CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 260
1. During the audit of a database server, which of the following would be considered the GREATEST exposure?
A) The password does not expire on the administrator account
B) Default global security settings for the database remain unchanged
C) Old data have not been purged
D) Database activity is not fully logged
2. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?
A) A user from within could send a file to an unauthorized person.
B) FTP services could allow a user to download files from unauthorized sources.
C) A hacker may be able to use the FTP service to bypass the firewall.
D) FTP could significantly reduce the performance of a DMZ server.
3. The MAIN reason for requiring that all computer clocks across an organization be synchronized is to:
A) prevent omission or duplication of transactions.
B) ensure smooth data transition from client machines to servers.
C) ensure that e-mail messages have accurate time stamps.
D) support the incident investigation process.
4. When reviewing the configuration of network devices, an IS auditor should FIRST identify:
A) the best practices for the type of network devices deployed.
B) whether components of the network are missing.
C) the importance of the network device in the topology.
D) whether subcomponents of the network are being used appropriately.
5. Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users?
A) System analysis
B) Authorization of access to data
C) Application programming
D) Data administration
A) The password does not expire on the administrator account
B) Default global security settings for the database remain unchanged
C) Old data have not been purged
D) Database activity is not fully logged
2. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?
A) A user from within could send a file to an unauthorized person.
B) FTP services could allow a user to download files from unauthorized sources.
C) A hacker may be able to use the FTP service to bypass the firewall.
D) FTP could significantly reduce the performance of a DMZ server.
3. The MAIN reason for requiring that all computer clocks across an organization be synchronized is to:
A) prevent omission or duplication of transactions.
B) ensure smooth data transition from client machines to servers.
C) ensure that e-mail messages have accurate time stamps.
D) support the incident investigation process.
4. When reviewing the configuration of network devices, an IS auditor should FIRST identify:
A) the best practices for the type of network devices deployed.
B) whether components of the network are missing.
C) the importance of the network device in the topology.
D) whether subcomponents of the network are being used appropriately.
5. Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users?
A) System analysis
B) Authorization of access to data
C) Application programming
D) Data administration
1. Right Answer: B
Explanation: Default security settings for the database could allow issues like blank user passwords or passwords that were the same as the username. Logging all database activity is not practical. Failure to purge old data may present a performance issue but is not an immediate security concern. Choice A is an exposure but not as serious as B.
2. Right Answer: C
Explanation: Since file transfer protocol (FTP) is considered an insecure protocol, it should not be installed on a server in a demilitarized zone (DMZ). FTP could allow an unauthorized user to gain access to the network. Sending files to an unauthorized person and the risk of downloading unauthorized files are not as significant as having a firewall breach. The presence of the utility does not reduce the performance of a DMZ server; therefore, performance degradation is not a threat.
3. Right Answer: D
Explanation: During an investigation of incidents, audit logs are used as evidence, and the time stamp information in them is useful. If the clocks are not synchronized, investigations will be more difficult because a time line of events might not be easily established. Time-stamping a transaction has nothing to do with the update itself. Therefore, the possibility of omission or duplication of transactions does not exist. Data transfer has nothing to do with the time stamp. While the time stamp on an e-mail may not be accurate, this is not a significant issue.
4. Right Answer: C
Explanation: The first step is to understand the importance and role of the network device within the organization's network topology. After understanding the devices in the network, the best practice for using the device should be reviewed to ensure that there are no anomalies within the configuration. Identification of which component or subcomponent is missing or being used inappropriately can only be known upon reviewing and understanding the topology and the best practice for deployment of the device in the network.
5. Right Answer: B
Explanation: The application owner is responsible for authorizing access to data. Application development and programming are functions of the IS department. Similarly, system analysis should be performed by qualified persons in IS who have knowledge of IS and user requirements. Data administration is a specialized function related to database management systems and should be performed by qualified database administrators.
Explanation: Default security settings for the database could allow issues like blank user passwords or passwords that were the same as the username. Logging all database activity is not practical. Failure to purge old data may present a performance issue but is not an immediate security concern. Choice A is an exposure but not as serious as B.
2. Right Answer: C
Explanation: Since file transfer protocol (FTP) is considered an insecure protocol, it should not be installed on a server in a demilitarized zone (DMZ). FTP could allow an unauthorized user to gain access to the network. Sending files to an unauthorized person and the risk of downloading unauthorized files are not as significant as having a firewall breach. The presence of the utility does not reduce the performance of a DMZ server; therefore, performance degradation is not a threat.
3. Right Answer: D
Explanation: During an investigation of incidents, audit logs are used as evidence, and the time stamp information in them is useful. If the clocks are not synchronized, investigations will be more difficult because a time line of events might not be easily established. Time-stamping a transaction has nothing to do with the update itself. Therefore, the possibility of omission or duplication of transactions does not exist. Data transfer has nothing to do with the time stamp. While the time stamp on an e-mail may not be accurate, this is not a significant issue.
4. Right Answer: C
Explanation: The first step is to understand the importance and role of the network device within the organization's network topology. After understanding the devices in the network, the best practice for using the device should be reviewed to ensure that there are no anomalies within the configuration. Identification of which component or subcomponent is missing or being used inappropriately can only be known upon reviewing and understanding the topology and the best practice for deployment of the device in the network.
5. Right Answer: B
Explanation: The application owner is responsible for authorizing access to data. Application development and programming are functions of the IS department. Similarly, system analysis should be performed by qualified persons in IS who have knowledge of IS and user requirements. Data administration is a specialized function related to database management systems and should be performed by qualified database administrators.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment