Tag: CISA Certified Information Systems Auditor

CISA Certified Information Systems Auditor – Question2788

On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else?

A. Encrypt the message containing the sender’s public key, using a private-key cryptosystem.
B. Send a certificate that can be verified by a certification authority with the public key.
C. Encrypt the message containing the sender’s public key; using the recipient’s pubic key.
D. Send the public key to the recipient prior to establishing the connection.

Correct Answer: B

CISA Certified Information Systems Auditor – Question2787

The PRIMARY benefit to using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:

A. has a decreased risk of leakage.
B. is more effective at suppressing flames.
C. allows more time to abort release of the suppressant.
D. disperses dry chemical suppressants exclusively.

Correct Answer: A

CISA Certified Information Systems Auditor – Question2786

Which of the following is the BEST way to address potential data privacy concerns associated with inadvertent disclosure of machine identifier information contained within security logs?

A. Only collect logs from servers classified as business critical.
B. Limit the use of logs to only those purposes for which they were collected.
C. Limit log collection to only periods of increased security activity.
D. Restrict the transfer of log files from host machine to online storage.

Correct Answer: B

CISA Certified Information Systems Auditor – Question2785

A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration in establishing a contingency plan and an alternate processing site?

A. The alternative site does not reside on the same fault no matter how far the distance apart.
B. The contingency plan for high priority applications does not involve a shared cold site.
C. The alternative site is a hot site with equipment ready to resume processing immediately.
D. The contingency plan provides for backup tapes to be taken to the alternative site.

Correct Answer: A

CISA Certified Information Systems Auditor – Question2783

A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?

A. Installing biometrics-based authentication
B. Configuring the router as a firewall
C. Periodically reviewing log files
D. Using smart cards with one-time passwords

Correct Answer: C

CISA Certified Information Systems Auditor – Question2779

A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should:

A. compute the amortization of the related assets.
B. calculate a return on investment (ROI).
C. apply a qualitative approach.
D. spend the time needed to define exactly the loss amount.

Correct Answer: C

Explanation:

Explanation:
The common practice, when it is difficult to calculate the financial losses, is to take a qualitative approach, in which the manager affected by the risk defines the financial loss in terms of a weighted factor {e.g., one is a very low impact to the business and five is a very high impact). An ROI is computed when there is predictable savings or revenues that can be compared to the investment needed to realize the revenues. Amortization is used in a profit and loss statement, not in computing potential losses. Spending the time needed to define exactly the total amount is normally a wrong approach. If it has been difficult to estimate potential losses (e.g., losses derived from erosion of public image due to a hack attack), that situation is not likely to change, ant at the end of the day, the result will be a not well-supported evaluation.