最新の2023年11月21日 CISA問題集は学習ガイドは試験合格するための秘訣
CISA問題集の無料PDFをゲットせよ!最近更新された問題
質問 # 165
Which of the following is the BEST way to address potential data privacy concerns associated with inadvertent disclosure of machine identifier information contained within security logs?
- A. Limit the use of logs to only those purposes for which they were collected.
- B. Limit log collection to only periods of increased security activity.
- C. Only collect logs from servers classified as business critical.
- D. Restrict the transfer of log files from host machine to online storage.
正解:A
質問 # 166
When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:
- A. selection of a security process owner.
- B. establishment of a review board.
- C. effective support of an executive sponsor.
- D. creation of a security unit.
正解:C
解説:
The executive sponsor would be in charge of supporting the organization's strategic security program, and would aid in directing the organization's overall security management activities. Therefore, support by the executive level of management is themost critical success factor (CSF). None of the other choices are effective without visible sponsorship of top management.
質問 # 167
Which of the following are valid choices for the Apache/SSL combination (Choose three.):
- A. the mod_ssl module
- B. None of the choices.
- C. third-party SSL patches
- D. the mod_css module
- E. the Apache-SSL project
正解:A、C、E
解説:
Section: Protection of Information Assets
Explanation/Reference:
Explanation:
On Linux you have Apache which is supposed to be a safer choice of web service. In fact you have several
choices for the Apache/SSL combination, such as the Apache-SSL project (www.apache-ssl.org) using
third-party SSL patches, or have Apache compiled with the mod_ssl module.
質問 # 168
During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
- A. war dialing attack.
- B. brute force attack.
- C. buffer overflow.
- D. distributed denial-of-service attack.
正解:C
解説:
Section: Protection of Information Assets
Explanation:
Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques. A brute force attack is used to crack passwords. A distributed denial- of-service attack floods its target with numerous packets, to prevent it from responding to legitimate requests. War dialing uses modem-scanning tools to hack PBXs.
質問 # 169
An IS auditor identifies key controls that have been overridden by management. The next step the IS auditor should take is to
- A. Report the absence of key controls to regulators
- B. Perform procedures to quantify the irregularities
- C. Recommend compensating controls
- D. Withdraw from the engagement
正解:B
質問 # 170
The MOST useful technique for maintaining management support for the information security program is:
- A. implementing a comprehensive security awareness and training program
- B. benchmarking the security programs of comparable organizations
- C. identifying the risks and consequences of failure to comply with standards
- D. informing management about the security of business operations
正解:C
解説:
Section: Governance and Management of IT
質問 # 171
During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented.
However, the auditee has implemented a manual workaround that addresses the identified risk, through far
less efficiency than the recommended action would. Which of the following would be the auditor's BEST
course of action?
- A. Insist to management that the original recommendation be implemented.
- B. Escalate the remaining issue for further discussion and resolution.
- C. Notify management that the risk has been addressed and take no further action.
- D. Note that the risk has been addressed and notify management of the inefficiency.
正解:A
解説:
Section: Protection of Information Assets
質問 # 172
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?
- A. A neural network
- B. Management information systems
- C. Computer assisted audit techniques
- D. Database management software
正解:A
解説:
A neural network will monitor and learn patterns, reporting exceptions for investigation. Incorrect answers:
B. Database management software is a method of storing and retrieving datA .
C. Management information systems provide management statistics but do not normally have a monitoring and detection function.
D. Computer-assisted audit techniques detect specific situations, but are not intended to learn patterns and detect abnormalities.
質問 # 173
Which of the following is the BEST way to transmit documents classified as confidential over the Internet?
- A. Sending documents as multiple packets over different network routes
- B. Hashing the document contents and destroying the hash value
- C. Converting documents to proprietary format before transmission
- D. Using a virtual private network (VPN)
正解:D
質問 # 174
Which of the following would MOST likely impact the integrity of a database backup?
- A. Open database files during backup
- B. Record fields contain null information
- C. Backing up the database to an optical disk
- D. Relational database model used
正解:A
質問 # 175
When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
- A. specifies project management practices.
- B. incorporates state of the art technology.
- C. addresses the required operational controls.
- D. articulates the IT mission and vision.
正解:D
解説:
Section: Protection of Information Assets
Explanation:
The IT strategic plan must include a clear articulation of the IT mission and vision. The plan need not
address the technology, operational controls or project management practices.
質問 # 176
Which of the following statement correctly describes the difference between symmetric key encryption and asymmetric key encryption?
- A. In symmetric key encryption the same key is used for encryption and decryption where as asymmetric key uses private key for encryption and decryption
- B. In symmetric key encryption the public key is used for encryption and the symmetric key for decryption.
Where as in asymmetric key encryption the public key is used for encryption and private key is used for decryption - C. In symmetric key encryption the same key is used for encryption and decryption where as in asymmetric key encryption the public key is used for encryption and private key is used for decryption.
- D. Both uses private key for encryption and the decryption process can be done using public key
正解:C
解説:
Explanation/Reference:
There are two basic techniques for encrypting information: symmetric encryption (also called secret key encryption) and asymmetric encryption (also called public key encryption.) Symmetric Encryption
Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.
Few examples of symmetric key algorithms are DES, AES, Blowfish, etc
Asymmetric Encryption
The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is the usage of asymmetric encryption, in which there are two related keys, usually called a key pair. The public key is made freely available to anyone who might want to send you a message. The second key, called the private key is kept secret, so that only you know it.
Any message (text, binary files, or documents) that are encrypted using the public key can only be decrypted by the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.
This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public).A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.
Few examples of asymmetric key algorithms are RSA, Elliptic key Cryptography (ECC), El Gamal, Differ- Hellman, etc
The following were incorrect answers:
The other options don't describe correctly the difference between symmetric key and asymmetric key encryption.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 348 and 349
http://support.microsoft.com/kb/246071
http://www.engineersgarage.com/articles/what-is-cryptography-encryption?page=3
質問 # 177
The information security function in a large organization is MOST effective when:
- A. the function reports directly to the IS operations manager.
- B. established at a corporate-wide level.
- C. decentralized as close to the user as possible
- D. partnered with the IS development team to determine access rights
正解:C
質問 # 178
An IS auditor reviewing the database controls for a new e-commerce system discovers a security weakness in the database configuration. Which of the following should be the IS auditor's NEXT course of action?
- A. Identify existing mitigating controls
- B. Disclose the findings to senior management
- C. Attempt to exploit the weakness
- D. Assist in drafting corrective actions
正解:A
質問 # 179
Which of the following should be reviewed FIRST when assessing the effectiveness of an organization's network security procedures and controls?
- A. Data recovery capability
- B. Inventory of authorized devices
- C. Malware defenses
- D. Vulnerability remediation
正解:B
質問 # 180
An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls wou Id BEST mitigate the risk of undetected and unauthorized program changes to the production environment?
- A. Commands typed on the command line are logged
- B. Access to the operating system command line is granted through an access restriction tool with preapproved rights
- C. Software development tools and compilers have been removed from the production environment
- D. Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs
正解:D
解説:
The matching of hash keys over time would allow detection of changes to files. Choice A is incorrect because having a log is not a control, reviewing the log is a control. Choice C is incorrect because the access was already granted-it does notmatter how. Choice D is wrong because files can be copied to and from the production environment.
質問 # 181
Identify the LAN topology from below diagram presented below:
bus topology
- A. Bus
- B. Star
- C. Ring
- D. Mesh
正解:A
解説:
Section: Information System Operations, Maintenance and Support
Explanation/Reference:
For your exam you should know the information below related to LAN topologies:
LAN Topologies
Network topology is the physical arrangement of the various elements (links, nodes, etc.) of a computer
network.
Essentially, it is the topological structure of a network, and may be depicted physically or logically. Physical
topology refers to the placement of the network's various components, including device location and cable
installation, while logical topology shows how data flows within a network, regardless of its physical design.
Distances between nodes, physical interconnections, transmission rates, and/or signal types may differ
between two networks, yet their topologies may be identical.
Bus
In local area networks where bus topology is used, each node is connected to a single cable. Each
computer or server is connected to the single bus cable. A signal from the source travels in both directions
to all machines connected on the bus cable until it finds the intended recipient. If the machine address does
not match the intended address for the data, the machine ignores the data. Alternatively, if the data
matches the machine address, the data is accepted. Since the bus topology consists of only one wire, it is
rather inexpensive to implement when compared to other topologies. However, the low cost of
implementing the technology is offset by the high cost of managing the network. Additionally, since only one
cable is utilized, it can be the single point of failure. If the network cable is terminated on both ends and
when without termination data transfer stop and when cable breaks, the entire network will be down.
Bus topology
Linear bus
The type of network topology in which all of the nodes of the network are connected to a common
transmission medium which has exactly two endpoints (this is the 'bus', which is also commonly referred to
as the backbone, or trunk) - all data that is transmitted between nodes in the network is transmitted over
this common transmission medium and is able to be received by all nodes in the network simultaneously.
Distributed bus
The type of network topology in which all of the nodes of the network are connected to a common
transmission medium which has more than two endpoints that are created by adding branches to the main
section of the transmission medium - the physical distributed bus topology functions in exactly the same
fashion as the physical linear bus topology (i.e., all nodes share a common transmission medium).
Star
In local area networks with a star topology, each network host is connected to a central point with a point-
to-point connection. In Star topology every node (computer workstation or any other peripheral) is
connected to central node called hub or switch.
The switch is the server and the peripherals are the clients. The network does not necessarily have to
resemble a star to be classified as a star network, but all of the nodes on the network must be connected to
one central device.
All traffic that traverses the network passes through the central point. The central point acts as a signal
repeater.
The star topology is considered the easiest topology to design and implement. An advantage of the star
topology is the simplicity of adding additional nodes. The primary disadvantage of the star topology is that
the central point represents a single point of failure.
Star Topology
Ring
A network topology that is set up in a circular fashion in which data travels around the ring in one direction
and each device on the ring acts as a repeater to keep the signal strong as it travels. Each device
incorporates a receiver for the incoming signal and a transmitter to send the data on to the next device in
the ring.
The network is dependent on the ability of the signal to travel around the ring. When a device sends data, it
must travel through each device on the ring until it reaches its destination. Every node is a critical link. If
one node goes down the whole link would be affected.
Ring Topology
Mesh
The value of a fully meshed networks is proportional to the exponent of the number of subscribers,
assuming that communicating groups of any two endpoints, up to and including all the endpoints, is
approximated by Reed's Law.
A mesh network provides for high availability and redundancy. However, the cost of such network could be
very expensive if dozens of devices are in the mesh.
Mesh Topology
Fully connected mesh topology
A fully connected network is a communication network in which each of the nodes is connected to each
other. In graph theory it known as a complete graph. A fully connected network doesn't need to use
switching nor broadcasting. However, its major disadvantage is that the number of connections grows
quadratic ally with the number of nodes, so it is extremely impractical for large networks. A two-node
network is technically a fully connected network.
Partially connected mesh topology
The type of network topology in which some of the nodes of the network are connected to more than one
other node in the network with a point-to-point link - this makes it possible to take advantage of some of
the redundancy that is provided by a physical fully connected mesh topology without the expense and
complexity required for a connection between every node in the network.
The following answers are incorrect:
The other options presented are not valid.
The following reference(s) were/was used to create this question:
CISA review manual 2014, Page number 262
質問 # 182
......
最新CISA試験問題集には高得点で一発合格:https://jp.fast2test.com/CISA-premium-file.html
CISA認定試験問題集には690練習テスト問題はこちら:https://drive.google.com/open?id=178uO-c4CX-MOna76WLD_-mdfFIuirHPa