CISA—Certified Information Systems Auditor - Part 116

1. Right Answer: B
Explanation: A Honey pot is a software application or system that pretends to be a normal server on the internet and it is not set up actively protect against all break-ins. In purpose, some of the updates, patches, or upgrades are missing.You then monitor the honey pot to learn from the offensive side.There are two types of honey pot:High-interaction Honey pots '' Essentially gives hacker a real environment to attack. High-interaction honey pots imitate the activities of the production systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent research into high-interaction honey pot technology, by employing virtual machines, multiple honey pots can be hosted on a single physical machine. Therefore, even if the honey pot is compromised, it can be restored more quickly. In general, high-interaction honey pots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honey pot must be maintained for each physical computer, which can be exorbitantly expensive.Example: Honey net.Low interaction '' Emulate production environment and therefore, provide more limited information. Low-interaction honey pots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the virtual system's security. Example: Honeyed.The following were incorrect answers:Bastion host - On the Internet, a bastion host is the only host computer that a company allows to be addressed directly from the public network and that is designed to screen the rest of its network from security exposure. DMZ or Demilitarize Zone In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a 'neutral zone' between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data. Dual Homed - Dual-homed or dual-homing can refer to either an Ethernet device that has more than one network interface, for redundancy purposes, or in firewall technology, dual-homed is one of the firewall architectures for implementing preventive security.Dual-Homed - An example of dual-homed devices are enthusiast computing motherboards that incorporate dual Ethernet network interface cards or a firewall with two network interface cards. One facing the external network and one facing the internal network.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 348http://searchsecurity.techtarget.com/definition/bastion-hosthttp://searchsecurity.techtarget.com/definition/DMZhttp://en.wikipedia.org/wiki/Honeypot_%28computing%29http://en.wikipedia.org/wiki/Dual-homed

2. Right Answer: A
Explanation: http://www.ce-infosys.com/english/free_compusec/free_compusec.aspxHigh-interaction type of honey pot essentially gives an attacker a real environment to attack.Also, you should know below information about honey pot for CISA exam:A Honey pot is a software application that pretends to be an unfortunate server on the internet and is not set up actively protect against break-ins.There are two types of honey pot:High-interaction Honey pots '' Essentially gives hacker a real environment to attack. High-interaction honey pots imitate the activities of the production systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent research into high-interaction honey pot technology, by employing virtual machines, multiple honey pots can be hosted on a single physical machine. Therefore, even if the honey pot is compromised, it can be restored more quickly. In general, high-interaction honey pots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honey pot must be maintained for each physical computer, which can be exorbitantly expensive.Example: Honey net.Low interaction '' Emulate production environment and therefore, provide more limited information. Low-interaction honey pots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the virtual system's security. Example: Honeyed.The following were incorrect answers:Med-interaction '' Not a real type of honey potThe following reference(s) were/was used to create this question:CISA review manual 2014 Page number 348http://en.wikipedia.org/wiki/Honeypot_%28computing%29

3. Right Answer: D
Explanation: Implementation language is LEAST important as compare to other options. Encryption algorithm, encryption keys and key length are key elements of anEncryption system.It is important to read carefully the question. The word 'LEAST' was the key word. You had to find which one was LEAST important.The following were incorrect answers:Other options mentioned are key elements of an Encryption systemEncryption Algorithm '' A mathematically based function or calculation that encrypts/decrypts dataEncryption keys '' A piece of information that is used within an encryption algorithm (calculation) to make encryption or decryption process unique. Similar to passwords, a user needs to use the correct key to access or decipher the message into an unreadable form.Key length '' A predetermined length for the key. The longer the key, the more difficult it is to compromise in brute-force attack where all possible key combinations are tried.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 348

4. Right Answer: C
Explanation: There are two basic techniques for encrypting information: symmetric encryption (also called secret key encryption) and asymmetric encryption (also called public key encryption.)Symmetric Encryption -Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.Few examples of symmetric key algorithms are DES, AES, Blowfish, etcAsymmetric Encryption -The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is the usage of asymmetric encryption, in which there are two related keys, usually called a key pair. The public key is made freely available to anyone who might want to send you a message. The second key, called the private key is kept secret, so that only you know it.Any message (text, binary files, or documents) that are encrypted using the public key can only be decrypted by the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public).A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.Few examples of asymmetric key algorithms are RSA, Elliptic key Cryptography (ECC), El Gamal, Differ-Hellman, etcThe following were incorrect answers:The other options don't describe correctly the difference between symmetric key and asymmetric key encryption.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 348 and 349http://support.microsoft.com/kb/246071

5. Right Answer: A
Explanation: The auditor should use a Biometric Information Management System (BIMS) Policy to gain better understanding of the biometric system in use.Management of Biometrics -Management of biometrics should address effective security for the collection, distribution and processing of biometrics data encompassing:Data integrity, authenticity and non-repudiationManagement of biometric data across its life cycle '' compromised of the enrollment, transmission and storage, verification, identification, and termination processUsage of biometric technology, including one-to-one and one-to-many matching, for identification and authenticationApplication of biometric technology for internal and external, as well as logical and physical access controlEncapsulation of biometric data -Security of the physical hardware used throughout the biometric data life cycleTechniques for integrity and privacy protection of biometric data.Management should develop and approve a Biometric Information Management and Security (BIMS) policy. The auditor should use the BIMS policy to gain better understanding of the biometric system in use. With respect to testing, the auditor should make sure this policy has been developed and biometric information system is being secured appropriately.The identification and authentication procedures for individual enrollment and template creation should be specified in BIMS policy.The following were incorrect answers:All other choices presented were incorrect answers because they are not valid policies.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 331 and 332