CISA PRACTICE QUESTIONS WITH
CORRECT ANSWERS
In ba bpublic bkey binfrastructure b(PKI), bwhich bof bthe bfollowing bmay bbe brelied bupon
bto bprove bthat ban bonline btransaction bwas bauthorized bby ba bspecific bcustomer?
Correct bA. bNonrepudiation
b
bB. bEncryption
b
bC. bAuthentication
b
bD. bIntegrity
b
. b- bcorrect banswers b-You bare bcorrect, bthe banswer bis bA. b
,A. bNonrepudiation, bachieved bthrough bthe buse bof bdigital bsignatures, bprevents bthe
bsenders bfrom blater bdenying bthat bthey bgenerated band bsent bthe bmessage.
B. bEncryption bmay bprotect bthe bdata btransmitted bover bthe bInternet, bbut bmay bnot
bprove bthat bthe btransactions bwere bmade.
C. bAuthentication bis bnecessary bto bestablish bthe bidentification bof ball bparties bto ba
bcommunication.
D. bIntegrity bensures bthat btransactions bare baccurate bbut bdoes bnot bprovide bthe
bidentification bof bthe bcustomer
Which bof bthe bfollowing bBEST bensures bthe bintegrity bof ba bserver's boperating
bsystem b(OS)?
bA. bProtecting bthe bserver bin ba bsecure blocation
b
bB. bSetting ba bboot bpassword
b
Correct bC. bHardening bthe bserver bconfiguration
b
bD. bImplementing bactivity blogging b- bcorrect banswers b-You bare bcorrect, bthe
banswer bis bC. b
A. bProtecting bthe bserver bin ba bsecure blocation bis ba bgood bpractice, bbut bdoes bnot
bensure bthat ba buser bwill bnot btry bto bexploit blogical bvulnerabilities band bcompromise
bthe boperating bsystem b(OS).
B. bSetting ba bboot bpassword bis ba bgood bpractice, bbut bdoes bnot bensure bthat ba
buser bwill bnot btry bto bexploit blogical bvulnerabilities band bcompromise bthe bOS.
C. bHardening ba bsystem bmeans bto bconfigure bit bin bthe bmost bsecure bmanner
b(install blatest bsecurity bpatches, bproperly bdefine baccess bauthorization bfor busers
band badministrators, bdisable binsecure boptions band buninstall bunused bservices) bto
bprevent bnonprivileged busers bfrom bgaining bthe bright bto bexecute bprivileged
binstructions band, bthus, btake bcontrol bof bthe bentire bmachine, bjeopardizing bthe
bintegrity bof bthe bOS.
D. bActivity blogging bhas btwo bweaknesses bin bthis bscenario—it bis ba bdetective
bcontrol b(not ba bpreventive bone), band bthe battacker bwho balready bgained bprivileged
baccess bcan bmodify blogs bor bdisable bthem.
The bIS bauditor bis breviewing ban borganization's bhuman bresources b(HR) bdatabase
bimplementation. bThe bIS bauditor bdiscovers bthat bthe bdatabase bservers bare
bclustered bfor bhigh bavailability, ball bdefault bdatabase baccounts bhave bbeen
,bremoved band bdatabase baudit blogs bare bkept band breviewed bon ba bweekly bbasis.
bWhat bother barea bshould bthe bIS bauditor bcheck bto bensure bthat bthe bdatabases
bare bappropriately bsecured?
bA. bDatabase bdigital bsignatures
b
Incorrect bB. bDatabase bencryption bnonces band bother bvariables
b
bC. bDatabase bmedia baccess bcontrol b(MAC) baddress bauthentication
b
bD. bDatabase binitialization bparameters b- bcorrect banswers b-You banswered bB. bThe
bcorrect banswer bis bD. b
A. bDigital bsignatures bare bused bfor bauthentication band bnonrepudiation, band bare
bnot bcommonly bused bin bdatabases. bAs ba bresult, bthis bis bnot ban barea bin bwhich
bthe bIS bauditor bshould binvestigate.
B. bA bnonce bis bdefined bas ba b"parameter bthat bchanges bover btime" band bis bsimilar
bto ba bnumber bgenerated bto bauthenticate bone bspecific buser bsession. bNonces bare
bnot brelated bto bdatabase bsecurity b(they bare bcommonly bused bin bencryption
bschemes).
C. bA bmedia baccess bcontrol b(MAC) baddress bis bthe bhardware baddress bof ba
bnetwork binterface. bMAC baddress bauthentication bis bsometimes bused bwith bwireless
blocal barea bnetwork b(WLAN) btechnology, bbut bis bnot brelated bto bdatabase bsecurity.
D. bWhen ba bdatabase bis bopened, bmany bof bits bconfiguration boptions bare bgoverned
bby binitialization bparameters. bThese bparameters bare busually bgoverned bby ba bfile
b("init.ora" bin bthe bcase bof bOracle bDBMS), bwhich bcontains bmany bsettings. bThe
bsystem binitialization bparameters baddress bmany b"global" bdatabase bsettings,
bincluding bauthentication, bremote baccess band bother bcritical bsecurity bareas. bTo
beffectively baudit ba bdatabase bimplementation, bthe bIS bauditor bmust bexamine bthe
bdatabase binitialization bparameters.
Which bof bthe bfollowing bprocesses bwill bbe bMOST beffective bin breducing bthe brisk
bthat bunauthorized bsoftware bon ba bbackup bserver bis bdistributed bto bthe bproduction
bserver?
bA. bManually bcopy bfiles bto baccomplish breplication.
b
bB. bReview bchanges bin bthe bsoftware bversion bcontrol bsystem.
b
Incorrect bC. bEnsure bthat bdevelopers bdo bnot bhave baccess bto bthe bbackup bserver.
b
bD. bReview bthe baccess bcontrol blog bof bthe bbackup bserver. b- bcorrect banswers b-
You banswered bC. bThe bcorrect banswer bis bB. b
, A. bEven bif breplication bis bbe bconducted bmanually bwith bdue bcare, bthere bstill
bremains ba brisk bto bcopying bunauthorized bsoftware bfrom bone bserver bto banother.
B. bIt bis bcommon bpractice bfor bsoftware bchanges bto bbe btracked band bcontrolled
busing bversion bcontrol bsoftware. bAn bIS bauditor bshould breview breports bor blogs
bfrom bthis bsystem bto bidentify bthe bsoftware bthat bis bpromoted bto bproduction. bOnly
bmoving bthe bversions bon bthe bversion bcontrol bsystem b(VCS) bprogram bwill bprevent
bthe btransfer bof bdevelopment bor bearlier bversions.
C. bIf bunauthorized bcode bwas bintroduced bonto bthe bbackup bserver bby bdevelopers,
bcontrols bon bthe bproduction bserver band bthe bsoftware bversion bcontrol bsystem
bshould bmitigate bthis brisk.
D. bReview bof bthe baccess blog bwill bidentify bstaff baccess bor bthe boperations
bperformed; bhowever, bit bmay bnot bprovide benough binformation bto bdetect bthe
brelease bof bunauthorized bsoftware.
A bconsulting bfirm bhas bcreated ba bFile bTransfer bProtocol b(FTP) bsite bfor bthe
bpurpose bof breceiving bfinancial bdata band bhas bcommunicated bthe bsite's baddress,
buser bID band bpassword bto bthe bfinancial bservices bcompany bin bseparate bemail
bmessages. bThe bcompany bis bto btransmit bits bdata bto bthe bFTP bsite bafter bmanually
bencrypting bthe bdata. bThe bIS bauditor's bGREATEST bconcern bwith bthis bprocess bis
bthat:
Correct bA. bthe busers bmay bnot bremember bto bmanually bencrypt bthe bdata bbefore
btransmission.
b
bB. bthe bsite bcredentials bwere bsent bto bthe bfinancial bservices bcompany bvia bemail.
b
bC. bpersonnel bat bthe bconsulting bfirm bmay bobtain baccess bto bsensitive bdata.
b
bD. bthe buse bof ba bshared buser bID bto bthe bFTP bsite bdoes bnot ballow bfor buser
baccountability. b- bcorrect banswers b-You bare bcorrect, bthe banswer bis bA. b
A. bIf bthe bdata bis bnot bencrypted, ban bunauthorized bexternal bparty bmay bdownload
bsensitive bcompany bdata.
B. bEven bthough bthe bpossibility bexists bthat bthe blogon binformation bwas bcaptured
bfrom bthe bemails, bdata bshould bbe bencrypted, bso bthe btheft bof bthe bdata bwould bnot
ballow bthe battacker bto bread bit.
C. bSome bof bthe bemployees bat bthe bconsulting bfirm bwill bhave baccess bto bthe
bsensitive bdata band bthe bconsulting bfirm bmust bhave bprocedures bin bplace bto
bprotect bthe bdata.
CORRECT ANSWERS
In ba bpublic bkey binfrastructure b(PKI), bwhich bof bthe bfollowing bmay bbe brelied bupon
bto bprove bthat ban bonline btransaction bwas bauthorized bby ba bspecific bcustomer?
Correct bA. bNonrepudiation
b
bB. bEncryption
b
bC. bAuthentication
b
bD. bIntegrity
b
. b- bcorrect banswers b-You bare bcorrect, bthe banswer bis bA. b
,A. bNonrepudiation, bachieved bthrough bthe buse bof bdigital bsignatures, bprevents bthe
bsenders bfrom blater bdenying bthat bthey bgenerated band bsent bthe bmessage.
B. bEncryption bmay bprotect bthe bdata btransmitted bover bthe bInternet, bbut bmay bnot
bprove bthat bthe btransactions bwere bmade.
C. bAuthentication bis bnecessary bto bestablish bthe bidentification bof ball bparties bto ba
bcommunication.
D. bIntegrity bensures bthat btransactions bare baccurate bbut bdoes bnot bprovide bthe
bidentification bof bthe bcustomer
Which bof bthe bfollowing bBEST bensures bthe bintegrity bof ba bserver's boperating
bsystem b(OS)?
bA. bProtecting bthe bserver bin ba bsecure blocation
b
bB. bSetting ba bboot bpassword
b
Correct bC. bHardening bthe bserver bconfiguration
b
bD. bImplementing bactivity blogging b- bcorrect banswers b-You bare bcorrect, bthe
banswer bis bC. b
A. bProtecting bthe bserver bin ba bsecure blocation bis ba bgood bpractice, bbut bdoes bnot
bensure bthat ba buser bwill bnot btry bto bexploit blogical bvulnerabilities band bcompromise
bthe boperating bsystem b(OS).
B. bSetting ba bboot bpassword bis ba bgood bpractice, bbut bdoes bnot bensure bthat ba
buser bwill bnot btry bto bexploit blogical bvulnerabilities band bcompromise bthe bOS.
C. bHardening ba bsystem bmeans bto bconfigure bit bin bthe bmost bsecure bmanner
b(install blatest bsecurity bpatches, bproperly bdefine baccess bauthorization bfor busers
band badministrators, bdisable binsecure boptions band buninstall bunused bservices) bto
bprevent bnonprivileged busers bfrom bgaining bthe bright bto bexecute bprivileged
binstructions band, bthus, btake bcontrol bof bthe bentire bmachine, bjeopardizing bthe
bintegrity bof bthe bOS.
D. bActivity blogging bhas btwo bweaknesses bin bthis bscenario—it bis ba bdetective
bcontrol b(not ba bpreventive bone), band bthe battacker bwho balready bgained bprivileged
baccess bcan bmodify blogs bor bdisable bthem.
The bIS bauditor bis breviewing ban borganization's bhuman bresources b(HR) bdatabase
bimplementation. bThe bIS bauditor bdiscovers bthat bthe bdatabase bservers bare
bclustered bfor bhigh bavailability, ball bdefault bdatabase baccounts bhave bbeen
,bremoved band bdatabase baudit blogs bare bkept band breviewed bon ba bweekly bbasis.
bWhat bother barea bshould bthe bIS bauditor bcheck bto bensure bthat bthe bdatabases
bare bappropriately bsecured?
bA. bDatabase bdigital bsignatures
b
Incorrect bB. bDatabase bencryption bnonces band bother bvariables
b
bC. bDatabase bmedia baccess bcontrol b(MAC) baddress bauthentication
b
bD. bDatabase binitialization bparameters b- bcorrect banswers b-You banswered bB. bThe
bcorrect banswer bis bD. b
A. bDigital bsignatures bare bused bfor bauthentication band bnonrepudiation, band bare
bnot bcommonly bused bin bdatabases. bAs ba bresult, bthis bis bnot ban barea bin bwhich
bthe bIS bauditor bshould binvestigate.
B. bA bnonce bis bdefined bas ba b"parameter bthat bchanges bover btime" band bis bsimilar
bto ba bnumber bgenerated bto bauthenticate bone bspecific buser bsession. bNonces bare
bnot brelated bto bdatabase bsecurity b(they bare bcommonly bused bin bencryption
bschemes).
C. bA bmedia baccess bcontrol b(MAC) baddress bis bthe bhardware baddress bof ba
bnetwork binterface. bMAC baddress bauthentication bis bsometimes bused bwith bwireless
blocal barea bnetwork b(WLAN) btechnology, bbut bis bnot brelated bto bdatabase bsecurity.
D. bWhen ba bdatabase bis bopened, bmany bof bits bconfiguration boptions bare bgoverned
bby binitialization bparameters. bThese bparameters bare busually bgoverned bby ba bfile
b("init.ora" bin bthe bcase bof bOracle bDBMS), bwhich bcontains bmany bsettings. bThe
bsystem binitialization bparameters baddress bmany b"global" bdatabase bsettings,
bincluding bauthentication, bremote baccess band bother bcritical bsecurity bareas. bTo
beffectively baudit ba bdatabase bimplementation, bthe bIS bauditor bmust bexamine bthe
bdatabase binitialization bparameters.
Which bof bthe bfollowing bprocesses bwill bbe bMOST beffective bin breducing bthe brisk
bthat bunauthorized bsoftware bon ba bbackup bserver bis bdistributed bto bthe bproduction
bserver?
bA. bManually bcopy bfiles bto baccomplish breplication.
b
bB. bReview bchanges bin bthe bsoftware bversion bcontrol bsystem.
b
Incorrect bC. bEnsure bthat bdevelopers bdo bnot bhave baccess bto bthe bbackup bserver.
b
bD. bReview bthe baccess bcontrol blog bof bthe bbackup bserver. b- bcorrect banswers b-
You banswered bC. bThe bcorrect banswer bis bB. b
, A. bEven bif breplication bis bbe bconducted bmanually bwith bdue bcare, bthere bstill
bremains ba brisk bto bcopying bunauthorized bsoftware bfrom bone bserver bto banother.
B. bIt bis bcommon bpractice bfor bsoftware bchanges bto bbe btracked band bcontrolled
busing bversion bcontrol bsoftware. bAn bIS bauditor bshould breview breports bor blogs
bfrom bthis bsystem bto bidentify bthe bsoftware bthat bis bpromoted bto bproduction. bOnly
bmoving bthe bversions bon bthe bversion bcontrol bsystem b(VCS) bprogram bwill bprevent
bthe btransfer bof bdevelopment bor bearlier bversions.
C. bIf bunauthorized bcode bwas bintroduced bonto bthe bbackup bserver bby bdevelopers,
bcontrols bon bthe bproduction bserver band bthe bsoftware bversion bcontrol bsystem
bshould bmitigate bthis brisk.
D. bReview bof bthe baccess blog bwill bidentify bstaff baccess bor bthe boperations
bperformed; bhowever, bit bmay bnot bprovide benough binformation bto bdetect bthe
brelease bof bunauthorized bsoftware.
A bconsulting bfirm bhas bcreated ba bFile bTransfer bProtocol b(FTP) bsite bfor bthe
bpurpose bof breceiving bfinancial bdata band bhas bcommunicated bthe bsite's baddress,
buser bID band bpassword bto bthe bfinancial bservices bcompany bin bseparate bemail
bmessages. bThe bcompany bis bto btransmit bits bdata bto bthe bFTP bsite bafter bmanually
bencrypting bthe bdata. bThe bIS bauditor's bGREATEST bconcern bwith bthis bprocess bis
bthat:
Correct bA. bthe busers bmay bnot bremember bto bmanually bencrypt bthe bdata bbefore
btransmission.
b
bB. bthe bsite bcredentials bwere bsent bto bthe bfinancial bservices bcompany bvia bemail.
b
bC. bpersonnel bat bthe bconsulting bfirm bmay bobtain baccess bto bsensitive bdata.
b
bD. bthe buse bof ba bshared buser bID bto bthe bFTP bsite bdoes bnot ballow bfor buser
baccountability. b- bcorrect banswers b-You bare bcorrect, bthe banswer bis bA. b
A. bIf bthe bdata bis bnot bencrypted, ban bunauthorized bexternal bparty bmay bdownload
bsensitive bcompany bdata.
B. bEven bthough bthe bpossibility bexists bthat bthe blogon binformation bwas bcaptured
bfrom bthe bemails, bdata bshould bbe bencrypted, bso bthe btheft bof bthe bdata bwould bnot
ballow bthe battacker bto bread bit.
C. bSome bof bthe bemployees bat bthe bconsulting bfirm bwill bhave baccess bto bthe
bsensitive bdata band bthe bconsulting bfirm bmust bhave bprocedures bin bplace bto
bprotect bthe bdata.
