CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 285
1. The PRIMARY goal of a web site certificate is:
A) authentication of the web site that will be surfed.
B) authentication of the user who surfs through that site.
C) preventing surfing of the web site by hackers.
D) the same purpose as that of a digital certificate.
2. An IS auditor performing detailed network assessments and access control reviews should FIRST:
A) determine the points of entry.
B) evaluate users' access authorization.
C) assess users' identification and authorization.
D) evaluate the domain-controlling server configuration.
3. The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:
A) searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities.
B) and penetration tests are different names for the same activity.
C) is executed by automated tools, whereas penetration testing is a totally manual process.
D) is executed by commercial tools, whereas penetration testing is executed by public processes.
4. The most common problem in the operation of an intrusion detection system (IDS) is:
A) the detection of false positives.
B) receiving trap messages.
C) reject-error rates.
D) denial-of-service attacks.
5. Which of the following provides nonrepudiation services for e-commerce transactions?
A) Public key infrastructure (PKI)
B) Data Encryption Standard (DES)
C) Message authentication code (MAC)
D) Personal identification number (PIN)
A) authentication of the web site that will be surfed.
B) authentication of the user who surfs through that site.
C) preventing surfing of the web site by hackers.
D) the same purpose as that of a digital certificate.
2. An IS auditor performing detailed network assessments and access control reviews should FIRST:
A) determine the points of entry.
B) evaluate users' access authorization.
C) assess users' identification and authorization.
D) evaluate the domain-controlling server configuration.
3. The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:
A) searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities.
B) and penetration tests are different names for the same activity.
C) is executed by automated tools, whereas penetration testing is a totally manual process.
D) is executed by commercial tools, whereas penetration testing is executed by public processes.
4. The most common problem in the operation of an intrusion detection system (IDS) is:
A) the detection of false positives.
B) receiving trap messages.
C) reject-error rates.
D) denial-of-service attacks.
5. Which of the following provides nonrepudiation services for e-commerce transactions?
A) Public key infrastructure (PKI)
B) Data Encryption Standard (DES)
C) Message authentication code (MAC)
D) Personal identification number (PIN)
1. Right Answer: A
Explanation: Authenticating the site to be surfed is the primary goal of a web certificate. Authentication of a user is achieved through passwords and not by a web site certificate. The site certificate does not prevent hacking nor does it authenticate a person.
2. Right Answer: A
Explanation: In performing detailed network assessments and access control reviews, an IS auditor should first determine the points of entry to the system and review the points of entry accordingly for appropriate controls. Evaluation of user access authorization, assessment of user identification and authorization, and evaluation of the domain-controlling server configuration are all implementation issues for appropriate controls for the points of entry.
3. Right Answer: A
Explanation: The objective of a vulnerability assessment is to find the security holds in the computers and elements analyzed; its intent is not to damage the infrastructure. The intent of penetration testing is to imitate a hacker's activities and determine how far they could go into the network. They are not the same; they have different approaches. Vulnerability assessments and penetration testing can be executed by automated or manual tools or processes and can be executed by commercial or free tools.
4. Right Answer: A
Explanation: Because of the configuration and the way IDS technology operates, the main problem in operating IDSs is the recognition (detection) of events that are not really security incidents- false positives, the equivalent of a false alarm. An IS auditor needs to be aware of this and should check for implementation of related controls, such as IDS tuning, and incident handling procedures, such as the screening process to know if an event is a security incident or a false positive. Trap messages are generated by the Simple Network Management Protocol (SNMP) agents when an important event happens, but are not particularly related to security or IDSs.Reject-error rate is related to biometric technology and is not related to IDSs. Denial-of-service is a type of attack and is not a problem in the operation of IDSs.
5. Right Answer: A
Explanation: PKl is the administrative infrastructure for digital certificates and encryption key pairs. The qualities of an acceptable digital signature are: it is unique to the person using it; it is capable of verification; it is under the sole control of the person using it; and it is linked to data in such a manner that if data are changed, the digital signature is invalidated. PKl meets these tests. The Data Encryption Standard (DES) is the most common private key cryptographic system.DES does not address nonrepudiation. A MAC is a cryptographic value calculated by passing an entire message through a cipher system. The sender attaches the MAC before transmission and the receiver recalculates the MAC and compares it to the sent MAC. If the two MACs are not equal, this indicates that the message has been altered during transmission; it has nothing to do with nonrepudiation. A PIN is a type of password, a secret number assigned to an individual that, in conjunction with some other means of identification, serves to verify the authenticity of the individual.
Explanation: Authenticating the site to be surfed is the primary goal of a web certificate. Authentication of a user is achieved through passwords and not by a web site certificate. The site certificate does not prevent hacking nor does it authenticate a person.
2. Right Answer: A
Explanation: In performing detailed network assessments and access control reviews, an IS auditor should first determine the points of entry to the system and review the points of entry accordingly for appropriate controls. Evaluation of user access authorization, assessment of user identification and authorization, and evaluation of the domain-controlling server configuration are all implementation issues for appropriate controls for the points of entry.
3. Right Answer: A
Explanation: The objective of a vulnerability assessment is to find the security holds in the computers and elements analyzed; its intent is not to damage the infrastructure. The intent of penetration testing is to imitate a hacker's activities and determine how far they could go into the network. They are not the same; they have different approaches. Vulnerability assessments and penetration testing can be executed by automated or manual tools or processes and can be executed by commercial or free tools.
4. Right Answer: A
Explanation: Because of the configuration and the way IDS technology operates, the main problem in operating IDSs is the recognition (detection) of events that are not really security incidents- false positives, the equivalent of a false alarm. An IS auditor needs to be aware of this and should check for implementation of related controls, such as IDS tuning, and incident handling procedures, such as the screening process to know if an event is a security incident or a false positive. Trap messages are generated by the Simple Network Management Protocol (SNMP) agents when an important event happens, but are not particularly related to security or IDSs.Reject-error rate is related to biometric technology and is not related to IDSs. Denial-of-service is a type of attack and is not a problem in the operation of IDSs.
5. Right Answer: A
Explanation: PKl is the administrative infrastructure for digital certificates and encryption key pairs. The qualities of an acceptable digital signature are: it is unique to the person using it; it is capable of verification; it is under the sole control of the person using it; and it is linked to data in such a manner that if data are changed, the digital signature is invalidated. PKl meets these tests. The Data Encryption Standard (DES) is the most common private key cryptographic system.DES does not address nonrepudiation. A MAC is a cryptographic value calculated by passing an entire message through a cipher system. The sender attaches the MAC before transmission and the receiver recalculates the MAC and compares it to the sent MAC. If the two MACs are not equal, this indicates that the message has been altered during transmission; it has nothing to do with nonrepudiation. A PIN is a type of password, a secret number assigned to an individual that, in conjunction with some other means of identification, serves to verify the authenticity of the individual.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment