CISA Questions (801 - 900) and Answers 100% Verified.
6 views 0 purchase
Course
CISA
Institution
CISA
CISA Questions (801 - 900) and Answers
100% Verified.
An organization is proposing to establish a wireless local area network (WLAN). Management
asks the IS auditor to recommend security controls for the WLAN. Which of the following
would be the MOST appropriate recommendation?
Select an answe...
CISA Questions (801 - 900) and Answers
100% Verified.
An organization is proposing to establish a wireless local area network (WLAN). Management
asks the IS auditor to recommend security controls for the WLAN. Which of the following
would be the MOST appropriate recommendation?
Select an answer:
A.
Physically secure wireless access points to prevent tampering.
B.
Use service set identifiers (SSIDs) that clearly identify the organization.
C.
Encrypt traffic using the Wired Equivalent Privacy (WEP) mechanism.
D.
Implement the Simple Network Management Protocol (SNMP) to allow active monitoring. -
answer✔✔You are correct, the answer is A.
A. Physically securing access points such as wireless routers, as well as preventing theft,
addresses the risk of malicious parties tampering with device settings. If access points can be
physically reached, it is often a simple matter to restore weak default passwords and encryption
keys, or to totally remove authentication and encryption from the network.
B. Service set identifiers (SSIDs) should not be used to identify the organization because hackers
can associate the wireless local area network (WLAN) with a known organization and this
increases both their motivation to attack and, potentially, the information available to do so.
C. The original Wired Equivalent Privacy (WEP) security mechanism has been demonstrated to
have a number of exploitable weaknesses. The more recently developed Wi-Fi Protected Access
(WPA) and Wi-Fi Protected Access 2 (WPA2) standards represent considerably more secure
means of authentication and encryption.
D. Installing Simple Network Management Protocol (SNMP) on wireless access points can
actually open up security vulnerabilities. If SNMP is required at all, then SNMP v3, which has
stronger authentication mechanisms than earlier versions, should be deployed.
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving
financial data and has communicated the site's address, user ID and password to the financial
services company in separate email messages. The company is to transmit its data to the FTP site
after manually encrypting the data. The IS auditor's GREATEST concern with this process is
that:
Select an answer:
A.
the users may not remember to manually encrypt the data before transmission.
B.
the site credentials were sent to the financial services company via email.
C.
personnel at the consulting firm may obtain access to sensitive data.
D.
the use of a shared user ID to the FTP site does not allow for user accountability. -
answer✔✔You are correct, the answer is A.
A. If the data is not encrypted, an unauthorized external party may download sensitive company
data.
B. Even though the possibility exists that the logon information was captured from the emails,
data should be encrypted, so the theft of the data would not allow the attacker to read it.
C. Some of the employees at the consulting firm will have access to the sensitive data and the
consulting firm must have procedures in place to protect the data.
D. Tracing accountability is of minimal concern compared to the compromise of sensitive data.
During an IS risk assessment of a healthcare organization regarding protected healthcare
information (PHI), an IS auditor interviews IS management. Which of the following findings
from the interviews would be of MOST concern to the IS auditor?
Select an answer:
A.
The organization does not encrypt all of its outgoing email messages.
B.
Staff have to type "[PHI]" in the subject field of email messages to be encrypted.
C.
An individual's computer screen saver function is disabled.
D.
Server configuration requires the user to change the password annually. - answer✔✔You
answered C. The correct answer is B.
A. Encrypting all outgoing email is expensive and is not common business practice.
B. There will always be human-error risk that staff members forget to type certain words in the
subject field. The organization should have automated encryption set up for outgoing email for
employees working with protected health care information (PHI) to protect sensitive information.
C. Disabling the screen saver function increases the risk that sensitive data can be exposed to
other employees; however, the risk is not as great as exposing the data to unauthorized
individuals outside the organization.
D. While changing the password annually is a concern, the risk is not as great as exposing the
data to unauthorized individuals outside the organization.
Which of the following is the responsibility of information asset owners?
Select an answer:
A.
Implementation of information security within applications
B.
Assignment of criticality levels to data
C.
Implementation of access rules to data and programs
D.
Provision of physical and logical security for data - answer✔✔You are correct, the answer is B.
A. Implementation of information security within an application is the responsibility of the data
custodians based on the requirements set by the data owner.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.