Dumps of CISA Cover all the requirements of the Real Exam [Q560-Q580]

Dumps of CISA Cover all the requirements of the Real Exam

Correct Practice Tests of CISA Dumps with Practice Exam

To be eligible for the CISA certification, the candidate must have at least five years of experience in the IT audit field. CISA exam consists of 150 multiple-choice questions and is administered over a four-hour period. CISA exam covers five domains, including information systems audit process, governance and management of IT, information systems acquisition, development, and implementation, information systems operations, maintenance, and service management, and protection of information assets. Candidates must score at least 450 out of 800 to pass the exam and earn the CISA certification.

To earn the CISA certification, candidates must pass a rigorous exam that covers various topics related to IT governance, risk management, audit process, and information security. CISA exam consists of 150 multiple-choice questions that must be completed within four hours. Candidates must achieve a score of at least 450 out of 800 to pass the exam. In addition to passing the exam, candidates must also have at least five years of professional experience in information systems auditing, control, or security.

 

NEW QUESTION # 560
When using an integrated test facility (ITF), an IS auditor should ensure that:

• A. a test data generator is used.
• B. master files are updated with the test data.
• C. test data are isolated from production data.
• D. production data are used for testing.

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
An integrated test facility (ITF) creates a fictitious file in the database, allowing for test transactions to be
processed simultaneously with live data. While this ensures that periodic testing does not require a
separate test process, there is a need to isolate test data from production data. An IS auditor is not
required to use production data or a test data generator. Production master files should not be updated with
test data.

NEW QUESTION # 561
Which of the following attack involves sending forged ICMP Echo Request packets to the broadcast address on multiple gateways in order to illicit responses from the computers behind the gateway where they all respond back with ICMP Echo Reply packets to the source IP address of the ICMP Echo Request packets?

• A. Buffer overflow
• B. Reflected attack
• C. Pulsing Zombie
• D. Brute force attack

Answer: B

Explanation:
Explanation/Reference:
Reflected attack involves sending forged requests to a large number of computers that will reply to the requests. The source IP address is spoofed to that of the targeted victim, causing replies to flood.
A distributed denial of service attack may involve sending forged requests of some type to a very large number of computers that will reply to the requests. Using Internet Protocol address spoofing, the source address is set to that of the targeted victim, which means all the replies will go to (and flood) the target.
(This reflected attack form is sometimes called a "DRDOS".
ICMP Echo Request attacks (Smurf Attack) can be considered one form of reflected attack, as the flooding host(s) send Echo Requests to the broadcast addresses of mix-configured networks, thereby enticing hosts to send Echo Reply packets to the victim. Some early DDoS programs implemented a distributed form of this attack.
In the surf attack, the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a victim's network broadcast address. This means that each system on the victim's subnet receives an ICMP ECHO REQUEST packet. Each system then replies to that request with an ICMP ECHO REPLY packet to the spoof address provided in the packets-which is the victim's address. All of these response packets go to the victim system and overwhelm it because it is being bombarded with packets it does not necessarily know how to process. The victim system may freeze, crash, or reboot. The Smurf attack is illustrated in Figure below:
surf-attack

Image reference - http://resources.infosecinstitute.com/wp-content/
uploads/012813_1439_HaveYouEver2.png
The following answers are incorrect:
Brute force attack - Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.
Buffer overflow - A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity.
Pulsing Zombie - A Dos attack in which a network is subjected to hostile pinging by different attacker computer over an extended time period.
Following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 322

NEW QUESTION # 562
After observing suspicious activities in a server, a manager requests a forensic analysis.
Which of the following findings should be of MOST concern to the investigator?

• A. Guest account is enabled on the server
• B. Server is a member of a workgroup and not part of the server domain
• C. Recently, 100 users were created in the server
• D. Audit logs are not enabled for the server

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation
Explanation:
Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern.
Having a guest account enabled on a system is a poor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.

NEW QUESTION # 563
During an information security review, an IS auditor learns an organizational policy requires all employ-ees to attend information security training during the first week of each new year. What is the auditor's BEST recommendation to ensure employees hired after January receive adequate guid-ance regarding security awareness?

• A. Revise the policy to require security training every six months for all employees.
• B. Ensure new employees read and sign acknowledgment of the acceptable use policy.
• C. Require management of new employees to provide an overview of security awareness.
• D. Revise the policy to include security training during onboarding.

Answer: D

Explanation:
This directly addresses the gap for new hires, creates a consistent expectation regardless of hiring date, and formalizes the process within organizational policy.
References
ISACA CISA Review Manual (Current Edition) - Chapters on Information Security Policies, Training and Awareness Industry Best Practices for Security Awareness - Emphasize the importance of timely and comprehensive training for new employees.

NEW QUESTION # 564
An organization has purchased a replacement mainframe computer to cope with the demands of increased business. Which of the following should be the PRIMARY concern of an IS auditor?

• A. The procurement is within the planned budget for the year.
• B. Application access controls are adequate.
• C. Appropriate tender evaluation processes have been followed.
• D. The disaster recovery plan has been reviewed and updated.

Answer: C

NEW QUESTION # 565
How does the SSL network protocol provide confidentiality?

• A. Through asymmetric encryption such as Advanced Encryption Standard, or AES
• B. Through symmetric encryption such as Data Encryption Standard, or DES
• C. Through asymmetric encryption such as Data Encryption Standard, or DES
• D. Through symmetric encryption such as RSA

Answer: B

Explanation:
Explanation/Reference:
The SSL protocol provides confidentiality through symmetric encryption such as Data Encryption Standard, or DES.

NEW QUESTION # 566
Which of the following must be in place before an IS auditor initiates audit follow-up activities?

• A. A heat map with the gaps and recommendations displayed in terms of risk
• B. Available resources for the activities included in the action plan
• C. A management response in the final report with a committed implementation date
• D. Supporting evidence for the gaps and recommendations mentioned in the audit report

Answer: D

NEW QUESTION # 567
Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software?

• A. Assign the security risk analysis to a specially trained member of the project management office.
• B. Deploy changes in a controlled environment and observe for security defects.
• C. Mandate that the change analyses are documented in a standard format.
• D. Include a mandatory step to analyze the security impact when making changes.

Answer: D

Explanation:
Explanation
The best way to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software is to include a mandatory step to analyze the security impact when making changes. This will help to identify and mitigate any security risks or vulnerabilities that may arise from the changes, and to ensure that the software meets the security requirements and standards. The other options are not as effective, because they either delegate the security analysis to someone outside the development team, rely on post-deployment testing, or focus on documentation rather than analysis.
References: CISA Review Manual (Digital Version)1, Chapter 4, Section 4.2.5

NEW QUESTION # 568
Which of the following should be the GREATEST concern to an IS auditor evaluating an organization's policies?

• A. Policies do not provide adequate protection to the organization.
• B. Policies are nor formally acknowledged and signed by employees.
• C. Policies are not formally approved by the management.
• D. Policies are not reviewed and updated frequently.

Answer: A

Explanation:
Section: The process of Auditing Information System

NEW QUESTION # 569
The implementation of an IT governance framework requires that the board of directors of an organization:

• A. Address technical IT issues.
• B. Have an IT strategy committee.
• C. Approve the IT strategy.
• D. Be informed of all IT initiatives.

Answer: C

Explanation:
IT governance is a framework that defines the roles, responsibilities, and processes for aligning IT strategy with business strategy. The board of directors of an organization is ultimately accountable for IT governance and has the authority to approve the IT strategy. The board of directors does not need to address technical IT issues, be informed of all IT initiatives, or have an IT strategy committee, as these tasks can be delegated to other stakeholders or committees within the organization.

NEW QUESTION # 570
During a business continuity audit an IS auditor found that the business continuity plan
(BCP) covered only critical processes. The IS auditor should:

• A. assess the impact of the processes not covered.
• B. recommend that the BCP cover all business processes.
• C. report the findings to the IT manager.
• D. redefine critical processes.

Answer: A

Explanation:
The business impact analysis needs to be either updated or revisited to assess the risk of not covering all processes in the plan. It is possible that the cost of including all processes might exceed the value of those processes; therefore, they should not be covered. An IS auditor should substantiate this by analyzing the risk.

NEW QUESTION # 571
Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?

• A. Transport mode with authentication header (AH) plus encapsulating security payload (ESP)
• B. Secure Sockets Layer (SSL) mode
• C. Tunnel mode with AH plus ESP
• D. Triple-DES encryption mode

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
Tunnel mode provides protection to the entire IP package. To accomplish this, AH and ESP services can be nested. The transport mode provides primary protection for the higher layers of the protocols by extending protection to the data fields (payload) of an IP package. The SSL mode provides security to the higher communication layers (transport layer). The triple-DES encryption mode is an algorithm that provides confidentiality.

NEW QUESTION # 572
Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?

• A. The organization may not be in compliance with licensing agreement.
• B. The organization may be more susceptible to cyber-attacks.
• C. The system may have version control issues.
• D. System functionality may not meet business requirements.

Answer: B

NEW QUESTION # 573
Compared to developing a system in-house, acquiring a software package means that the need for testing by end users is:

• A. increased.
• B. reduced.
• C. eliminated.
• D. unchanged.

Answer: B

NEW QUESTION # 574
Which of the following layer of an OSI model controls dialog between computers?

• A. Presentation layer
• B. Session layer
• C. Transport layer
• D. Application layer

Answer: B

Explanation:
Explanation/Reference:
The session layer allows session establishment between processes running on different stations. It provides:
Session establishment, maintenance and termination: allows two application processes on different machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the network, performing security, name recognition, logging, and so on.
For your exam you should know below information about OSI model:
The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO), maintained by the identification ISO/IEC 7498-1.
The model groups communication functions into seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of that path. Two instances at one layer are connected by a horizontal.
OSI Model

Image source: http://www.petri.co.il/images/osi_model.JPG
PHYSICAL LAYER
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines:
What signal state represents a binary 1
How the receiving station knows when a "bit-time" starts
How the receiving station delimits a frame
DATA LINK LAYER
The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:
Link establishment and termination: establishes and terminates the logical link between two nodes.
Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available.
Frame sequencing: transmits/receives frames sequentially.
Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical medium.
NETWORK LAYER
The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:
Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to
"throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU) size is less than the frame size, a router can fragment a frame for transmission and re-assembly at the destination station.
Logical-physical address mapping: translates logical addresses, or names, into physical addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet intermediate systems, to produce billing information.
Communications Subnet
The network layer software must build headers so that the network layer software residing in the subnet intermediate systems can recognize them and use them to route data to the destination address.
This layer relieves the upper layers of the need to know anything about the data transmission and intermediate switching technologies used to connect systems. It establishes, maintains and terminates connections across the intervening communications facility (one or several intermediate systems in the communication subnet).
In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but the neighbor may be a node through which data is routed, not the destination station. The source and destination stations may be separated by many intermediate systems.
TRANSPORT LAYER
The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagram's, the transport protocol should include extensive error detection and recovery.
The transport layer provides:
Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units down to the network layer. The transport layer at the destination station reassembles the message.
Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments.
Message traffic control: tells the transmitting station to "back-off" when no message buffers are available.
Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).
Typically, the transport layer can accept relatively large messages, but there are strict message size limits imposed by the network (or lower) layer. Consequently, the transport layer must break up the messages into smaller units, or frames, pretending a header to each frame.
The transport layer header information must then include control information, such as message start and message end flags, to enable the transport layer on the other end to recognize message boundaries. In addition, if the lower layers do not maintain sequence, the transport header must contain sequence information to enable the transport layer on the receiving end to get the pieces back together in the right order before handing the received message up to the layer above.
End-to-end layers
Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes, the transport layer and the layers above are true "source to destination" or end-to-end layers, and are not concerned with the details of the underlying communications facility. Transport layer software (and software above it) on the source station carries on a conversation with similar software on the destination station by using message headers and control messages.
SESSION LAYER
The session layer allows session establishment between processes running on different stations. It provides:
Session establishment, maintenance and termination: allows two application processes on different machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the network, performing security, name recognition, logging, and so on.
PRESENTATION LAYER
The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network. This layer may translate data from a format used by the application layer into a common format at the sending station, then translate the common format to a format known to the application layer at the receiving station.
The presentation layer provides:
Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.
APPLICATION LAYER
The application layer serves as the window for users and application processes to access network services. This layer contains a variety of commonly needed functions:
Resource sharing and device redirection
Remote file access
Remote printer access
Inter-process communication
Network management
Directory services
Electronic messaging (such as mail)
Network virtual terminals
The following were incorrect answers:
Application Layer - The application layer serves as the window for users and application processes to access network services.
Presentation layer - The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network. This layer may translate data from a format used by the application layer into a common format at the sending station, then translate the common format to a format known to the application layer at the receiving station.
Transport layer - The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 260

NEW QUESTION # 575
Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

• A. Write access to production program libraries
• B. Execute access to development program libraries
• C. Write access to development data libraries
• D. Execute access to production program libraries

Answer: A

Explanation:
Section: Information System Acquisition, Development and Implementation

NEW QUESTION # 576
A company has decided to implement an electronic signature scheme based on public key infrastructure.
The user's private key will be stored on the computer's hard drive and protected by a password. The MOST
significant risk of this approach is:

• A. use of the user's electronic signature by another person if the password is compromised.
• B. forgery by substitution of another person's private key on the computer.
• C. impersonation of a user by substitution of the user's public key with another person's public key.
• D. forgery by using another user's private key to sign a message with an electronic signature.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
The user's digital signature is only protected by a password. Compromise of the password would enable
access to the signature. This is the most significant risk. Choice B would require subversion of the public
key infrastructure mechanism, which is very difficult and least likely.
Choice C would require that the message appear to have come from a different person and therefore the
true user's credentials would not be forged. Choice D has the same consequence as choice C.

NEW QUESTION # 577
An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:

• A. one person knowing all parts of a system.
• B. inadequate succession planning.
• C. a disruption of operations.
• D. dependency on a single person.

Answer: A

Explanation:
Cross-training is a process of training more than one individual to perform a specific job or procedure. This practice helps decrease the dependence on a single person and assists in succession planning. This provides for the backup of personnel in the event of an absence and, thereby, provides for the continuity of operations. However, in using this approach, it is prudent to have first assessed the risk of any person knowing all parts of a system and the related potential exposures. Cross-training reduces the risks addressed in choices A, B and D.

NEW QUESTION # 578
An IS auditor discovers that an IT organization serving several business units assigns equal priority to all initiatives, creating a risk of delays in securing project funding Which of the following would be MOST helpful in matching demand for projects and services with available resources in a way that supports business objectives?

• A. IT governance framework
• B. Portfolio management
• C. Project management
• D. Risk assessment results

Answer: B

Explanation:
Explanation
The most helpful tool in matching demand for projects and services with available resources in a way that supports business objectives is portfolio management. Portfolio management is the process of selecting, prioritizing, balancing and aligning IT projects and services with the strategic goals and value proposition of the organization3. Portfolio management helps the IT organization to allocate resources efficiently and effectively, to deliver value to the business units, and to align IT initiatives with business strategies. Project management, risk assessment results and IT governance framework are also important tools, but they are not as helpful as portfolio management in matching demand and supply of IT projects and services. References:
CISA Review Manual, 27th Edition, page 721
CISA Review Questions, Answers & Explanations Database - 12 Month Subscription

NEW QUESTION # 579
One advantage of monetary unit sampling is the fact that

• A. it can easily be applied manually when computer resources are not available
• B. large-value population items are segregated and audited separately
• C. results are stated m terms of the frequency of items in error
• D. it increases the likelihood of selecting material items from the population

Answer: D

Explanation:
Explanation
Monetary unit sampling (MUS) is a statistical sampling method that is used to determine if the account balances or monetary amounts in a population contain any misstatements. MUS treats each individual dollar in the population as a separate sampling unit, so that larger balances or amounts have a higher probability of being selected than smaller ones. MUS then projects the results of testing the sample to the entire population in terms of dollar values, rather than error rates.
One advantage of MUS is that it increases the likelihood of selecting material items from the population.
Material items are those that have a significant impact on the financial statements and could influence the decisions of users. By giving more weight to larger items, MUS ensures that material misstatements are more likely to be detected and reported. MUS also reduces the sample size required to achieve a desired level of confidence and precision, as compared to other sampling methods that do not consider the value of items.
References:
4: Monetary unit sampling definition - AccountingTools
5: How Does Monetary Unit Sampling Work? - dummies
6: Audit sampling | ACCA Qualification | Students | ACCA Global

NEW QUESTION # 580
......

The Certified Information Systems Auditor (CISA) certification exam is a globally recognized qualification offered by the Information Systems Audit and Control Association (ISACA). Certified Information Systems Auditor certification is designed to validate the skills and experience of professionals who work in the field of information systems auditing, control, and security. The CISA certification is a highly respected credential and is widely recognized by employers around the world.

 

Sample Questions of CISA Dumps With 100% Exam Passing Guarantee: https://www.examdumpsvce.com/CISA-valid-exam-dumps.html

Pass Key features of CISA Course with Updated 1265 Questions: https://drive.google.com/open?id=1Fd2eNo_SkA-94KLCJmcB6mVRTdbn7Um_