[Dec 01, 2021] CISA Dumps Full Questions - Exam Study Guide
Isaca Certification Free Certification Exam Material from TestValid with 440 Questions
ISACA CISA Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
Certification Path
The Certified Information Systems Auditor Certification includes only one CISA exams.
NEW QUESTION 249
.Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false?
- A. True
- B. False
Answer: A
Explanation:
Proper segregation of duties does not prohibit a quality-control administrator from also being responsible for change control and problem management.
NEW QUESTION 250
Who is mainly responsible for protecting information assets they have been entrusted with on a daily basis by defining who can access the data, it's sensitivity level, type of access, and adhering to corporate information security policies?
- A. Security Officer
- B. Senior Management
- C. End User
- D. Data Owner
Answer: D
Explanation:
Section: Information System Acquisition, Development and Implementation Explanation:
The Data Owner is the person who has been entrusted with a data set that belong to the company. As such they are responsible to classify the data according to it's value and sensitivity. The Data Owner decides who will get access to the data, what type of access would be granted. The Data Owner will tell the Data Custodian or System Administrator what access to configure within the systems.
A business executive or manager is typically responsible for an information asset. These are the individuals that assign the appropriate classification to information assets. They ensure that the business information is protected with appropriate controls. Periodically, the information asset owners need to review the classification and access rights associated with information assets. The owners, or their delegates, may be required to approve access to the information. Owners also need to determine the criticality, sensitivity, retention, backups, and safeguards for the information. Owners or their delegates are responsible for understanding the risks that exist with regards to the information that they control.
The following answers are incorrect:
Executive Management/Senior Management - Executive management maintains the overall responsibility for protection of the information assets. The business operations are dependent upon information being available, accurate, and protected from individuals without a need to know.
Security Officer - The security officer directs, coordinates, plans, and organizes information security activities throughout the organization. The security officer works with many different individuals, such as executive management, management of the business units, technical staff, business partners, auditors, and third parties such as vendors. The security officer and his or her team are responsible for the design, implementation, management, and review of the organization's security policies, standards, procedures, baselines, and guidelines.
End User - The end user does not decide on classification of the data
Reference:
CISA review manual 2014 page number 108
Official ISC2 guide to CISSP CBK 3rd Edition Page number 342
NEW QUESTION 251
Which of the following controls should be implemented to BEST minimize system downtime for maintenance?
- A. Virtualization
- B. Nightly full backups
- C. Clustering
- D. Warm site
Answer: C
NEW QUESTION 252
The logical exposure associated with the use of a checkpoint restart procedure is:
- A. wire tapping.
- B. an asynchronous attack
- C. computer shutdown.
- D. denial of service.
Answer: B
Explanation:
Section: Protection of Information Assets
Explanation:
Asynchronous attacks are operating system-based attacks. A checkpoint restart is a feature that stops a
program at specified intermediate points for later restart in an orderly manner without losing data at the
checkpoint. The operating system saves a copy of the computer programs and data in their current state as
well as several system parameters describing the mode and security level of the program at the time of
stoppage. An asynchronous attack occurs when an individual with access to this information is able to gain
access to the checkpoint restart copy of the system parameters and change those parameters such that
upon restart the program would function at a higher-priority security level.
NEW QUESTION 253
Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?
- A. Reducing hardware maintenance costs.
- B. Compensating for the lack of contingency planning
- C. Minimizing business loss.
- D. Improving system performance.
Answer: C
Explanation:
Section: Protection of Information Assets
NEW QUESTION 254
What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to
management?
- A. It allows management to properly allocate resources and ensure continuous efficiency of operations.
- B. It allows users to properly allocate resources and ensure continuous efficiency of operations.
- C. The software produces nice reports that really impress management.
- D. The software can dynamically readjust network traffic capabilities based upon current usage.
Answer: A
Explanation:
Section: Protection of Information Assets
Explanation:
Using capacity-monitoring software to monitor usage patterns and trends enables management to properly
allocate resources and ensure continuous efficiency of operations.
NEW QUESTION 255
Which of the following is MOST important to have in place before developing a disaster recovery plan (DRP)?
- A. A duplicate processing facility
- B. System restoration procedures
- C. Appropriate insurance coverage
- D. Defined acceptable downtime
Answer: D
NEW QUESTION 256
Which of the following should be of MOST concern to an IS auditor?
- A. Lack of periodic examination of access rights
- B. Failure to notify police of an attempted intrusion
- C. Lack of reporting of a successful attack on the network
- D. Lack of notification to the public of an intrusion
Answer: C
Explanation:
Not reporting an intrusion is equivalent to an IS auditor hiding a malicious intrusion, which would be a professional mistake. Although notification to the police may be required and the lack of a periodic examination of access rights might be a concern, they do not represent as big a concern as the failure to report the attack. Reporting to the public is not a requirement and is dependent on the organization's desire, or lack thereof, to make the intrusion known.
NEW QUESTION 257
Test and development environments should be separated. True or false?
- A. True
- B. False
Answer: A
Explanation:
Explanation/Reference:
Test and development environments should be separated, to control the stability of the test environment.
NEW QUESTION 258
You should know the difference between an exploit and a vulnerability. Which of the following refers to a weakness in the system?
- A. both
- B. exploit
- C. vulnerability
Answer: C
Explanation:
Explanation/Reference:
Explanation:
You should know the difference between an exploit and a vulnerability. An exploit refers to software, data, or commands capable of taking advantage of a bug, glitch or vulnerability in order to cause unintended behavior. Vulnerability in this sense refers to a weakness in the system.
NEW QUESTION 259
When developing an escalation process for an incident response plan, the information security manager
should PRIMARLY consider the:
- A. affected stakeholders
- B. availability of technical resources
- C. incident response team
- D. media coverage
Answer: C
Explanation:
Section: Information System Operations, Maintenance and Support
NEW QUESTION 260
What would be of GREATEST concern to an IS auditor observing shared key cards being utilized to access an organization's data center?
- A. The inability to identify who has entered the data center
- B. The lack of a multi-factor authentication system
- C. The lack of enforcement of organizational policy and procedures
- D. The inability to track the number of misplaced cards
Answer: A
NEW QUESTION 261
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?
- A. PERT chart
- B. Rapid application development
- C. Function point analysis
- D. Object-oriented system development
Answer: A
Explanation:
A PERT chart will help determine project duration once all the activities and the work involved with those activities are known. Function point analysis is a technique for determining the size of a development task based on the number of function points. Function points are factors such as inputs, outputs, inquiries, logical internal files, etc. While this will help determine the size of individual activities, it will not assist in determining project duration since there are many overlapping tasks. Rapid application development is a methodology that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality, while object-oriented system development is the process of solution specification and modeling.
NEW QUESTION 262
Which of the following term related to network performance refers to the variation in the time of arrival of packets on the receiver of the information?
- A. Bandwidth
- B. Throughput
- C. Latency
- D. Jitter
Answer: D
Explanation:
Explanation/Reference:
Simply said, the time difference in packet inter-arrival time to their destination can be called jitter. Jitter is specific issue that normally exists in packet switched networks and this phenomenon is usually not causing any communication problems.TCP/IP is responsible for dealing with the jitter impact on communication.
On the other hand, in VoIP network environment, or better say in any bigger environment today where we use IP phones on our network this can be a bigger problem. When someone is sending VoIP communication at a normal interval (let's say one frame every 10 ms) those packets can stuck somewhere in between inside the packet network and not arrive at expected regular peace to the destined station.
That's the whole jitter phenomenon all about so we can say that the anomaly in tempo with which packet is expected and when it is in reality received is jitter.
jitter
Image from: http://howdoesinternetwork.com/wp-content/uploads/2013/05/jitter.gif In this image above, you can notice that the time it takes for packets to be send is not the same as the period in which the will arrive on the receiver side. One of the packets encounters some delay on his way and it is received little later than it was asumed. Here are the jitter buffers entering the story. They will mitigate packet delay if required. VoIP packets in networks have very changeable packet inter-arrival intervals because they are usually smaller than normal data packets and are therefore more numerous with bigger chance to get some delay along the way.
For your exam you should know below information about Network performance:
Network performance refers to measurement of service quality of a telecommunications product as seen by the customer.
The following list gives examples of network performance measures for a circuit-switched network and one type of packet-switched network (ATM):
Circuit-switched networks: In circuit switched networks, network performance is synonymous with the grade of service. The number of rejected calls is a measure of how well the network is performing under heavy traffic loads. Other types of performance measures can include noise, echo and so on.
ATM: In an Asynchronous Transfer Mode (ATM) network, performance can be measured by line rate, quality of service (QoS), data throughput, connect time, stability, technology, modulation technique and modem enhancements.
There are many different ways to measure the performance of a network, as each network is different in nature and design. Performance can also be modeled instead of measured; one example of this is using state transition diagrams to model queuing performance in a circuit-switched network. These diagrams allow the network planner to analyze how the network will perform in each state, ensuring that the network will be optimally designed.
The following measures are often considered important:
Bandwidth - Bandwidth is commonly measured in bits/second is the maximum rate that information can be transferred Throughput - Throughput is the actual rate that information is transferred Latency - Latency is the delay between the sender and the receiver decoding it, this is mainly a function of the signals travel time, and processing time at any nodes the information traverses Jitter - Jitter is the variation in the time of arrival at the receiver of the information Error Rate - Error rate is the number of corrupted bits expressed as a percentage or fraction of the total sen The following answers are incorrect:
Bandwidth - Bandwidth is commonly measured in bits/second is the maximum rate that information can be transferred Throughput - Throughput is the actual rate that information is transferred Latency - Latency is the delay between the sender and the receiver decoding it, this is mainly a function of the signals travel time, and processing time at any nodes the information traverses The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 275
and
http://howdoesinternetwork.com/2013/jitter
NEW QUESTION 263
What is the PRIMARY benefit to executive management when audit, risk, and security functions are
aligned?
- A. More timely risk reporting
- B. Reduced number of assurance reports
- C. More efficient incident handling
- D. More effective decision making
Answer: D
Explanation:
Section: Governance and Management of IT
NEW QUESTION 264
......
Dumps Brief Outline Of The CISA Exam: https://www.testvalid.com/CISA-exam-collection.html
Use Real CISA - 100% Cover Real Exam Questions: https://drive.google.com/open?id=1LEkxpz496nB4XCfJUUmIpiYmmY8Sb42u