BLOGSPOT atas

Friday, May 30, 2014

CISA Exam Preparation (Question 105)

 (105) Disaster recovery planning (DRP) addresses the:

A. technological aspect of business continuity planning.
B. operational piece of business continuity planning.
C. functional aspect of business continuity planning.
D. overall coordination of business continuity planning.

Explanation:
Disaster recovery planning (DRP) is the technological aspect of business continuity planning. Business resumption planning addresses the operational part of business continuity planning.


- Muhammad Idham Azhari

Wednesday, May 28, 2014

CISA Exam Preparation (Question 104)

(104) Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures?

A.Invite client participation.
B. involve all technical staff.
C. Rotate recovery managers.
D. install locally-stored backup.

Explanation:
Recovery managers should be rotated to ensure the experience of the recovery plan is spread among the managers. Clients may be involved but not necessarily in every case. Not all technical staff should be involved in each test. Remote or offsite backup should always be used.


- Muhammad Idham Azhari

Monday, May 26, 2014

CISA Exam Preparation (Question 103)

(103) An advantage of the use of hot sites as a backup alternative is that:
A. the costs associated with hot sites are low.
B. hot sites can be used for an extended amount of time.
C. hot sites can be made ready for operation within a short period of time.
D. they do not require that equipment and systems software be compatible with the primary site.


Explanation:
Hot sites can be made ready for operation normally within hours. However, the use of hot sites is expensive, should not be considered as a long-term solution, and requires that equipment and systems software be compatible with the primary installation being backed up.

- Muhammad Idham Azhari

Friday, May 23, 2014

CISA Exam Preparation (Question 102)

(102) An organization’s disaster recovery plan should address early recovery of:
A. all information systems processes.
B. all financial processing applications.
C. only those applications designated by the IS manager.
D. processing in priority order, as defined by business management.


Explanation:
Business management should know which systems are critical and when they need to process well in advance of a disaster. It is management’s responsibility to develop and maintain the plan. Adequate time will not be available for this determination once the disaster occurs. IS and the information processing facility are service organizations that exist for the purpose of assisting the general user management in successfully performing their jobs.

- Muhammad Idham Azhari

Thursday, May 22, 2014

CISA Exam Preparation (Question 101)

(101) An organization having a number of offices across a wide geographical area has developed a disaster recovery plan. Using actual resources, which of the following is the MOST cost-effective test of the disaster recovery plan?
A. Full operational test
B. Preparedness test
C. Paper test
D. Regression test


Explanation:
A preparedness test is performed by each local office/area to test the adequacy of the preparedness of local operations for disaster recovery. A paper test is a structured walk-through of the disaster recovery plan and should be conducted before a preparedness test. A full operational test is conducted after the paper and preparedness test. A regression test is not a disaster recovery planning (DRP) test and is used in software maintenance.

- Muhammad Idham Azhari

Wednesday, May 21, 2014

CISA Exam Preparation (Question 100)

(100) Which of the following is the MOST reasonable option for recovering a noncritical system?
A. Warm site
B. Mobile site
C. Hot site
D. Cold site


Explanation:
Generally a cold site is contracted for a longer period at a lower cost. Since it requires more time to make a cold site operational, it is generally used for noncritical applications. A warm site is generally available at a medium cost, requires less time to become operational and is suitable for sensitive operations. A mobile site is a vehicle ready with all necessary computer equipment that can be moved to any cold or warm site depending upon the need. The need for a mobile site depends uponthe scale of operations. A hot site is contracted for a shorter time period at a higher cost and is better suited for recovery of vital and critical applications.

- Muhammad Idham Azhari

Tuesday, May 20, 2014

CISA Exam Preparation (Question 99)

(99) After implementation of a disaster recovery plan, pre-disaster and post-disaster operational costs for an organization will:
A. decrease.
B. not change (remain the same).
C. increase.
D. increase or decrease depending upon the nature of the business.


Explanation:
There are costs associated with all activities and disaster recovery planning (DRP) is not an exception. Although there are costs associated with a disaster recovery plan, there are unknown costs that are incurred if a disaster recovery plan is not implemented.

- Muhammad Idham Azhari

Monday, May 19, 2014

CISA Exam Preparation (Question 98)

(98) The PRIMARY purpose of a business impact analysis (BIA) is to:
A. provide a plan for resuming operations after a disaster.
B. identify the events that could impact the continuity of an organization’s operations.
C. publicize the commitment of the organization to physical and logical security.
D. provide the framework for an effective disaster recovery plan.


Explanation:
A business impact analysis (BIA) is one of the key steps in the development of a business continuity plan (BCP). A BIA will identify the diverse events that could impact the continuity of the operations of an organization.

- Muhammad Idham Azhari

Friday, May 16, 2014

CISA Exam Preparation (Question 97)

(97) Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget?
A. A hot site maintained by the business
B. A commercial cold site
C. A reciprocal arrangement between its offices
D. A third-party hot site


Explanation:
For a business having many offices within a region, a reciprocal arrangement among its offices would be most appropriate. Each office could be designated as a recovery site for some other office. This would be the least expensive approach to providing an acceptable level of confidence. A hot site maintained by the business would be a costly solution but would provide a high degree of confidence. Multiple cold sites leased for the multiple offices would lead to a costly solution with a high degree of confidence. A third-party facility for recovery is provided by a traditional hot site. This would be a costly approach providing a high degree of confidence.

- Muhammad Idham Azhari

Wednesday, May 14, 2014

CISA Exam Preparation (Question 96)

(96) Which of the following is the GREATEST concern when an organization’s backup facility is at a warm site?
A. Timely availability of hardware
B. Availability of heat, humidity and air conditioning equipment
C. Adequacy of electrical power connections
D. Effectiveness of the telecommunications network


Explanation:
A warm site has the basic infrastructure facilities implemented, such as power, air conditioning and networking, but is normally lacking computing equipment. Therefore, the availability of hardware becomes a primary concern.

- Muhammad Idham Azhari

Tuesday, May 13, 2014

CISA Exam Preparation (Question 91 ~ 95)

(91) Which of the following aspects of symmetric key encryption influenced the development of asymmetric encryption?
A. Processing power
B. Volume of data
C. Key distribution
D. Complexity of the algorithm

Explanation:
Symmetric key encryption requires that the keys be distributed. The larger the user group, the more challenging the key distribution. Symmetric key cryptosystems are generally less complicated and, therefore, use less processing power than asymmetrictechniques , thus making it ideal for encrypting a large volume of datA . The major disadvantage is the need to get the keys into the hands of those with whom you want to exchange data, particularly in e-commerce environments, where customers are unknown, untrusted entities.
(92) Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be:
A. physically separated from the data center and not subject to the same risks.
B. given the same level of protection as that of the computer data center.
C. outsourced to a reliable third party.
D. equipped with surveillance capabilities.

Explanation:
It is important that there be an offsite storage location for IS files and that it be in a location not subject to the same risks as the primary data center. The other choices are all issues that must be considered when establishing the offsite location, but they are not as critical as the location selection.
(93) If a database is restored using before-image dumps, where should the process begin following an interruption?
A. Before the last transaction
B. After the last transaction
C. As the first transaction after the latest checkpoint
D. As the last transaction before the latest checkpoint

Explanation:
If before images are used, the last transaction in the dump will not have updated the database prior to the dump being taken. The last transaction will not have updated the database and must be reprocessed. Program checkpoints are irrelevant in this situation.
(94) In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems?
A. Maintaining system software parameters
B. Ensuring periodic dumps of transaction logs
C. Ensuring grandfather-father-son file backups
D. Maintaining important data at an offsite location

Explanation:
Ensuring periodic dumps of transaction logs is the only safe way of preserving timely historical datA . The volume of activity usually associated with an online system makes other more traditional methods of backup impractical.
(95) As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following is necessary to restore these files?
A. The previous day’s backup file and the current transaction tape
B. The previous day’s transaction file and the current transaction tape
C. The current transaction tape and the current hard copy transaction log
D. The current hard copy transaction log and the previous day’s transaction file


Explanation:
The previous day’s backup file will be the most current historical backup of activity in the system. The current day’s transaction file will contain all of the day’s activity. Therefore, the combination of these two files will enable full recovery upto the point of interruption.

- Muhammad Idham Azhari

Monday, May 12, 2014

CISA Exam Preparation (Question 81 ~ 90)

(81) The purpose of a deadman door controlling access to a computer facility is primarily to:
A. prevent piggybacking.
B. prevent toxic gases from entering the data center.
C. starve a fire of oxygen
D. prevent an excessively rapid entry to, or exit from, the facility.

Explanation:
The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplished with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e.g., a fire.
(82) Which of the following is the MOST reliable form of single factor personal identification?
A. Smart card
B. Password
C. Photo identification
D. iris scan

Explanation:
Since no two irises are alike, identification and verification can be done with confidence. There is no guarantee that a smart card is being used by the correct person since it can be shared, stolen or lost and found. Passwords can be shared and, if written down, carry the risk of discovery. Photo IDs can be forged or falsified.
(83) A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?
A. Badge readers are installed in locations where tampering would be noticed
B. The computer that controls the badge system is backed up frequently
C. A process for promptly deactivating lost or stolen badges exists
D. All badge entry attempts are logged

Explanation:
Tampering with a badge reader cannot open the door, so this is irrelevant. Logging the entry attempts may be of limited value. The biggest risk is from unauthorized individuals who can enter the data center, whether they are employees or not. Thus, a process of deactivating lost or stolen badges is important. The configuration of the system does not change frequently, therefore frequent backup is not necessary.
(84) Which of the following physical access controls effectively reduces the risk of piggybacking?
A. Biometric door locks
B. Combination door locks
C. Deadman doors
D. Bolting door locks

Explanation:
Deadman doors use a pair of doors. For the second door to operate, the first entry door must close and lock with only one person permitted in the holding areA . This effectively reduces the risk of piggybacking. An individual’s unique body features such as voice, retina, fingerprint or signature activate biometric door locks; however, they do not prevent or reduce the risk of piggybacking. Combination door locks, also known as cipher locks, use a numeric key pad or dial to gain entry. They do notprevent or reduce the risk of piggybacking since unauthorized individuals may still gain access to the processing center. Bolting door locks require the traditional metal key to gain entry. Unauthorized individuals could still gain access to the processing center along with an authorized individual.
(85) The MOST effective biometric control system is the one:
A. which has the highest equal-error rate (EER).
B. which has the lowest EER.
C. for which the false-rejection rate (FRR) is equal to the false-acceptance rate (FAR).
D. for which the FRR is equal to the failure-to-enroll rate (FER).

Explanation:
The equal-error rate (EER) of a biometric system denotes the percent at which the false- acceptance rate (FAR) is equal to the false-rejection rate (FRR). The biometric that has the lowest EER is the most effective. The biometric that has the highestEER is the most ineffective. For any biometric, there will be a measure at which the FRR will be equal to the FAR. This is the EER.
FER is an aggregate measure of FRR.
(86) Which of the following is the BEST way to satisfy a two-factor user authentication?
A. A smart card requiring the user’s PIN
B. User ID along with password
C. Iris scanning plus fingerprint scanning
D. A magnetic card requiring the user’s PIN

Explanation:
A smart card addresses what the user has. This is generally used in conjunction with testing what the user knows, e.g., a keyboard password or personal identification number (PIN). An ID and password, what the user knows, is a single-factor user authentication. Choice C is not a two-factor user authentication because it is only biometric. Choice D is similar to choice A, but the magnetic card may be copied; therefore, choice A is the best way to satisfy a two-factor user authentication.
(87) What should an organization do before providing an external agency physical access to its information processing facilities (IPFs)?
A. The processes of the external agency should be subjected to an IS audit by an independent agency.
B. Employees of the external agency should be trained on the security procedures of the organization.
C. Any access by an external agency should be limited to the demilitarized zone (DMZ).
D. The organization should conduct a risk assessment and design and implement appropriate controls.

Explanation:
Physical access of information processing facilities (IPFs) by an external agency introduces additional threats into an organization. Therefore, a risk assessment should be conducted and controls designed accordingly. The processes of the external agency are not of concern here. It is the agency’s interaction with the organization that needs to be protected. Auditing their processes would not be relevant in this scenario. Training the employees of the external agency may be one control procedure, but could be performed after access has been granted. Sometimes an external agency may require access to the processing facilities beyond the demilitarized zone (DMZ). For example, an agency which undertakes maintenance of servers may require access to the main
server room. Restricting access within the DMZ will not serve the purpose.
(88) An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that:
A. nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity.
B. access cards are not labeled with the organization’s name and address to facilitate easy return of a lost card.
C. card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards.
D. the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure.

Explanation:
Physical security is meant to control who is entering a secured area, so identification of all individuals is of utmost importance. It is not adequateto trust unknown external people by allowing them to write down their alleged name without proof, e.g., identity card, driver’s license. Choice B is not a concern because if the name and address of the organization was written on the card, a malicious finder could use the card to enter the organization’s premises. Separating card issuance from technical rights management is a method to ensure a proper segregation of duties so that no single person can produce a functioning card for a restrictedarea within the organization’s premises. Choices B and C are good practices, not concerns. Choice D may be a concern, but not as important since a system failure of the card programming device would normally not mean that the readers do not functionanymore . It simply means that no new cards can be issued, so this option is minor compared to the threat of improper identification.
(89) Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?
A. Overwriting the tapes
B. initializing the tape labels
C. Degaussing the tapes
D. Erasing the tapes

Explanation:
The best way to handle obsolete magnetic tapes is to degauss them. This action leaves a very low residue of magnetic induction, essentially erasing the data from the tapes. Overwriting or erasing the tapes may cause magnetic errors but would not remove the data completely. Initializing the tape labels would not remove the data that follows the label.
(90) Which of the following is the MOST important objective of data protection?
A. identifying persons who need access to information
B. Ensuring the integrity of information
C. Denying or authorizing access to the IS system
D. Monitoring logical accesses


Explanation:
Maintaining data integrity is the most important objective of data security. This is a necessity if an organization is to continue as a viable and successful enterprise. The other choices are important techniques for achieving the objective of data integrity.

- Muhammad Idham Azhari

Friday, May 9, 2014

CISA Exam Preparation (Question 71 ~ 80)

(71) When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?
A. There is no registration authority (RA) for reporting key compromises.
B. The certificate revocation list (CRL) is not current.
C. Digital certificates contain a public key that is used to encrypt messages and verify digital signatures.
D. Subscribers report key compromises to the certificate authority (CA).

Explanation:
If the certificate revocation list (CRL) is not current, there could be a digital certificate that is not revoked that could be used for unauthorized or fraudulent activities. The certificate authority (CA) can assume the responsibility if there is no registration authority (RA). Digital certificates containing a public key that is used to encrypt messages and verifying digital signatures is not a risk. Subscribers reporting key compromises to the CA is not a risk since reporting this to the CA enables the CA to take appropriate action.
(72) When using a digital signature, the message digest is computed:
A. only by the sender.
B. only by the receiver.
C. by both the sender and the receiver.
D. by the certificate authority (CA).

Explanation:
A digital signature is an electronic identification of a person or entity. It is created by using asymmetric encryption. To verify integrity of data, the sender uses a cryptographic hashing algorithm against the entire message to create a message digest to be sent along with the message. Upon receipt of the message, the receiver will recompute the hash using the same algorithm and compare results with what was sent to ensure the integrity of the message.
(73) Which of the following would effectively verify the originator of a transaction?
A. Using a secret password between the originator and the receiver
B. Encrypting the transaction with the receiver’s public key
C. Using a portable document format (PDF) to encapsulate transaction content
D. Digitally signing the transaction with the source’s private key

Explanation:
A digital signature is an electronic identification of a person, created by using a public key algorithm, to verify to a recipient the identity of the source of a transaction and the integrity of its content. Since they are a ‘shared secret’ between the user and the system itself, passwords are considered a weaker means of authentication. Encrypting the transaction with the recipient’s public key will provide confidentiality for the information, while using a portable document format(PDF) will probe the integrity of the content but not necessarily authorship.
(74) The MOST effective control for addressing the risk of piggybacking is:
A. a single entry point with a receptionist.
B. the use of smart cards.
C. a biometric door lock.
D. adeadman door.

Explanation:
Deadman doors are a system of using a pair of (two) doors. For the second door to operate, the first entry door must close and lock with only one person permitted in the holding areA . This reduces the risk of an unauthorized person following an authorized person through a secured entry (piggybacking). The other choices are all physical controls over entry to a secure area but do not specifically address the risk of piggybacking.
(75) The BEST overall quantitative measure of the performance of biometric control devices is:
A. false-rejection rate.
B. false-acceptance rate.
C. equal-error rate.
D. estimated-error rate.

Explanation:
A low equal-error rate (EER) is a combination of a low false-rejection rate and a low false- acceptance rate. EER, expressed as a percentage, is a measure of the number of times that the false-rejection and false-acceptance rates are equal. A low EERis the measure of the more effective biometrics control device. Low false-rejection rates or low false-acceptance rates alone do not measure the efficiency of the device. Estimated-error rate is nonexistent and therefore irrelevant.
(76) Which of the following is the MOST effective control over visitor access to a data center?
A. Visitors are escorted.
B. Visitor badges are required.
C. Visitors sign in.
D. Visitors are spot-checked by operators.

Explanation:
Escorting visitors will provide the best assurance that visitors have permission to access the data processing facility. Choices B and C are not reliable controls. Choice D is incorrect because visitors should be accompanied at all times while they are on the premises, not only when they are in the data processing facility.
(77) The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?
A. Replay
B. Brute force
C. Cryptographic
D. Mimic

Explanation:
Residual biometric characteristics, such as fingerprints left on a biometric capture device, may be reused by an attacker to gain unauthorized access. A brute force attack involves feeding the biometric capture device numerous different biometric samples. A cryptographic attack targets the algorithm or the encrypted data, in a mimic attack, the attacker reproduces characteristics similar to those of the enrolled user, such as forging a signature or imitating a voice.
(78) A firm is considering using biometric fingerprint identification on all PCs that access critical datA.
This requires:
A. that a registration process is executed for all accredited PC users.
B. the full elimination of the risk of a false acceptance.
C. the usage of the fingerprint reader be accessed by a separate password.
D. assurance that it will be impossible to gain unauthorized access to critical data.

Explanation:
The fingerprints of accredited users need to be read, identified and recorded, i.e., registered, before a user may operate the system from the screened PCs. Choice B is incorrect, as the false- acceptance risk of a biometric device may be optimized, but will never be zero because this would imply an unacceptably high risk of false rejection. Choice C is incorrect, as the fingerprint device reads the token (the user’s fingerprint) and does not need to be protected in itself by a password. Choice Dis incorrect because the usage of biometric protection on PCs does not guarantee that other potential security weaknesses in the system may not be exploited to access protected data.
(79) Which of the following biometrics has the highest reliability and lowest false-acceptance rate (FAR)?
A. Palm scan
B. Face recognition
C. Retina scan
D. Hand geometry

Explanation:
Retina scan uses optical technology to map the capillary pattern of an eye’s retinA . This is highly reliable and has the lowest false-acceptance rate (FAR) among the current biometric methods. Use of palm scanning entails placing a hand on a scannerwhere a palm’s physical characteristics are captured. Hand geometry, one of the oldest techniques, measures the physical characteristics of the user’s hands and fingers from a three dimensional perspective. The palm and hand biometric techniques lackuniqueness in the geometry datA . In face biometrics, a reader analyzes the images captured for general facial characteristics. Though considered a natural and friendly biometric, the main disadvantage of face recognition is the lack of uniqueness, which means that people looking alike can fool the device.
(80) The MOST likely explanation for a successful social engineering attack is:
A. that computers make logic errors.
B. that people make judgment errors.
C. the computer knowledge of the attackers.

D. the technological sophistication of the attack method.

- Muhammad Idham Azhari

Thursday, May 8, 2014

CISA Exam Preparation (Question 66 ~ 70)

(66) In wireless communication, which of the following controls allows the device receiving the communications to verify that the received communications have not been altered in transit?
A. Device authentication and data origin authentication
B. Wireless intrusion detection (IDS) and prevention systems (IPS)
C. The use of cryptographic hashes
D. Packet headers and trailers

Explanation:
Calculating cryptographic hashes for wireless communications allows the device receiving the communications to verify that the received communications have not been altered in transit. This prevents masquerading and message modification attacks. Device authentication and data origin authentication is not the correct answer since authenticating wireless endpoints to each other prevents man-in-the-middle attacks and masquerading. Wireless iDS / lPSs is not the correct answer since wireless IDS/ lPSshave the ability to detect misconfigured devices and rogue devices, and detect and possibly stop certain types of attacks. Packet headers and trailers alone do not ensure that the content has not been altered.
(67) An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access?
A. Implement Wired Equivalent Privacy (WEP)
B. Permit access to only authorized Media Access Control (MAC) addresses
C. Disable open broadcast of service set identifiers (SSID)
D. Implement Wi-Fi Protected Access (WPA) 2

Explanation:
Wi-Fi Protected Access (WPA) 2 implements most of the requirements of the IEEE 802.11i standard. The Advanced Encryption Standard (AESJ used in WPA2 provides better security. Also, WPA2 supports both the Extensible Authentication Protocol and the preshared secret key authentication model. Implementing Wired Equivalent Privacy (WEP) is incorrect since it can be cracked within minutes. WEP uses a static key which has to be communicated to all authorized users, thus management is difficult. Also, there is a greater vulnerability if the static key is not changed at regular intervals. The practice of allowing access based on Media Access Control (MAC) is not a solution since MAC addresses can be spoofed by attackers to gain access to the network. Disabling open broadcast of service set identifiers (SSID) is not the correct answer as they cannot handle access control.
(68) An IS auditor is reviewing a software-based firewall configuration. Which of the following represents the GREATEST vulnerability? The firewall software:
A. is configured with an implicit deny rule as the last rule in the rule base.
B. is installed on an operating system with default settings.
C. has been configured with rules permitting or denying access to systems or networks.
D. is configured as a virtual private network (VPN) endpoint.

Explanation:
Default settings are often published and provide an intruder with predictable configuration information, which allows easier system compromise. To mitigate this risk, firewall software should be installed on a system using a hardened operating system that has limited functionality, providing only the services necessary to support the firewall software. Choices A, C and D are normal or best practices for firewall configurations.
(69) The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:
A. that there will be too many alerts for system administrators to verify.
B. decreased network performance due to IPS traffic.
C. the blocking of critical systems or services due to false triggers.
D. reliance on specialized expertise within the IT organization.

Explanation:
An intrusion prevention system (IPS) prevents a connection or service based on how it is programmed to react to specific incidents. If the packets are coming from a spoofed address and the IPS is triggered based on previously defined behavior, it maybiock the service or connection of a critical internal system. The other choices are risks that are not as severe as blocking critical systems or services due to false triggers.
(70) The MOST effective control for reducing the risk related to phishing is:
A. centralized monitoring of systems.
B. including signatures for phishing in antivirus software.
C. publishing the policy onantiphishing on the intranet.
D. security training for all users.


Explanation:
Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine, with the intention of obtaining information. Phishing is an example of a social engineering attack. Any social engineering type of attack can best Decontrolled through security and awareness training.

- Muhammad Idham Azhari