CISA Domain 5: Protection of Information Assets Comprehensive Questions and Answers
35 views 0 purchase
Course
CISA Domain 5: Protection of Information assets
Institution
CISA Domain 5: Protection Of Information Assets
Java applets and Active X controls are distributed programs that execute in the background of a client web browser. This practice is considered reasonable when:, Which of the following is an example of the defense in-depth security principle?, Which of the following is the MOST effective control wh...
,CISA Domain 5: Protection of Information assets
Java applets and Active X controls are distributed programs that execute in the back-
ground of a client web browser. This practice is considered reasonable when:
the source of the executable file is certain.
Which of the following is an example of the defense in-depth security principle?
Using a firewall as well as logical access controls on the hosts to control incoming network
traffic
Read More
Which of the following is the MOST effective control when granting temporary access to
vendors?
User accounts are created with expiration dates and are based on services provided.
In a small organization, an employee performs computer operations and, when the situa-
tion demands, program modifications. Which of the following should the IS auditor recom-
mend?
Procedures that verify that only approved program changes are implemented
An organization provides information to its supply chain partners and customers through
an extranet infrastructure. Which of the following should be the GREATEST concern to an
IS auditor reviewing the firewall security architecture?
The firewall is placed on top of the commercial operating system with all default installation
options.
Which of the following types of firewalls would BEST protect a network from an Internet at-
tack?
Screened subnet firewall
Which of the following line media would provide the BEST security for a telecommunica-
tion network?
Dedicated lines
Which of the following would be the BEST access control procedure?
The data owner formally authorizes access and an administrator implements the user au-
thorization tables.
The FIRST step in data classification is to:
establish ownership.
Which of the following network components is PRIMARILY set up to serve as a security
measure by preventing unauthorized traffic between different segments of the network?
Firewalls
The information security policy that states "each individual must have his/her badge read
at every controlled door" address which of the following attack methods?
Piggybacking
During the review of a biometrics system operation, an IS auditor should FIRST review the
stage of:
enrollment.
During a logical access controls review, an IS auditor observes that user accounts are
shared. The GREATEST risk resulting from this situation is that:
user accountability may not be established.
When reviewing the implementation of a local area network, an IS auditor
should FIRST review the:
network diagram.
To ensure that an organization is complying with privacy requirements, an IS auditor
should FIRST review:
legal and regulatory requirements.
Which of the following is the BEST audit procedure to determine if a firewall is configured
in compliance with an organization's security policy?
, Review the parameter settings.
A company is implementing a Dynamic Host Configuration Protocol. Given that the follow-
ing conditions exist, which represents the GREATEST concern?
Access to a network port is not restricted.
Which control is the BEST way to ensure that the data in a file has not been changed dur-
ing transmission?
Hash values
The implementation of access controls FIRST requires:
an inventory of IS resources.
Which of the following is an object-oriented technology characteristic that permits an en-
hanced degree of security over data?
Encapsulation
In an organization where an IT security baseline has been defined, an IS auditor
should FIRST ensure:
sufficiency.
Which of the following types of transmission media provide the BEST security against un-
authorized access?
Fiber-optic cables
Which of the following BEST ensures the integrity of a server's operating system?
Hardening the server configuration
Which of the following controls will MOST effectively detect the presence of bursts of er-
rors in network transmissions?
Cyclic redundancy check
Security administration procedures require read-only access to:
security log files.
Which of the following types of firewalls provide the GREATEST degree and granularity of
control?
Application gateway
When reviewing an organization’s logical access security to its remote systems, which of
the following would be of GREATEST concern to an IS auditor?
Unencrypted passwords are used.
The MOST important difference between hashing and encryption is that hashing:
is irreversible.
Which of the following exposures associated with the spooling of sensitive reports for of-
fline printing should an IS auditor consider to be the MOST serious?
Unauthorized report copies might be printed
With the help of a security officer, granting access to data is the responsibility of:
data owners.
Which of the following is the MOST reliable method to ensure identity of sender for mes-
sages transferred across Internet?
Digital certificates
Which of the following is the MOST effective control over visitor access to a data center?
Visitors are escorted.
In a public key infrastructure, a registration authority:
verifies information supplied by the subject requesting a certificate.
A review of wide area network (WAN) usage discovers that traffic on one communication
line between sites, synchronously linking the master and standby database, peaks at 96
percent of the line capacity. An IS auditor should conclude that:
analysis is required to determine if a pattern emerges that results in a service loss for a
short period of time.
Which of the following intrusion detection systems will MOST likely generate false alarms
resulting from normal network activity?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller dennys. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.49. You're not tied to anything after your purchase.