Buy Latest Nov 07, 2021 CISA Exam Q&A PDF - One Year Free Update [Q447-Q465]

Share

Buy Latest Nov 07, 2021 CISA Exam Q&A PDF - One Year Free Update

Download the Latest CISA Dump - 2021 CISA Exam Questions


Further Certification Path after Passing CISA Exam

Once IT specialists manage to get the passing score in the CISA certification exam they can move forward to leverage their skills with more advanced ISACA certificates. Therefore, they can take the CRISC certification exam that helps them become certified professionals in Risk and Information Systems Control. Another certification that successful ISACA CISA certified specialists can take is the CISM or Certified Information Security Manager.

NEW QUESTION 447
Which of the following layer of an OSI model transmits and receives the bit stream as electrical, optical or radio signals over an appropriate medium or carrier?

  • A. Physical Layer
  • B. Network Layer
  • C. Transport Layer
  • D. Data Link Layer

Answer: A

Explanation:
Section: Information System Operations, Maintenance and Support
Explanation:
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers.
For your exam you should know below information about OSI model:
The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO), maintained by the identification ISO/IEC 7498-1.
The model groups communication functions into seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of that path. Two instances at one layer are connected by a horizontal.
OSI Model

PHYSICAL LAYER
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines:
What signal state represents a binary 1
How the receiving station knows when a "bit-time" starts
How the receiving station delimits a frame
DATA LINK LAYER
The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:
Link establishment and termination: establishes and terminates the logical link between two nodes.
Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available.
Frame sequencing: transmits/receives frames sequentially.
Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical medium.
NETWORK LAYER
The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:
Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to
"throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU) size is less than the frame size, a router can fragment a frame for transmission and re-assembly at the destination station.
Logical-physical address mapping: translates logical addresses, or names, into physical addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet intermediate systems, to produce billing information.
Communications Subnet
The network layer software must build headers so that the network layer software residing in the subnet intermediate systems can recognize them and use them to route data to the destination address.
This layer relieves the upper layers of the need to know anything about the data transmission and intermediate switching technologies used to connect systems. It establishes, maintains and terminates connections across the intervening communications facility (one or several intermediate systems in the communication subnet).
In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but the neighbor may be a node through which data is routed, not the destination station. The source and destination stations may be separated by many intermediate systems.
TRANSPORT LAYER
The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagram's, the transport protocol should include extensive error detection and recovery.
The transport layer provides:
Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units down to the network layer. The transport layer at the destination station reassembles the message.
Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments.
Message traffic control: tells the transmitting station to "back-off" when no message buffers are available.
Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).
Typically, the transport layer can accept relatively large messages, but there are strict message size limits imposed by the network (or lower) layer. Consequently, the transport layer must break up the messages into smaller units, or frames, pretending a header to each frame.
The transport layer header information must then include control information, such as message start and message end flags, to enable the transport layer on the other end to recognize message boundaries. In addition, if the lower layers do not maintain sequence, the transport header must contain sequence information to enable the transport layer on the receiving end to get the pieces back together in the right order before handing the received message up to the layer above.
End-to-end layers
Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes, the transport layer and the layers above are true "source to destination" or end-to-end layers, and are not concerned with the details of the underlying communications facility. Transport layer software (and software above it) on the source station carries on a conversation with similar software on the destination station by using message headers and control messages.
SESSION LAYER
The session layer allows session establishment between processes running on different stations. It provides:
Session establishment, maintenance and termination: allows two application processes on different machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the network, performing security, name recognition, logging, and so on.
PRESENTATION LAYER
The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network. This layer may translate data from a format used by the application layer into a common format at the sending station, then translate the common format to a format known to the application layer at the receiving station.
The presentation layer provides:
Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.
APPLICATION LAYER
The application layer serves as the window for users and application processes to access network services. This layer contains a variety of commonly needed functions:
Resource sharing and device redirection
Remote file access
Remote printer access
Inter-process communication
Network management
Directory services
Electronic messaging (such as mail)
Network virtual terminals
The following were incorrect answers:
Transport layer - The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
Network layer - The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors.
Data link layer - The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link.
Reference:
CISA review manual 2014 Page number 260

 

NEW QUESTION 448
Which of the following ensures confidentiality of information sent over the internet?

  • A. Digital signature
  • B. Private key cryptosystem
  • C. Online Certificate Status Protocol
  • D. Digital certificate

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Confidentiality is assured by a private key cryptosystem. Digital signatures assure data integrity, authentication and nonrepudiation, but not confidentially. A digital certificate is a certificate that uses a digital signature to bind together a public key with an identity; therefore, it does not address confidentiality.
Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of a digital certificate.

 

NEW QUESTION 449
While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and
categorize risk?

  • A. Developing a comprehensive risk model
  • B. Understanding the business environment
  • C. Adopting qualitative risk analysis
  • D. Understanding the control framework

Answer: B

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 450
When developing a risk management program, what is the FIRST activity to be performed?

  • A. Classification of data
  • B. Threat assessment
  • C. Criticality analysis
  • D. Inventory of assets

Answer: D

Explanation:
Identification of the assets to be protected is the first step in the development of a risk management program. A listing of the threats that can affect the performance of these assets and criticality analysis are later steps in the process. Data classification is required for defining access controls and in criticality analysis.

 

NEW QUESTION 451
Which of the following measures can effectively minimize the possibility of buffer overflows?

  • A. Sufficient processing capability
  • B. Sufficient memory
  • C. Sufficient code injection
  • D. None of the choices
  • E. Sufficient bounds checking

Answer: E

Explanation:
Explanation/Reference:
Explanation:
Buffer overflows may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits.
Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows.

 

NEW QUESTION 452
Which of the following layer of an OSI model transmits and receives the bit stream as electrical, optical or radio signals over an appropriate medium or carrier?

  • A. Physical Layer
  • B. Network Layer
  • C. Transport Layer
  • D. Data Link Layer

Answer: A

Explanation:
Explanation/Reference:
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers.
For your exam you should know below information about OSI model:
The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO), maintained by the identification ISO/IEC 7498-1.
The model groups communication functions into seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of that path. Two instances at one layer are connected by a horizontal.
OSI Model

Image source: http://www.petri.co.il/images/osi_model.JPG
PHYSICAL LAYER
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines:
What signal state represents a binary 1
How the receiving station knows when a "bit-time" starts
How the receiving station delimits a frame
DATA LINK LAYER
The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:
Link establishment and termination: establishes and terminates the logical link between two nodes.
Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available.
Frame sequencing: transmits/receives frames sequentially.
Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical medium.
NETWORK LAYER
The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:
Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to
"throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU) size is less than the frame size, a router can fragment a frame for transmission and re-assembly at the destination station.
Logical-physical address mapping: translates logical addresses, or names, into physical addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet intermediate systems, to produce billing information.
Communications Subnet
The network layer software must build headers so that the network layer software residing in the subnet intermediate systems can recognize them and use them to route data to the destination address.
This layer relieves the upper layers of the need to know anything about the data transmission and intermediate switching technologies used to connect systems. It establishes, maintains and terminates connections across the intervening communications facility (one or several intermediate systems in the communication subnet).
In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but the neighbor may be a node through which data is routed, not the destination station. The source and destination stations may be separated by many intermediate systems.
TRANSPORT LAYER
The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagram's, the transport protocol should include extensive error detection and recovery.
The transport layer provides:
Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units down to the network layer. The transport layer at the destination station reassembles the message.
Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments.
Message traffic control: tells the transmitting station to "back-off" when no message buffers are available.
Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).
Typically, the transport layer can accept relatively large messages, but there are strict message size limits imposed by the network (or lower) layer. Consequently, the transport layer must break up the messages into smaller units, or frames, pretending a header to each frame.
The transport layer header information must then include control information, such as message start and message end flags, to enable the transport layer on the other end to recognize message boundaries. In addition, if the lower layers do not maintain sequence, the transport header must contain sequence information to enable the transport layer on the receiving end to get the pieces back together in the right order before handing the received message up to the layer above.
End-to-end layers
Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes, the transport layer and the layers above are true "source to destination" or end-to-end layers, and are not concerned with the details of the underlying communications facility. Transport layer software (and software above it) on the source station carries on a conversation with similar software on the destination station by using message headers and control messages.
SESSION LAYER
The session layer allows session establishment between processes running on different stations. It provides:
Session establishment, maintenance and termination: allows two application processes on different machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the network, performing security, name recognition, logging, and so on.
PRESENTATION LAYER
The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network. This layer may translate data from a format used by the application layer into a common format at the sending station, then translate the common format to a format known to the application layer at the receiving station.
The presentation layer provides:
Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.
APPLICATION LAYER
The application layer serves as the window for users and application processes to access network services. This layer contains a variety of commonly needed functions:
Resource sharing and device redirection
Remote file access
Remote printer access
Inter-process communication
Network management
Directory services
Electronic messaging (such as mail)
Network virtual terminals
The following were incorrect answers:
Transport layer - The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
Network layer - The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors.
Data link layer - The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 260

 

NEW QUESTION 453
Which of the following should an IS auditor review FIRST when evaluating a business process for auditing?

  • A. Competence of the personnel performing the process
  • B. Assignment of responsibility for process management
  • C. Design and implementation of controls
  • D. Evidence that IS-related controls are operating effectively

Answer: C

 

NEW QUESTION 454
The potential for unauthorized system access by way of terminals or workstations within an organization's
facility is increased when:

  • A. terminals are located within the facility in small clusters under the supervision of an administrator.
  • B. terminals with password protection are located in insecure locations.
  • C. users take precautions to keep their passwords confidential.
  • D. connecting points are available in the facility to connect laptops to the network.

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation: Any person with wrongful intentions can connect a laptop to the network. The insecure
connecting points, make unauthorized access possible if the individual has knowledge of a valid user ID
and password. The other choices are controls for preventing unauthorized network access. If system
passwords are not readily available for intruders to use, they must guess, introducing an additional factor
and requires time. System passwords provide protection against unauthorized use of terminals located in
insecure locations. Supervision is a very effective control when used to monitor access to a small operating
unit or production resources.

 

NEW QUESTION 455
Which of the following is the PRIMARY reason for an IS auditor to map out the narrative of a business process?

  • A. To identify the resources required to perform the audit
  • B. To gain insight into potential risks
  • C. To ensure alignment with organizational objectives
  • D. To verify the business process is as described in the engagement letter

Answer: A

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 456
Which of the following is a telecommunication device that translates data from digital to analog form and
back to digital?

  • A. Multiplexer
  • B. Concentrator
  • C. Protocol converter
  • D. Modem

Answer: D

Explanation:
Section: Information System Acquisition, Development and Implementation
Explanation/Reference:
A modem is a device that translates data from digital form and then back to digital for communication over
analog lines.
Source: Information Systems Audit and Control Association,
Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and
Operational Practices (page 114).

 

NEW QUESTION 457
Which of the following is MOST reliable for identifying high-risk areas with large transactional volumes to be included in an audit plan.

  • A. Sample-based testing
  • B. Data analytics
  • C. Recent security incidents
  • D. Threat landscape

Answer: B

 

NEW QUESTION 458
As part of an audit response, an auditee has concerns with the recommendations and is hesitant to implement them. Which of the following would be the BEST course of action for the IS auditor?

  • A. Suggest hiring a third-party consultant to perform a current state assessment.
  • B. Accept the auditee's response and perform additional testing.
  • C. Issue a final report without including the opinion of the auditee.
  • D. Conduct further discussions with the auditee to develop a mitigation plan.

Answer: D

 

NEW QUESTION 459
.Who assumes ownership of a systems-development project and the resulting system?

  • A. IT management
  • B. Project steering committee
  • C. User management
  • D. Systems developers

Answer: C

Explanation:
User management assumes ownership of a systems-development project and the resulting system.

 

NEW QUESTION 460
Which of the following term related to network performance refers to the number of corrupted bits expressed as a percentage or fraction of the total sent?

  • A. Bandwidth
  • B. Latency
  • C. Error Rate
  • D. Throughput

Answer: C

Explanation:
Explanation/Reference:
Error rate is the number of corrupted bits expressed as a percentage or fraction of the total sent For your exam you should know below information about Network performance:
Network performance refers to measurement of service quality of a telecommunications product as seen by the customer.
The following list gives examples of network performance measures for a circuit-switched network and one type of packet-switched network (ATM):
Circuit-switched networks: In circuit switched networks, network performance is synonymous with the grade of service. The number of rejected calls is a measure of how well the network is performing under heavy traffic loads. Other types of performance measures can include noise, echo and so on.
ATM: In an Asynchronous Transfer Mode (ATM) network, performance can be measured by line rate, quality of service (QoS), data throughput, connect time, stability, technology, modulation technique and modem enhancements.
There are many different ways to measure the performance of a network, as each network is different in nature and design. Performance can also be modeled instead of measured; one example of this is using state transition diagrams to model queuing performance in a circuit-switched network. These diagrams allow the network planner to analyze how the network will perform in each state, ensuring that the network will be optimally designed.
The following measures are often considered important:
Bandwidth - Bandwidth is commonly measured in bits/second is the maximum rate that information can be transferred Throughput - Throughput is the actual rate that information is transferred Latency - Latency is the delay between the sender and the receiver decoding it, this is mainly a function of the signals travel time, and processing time at any nodes the information traverses Jitter - Jitter is the variation in the time of arrival at the receiver of the information Error Rate - Error rate is the number of corrupted bits expressed as a percentage or fraction of the total sen The following answers are incorrect:
Bandwidth - Bandwidth is commonly measured in bits/second is the maximum rate that information can be transferred Throughput - Throughput is the actual rate that information is transferred Latency - Latency is the delay between the sender and the receiver decoding it, this is mainly a function of the signals travel time, and processing time at any nodes the information traverses The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 275

 

NEW QUESTION 461
The purpose of a deadman door controlling access to a computer facility is primarily to:

  • A. starve a fire of oxygen.
  • B. prevent an excessively rapid entry to, or exit from, the facility.
  • C. prevent piggybacking.
  • D. prevent toxic gases from entering the data center.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplished with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e.g., a fire.

 

NEW QUESTION 462
A user of a telephone banking system has forgotten his personal identification number (PIN). After the user has been authenticated, the BEST method of issuing a new PIN is to have:

  • A. banking personnel assign the user a new PIN via email.
  • B. a randomly generated PIN communicated by banking personnel.
  • C. banking personnel verbally assign a new PIN.
  • D. the user enter a new PIN twice.

Answer: D

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 463
Which of the following is the GREATEST risk associated with the lack of an effective data privacy
program?

  • A. Failure to prevent fraudulent transactions
  • B. Inability to obtain customer confidence
  • C. Inability to manage access to private or sensitive data
  • D. Failure to comply with data-related regulations

Answer: D

Explanation:
Section: Information System Acquisition, Development and Implementation

 

NEW QUESTION 464
To assist an organization in planning for IT investments, an IS auditor should recommend the use of:

  • A. tactical planning.
  • B. project management tools.
  • C. enterprise architecture (EA).
  • D. an object-oriented architecture.

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
Enterprise architecture (EA) involves documenting the organization's IT assets and processes in a structured manner to facilitate understanding, management and planning for IT investments. It involves both a current state and a representation of an optimized future state. In attempting to complete an EA, organizations can address the problem either from a technology perspective or a business process perspective. Project management does not consider IT investment aspects; it is a tool to aid in delivering projects. Object-oriented architecture is a software development methodology and does not assist in planning for IT investment, while tactical planning is relevant only after high-level IT investment decisions have been made.

 

NEW QUESTION 465
......


ISACA CISA Exam Syllabus Topics:

TopicDetails
Topic 1
  • Confirms To Stakeholders Your Abilities To Identify Critical Issues
Topic 2
  • Information System Auditing Process
Topic 3
  • Protection of Information Assets
Topic 4
  • Affirms Your Credibility To Offer Conclusions On The State Of An Organization’s IS/IT Security, Risk And Control Solutions
Topic 6
  • Governance and Management of IT
Topic 7
  • Offer Proof Not Only Of Your Competency In IT Controls, But Also Your Understanding Of How IT Relates To Business
Topic 8
  • Information Systems Acquisition, Development and implementation
Topic 9
  • Information Systems Operations and Business Resilience
Topic 10
  • Recommend Enterprise Specific Practices To Support And Safeguard The Governance Of Information And Related Technologies

Verified CISA Dumps Q&As - 1 Year Free & Quickly Updates: https://www.examtorrent.com/CISA-valid-vce-dumps.html

Latest ISACA CISA Certification Practice Test Questions: https://drive.google.com/open?id=1x54_N_7yLGmrDnJq0e-nRtSU441TVvHe