Free Access to ISACA.CISA.v2024-03-31.q980 with Valid Practice Test (Page 184)

Question 911

Which of the following should be of GREATEST concern to an organization's board when reviewing the internal audit department's quality assurance and improvement program?

A.The program does not incorporate recommendations from prior audits.
B.Program metrics have not been updated in over two years.
C.The program does not Include periodic external assessments.
D.The program has not been approved by senior management.

Question 912

In what way is a common gateway interface (CGI) MOST often used on a webserver?

A.Consistent way for transferring data to the application program and back to the user
B.Computer graphics imaging method for movies and TV
C.Graphic user interface for web design
D.interface to access the private gateway domain

Question 913

An IT service desk has recorded several incidents related to server downtime following the failure of a network time protocol (NTP) server. Which of the following is the BEST methodology to help identify the root cause?

A.Data flow diagram
B.Crow-functional diagram
C.Cause-and-effect diagram
D.Server architecture diagram

Question 914

When reviewing IS strategies, an IS auditor can BEST assess whether IS strategy supports the organizations' business objectives by determining if IS:

A.has all the personnel and equipment it needs.
B.plans are consistent with management strategy.
C.uses its equipment and personnel efficiently and effectively.
D.has sufficient excess capacity to respond to changing directions.

Question 915

There are many firewall implementations provided by firewall manufacturers. Which of the following implementation utilize two packet filtering routers and a bastion host? This approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ.

A.Dual Homed firewall
B.Screened subnet firewall
C.Screened host firewall
D.Anomaly based firewall

Correct Answer: B

Explanation/Reference:
In network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall. It can be used to separate components of the firewall onto separate systems, thereby achieving greater throughput and flexibility, although at some cost to simplicity. As each component system of the screened subnet firewall needs to implement only a specific task, each system is less complex to configure.
A screened subnet firewall is often used to establish a demilitarized zone (DMZ).
Below are few examples of Firewall implementations:
Screened host Firewall
Utilizing a packet filtering router and a bastion host, this approach implements a basic network layer security and application server security.
An intruder in this configuration has to penetrate two separate systems before the security of the private network can be compromised This firewall system is configured with the bastion host connected to the private network with a packet filtering router between internet and the bastion host Dual-homed Firewall
A firewall system that has two or more network interface, each of which is connected to a different network In a firewall configuration, a dual homed firewall system usually acts to block or filter some or all of the traffic trying to pass between the network A dual-homed firewall system is more restrictive form of screened-host firewall system Demilitarize Zone (DMZ) or screened-subnet firewall Utilizing two packet filtering routers and a bastion host
This approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ network Typically, DMZs are configured to limit access from the internet and organization's private network.
The following were incorrect answers:
The other types of firewall mentioned in the option do not utilize two packet filtering routers and a bastion host.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 346

Question 911

Question 912

Question 913

Question 914

Question 915

Download PDF File