Free Access to ISACA.CISA.v2024-03-31.q980 with Valid Practice Test (Page 163)

Question 806

During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?

A.Explain to IT management that the new control will be evaluated during follow-up
B.Change the conclusion based on evidence provided by IT management.
C.Re-perform the audit before changing the conclusion.
D.Add comments about the action taken by IT management in the report.

Question 807

Which of the following type of network service stores information about the various resources in a central
database on a network and help network devices locate services?

A.DHCP
B.DNS
C.Directory Service
D.Network Management

Correct Answer: C

Section: Information System Operations, Maintenance and Support
Explanation/Reference:
A directory service is the software system that stores, organizes and provides access to information in a
directory. In software engineering, a directory is a map between names and values. It allows the lookup of
values given a name, similar to a dictionary. As a word in a dictionary may have multiple definitions, in a
directory, a name may be associated with multiple, different pieces of information. Likewise, as a word may
have different parts of speech and different definitions, a name in a directory may have many different
types of data.
For your exam you should know below information about network services:
In computer networking, a network service is an application running at the network application layer and
above, that provides data storage, manipulation, presentation, communication or other capability which is
often implemented using a client-server or peer-to-peer architecture based on application layer network
protocols.
Each service is usually provided by a server component running on one or more computers (often a
dedicated server computer offering multiple services) and accessed via a network by client components
running on other devices. However, the client and server components can both be run on the same
machine.
Clients and servers will often have a user interface, and sometimes other hardware associated with them.
Different types of network services are as follows:
Network File System - Network File System (NFS) is a distributed file system protocol originally developed
by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network much like
local storage is accessed.
Remote Access Service - Remote Access Services (RAS) refers to any combination of hardware and
software to enable the remote access tools or information that typically reside on a network of IT devices.
Directory Services - A directory service is the software system that stores, organizes and provides access
to information in a directory. In software engineering, a directory is a map between names and values. It
allows the lookup of values given a name, similar to a dictionary. As a word in a dictionary may have
multiple definitions, in a directory, a name may be associated with multiple, different pieces of information.
Likewise, as a word may have different parts of speech and different definitions, a name in a directory may
have many different types of data.
Network Management - In computer networks, network management refers to the activities, methods,
procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of
networked systems. Network management is essential to command and control practices and is generally
carried out of a network operations center.
Dynamic Host Configuration Protocol (DHCP) - The Dynamic Host Configuration Protocol (DHCP) is a
standardized networking protocol used on Internet Protocol (IP) networks for dynamically distributing
network configuration parameters, such as IP addresses for interfaces and services. With DHCP,
computers request IP addresses and networking parameters automatically from a DHCP server, reducing
the need for a network administrator or a user to configure these settings manually.
Email service - Provides the ability, through a terminal or PC connected to a communication network, to
send an entrusted message to another individual or group of people.
Print Services - Provide the ability, typically through a print server on a network, to manage and execute
print request services from other devices on the network
Domain Name System(DNS) - Translates the names of network nodes into network IP address.
The following were incorrect answers:
Dynamic Host Configuration Protocol (DHCP) - The Dynamic Host Configuration Protocol (DHCP) is a
standardized networking protocol used on Internet Protocol (IP) networks for dynamically distributing
network configuration parameters, such as IP addresses for interfaces and services. With DHCP,
computers request IP addresses and networking parameters automatically from a DHCP server, reducing
the need for a network administrator or a user to configure these settings manually.
Domain Name System(DNS) - Translates the names of network nodes into network IP address.
Network Management - In computer networks, network management refers to the activities, methods,
procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of
networked systems. Network management is essential to command and control practices and is generally
carried out of a network operations center.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 258

Question 808

A data breach has occurred due lo malware. Which of the following should be the FIRST course of action?

A.Shut down the affected systems.
B.Notify customers of the breach.
C.Quarantine the impacted systems.
D.Notify the cyber insurance company.

Question 809

Which of the following is an example of a preventative control in an accounts payable system?

A.The system only allows payments to vendors who are included In the system's master vendor list.
B.Backups of the system and its data are performed on a nightly basis and tested periodically.
C.The system produces daily payment summary reports that staff use to compare against invoice totals.
D.Policies and procedures are clearly communicated to all members of the accounts payable department

Question 810

Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users?

A.Confidentiality
B.Integrity
C.Availability
D.Accuracy

Correct Answer: A

Section: Protection of Information Assets
Explanation:
Confidentiality supports the principle of "least privilege" by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know basis.
The level of access that an authorized individual should have is at the level necessary for them to do their job. In recent years, much press has been dedicated to the privacy of information and the need to protect it from individuals, who may be able to commit crimes by viewing the information.
Identity theft is the act of assuming one's identity through knowledge of confidential information obtained from various sources.
An important measure to ensure confidentiality of information is data classification. This helps to determine who should have access to the information (public, internal use only, or confidential). Identification, authentication, and authorization through access controls are practices that support maintaining the confidentiality of information.
A sample control for protecting confidentiality is to encrypt information. Encryption of information limits the usability of the information in the event it is accessible to an unauthorized person.
For your exam you should know the information below:
Integrity
Integrity is the principle that information should be protected from intentional, unauthorized, or accidental changes.
Information stored in files, databases, systems, and networks must be relied upon to accurately process transactions and provide accurate information for business decision making. Controls are put in place to ensure that information is modified through accepted practices.
Sample controls include management controls such as segregation of duties, approval checkpoints in the systems development life cycle, and implementation of testing practices that assist in providing information integrity. Well-formed transactions and security of the update programs provide consistent methods of applying changes to systems. Limiting update access to those individuals with a need to access limits the exposure to intentional and unintentional modification.
Availability
Availability is the principle that ensures that information is available and accessible to users when needed.
The two primary areas affecting the availability of systems are:
1. Denial-of-Service attacks and
2. Loss of service due to a disaster, which could be man-made (e.g., poor capacity planning resulting in system crash, outdated hardware, and poor testing resulting in system crash after upgrade) or natural (e.g., earthquake, tornado, blackout, hurricane, fire, and flood).
In either case, the end user does not have access to information needed to conduct business. The criticality of the system to the user and its importance to the survival of the organization will determine how significant the impact of the extended downtime becomes. The lack of appropriate security controls can increase the risk of viruses, destruction of data, external penetrations, or denial-of-service (DOS) attacks.
Such events can prevent the system from being used by normal users.
CIA
The following answers are incorrect:
Integrity- Integrity is the principle that information should be protected from intentional, unauthorized, or accidental changes.
Availability - Availability is the principle that ensures that information is available and accessible to users when needed.
Accuracy - Accuracy is not a valid CIA attribute.

Reference:
CISA review manual 2014 Page number 314
Official ISC2 guide to CISSP CBK 3rd Edition Page number 350

Question 806

Question 807

Question 808

Question 809

Question 810

Download PDF File