Free Access to ISACA.CISA.v2022-02-26.q471 with Valid Practice Test (Page 39)

Question 186

Which of the following term describes a failure of an electric utility company to supply power within acceptable range?

A.Sag
B.Blackout
C.Brownout
D.EMI

Correct Answer: C

Explanation/Reference:
The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage.
For CISA exam you should know below information about power failure
Total Failure (Blackout) - A complete loss of electric power, which may span from a single building to an entire geographical are and is often caused by weather conditions or inability of an electric utility company to meet user demands Severely reduced voltage (brownout) - The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage.
Sags, spike and surge - Temporary and rapid decreases (sag) or increases (spike and surges) in a voltage levels. These anomalies can cause loss of data, data corruption, network transmission errors or physical damage to hardware devices.
Electromagnetic interference (EMI) - The electromagnetic interference (EMI) caused by electrical storms or noisy electrical equipments. The interference may cause computer system to hang or crash as well as damages similar to those caused by sags, spike and surges.
The following were incorrect answers:
Sag - Temporarily rapid decrease in a voltage.
Total Failure (Blackout) - A complete loss of electric power, which may span from a single building to an entire geographical are and is often caused by weather conditions or inability of an electric utility company to meet user demands Severely reduced voltage (brownout) - The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage.
Following reference(s) were/was used to create this question:
CISA review manual 2014 Page number372

Question 187

Which of the following is a form of Hybrid Cryptography where the sender encrypts the bulk of the data using Symmetric Key cryptography and then communicates securely a copy of the session key to the receiver?

A.Digital Envelope
B.Digital Signature
C.Symmetric key encryption
D.Asymmetric

Correct Answer: A

Explanation/Reference:
A Digital Envelope is used to send encrypted information using symmetric keys, and the relevant session key along with it. It is a secure method to send electronic document without compromising the data integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys.
A Digital envelope mechanism works as follows:
The symmetric key, which is used to encrypt the bulk of the date or message can be referred to as session key. It is simply a symmetric key picked randomly in the key space.
In order for the receiver to have the ability to decrypt the message, the session key must be sent to the receiver.
This session key cannot be sent in clear text to the receiver, it must be protected while in transit, else anyone who have access to the network could have access to the key and confidentiality can easily be compromised.
Therefore, it is critical to encrypt and protect the session key before sending it to the receiver. The session key is encrypted using receiver's public key. Thus providing confidentiality of the key.
The encrypted message and the encrypted session key are bundled together and then sent to the receiver who, in turn opens the session key with the receiver matching private key.
The session key is then applied to the message to get it in plain text.
The process of encrypting bulk data using symmetric key cryptography and encrypting the session key with a public key algorithm is referred as a digital envelope. Sometimes people refer to it as Hybrid Cryptography as well.
The following were incorrect answers:
Digital-signature - A digital signature is an electronic identification of a person or entity created by using public key algorithm and intended to verify to recipient the integrity of the data and the identity of the sender. Applying a digital signature consist of two simple steps, first you create a message digest, then you encrypt the message digest with the sender's private key. Encrypting the message digest with the private key is the act of signing the message.
Symmetric Key Encryption - Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.
Asymmetric Key Encryption - The term "asymmetric" stems from the use of different keys to perform these opposite functions, each the inverse of the other - as contrasted with conventional ("symmetric") cryptography which relies on the same key to perform both. Public-key algorithms are based on mathematical problems which currently admit no efficient solution that are inherent in certain integer factorization, discrete logarithm, and elliptic curve relationships. It is computationally easy for a user to generate their own public and private key-pair and to use them for encryption and decryption. The strength lies in the fact that it is "impossible" (computationally unfeasible) for a properly generated private key to be determined from its corresponding public key. Thus the public key may be published without compromising security, whereas the private key must not be revealed to anyone not authorized to read messages or perform digital signatures. Public key algorithms, unlike symmetric key algorithms, do not require a secure initial exchange of one (or more) secret keys between the parties.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 350 and 351
http://en.wikipedia.org/wiki/Public-key_cryptography

Question 188

Which of the following is the MOST effective way to assess whether an outsourcer's controls are following the service level agreement (SLA)?

A.Perform an onsite review of the outsourcer.
B.Review the outsourcer's monthly service reports.
C.Perform a review of penalty clauses for non-performance.
D.Review an internal audit report from the outsourcer's auditor.

Question 189

Which of the following statement INCORRECTLY describes packet switching technique?

A.Packet uses many different dynamic paths to get the same destination
B.Traffic is usually burst in nature
C.Fixed delays to reach each packet to destination
D.Usually carries data-oriented data

Correct Answer: C

Explanation/Reference:
The word INCORRECTLY is the keyword used in the question. You need to find out a statement which is not valid about packet switching. As in the network switching, packet traverse different path, there will be always variable delay for each packet to reach to destination.
For your exam you should know below information about WAN message transmission technique:
Message Switching
Message switching is a network switching technique in which data is routed in its entirety from the source node to the destination node, one hope at a time. During message routing, every intermediate switch in the network stores the whole message. If the entire network's resources are engaged or the network becomes blocked, the message-switched network stores and delays the message until ample resources become available for effective transmission of the message.
Message Switching

Image from: http://ecomputernotes.com/images/Message-Switched-data-Network.jpg Packet Switching
Refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message.
Packet Switching

Image from: http://upload.wikimedia.org/wikipedia/commons/f/f6/Packet_Switching.gif Circuit Switching
Circuit switching is a methodology of implementing a telecommunications network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate.
The circuit guarantees the full bandwidth of the channel and remains connected for the duration of the session. The circuit functions as if the nodes were physically connected similar to an electrical circuit.
The defining example of a circuit-switched network is the early analog telephone network. When a call is made from one telephone to another, switches within the telephone exchanges create a continuous wire circuit between the two telephones, for as long as the call lasts.
In circuit switching, the bit delay is constant during a connection, as opposed to packet switching, where packet queues may cause varying and potentially indefinitely long packet transfer delays. No circuit can be degraded by competing users because it is protected from use by other callers until the circuit is released and a new connection is set up. Even if no actual communication is taking place, the channel remains reserved and protected from competing users.
Circuit Switching

Image from: http://www.louiewong.com/wp-content/uploads/2010/09/Circuit_Switching.jpg See a table below comparing Circuit Switched versus Packet Switched networks:
Difference between Circuit and packet switching

Image from:http://www.hardware-one.com/reviews/network-guide-2/images/packet-vs-circuit.gif Virtual circuit
In telecommunications and computer networks, a virtual circuit (VC), synonymous with virtual connection and virtual channel, is a connection oriented communication service that is delivered by means of packet mode communication.
After a connection or virtual circuit is established between two nodes or application processes, a bit stream or byte stream may be delivered between the nodes; a virtual circuit protocol allows higher level protocols to avoid dealing with the division of data into segments, packets, or frames.
Virtual circuit communication resembles circuit switching, since both are connection oriented, meaning that in both cases data is delivered in correct order, and signaling overhead is required during a connection establishment phase. However, circuit switching provides constant bit rate and latency, while these may vary in a virtual circuit service due to factors such as:
varying packet queue lengths in the network nodes,
varying bit rate generated by the application,
varying load from other users sharing the same network resources by means of statistical multiplexing, etc.
The following were incorrect answers:
The other options presented correctly describes about packet switching.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 265

Question 190

Which of the following is a benefit of a risk-based approach to audit planning? Audit:

A.scheduling may be performed months in advance.
B.budgets are more likely to be met by the IS audit staff.
C.staff will be exposed to a variety of technologies.
D.resources are allocated to the areas of highest concern

Question 186

Question 187

Question 188

Question 189

Question 190

Download PDF File