AGRADESTUVIA 2024/2025 AGRADESTUVIA STORE
CISA Practice Questions fully solved 7
updated
In a public key infrastructure (PKI), which of the following may
be relied upon to prove that an online transaction was
authorized by a specific customer?
Correct A. Nonrepudiation
B. Encryption
C. Authentication
D. Integrity
. - ANSWER-You are correct, the answer is A.
AGRADESTUVIA CONFIDENIAL
1
,AGRADESTUVIA 2024/2025 AGRADESTUVIA STORE
A. Nonrepudiation, achieved through the use of digital
signatures, prevents the senders from later denying that they
generated and sent the message.
B. Encryption may protect the data transmitted over the Internet,
but may not prove that the transactions were made.
C. Authentication is necessary to establish the identification of
all parties to a communication.
D. Integrity ensures that transactions are accurate but does not
provide the identification of the customer
Which of the following BEST ensures the integrity of a server's
operating system (OS)?
A. Protecting the server in a secure location
AGRADESTUVIA CONFIDENIAL
2
,AGRADESTUVIA 2024/2025 AGRADESTUVIA STORE
B. Setting a boot password
Correct C. Hardening the server configuration
D. Implementing activity logging - ANSWER-You are correct,
the answer is C.
A. Protecting the server in a secure location is a good practice,
but does not ensure that a user will not try to exploit logical
vulnerabilities and compromise the operating system (OS).
B. Setting a boot password is a good practice, but does not
ensure that a user will not try to exploit logical vulnerabilities
and compromise the OS.
C. Hardening a system means to configure it in the most secure
manner (install latest security patches, properly define access
authorization for users and administrators, disable insecure
AGRADESTUVIA CONFIDENIAL
3
, AGRADESTUVIA 2024/2025 AGRADESTUVIA STORE
options and uninstall unused services) to prevent nonprivileged
users from gaining the right to execute privileged instructions
and, thus, take control of the entire machine, jeopardizing the
integrity of the OS.
D. Activity logging has two weaknesses in this scenario—it is a
detective control (not a preventive one), and the attacker who
already gained privileged access can modify logs or disable
them.
The IS auditor is reviewing an organization's human resources
(HR) database implementation. The IS auditor discovers that
the database servers are clustered for high availability, all
default database accounts have been removed and database
audit logs are kept and reviewed on a weekly basis. What other
area should the IS auditor check to ensure that the databases
are appropriately secured?
A. Database digital signatures
AGRADESTUVIA CONFIDENIAL
4
CISA Practice Questions fully solved 7
updated
In a public key infrastructure (PKI), which of the following may
be relied upon to prove that an online transaction was
authorized by a specific customer?
Correct A. Nonrepudiation
B. Encryption
C. Authentication
D. Integrity
. - ANSWER-You are correct, the answer is A.
AGRADESTUVIA CONFIDENIAL
1
,AGRADESTUVIA 2024/2025 AGRADESTUVIA STORE
A. Nonrepudiation, achieved through the use of digital
signatures, prevents the senders from later denying that they
generated and sent the message.
B. Encryption may protect the data transmitted over the Internet,
but may not prove that the transactions were made.
C. Authentication is necessary to establish the identification of
all parties to a communication.
D. Integrity ensures that transactions are accurate but does not
provide the identification of the customer
Which of the following BEST ensures the integrity of a server's
operating system (OS)?
A. Protecting the server in a secure location
AGRADESTUVIA CONFIDENIAL
2
,AGRADESTUVIA 2024/2025 AGRADESTUVIA STORE
B. Setting a boot password
Correct C. Hardening the server configuration
D. Implementing activity logging - ANSWER-You are correct,
the answer is C.
A. Protecting the server in a secure location is a good practice,
but does not ensure that a user will not try to exploit logical
vulnerabilities and compromise the operating system (OS).
B. Setting a boot password is a good practice, but does not
ensure that a user will not try to exploit logical vulnerabilities
and compromise the OS.
C. Hardening a system means to configure it in the most secure
manner (install latest security patches, properly define access
authorization for users and administrators, disable insecure
AGRADESTUVIA CONFIDENIAL
3
, AGRADESTUVIA 2024/2025 AGRADESTUVIA STORE
options and uninstall unused services) to prevent nonprivileged
users from gaining the right to execute privileged instructions
and, thus, take control of the entire machine, jeopardizing the
integrity of the OS.
D. Activity logging has two weaknesses in this scenario—it is a
detective control (not a preventive one), and the attacker who
already gained privileged access can modify logs or disable
them.
The IS auditor is reviewing an organization's human resources
(HR) database implementation. The IS auditor discovers that
the database servers are clustered for high availability, all
default database accounts have been removed and database
audit logs are kept and reviewed on a weekly basis. What other
area should the IS auditor check to ensure that the databases
are appropriately secured?
A. Database digital signatures
AGRADESTUVIA CONFIDENIAL
4
