Download New Updated (July) Isaca CISA Actual Test 671-680

Ensurepass

 

QUESTION 671

An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should:

 

A.

apply the patch according to the patch’s release notes.

B.

ensure that a good change management process is in place.

C.

thoroughly test the patch before sending it to production.

D.

approve the patch after doing a risk assessment.

 

Correct Answer: B

Explanation:

An IS auditor must review the change management process, including patch management procedures, and verify that the process has adequate controls and make suggestions accordingly. The other choices are part of a g
ood change management process but arenot an IS auditor’s responsibility.

QUESTION 672

Which of the following controls would provide the GREATEST assurance of database integrity?

 

A.

Audit log procedures

B.

Table link/reference checks

C.

Query/table access time checks

D.

Rollback and rollforward database features

 

Correct Answer: B

Explanation:

Performing table link/reference checks serves to detect table linking errors (such as completeness and accuracy of the contents of the database), and thus provides the greatest assurance of database integrity. Audit log procedures enable recording ofall events that have been identified and help in tracing the events. However, they only point to the event and do not ensure completeness or accuracy of the database’s contents. Querying/monitoring table access time checks helps designers improve database performance, but not integrity. Rollback and rollforward database features ensure recovery from an abnormal disruption. They assure the i
ntegrity of the transaction that was being processed at the time of disruption, but do not provide assurance on the integrity of the contents of the database.

 

 

QUESTION 673

Which of the following would BEST maintain the integrity of a firewall log?

 

A.

Granting access to log information only to administrators

B.

Capturing log events in the operating system layer

C.

Writing dual logs onto separate storage media

D.

Sending log information to a dedicated third-party log server

 

Correct Answer: D

Explanation:

Establishing a dedicated third-party log server and logging events in it is the best procedure for maintaining the integrity of a firewall log. When access control to the log server is adequately maintained, the risk of unauthorized log modification will be mitigated, therefore improving the integrity of log information. To enforce segregation of duties, administrators should not have access to log files. This primarily contributes to the assurance of confidentiality rather than integrity. Thereare many ways to capture log information: through the application layer, network layer, operating systems layer, etc.; however, there is no log integrity advantage in capturing events in the operating systems layer. If it is a highly mission-critical information system, it may be nice to run the system with a dual log mode. Having logs in two different storage devices will primarily contribute to the assurance of the availability of log information, rather than to maintaining its integrity.

 

 

QUESTION 674

When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:

 

A.

allow changes, which will be completed using after-the-fact follow-up.

B.

allow undocumented changes directly to the production library.

C.

do not allow any emergency changes.

D.

allow programmers permanent access to production programs.

 

Correct Answer: A

Explanation:

There may be situations where emergency fixes are required to resolve system problems. This involves the use of special logon IDs that grant programmers temporary access to production programs during emergency situations. Emergency changes should becompleted using after-the-fact follow-up procedures, which ensure that normal procedures are retroactively applied; otherwise, production may be impacted. Changes made in this fashion should be held in an emergency library from where they can be moved to the production library, following the normal change management process. Programmers should not directly alter the production library nor should they be allowed permanent access to production programs.

 

 

QUESTION 675

An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:

 

A.

encrypting the hash of the newsletter using the advisor’s private key.

B.

encrypting the hash of the newsletter using the advisor’s public key.

C.

digitally signing the document using the advisor’s private key.

D.

encrypting the newsletter using the advisor’s private key.

 

Correct Answer: A

Explanation:

There is no attempt on the part of the investment advisor to prove their identity or to keep the newsletter confidential. The objective is to assure the receivers that it came to them without any modification, i.e., it has message integrity. Choice Ais correct because the hash is encrypted using the advisor’s private key. The recipients can open the newsletter, recompute the hash and decrypt the received hash using the advisor’s public key. If the two hashes are equal, the newsletter was not modified in transit. Choice B is not feasible, for no one other than the investment advisor can open it. Choice C addresses sender authentication but not message integrity. Choice D addresses confidentiality, but not message integrity, because anyone can obtain the investment advisor’s public key, decrypt the newsletter, modify it and send it to others. The interceptor will not be able to use the advisor’s private key, because they do not have it. Anything encrypted using the interceptor’s privatekey can be decrypted by the receiver only by using their public key.

 

 

QUESTION 676

Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?

 

A.

Overwriting the tapes

B.

initializing the tape labels

C.

Degaussing the tapes

D.

Erasing the tapes

 

Correct Answer: C

Explanation:

The best way to handle obsolete magnetic tapes is to degauss them. This action leaves a very low residue of magnetic induction, essentially erasing the data from the tapes. Overwriting or erasing the tapes may cause magnetic errors but would not remove the data completely. Initializing the tape labels would not remove the data that follows the label.

 

 

 

 

QUESTION 677

Security administration procedures require read-only access to:

 

A.

access control tables.

B.

security log files.

C.

logging options.

D.

user profiles.

 

Correct Answer: B

Explanation:

Security administration procedures require read-only access to security log files to ensure that, once generated, the logs are not modified. Logs provide evidence and track suspicious transactions and activities. Security administration procedures require write access to access control tables to manage and update the privileges according to authorized business requirements. Logging options require write access to allow the administrator to update the way the transactions and user activities aremonitored, captured, stored, processed and reported.

 

 

QUESTION 678

Which of the following ensures confidentiality of information sent over the internet?

 

A.

Digital signature

B.

Digital certificate

C.

Online Certificate Status Protocol

D.

Private key cryptosystem

 

Correct Answer: D

Explanation:

Confidentiality is assured by a private key cryptosystem. Digital signatures assure data integrity, authentication and nonrepudiation, but not confidentially. A digital certificate is a certificate that uses a digital signature to bind together a public key with an identity; therefore, it does not address confidentiality. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of a digital certificate.

 

 

QUESTION 679

Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol?

 

A.

Presence of spyware in one of the ends

B.

The use of a traffic sniffing tool

C.

The implementation of an RSA-compliant solution

D.

A symmetric cryptography is used for transmitting data

 

Correct Answer: A

Explanation:

Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end user’s computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place.

 

 

 

 

QUESTION 680

Which of the following controls would BEST detect intrusion?

 

A.

User IDs and user privileges are granted through authorized procedures.

B.

Automatic logoff is used when a workstation is inactive for a particular period of time.

C.

Automatic logoff of the system occurs after a specified number of unsuccessful attempts.

D.

Unsuccessful logon attempts are monitored by the security administrator.

 

Correct Answer: D

Explanation:

Intrusion is detected by the active monitoring and review of unsuccessful logons. User IDs and the granting of user privileges define a policy, not a control. Automatic logoff is a method of preventing access on inactive terminals and is not a detective control. Unsuccessful attempts to log on are a method for preventing intrusion, not detecting.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.