Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

CISA PRACTICE QUESTIONS AND ANSWERS LATEST REVISION.

Rating
-
Sold
-
Pages
198
Grade
A+
Uploaded on
23-11-2025
Written in
2025/2026

CISA PRACTICE QUESTIONS AND ANSWERS LATEST REVISION.

Institution
CISA PRACTICE
Course
CISA PRACTICE

Content preview

CISA PRACTICE QUESTIONS AND
ANSWERS LATEST REVISION.


In a public key infrastructure (PKI), which of the following may be relied upon to prove that an
online transaction was authorized by a specific customer?



Correct A. Nonrepudiation



B. Encryption



C. Authentication



D. Integrity



. - ANS -You are correct, the answer is A.




A. Nonrepudiation, achieved through the use of digital signatures, prevents the senders from
later denying that they generated and sent the message.



B. Encryption may protect the data transmitted over the Internet, but may not prove that the
transactions were made.



C. Authentication is necessary to establish the identification of all parties to a communication.

,D. Integrity ensures that transactions are accurate but does not provide the identification of the
customer



Which of the following BEST ensures the integrity of a server's operating system (OS)?



A. Protecting the server in a secure location



B. Setting a boot password



Correct C. Hardening the server configuration



D. Implementing activity logging - ANS -You are correct, the answer is C.




A. Protecting the server in a secure location is a good practice, but does not ensure that a user
will not try to exploit logical vulnerabilities and compromise the operating system (OS).



B. Setting a boot password is a good practice, but does not ensure that a user will not try to
exploit logical vulnerabilities and compromise the OS.



C. Hardening a system means to configure it in the most secure manner (install latest security
patches, properly define access authorization for users and administrators, disable insecure
options and uninstall unused services) to prevent nonprivileged users from gaining the right to
execute privileged instructions and, thus, take control of the entire machine, jeopardizing the
integrity of the OS.



D. Activity logging has two weaknesses in this scenario—it is a detective control (not a
preventive one), and the attacker who already gained privileged access can modify logs or
disable them.

,The IS auditor is reviewing an organization's human resources (HR) database implementation.
The IS auditor discovers that the database servers are clustered for high availability, all default
database accounts have been removed and database audit logs are kept and reviewed on a
weekly basis. What other area should the IS auditor check to ensure that the databases are
appropriately secured?



A. Database digital signatures



Incorrect B. Database encryption nonces and other variables



C. Database media access control (MAC) address authentication



D. Database initialization parameters - ANS -You answered B. The correct answer is D.




A. Digital signatures are used for authentication and nonrepudiation, and are not commonly
used in databases. As a result, this is not an area in which the IS auditor should investigate.



B. A nonce is defined as a "parameter that changes over time" and is similar to a number
generated to authenticate one specific user session. Nonces are not related to database security
(they are commonly used in encryption schemes).



C. A media access control (MAC) address is the hardware address of a network interface. MAC
address authentication is sometimes used with wireless local area network (WLAN) technology,
but is not related to database security.



D. When a database is opened, many of its configuration options are governed by initialization
parameters. These parameters are usually governed by a file ("init.ora" in the case of Oracle

, DBMS), which contains many settings. The system initialization parameters address many
"global" database settings, including authentication, remote access and other critical security
areas. To effectively audit a database implementation, the IS auditor must examine the database
initialization parameters.



Which of the following processes will be MOST effective in reducing the risk that unauthorized
software on a backup server is distributed to the production server?



A. Manually copy files to accomplish replication.



B. Review changes in the software version control system.



Incorrect C. Ensure that developers do not have access to the backup server.



D. Review the access control log of the backup server. - ANS -You answered C. The correct
answer is B.




A. Even if replication is be conducted manually with due care, there still remains a risk to
copying unauthorized software from one server to another.



B. It is common practice for software changes to be tracked and controlled using version control
software. An IS auditor should review reports or logs from this system to identify the software
that is promoted to production. Only moving the versions on the version control system (VCS)
program will prevent the transfer of development or earlier versions.



C. If unauthorized code was introduced onto the backup server by developers, controls on the
production server and the software version control system should mitigate this risk.

Written for

Institution
CISA PRACTICE
Course
CISA PRACTICE

Document information

Uploaded on
November 23, 2025
Number of pages
198
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$11.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
DRtests

Get to know the seller

Seller avatar
DRtests stuvia
View profile
Follow You need to be logged in order to follow users or courses
Sold
1
Member since
1 year
Number of followers
0
Documents
73
Last sold
11 months ago
DottyTESTS 100%

READILY AVAILABLE STUDY MATERIALS.

0.0

0 reviews

5
0
4
0
3
0
2
0
1
0

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions