a normal user account with no restrictions would allow uncontrolled changes to any of the databases. Logging would only provide information on changes made, but would not limit changes to only those that were authorized. Hence, logging coupled with review form an appropriate set of compensating controls.

 

 

QUESTION 662

Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device?

 

A.

Filters

B.

Switches

C.

Routers

D.

Firewalls

 

Correct Answer: B

Explanation:

Switches are at the lowest level of network security and transmit a packet to the device to which it is addressed. This reduces the ability of one device to capture the packets that are meant for another device. Filters allow for some basic isolationof network traffic based on the destination addresses. Routers allow packets to be given or denied access based on the addresses of the sender and receiver and the type of packet. Firewalls are a collection of computer and network equipment used toallow communications to flow out of the organization and restrict communications flowing into the organization.

 

 

QUESTION 663

A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?

 

A.

Comparing source code

B.

Reviewing system log files

C.

Comparing object code

D.

Reviewing executable and source code integrity

< span lang="EN-US" style="font-family: ; mso-font-kerning: 0pt; mso-no-proof: yes"> 

Correct Answer: B

Explanation:

Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library. Source and object code comparisons are ineffective, because the original programs were restored and do not exist. Reviewing executable and source code integrity is an ineffective control, because integrity between the executable and source code is automatically maintained.

 

 

QUESTION 664

A database administrator has detected a performance problem with some tables which could be solved through denormalization. This situation will increase the risk of:

 

A.

concurrent access.

B.

deadlocks.

C.

unauthorized access to data.

D.

a loss of data integrity.

 

Correct Answer: D

Explanation:

Normalization is the removal of redundant data elements from the database structure. Disabling normalization in relational databases will create redundancy and a risk of not maintaining consistency of data, with the consequent loss of data integrity. Deadlocks are not caused by denormalization. Access to data is controlled by defining user rights to information, and is not affected by denormalization.

 

 

QUESTION 665

In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table?

 

A.

Foreign key

B.

Primary key

C.

Secondary key

D.

Public key

 

Correct Answer: A

Explanation:

In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions, resulting in orphaned relations within the database. It should not be possible to delete a row from acustomer table when the customer number (primary key) of that row is stored with live orders on the orders table (the foreign key to the customer table). A primary key works in one table, so it is not able to provide/ensure referential integrity by itself. Secondary keys that are not foreign keys are not subject to referential integrity checks. Public key is related to encryption and not linked in any way to referential integrity.

 

 

QUESTION 666

The FIRST step in managing the risk of a cyber attack is to:

 

A.

assess the vulnerability impact.

B.

evaluate the likelihood of threats.

C.

identify critical information a
ssets.

D.

estimate potential damage.

 

Correct Answer: C

Explanation:

The first step in managing risk is the identification and classification of critical information resources (assets). Once the assets have been identified, the process moves onto the identification of threats, vulnerabilities and calculation of potential damages.

 

 

QUESTION 667

The MOST significant security concern when using flash memory (e.g., USB removable disk) is that the:

 

A.

contents are highly volatile.

B.

data cannot be backed up.

C.

data can be copied.

D.

device may not be compatible with other peripherals.

 

Correct Answer: C

Explanation:

Unless properly controlled, flash memory provides an avenue for anyone to copy any content with ease. The contents stored in flash memory are not volatile. Backing up flash memory data is not a control concern, as the data are sometimes stored as a backup. Flash memory will be accessed through a PC rather than any other peripheral; therefore, compatibility is not an issue.

 

 

QUESTION 668

During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST?

 

A.

Postpone the audit until the agreement is documented

B.

Report the existence of the undocumented agreement to senior management

C.

Confirm the content of the agreement with both departments

D.

Draft a service level agreement (SLA) for the two departments

 

Correct Answer: C

Explanation:

An IS auditor should first confirm and understand the current practice before making any recommendations. The agreement can be documented after it has been established that there is an agreement in place. The fact that there is not a written agreement does not justify postponing the audit, and reporting to senior management is not necessary at this stage of the audit. Drafting a service level agreement (SLA) is not the IS auditor’s responsibility.

 

 

QUESTION 669

An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor’s next action?

 

A.

Analyze the need for the structural change.

B.

Recommend restoration to the originally designed structure.

C.

Recommend the implementation of a change control process.

D.

Determine if the modifications were properly approved.

 

Correct Answer: D

Explanation:

An IS auditor should first determine if the modifications were properly approved. Choices A, B and C are possible subsequent actions, should the IS auditor find that the structural modification had not been approved.

 

 

QUESTION 670

Which of the following exposures associated with the spooling of sensitive reports for offline printing should an IS auditor consider to be the MOST serious?

 

A.

Sensitive data can be read by operators.

B.

Data can be amended without authorization.

C.

Unauthorized report copies can be printed.

D.

Output can be lost in the event of system failure.

 

Correct Answer: C

Explanation:

Unless controlled, spooling for offline printing may enable additional copies to be printed. Print files are unlikely to be available for online reading by operators. Data on spool files are no easier to amend without authority than any other file. There is usually a lesser threat of unauthorized access to sensitive reports in the event of a system failure.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.