1. Right Answer: B
Explanation: For CISA exam you should know below information about Fire Suppression SystemsFire Suppression System -This system is designed to automatically activate immediately after detection of heat, typically generated by fire. Like smoke detectors, the system will produce an audible alarm when activated and be linked to a central guard station that is regularly monitored. The system should also be inspected and tested annually.Testing interval should comply with industry and insurance standard and guideline.Broadly speaking there are two methods for applying an extinguisher agent: total flooding and local application.Total Flooding - System working under total flooding application apply an extinguishing agent to a three dimensional enclosed space in order to achieve a concentration of the agent (volume percentage of agent in air) adequate to extinguish the fire. These type of system may be operated automatically by detection and related controls or manually by the operation of a system actuator.Local Application - System working under a local application principle apply an extinguishing agent directly onto a fire (usually a two dimensional area) or into a three dimensional region immediately surrounding the substance or object on a fire. The main difference between local application and total flooding design is the absence of physical barrier enclosing the fire space in the local application design.The medium of fire suppression varies but usually one of the following:Water based systems are typically referred to as sprinkler system. These systems are effective but are also unpopular because they damage equipment and property. The system can be dry-pipe or charged (water is always in system piping). A charged system is more reliable but has the disadvantage of exposing the facility to expensive water damage if the pipe leak or break.Dry-pipe sprinkling system do not have water in the pipe until an electronic fire alarm activates the water to send water into system. This is opposed to fully charged water pipe system. Dry-pipe system has the advantage that any failure in the pipe will not result in water leaking into sensitive equipment from above.Since water and electricity do not mix these systems must be combined with an automatic switch to shut down the electric supply to the area protected.Holon system releases pressurize halos gases that removes oxygen from air, thus starving the fire. Holon was popular because it is an inert gas and does not damage and does not damage equipment like water does. Because halos adversely affect the ozone layer, it was banned in Montreal (Canada) protocol 1987, which stopped Holon production as of 1 January 1994. As a banned gas, all Holon installation are now required by international agreement to be removed. TheHolon substitute is FM-200, which is the most effective alternative.FM-220TM: Also called heptafluoropropane, HFC-227 or HFC-227ea(ISO Name)is a colorless odorless gaseous fire suppression agent. It is commonly used as a gaseous fire suppression agent.Aragonite is the brand name for a mixture of 50% argon and 50% nitrogen. It is an inert gas used in gaseous fire suppression systems for extinguishing fires where damage to equipment is to be avoided. Although argon is a nontoxic, it does not satisfy the body's need for oxygen and is simple asphyxiate.CO2 system releases pressurized carbon dioxide gas into the area protected to replace the oxygen required for combustion. Unlike halos and its later replacement, however, CO2 is unable to sustain human life. Therefore, in most of countries it is illegal to for such a system to be set to automatic release if any human may be in the area. Because of this, these systems are usually discharged manually, introducing an additional delay in combating fire.The following were incorrect answers:The other presented options do not describe valid difference between total flooding and local application extinguishing agent.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number 373 and 374

2. Right Answer: B
Explanation: The combination door lock or cipher lock uses a numeric key pad, push button, or dial to gain entry, it is often seen at airport gate entry doors and smaller server rooms. The combination should be changed at regular interval or whenever an employee with access is transferred, fired or subject to disciplinary action. This reduces risk of the combination being known by unauthorized people.A cipher lock, is controlled by a mechanical key pad, typically 5 to 10 digits that when pushed in the right combination the lock will releases and allows entry. The drawback is someone looking over a shoulder can see the combination. However, an electric version of the cipher lock is in production in which a display screen will automatically move the numbers around, so if someone is trying to watch the movement on the screen they will not be able to identify the number indicated unless they are standing directly behind the victim.Remember locking devices are only as good as the wall or door that they are mounted in and if the frame of the door or the door itself can be easily destroyed then the lock will not be effective. A lock will eventually be defeated and its primary purpose is to delay the attacker.For your exam you should know below types of lockBolting door lock '' These locks required the traditional metal key to gain entry. The key should be stamped 'do not duplicate' and should be stored and issued under strict management control.Biometric door lock '' An individual's unique physical attribute such as voice, retina, fingerprint, hand geometry or signature, activate these locks. This system is used in instances when sensitive facilities must be protected such as in the military.Electronic door lock '' This system uses a magnetic or embedded chip based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by sensor device that then activates the door locking mechanism.The following were incorrect answers:Bolting door lock '' These locks required the traditional metal key to gain entry. The key should be stamped 'do not duplicate' and should be stored and issued under strict management control.Biometric door lock '' An individual's unique body features such as voice, retina, fingerprint, hand geometry or signature, activate these locks. This system is used in instances when extremely sensitive facilities must be protected such as in the military.Electronic door lock '' This system uses a magnetic or embedded chip based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by sensor device that then activates the door locking mechanism.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number 376andHernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25144-25150). AcerbicPublications. Kindle Edition.

3. Right Answer: C
Explanation: Electronic door lock uses a magnetic or embedded chip based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by sensor device that then activates the door locking mechanism.For CISA exam you should know below types of lockBolting door lock '' These locks required the traditional metal key to gain entry. The key should be stamped 'do not duplicate' and should be stored and issued under strict management control.Biometric door lock '' An individual's unique body features such as voice, retina, fingerprint, hand geometry or signature, activate these locks. This system is used in instances when extremely sensitive facilities must be protected such as in the military.Electronic door lock '' This system uses a magnetic or embedded chip based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by sensor device that then activates the door locking mechanism.The Combination door lock or cipher lock uses a numeric key pad or dial to gain entry, and is often seen at airport gate entry doors and smaller server rooms. The combination should be changed at regular interval or whenever an employee with access is transferred, fired or subject to disciplinary action. This reduces risk of the combination being known by unauthorized people.The following were incorrect answers:Bolting door lock '' These locks required the traditional metal key to gain entry. The key should be stamped 'do not duplicate' and should be stored and issued under strict management control.Biometric door lock '' An individual's unique body features such as voice, retina, fingerprint, hand geometry or signature, activate these locks. This system is used in instances when extremely sensitive facilities must be protected such as in the military.The Combination door lock or cipher lock uses a numeric key pad or dial to gain entry, and is often seen at airport gate entry doors and smaller server rooms. The combination should be changed at regular interval or whenever an employee with access is transferred, fired or subject to disciplinary action. This reduces risk of the combination being known by unauthorized people.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number 376

4. Right Answer: A
Explanation: Three sub-dimensions of quality in COBIT 5 are as follows:1. Intrinsic quality '' The extent to which data values are in conformance with the actual or true values. It includesAccuracy '' The extent to which information is correct or accurate and reliableObjectivity '' The extent to which information is unbiased, unprejudiced and impartial.Believability '' The extent to which information is regarded as true and credible.Reputation '' The extent to which information is highly regarded in terms of its source or content.2. Contextual and Representational Quality '' The extent to which information is applicable to the task of the information user and is presented in an intelligible and clear manner, reorganizing that information quality depends on the context of use. It includesRelevancy '' The extent to which information is applicable and helpful for the task at hand.Completeness '' The extent to which information is not missing and is of sufficient depth and breadth for the task at handCurrency '' The extent to which information is sufficiently up to date for task at hand.Appropriate amount of information '' The extent to which the volume of information is appropriate for the task at handConsistent Representation '' The extent to which information is presented in the same format.Interpretability '' The extent to which information is in appropriate languages, symbols and units, with clear definitions.Understandability - The extent to which information is easily comprehended.Ease of manipulation '' The extent to which information is easy to manipulate and apply to different tasks.3. Security/accessibility quality '' The extent to which information is available or obtainable. It includes:Availability/timeliness '' The extent to which information is available when required, or easily available when required, or easily and quickly retrievable.Restricted Access '' The extent to which access to information is restricted appropriately to authorize parties.The following were incorrect answers:Contextual and representational quality - The extent to which information is applicable to the task of the information user and is presented in an intelligible and clear manner, reorganizing that information quality depends on the context of use.Security Quality or Accessibility quality -The extent to which information is available or obtainable.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number 310

5. Right Answer: A
Explanation: A 'banana attack' is another particular type of DoS. It involves redirecting outgoing messages from the client back onto the client, preventing outside access, as well as flooding the client with the sent packets.The Banana attack uses a router to change the destination address of a frame. In the Banana attack:A compromised router copies the source address on an inbound frame into the destination address.The outbound frame bounces back to the sender.This sender is flooded with frames and consumes so many resources that valid service requests can no longer be processed.The following answers are incorrect:Brute force attack - Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or 'crack' a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.Buffer overflow - A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity.Pulsing Zombie - A Dos attack in which a network is subjected to hostile pinging by different attacker computer over an extended time period.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number 321