CISA EXAM SIMULATION TEST VOLUME I by AKINWALE AKINDIYA

Author:AKINWALE AKINDIYA [AKINDIYA, AKINWALE]
Language: eng
Format: azw3
Published: 2015-12-20T16:00:00+00:00

30. Governance of enterprise IT should be PRIMARILY driven by:

A. Organizational strategy

B. Regulatory framework

C. Industry best practices

D.IS Audit recommendations

A. Business strategy must be the focal point of IT. Every investment or policy in IT must be aligned with the business objectives. Industry best practices are ideal but may need to be customised to the peculiar environment of the organization.

31.If the single loss expectancy of a server is $500,000 and the possibility of the server breaking down irreparably is estimated to be once in five years, it is MOST LIKELY that the annual costs of protecting the asset will be set at…..

A. $500,000

B. $200,000

C. $100,000

D. $20,000

C. Annual Loss Expectancy=Single Loss Expectancy *Annual Rate of Occurrence; $500,000*(1/5) =$100,000

32.Which of the following frameworks was developed by five American accounting bodies ?

A. SOX

B. COSO

C. PCIDSS

D. ITIL

B. Committee of Sponsoring Organizations of the Treadway Commission(COSO) was developed by accounting bodies in America as a response to corporate failures in the country. The COSO framework emphasizes strengthening internal controls as a means of tacking irregularities. SOX is an Act of American parliament. PCIDSS was developed by organizations in the payment card industry such as American Express and Discover Financial Services .ITIL was developed by the UK government .

33. Asymmetric keys are BEST used to encrypt…………….

A. Bulk messages

B. Digests

C. Passwords

D. Honeypots

B. Asymmetric keys consume a lot of power during encryption and are therefore unsuitable for encrypting bulk messages. The encryption process is reversible and hence, it is not ideal for encrypting passwords. Digests are hashed form of messages which are usually of small sizes. Honeypots are used to lure a hacker to a seemingly vulnerable network in order to learn the mode of operation of an attacker.

34. Which of the following attacks is BEST addressed using non-technical defence strategy?

A. Denial of service

B. Phishing

C .Piggybacking

D. Salami

B. Phishing is a social engineering attack that is best addressed through security training as the best of technical defences cannot be 100% effective. Salami technique is used to remove small fractions of money from balances in a way that might be difficult to detect without sound programming skills. Piggybacking can be addressed with a deadman door (trap door).

35. Which of the following should be performed FIRST when developing an information security program?

A. Appointment of asset owners

B. Conducting vulnerability assessment

C. Implementing firewalls and Intrusion Detection Systems

D. Inventory of information assets

D. For an information security program to be effective, the assets to be protected must be known. Every other option should follow inventory of the assets.

36. Which of the following will be of GREATEST concern to an IS auditor reviewing the password management system of an organization?

A. Password change is not automatically enforced

B. Password files are encrypted with a two-way encryption algorithm

C. Initial passwords are system generated

D. A single factor authentication is adopted by the organization

B. Passwords should be hashed and stored securely as digests. If the algorithm is reversible, there is a strong possibility that the passwords will be compromised if the password file is brute forced. Though two-factor authentication is safer, most systems use a single factor authentication.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.