Wednesday, May 7, 2014

CISA Exam Preparation (Question 61 ~ 65)

(61) An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?
A. The corporate network is using an intrusion prevention system (IPS)
B. This part of the network is isolated from the corporate network
C. A single sign-on has been implemented in the corporate network
D. Antivirus software is in place to protect the corporate network

If the conference rooms have access to the corporate network, unauthorized users may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An I PS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk.
(62) What is the BEST action to prevent loss of data integrity or confidentiality in the case of an e-commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?
A. Using virtual private network (VPN) tunnels for data transfer
B. Enabling data encryption within the application
C. Auditing the access control to the network
D. Logging all changes to access lists

The best way to ensure confidentiality and integrity of data is to encrypt it using virtual private network (VPN) tunnels. This is the most common and convenient way to encrypt the data traveling over the network. Data encryption within the application is less efficient than VPN. The other options are good practices, but they do not directly prevent the loss of data Integrity and confidentiality during communication through a network.
(63) When conducting a penetration test of an IT system, an organization should be MOST concerned with:
A. the confidentiality of the report.
B. finding all possible weaknesses on the system.
C. restoring all systems to the original state.
D. logging all changes made to the production system.

All suggested items should be considered by the system owner before agreeing to penetration tests, but the most important task is to be able to restore all systems to their original state. Information that is created and/or stored on the tested systems should be removed from these systems. If for some reason, at the end of the penetration test, this is not possible, all files (with their location) should be identified in the technical report so that the client’s technical staff will be able to remove these after the report has been received.
(64) Which of the following penetration tests would MOST effectively evaluate incident handling and response capabilities of an organization?
A. Targeted testing
B. External testing
C. internal testing
D. Double-blind testing

In a double-blind test, the administrator and security staff are not aware of the test, which will result in an assessment of the incident handling and response capability in an organization. In targeted, external, and internal testing, the system administrator and security staff are aware of the tests since they are informed before the start of the tests.
(65) When protecting an organization’s IT systems, which of the following is normally the next line of defense after the network firewall has been compromised?
A. Personal firewall
B. Antivirus programs
C. Intrusion detection system (IDS)
D. Virtual local area network (VLAN) configuration

An intrusion detection system (IDS) would be the next line of defense after the firewall. It would detect anomalies in the network/server activity and try to detect the perpetrator. Antivirus programs, personal firewalls and VI_AN configurations would be later in the line of defense.

- Muhammad Idham Azhari

No comments: