Download New Updated (July) Isaca CISA Actual Test 771-780

Ensurepass

 

QUESTION 771

The purpose of a deadman door controlling access to a computer facility is primarily to:

 

A.

prevent piggybacking.

B.

prevent toxic gases from entering the data center.

C.

starve a fire of oxygen.

D.

prevent an excessively rapid entry to, or exit from, the facility.

 

Correct Answer: A

Explanation:

The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplished with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e.g., a fire.

QUESTION 772

During the review of a biometrics system operation, an IS auditor should FIRST review the stage of:

 

A.

enrollment.

B.

identification.

C.

verification.

D.

storage.

 

Correct Answer: A

Explanation:

The users of a biometrics device must first be enrolled in the device. The device captures a physical or behavioral image of the human, identifies the unique features and uses an algorithm to convert them into a string of numbers stored as a template to be used in the matching processes.

 

 

QUESTION 773

For a discretionary access control to be effective, it must:

 

A.

operate within the context of mandatory access controls.

B.

operate independently of mandatory access controls.

C.

enable users to override mandatory access controls when necessary.

D.

be specifically permitted by the security policy.

 

Correct Answer: A

Explanation:

Mandatory access controls are prohibitive; anything that is not expressly permitted is forbidden. Only within this context do discretionary controls operate, prohibiting still more access with the same exclusionary principle. When systems enforce mandatory access control policies, they must distinguish between these and the mandatory access policies that offer more flexibility. Discretionary controls do not override access controls and they do not have to be permitted in the security policy to be effective.

 

 

QUESTION 774

An organization has created a policy that defines the types of web sites that users are forbidden to access. What is the MOST effective technology to enforce this policy?

 

A.

Stateful inspection firewall

B.

Web content filter

C.

Web cache server

D.

Proxy server

 

Correct Answer: B

Explanation:

A web content filter accepts or denies web communications according to the co
nfigured rules. To help the administrator properly configure the tool, organizations and vendors have made available URL blacklists and classifications for millions of web sites. A stateful inspection firewall is of little help in filtering web traffic since it does not review the content of the web site nor does it take into consideration the sites classification. A web cache server is designed to improve the speed of retrieving the most common or recently visited web pages. A proxy server is incorrect because a proxy server is a server which services the request of its clients by forwarding requests to other servers. Many people incorrectly use proxy server as a synonym of web proxy server even though not all web proxy servers have content filtering capabilities.

 

 

QUESTION 775

Accountability for the maintenance of appropriate security measures over information assets resides with the:

 

A.

security administrator.

B.

systems administrator.

C.

data and systems owners.

D.

systems operations group.

 

Correct Answer: C

Explanation:

Management should ensure that all information assets (data and systems) have an appointed owner who makes decisions about classification and access rights. System owners typically delegate day-to-day custodianship to the systems delivery/operations group and security responsibilities to a security administrator. Owners, however, remain accountable for the maintenance of appropriate security measures.

 

 

QUESTION 776

An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:

 

A.

reduces the risk of unauthorized access to the network.

B.

is not suitable for small networks.

C.

automatically provides an IP address to anyone.

D.

increases the risks associated with Wireless Encryption Protocol (WEP).

 

Correct Answer: A

Explanation:

Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to anyone connected to the network. With DHCP disabled, static IP addresses must be used and represent less risk due to the potential for address contention between an unauthorized device and existing devices on the network. Choice B is incorrect because DHCP is suitable for small networks. Choice C is incorrect because DHCP does not provide IP addresses when disabled. Choice D is incorrect because disabling of the DHCP makes it more difficult to exploit the well-known weaknesses in WEP.

 

 

QUESTION 777

When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?

 

A.

There is no registration authority (RA) for reporting key compromises.

B.

The certificate revocation list (CRL) is not current.

C.

Digital certificates contain a public key that is used to encrypt messages and verify digital signatures.

D.

Subscribers report key compromises to the certificate authority (CA).

 

Correct Answer: B

Explanation:

If the certificate revocation list (CRL) is not current, there could be a digital certificate that is not revoked that could be used for unauthorized or fraudulent activities. The certificate authority (CA) can assume the responsibility if there is no registration authority (RA). Digital certificates containing a public key that is used to encrypt messages and verifying digital signatures is not a risk. Subscribers reporting key compromises to the CA is not a risk since reporting this to the CA enables the CA to take appropriate action.

 

 

QUESTION 778

Which of the following provides the MOST relevant information for proactively strengthening security settings?

 

A.

Bastion host

B.

Intrusion detection system

C.

Honeypot

D.

Intrusion prevention system

 

Correct Answer: C

Explanation:

The design of a honeypot is such that it lures the hacker and provides clues as to the hacker’s methods and strategies and the resources required to address such attacks. A bastion host does not provide information about an attack. Intrusion detection systems and intrusion prevention systems are designed to detect and address an attack in progress and stop it as soon as possible. A honeypot allows the attack to continue, so as to obtain information about the hacker’s strategy and methods.

 

 

QUESTION 779

Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?

 

A.

Virtual private network

B.

Dedicated line

C.

Leased line

D.

integrated services digital network

 

Correct Answer: A

Explanation:

The most secure method is a virtual private network (VPN), using encryption, authentication and tunneling to allow data to travel securely from a private network to the internet. Choices B, C and D are network connectivity options that are normally too expensive to be practical for small- to medium-sized organizations.

 

 

QUESTION 780

The FIRST step in data classification is to:

 

A.

establish ownership.

B.

perform a criticality analysis.

C.

define access rules.

D.

create a data dictionary.

 

Correct Answer: A

Explanation:

Data classification is necessary to define access rules based on a need-to-do and need-to- know basis. The data owner is responsible for defining the access rules; therefore, establishing ownership is the first step in data classification. The other choices are incorrect. A criticality analysis is required for protection of data, which takes input from data classification. Access definition is complete after data classification and input for a data dictionary is prepared from the data classification process.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.