Which of the following types of attack often take advantage of curiosity or greed to deliver malware?
Correct Answer: A
Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything. The recipient is expected to give in to the need to the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate.
Question 347
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm it in place?
Correct Answer: B
Section: The process of Auditing Information System
Question 348
A local area network (LAN) administrator normally would be restricted from:
Correct Answer: C
Explanation/Reference: Explanation: A LAN administrator should not have programming responsibilities but may have end-user responsibilities. The LAN administrator may report to the director of the IPF or, in a decentralized operation, to the end- user manager. In small organizations, the LAN administrator may also be responsible for security administration over the LAN.
Question 349
Which of the following types of controls would BEST facilitate a root cause analysis for an information security incident?
Correct Answer: D
Question 350
In which of the following payment mode, the payer creates payment transfer instructions, signs it digitally and sends it to issuer?
Correct Answer: C
Section: Information System Acquisition, Development and Implementation Explanation: Electronic systems are simplest of three payment models. The payer simply creates a payment transfer instructions, sign it digitally and send it to issuer. The issuer then verifies the signature on the request and performs the transfer. This type of systems requires payer to be on-line and not payee. For CISA exam you should know below information about payment systems There are two types of parties involved in all payment systems - the issuer and the user. An issuer is an entity that operates the payment service. An issuer holds the items that the payment represents. The user of the payment service performs two main functions - making payments and receiving payments - and therefore can be described as a payer or payee receptively. Electronic Money Model - The objective of electronic money systems is emulating physical cash. An issuer attempts to do this by creating digital certificates, which are then purchased by users who redeem them with the issuer at a later date. In the interim, certificates can be transferred among users to trade for goods or services. For the certificate to take on some of the attributes of physical cash, certain techniques are used so that when a certificate is deposited, the issuer can not determine the original withdrawer of the certificate. This provides an electronic certificate with unconditional uncertainty. Electronic Check Model - Electronic check system model real-world checks quite well and thus relatively simple to understand and implement. A users write an electronic check, which is digitally signed instruction to pay. This is transferred to another user, who then deposits the electronic check with the issuer. The issuer will verify payer's signature on the payment and transfer the fund from the payer's account to the payee's account. Electronic Transfer Model - Electronic systems are simplest of three payment models. The payer simply creates a payment transfer instructions, sign it digitally and send it to issuer. The issuer then verifies the signature on the request and performs the transfer. This type of systems requires payer to be on-line and not payee. The following were incorrect answers: Electronic Money Model - The objective of electronic money systems is emulating physical cash. An issuer attempts to do this by creating digital certificates, which are then purchased by users who redeem them with the issuer at a later date. In the interim, certificates can be transferred among users to trade for goods or services. For the certificate to take on some of the attributes of physical cash, certain techniques are used so that when a certificate is deposited, the issuer can not determine the original withdrawer of the certificate. This provides an electronic certificate with unconditional uncertainty. Electronic Check Model - Electronic check system model real-world checks quite well and thus relatively simple to understand and implement. A users write an electronic check, which is digitally signed instruction to pay. This is transferred to another user, who then deposits the electronic check with the issuer. The issuer will verify payer's signature on the payment and transfer the fund from the payer's account to the payee's account. Electronic Withdraw Model - Not a valid type of payment system. Reference: CISA review manual 2014 Page number 183
