Updated Multichoice Review Questions and answers of CISA Certified Informations Systems Auditor Certification exam Page 6 -- Infibee

Feedback

Home

General Knowledge
General Aptitude
General English
Networking
Interview Questions
- .NET
- Java
- ASP.NET
- C++
- Perl
- Python
- Ruby and Rails
- Struts
- Core Java
- Hibernate
- DB2
- MS SQL Server
- MySQL
- Oracle
- SQL
- DBMS
- Data Warehousing
- Data structures and Algorithms
- CCNA
- CCNP Routing
- CCNP Switching
- Internetworking
- Border Gateway Protocol
- MCSE
- Exchange Server
- Windows Server 2008
- DNS & Active Directory
- Firewall Questions
- Unix
- Linux Server Administrator
- Linux System Administrator
- Linux File Manipulation
Database

Home
Security
CISA

26.

Which of the following is true regarding the principle of auditor independence?

A.
It is not an issue for auditors working for a consulting company.
B.
It is required for an external audit to prevent bias.
C.
An internal auditor must undergo certification training to be independent.
D.
The audit committee would bestow independence on the auditor.

Answer & Explanation
Report

Answer : [B]
Explanation :

The auditor must be independent of personal and organizational relationships with the auditee, which could imply a biased opinion. The auditor is not permitted to audit a system for which they participated in the support, configuration, or design. An auditor may not audit any system that they helped to remediate.

Report

Name

27.

What is the best definition of auditing?

A.
Review of past history using evidence to tell the story
B.
Forecasting compliance generated by a new system preparing to enter production
C.
Precompliance assessment based on management’s intended design
D.
Certification testing of the system benefits or failures

Answer & Explanation
Report

Answer : [A]
Explanation :

Auditing is a review of past history. We use evidence and testing to determine the story. It’s not possible to use an audit to forecast compliance benefits before entering production. Every system creates unforeseen consequences that can be fully realized only after that system enters production. You can audit the system attributes during design and development but you can’t audit the unrealized operating issues impacting its compliance. Compliance requires an audit after it enters production to include the way the system is actually used and managed.

Report

Name

28.

Which of the following is the most significant issue to consider regarding insurance coverage?

A.
Premiums may be very expensive.
B.
Insurance can pay for all the costs of recovery.
C.
Coverage must include all business assets.
D.
Salvage, rather than replacement, may be dictated.

Answer & Explanation
Report

Answer : [D]
Explanation :

The insurance company may dictate salvage to save money. Salvage will increase the delay before recovery. Any replacement purchases by the organization may not be covered under reimbursement.

Report

Name

29.

Which of the following statements is not true regarding the use of passwords for authentication?

A.
Password lockout is not effective against hackers using the common technique of bypassing the login utility.
B.
Hash utilities for one-way encryption of OS login passwords are highly susceptible to chosen ciphertext lookup tables, which will show the actual plaintext password currently in use.
C.
Many dynamic websites with a database backend use program-to-program configuration files to store the passwords using encrypted hash format.
D.
Passwords are portable, easily captured and reused for unauthorized access, and considered terribly weak authenticators.

Answer & Explanation
Report

Answer : [D]
Explanation :

Option D is not true. Passwords are considered weak because they are portable and easily reused for authorized access. Hacker utilities frequently bypass the login utility by going straight to the authenticator service. For over 30 years, the rainbow tables have provided a ciphertext-to-plaintext lookup for each of the known hash encryption algorithms used by various operating systems. Simply matching the hash value of the target with the lookup table will allow you to see what plaintext generated the hash value. On many websites, the database login and password are visible using the right-click View Source option. Programto- program configuration file passwords are normally stored in the directory tree using simple plaintext without encryption.

Report

Name

30.

Using public-key interchange (PKI) encryption, which key is used by the sender for authentication of the receiving party?

A.
Sender's private key
B.
Recipient's private key
C.
Recipient's public key
D.
Sender's public key

Answer & Explanation
Report

Answer : [C]
Explanation :

The sender uses the recipient’s public key to encrypt a file that only the recipient can read (decrypt). Since only the recipient’s private key can decrypt (unlock) the file, the receiver is authenticated. The sender’s private key provided confi dentiality (locking). The sender’s public key provided encryption integrity (ability for receiver to unlock). The role of the keys is based on the direction of the transaction. The roles reverse when the original recipient replies with another message, thereby assuming the sender’s role.

Report

Name

Pages
1
2
3
4
5
6
7
8
9
10

Sitemap