itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Similar documents
Certified Information Systems Auditor (CISA)

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Security Policies and Procedures Principles and Practices

Security+ SY0-501 Study Guide Table of Contents

SECURITY & PRIVACY DOCUMENTATION

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Certified Information Security Manager (CISM) Course Overview

CCISO Blueprint v1. EC-Council

Financial CISM. Certified Information Security Manager (CISM) Download Full Version :

Information Security in Corporation

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

Threat and Vulnerability Assessment Tool

Cyber Criminal Methods & Prevention Techniques. By

e-commerce Study Guide Test 2. Security Chapter 10

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

TRACKVIA SECURITY OVERVIEW

Information Technology General Control Review

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Table of Contents (CISSP 2012 Edition)

Projectplace: A Secure Project Collaboration Solution

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Keys to a more secure data environment

CISM Q&As Certified Information Security Manager

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

Cyber Resilience. Think18. Felicity March IBM Corporation

Securing Information Systems

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

CISA Training.

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Management Information Systems. B15. Managing Information Resources and IT Security

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

CompTIA Security+ (Exam SY0-401)

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Securing Information Systems

CA Security Management

Objectives of the Security Policy Project for the University of Cyprus

HIPAA Security and Privacy Policies & Procedures

10/13/2016 Certified Information Systems Auditor/Prepare for the Exam/Pages/CISASelfAssessment.aspx?

The Common Controls Framework BY ADOBE

Syllabus: The syllabus is broadly structured as follows:

Securing Information Systems

COURSE BROCHURE CISA TRAINING

IT ACCEPTABLE USE POLICY

Contingency Planning

ADIENT VENDOR SECURITY STANDARD

Security Audit What Why

Internal Audit Report DATA CENTER LOGICAL SECURITY

<< Practice Test Demo - 2PassEasy >> Exam Questions CISA. Isaca CISA.

MIS5206-Section Protecting Information Assets-Exam 1

Nebraska CERT Conference

<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager.

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

The simplified guide to. HIPAA compliance

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Chapter 12. Information Security Management

TEL2813/IS2820 Security Management

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

TestKing.CISA_1029.QA

E-guide Getting your CISSP Certification

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Healthcare Security Success Story

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Software Development & Education Center Security+ Certification

Introduction to Business continuity Planning

Cybersecurity Survey Results

ISO27001 Preparing your business with Snare

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Table of Contents. Sample

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

Information Security Management System

Ⅰ Introduction 1. Ⅱ Information Security Infrastructure and Environment 2. Ⅲ Information Security Incident Prevention 8

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

TSC Business Continuity & Disaster Recovery Session

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

3. Which of the following types of risks assumes an absence of compensating controls in the area being reviewed?

Network Security Issues and Cryptography

Strategic Infrastructure Security

2. Firewall Management Tools used to monitor and control the Firewall Environment.

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

CHAPTER 8 SECURING INFORMATION SYSTEMS

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Designing and Building a Cybersecurity Program

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Exam: : VPN/Security. Ver :

MAKING SECURITY AWARENESS HAPPEN: APPENDICES

Business continuity management and cyber resiliency

2. INTRUDER DETECTION SYSTEMS

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

ISC2. Exam Questions CAP. ISC2 CAP Certified Authorization Professional. Version:Demo

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Transcription:

itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공

Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and Answers 1from Itexamdump.com. 1

NO.1 Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization? A. A program that deposits a virus on a client machine B. Applets recording keystrokes and, therefore, passwords C. Downloaded code that reads files on a client's hard drive D. Applets opening connections from the client machine An applet is a program downloaded from a web server to the client, usually through a web browser that provides functionality for database access, interactive web pages and communications with other users. Applets opening connections from the client machine to other machines on the network and damaging those machines, as a denial-of-service attack, pose the greatest threat to an organization and could disrupt business continuity. A program that deposits a virus on a client machine is referred toas a malicious attack (i.e., specifically meant to cause harm to a client machine), but may not necessarily result in a disruption of service. Applets that record keystrokes, and therefore, passwords, and downloaded code that reads files on a client's hard drive relate more to organizational privacy issues, and although significant, are less likely to cause a significant disruption of service. NO.2 Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities? A. Define a balanced scorecard (BSC) for measuring performance B. Consider user satisfaction in the key performance indicators (KPIs) C. Select projects according to business benefits and risks D. Modify the yearly process of defining the project portfolio Answer: C Prioritization of projects on the basis of their expected benefit(s) to business, and the related risks, is the best measure for achieving alignment of the project portfolio to an organization's strategic priorities. Modifying the yearly process of the projects portfolio definition might improve the situation, but only if the portfolio definition process is currently not tied to the definition of corporate strategies; however, this is unlikely since the difficulties are in maintaining the alignment, and not in setting it up initially. Measures such as balanced scorecard (BSC) and key performance indicators (KPIs) are helpful, but they do not guarantee that the projects are aligned with business strategy. NO.3 The 'trusted systems' approach has been predominant in the design of: A. many earlier Microsoft OS products B. the IBM AS/400 series C. the SUN Solaris series D. most OS products in the market E. None of the choices. Get Latest & Valid CISA Exam's Question and Answers 2from Itexamdump.com. 2

The 'trusted systems' approach has been predominant in the design of many Microsoft OS products, due to the long-standing Microsoft policy of emphasizing functionality and 'ease of use'. NO.4 The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through: A. symmetric encryption. B. message authentication code. C. hash function. D. digital signature certificates. SSL uses a symmetric key for message encryption. A message authentication code is used for ensuring data integrity. Hash function is used for generating a message digest; it does not use public key encryption for message encryption. Digital signature certificates are used by SSL for server authentication. NO.5 Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested? A. Catastrophic service interruption B. High consumption of resources C. Total cost of the recovery may not be minimized D. Users and recovery teams may face severe difficulties when activating the plan Choices B, C and D are all possible problems that might occur, and would cause difficulties and financial losses or waste of resources. However, if a new disaster recovery plan is not tested, the possibility of a catastrophic service interruption is the most critical of all risks. NO.6 Which of the following refers to a method of bypassing normal system authentication procedures? A. virus B. worm C. trojan horse D. spyware E. rootkits F. backdoor G. None of the choices. Answer: F A backdoor is a method of bypassing normal authentication procedures. Many computer manufacturers used to preinstall backdoors on their systems to provide technical support for customers. Hackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual Get Latest & Valid CISA Exam's Question and Answers 3from Itexamdump.com. 3

inspection. To install backdoors, hackers prefer to use either Trojan horse or computer worm. NO.7 When developing a security architecture, which of the following steps should be executed FIRST? A. Developing security procedures B. Defining a security policy C. Specifying an access control methodology D. Defining roles and responsibilities Answer: B Defining a security policy for information and related technology is the first step toward building a security architecture. A security policy communicates a coherent security standard to users, management and technical staff. Security policies willoften set the stage in terms of what tools and procedures are needed for an organization. The other choices should be executed only after defining a security policy. NO.8 A live test of a mutual agreement for IT system recovery has been carried out, including a four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the: A. system and the IT operations team can sustain operations in the emergency environment. B. resources and the environment could sustain the transaction load. C. connectivity to the applications at the remote site meets response time requirements. D. workflow of actual business operations can use the emergency system in case of a disaster. The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, error corrections, output distribution, etc.) is only partially tested. NO.9 Which of the following would effectively verify the originator of a transaction? A. Using a secret password between the originator and the receiver B. Encrypting the transaction with the receiver's public key C. Using a portable document format (PDF) to encapsulate transaction content D. Digitally signing the transaction with the source's private key A digital signature is an electronic identification of a person, created by using a public key algorithm, to verify to a recipient the identity of the source of a transaction and the integrity of its content. Since they are a 'shared secret' between the user and the system itself, passwords are considered a weaker means of authentication. Encrypting the transaction with the recipient's public key will provide confidentiality for the information, while using a portable document format(pdf) will probe the integrity of the content but not necessarily authorship. Get Latest & Valid CISA Exam's Question and Answers 4from Itexamdump.com. 4

NO.10 An IS auditor performing detailed network assessments and access control reviews should FIRST: A. determine the points of entry. B. evaluate users' access authorization. C. assess users' identification and authorization. D. evaluate the domain-controlling server configuration. In performing detailed network assessments and access control reviews, an IS auditor should first determine the points of entry to the system and review the points of entry accordingly for appropriate controls. Evaluation of user access authorization, assessment of user identification and authorization, and evaluation of the domain-controlling server configuration are all implementation issues for appropriate controls for the points of entry. NO.11 An IS auditor was hired to review e-business security. The IS auditor's first task was to examine each existing e-business application looking for vulnerabilities. What would be the next task? A. Report the risks to the CIO and CEO immediately B. Examine e-business application in development C. Identify threats and likelihood of occurrence D. Check the budget available for risk management Answer: C An IS auditor must identify the assets, look for vulnerabilities, and then identify the threats and the likelihood of occurrence. Choices A, B and D should be discussed with the CIO, and a report should be delivered to the CEO. The report should include the findings along with priorities and costs. NO.12 Which of the following could lead to an unintentional loss of confidentiality? Choose the BEST answer. A. Lack of employee awareness of a company's information security policy B. Failure to comply with a company's information security policy C. A momentary lapse of reason D. Lack of security policy enforcement procedures Lack of employee awareness of a company's information security policy could lead to an unintentional loss of confidentiality. NO.13 Which of the following BEST describes the role of a directory server in a public key infrastructure (PKI)? A. Encrypts the information transmitted over the network B. Makes other users' certificates available to applications C. Facilitates the implementation of a password policy Get Latest & Valid CISA Exam's Question and Answers 5from Itexamdump.com. 5

D. Stores certificate revocation lists (CRLs) Answer: B A directory server makes other users' certificates available to applications. Encrypting the information transmitted over the network and storing certificate revocation lists (CRLs) are roles performed by a security server. Facilitating the implementation of a password policy is not relevant to public key infrastructure (PKl). NO.14 What are intrusion-detection systems (IDS) primarily used for? A. To identify AND prevent intrusion attempts to a network B. To prevent intrusion attempts to a network C. Forensic incident response D. To identify intrusion attempts to a network Intrusion-detection systems (IDS) are used to identify intrusion attempts on a network. NO.15 The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n): A. Implementor B. Facilitator C. Developer D. Sponsor Answer: B The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a facilitator. NO.16 What is the BEST backup strategy for a large database with data supporting online sales? A. Weekly full backup with daily incremental backup B. Daily full backup C. Clustered servers D. Mirrored hard disks Weekly full backup and daily incremental backup is the best backup strategy; it ensures the ability to recover the database and yet reduces the daily backup time requirements. A full backup normally requires a couple of hours, and therefore it can beimpractical to conduct a full backup every day. Clustered servers provide a redundant processing capability, but are not a backup. Mirrored hard disks will not help in case of disaster. NO.17 Which of the following refers to the act of creating and using an invented scenario to persuade a target to perform an action? A. Pretexting B. Backgrounding Get Latest & Valid CISA Exam's Question and Answers 6from Itexamdump.com. 6

C. Check making D. Bounce checking E. None of the choices. Pretexting is the act of creating and using an invented scenario to persuade a target to release information or perform an action and is usually done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information. NO.18 Which of the following is a program evaluation review technique that considers different scenarios for planning and control projects? A. Function Point Analysis (FPA) B. GANTT C. Rapid Application Development (RAD) D. PERT PERT is a program-evaluation review technique that considers different scenarios for planning and control projects. NO.19 An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated? A. Consistency B. Isolation C. Durability D. Atomicity Atomicity guarantees that either the entire transaction is processed or none of it is. Consistency ensures that the database is in a legal state when the transaction begins and ends, isolation means that, while in an intermediate state, the transaction data is invisible to external operations. Durability guarantees that a successful transaction will persist, and cannot be undone. NO.20 Which of the following is the MOST important action in recovering from a cyberattack? A. Creation of an incident response team B. Use of cybenforensic investigators C. Execution of a business continuity plan D. Filing an insurance claim Answer: C The most important key step in recovering from cyberattacks is the execution of a business continuity plan to quickly and cost-effectively recover critical systems, processes and data. The incident Get Latest & Valid CISA Exam's Question and Answers 7from Itexamdump.com. 7

response team should exist prior to a cyberattack. When a cyberattack is suspected, cyberforensics investigators should be used to set up alarms, catch intruders within the network, and track and trace them over the Internet. After taking the above steps, an organization may have a residual risk thatneeds to be insured and claimed for traditional and electronic exposures. Get Latest & Valid CISA Exam's Question and Answers 8from Itexamdump.com. 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback