IBM Study Guides - BraindumpsQA Microsoft Practice exam

http://www.braindumpsqa.com/VCP550_braindumps.html

New CISA Exam Simulator Online - Certified Information Systems Auditor

Valid CISA Dumps shared by Examslabs for Helping Passing CISA Exam! Examslabs now offer the newest CISA exam dumps, the Examslabs CISA exam questions have been updated and answers have been corrected get the newest Examslabs CISA dumps with Test Engine here: http://https://www.examslabs.com/ISACA/CISA-Certificaton/best-CISA-exam-dumps.html (1178 Q&As Dumps, 30%OFF Special Discount: bmzblwH7 )


NEW QUESTION NO: 7
What type of risk is associated with authorized program exits (trap doors)? Choose the BEST answer.
A. Business risk
B. Audit risk
C. Detective risk
D. Inherent risk
Answer: D
Explanation/Reference:
Inherent risk is associated with authorized program exits (trap doors).

NEW QUESTION NO: 8
To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BlA) in order to determine:
A. the business processes that generate the most financial value for the organization and therefore must be recovered first.
B. the priorities and order for recovery to ensure alignment with the organization's business strategy.
C. the business processes that must be recovered following a disaster to ensure the organization's survival.
D. the priorities and order of recovery which will recover the greatest number of systems in the shortest time frame.
Answer: C
Explanation/Reference:
Explanation:
To ensure the organization's survival following a disaster, it is important to recover the most critical business processes first, it is a common mistake to overemphasize value (A) rather than urgency. For example, while the processing of incoming mortgage loan payments is important from a financial perspective, it could be delayed for a few days in the event of a disaster. On the other hand, wiring funds to close on a loan, while not generating direct revenue, is far more critical because of the possibility of regulatory problems, customer complaints and reputation issues. Choices B and D are not correct because neither the long-term business strategy nor the mere number of recovered systems has a direct impact at this point in time.

NEW QUESTION NO: 9
A major portion of what is required to address nonrepudiation is accomplished through the use of:
A. strong methods for authentication and ensuring data validity
B. strong methods for authentication and ensuring data integrity.
C. strong methods for authorization and ensuring data integrity.
D. strong methods for authentication and ensuring data reliability.
E. None of the choices.
Answer: B
Explanation/Reference:
Explanation:
A major portion of what is required to address nonrepudiation is accomplished through the use of strong methods for authentication and ensuring data integrity.

NEW QUESTION NO: 10
Which of the following would be the MOST secure firewall system?
A. Screened-host firewall
B. Screened-subnet firewall
C. Dual-homed firewall
D. Stateful-inspection firewall
Answer: B
Explanation/Reference:
Explanation:
A screened-subnet firewall, also used as a demilitarized zone (DMZ), utilizes two packet filtering routers and a bastion host. This provides the most secure firewall system, since it supports both network- and application-level security while defining a separate DMZ network. A screened-host firewall utilizes a packet filtering router and a bastion host. This approach implements basic network layer security (packet filtering) and application server security (proxy services). A dual-homed firewall system is a more restrictive form of a screened-host firewall system, configuring one interface for information servers and another for private network host computers. A stateful-inspection firewall working at the transport layer keeps track of the destination IP address of each packet that leaves the organization's internal network and allows a reply from the recorded IP addresses.

NEW QUESTION NO: 11
________________ (fill in the blank) is/are are ultimately accountable for the functionality, reliability, and security within IT governance. Choose the BEST answer.
A. Data custodians
B. The board of directors and executive officers
C. IT security administration
D. Business unit managers
Answer: B
Explanation/Reference:
The board of directors and executive officers are ultimately accountable for the functionality, reliability, and security within IT governance.

NEW QUESTION NO: 12
Who assumes ownership of a systems-development project and the resulting system?
A. User management
B. Project steering committee
C. IT management
D. Systems developers
Answer: A
Explanation/Reference:
User management assumes ownership of a systems-development project and the resulting system.

NEW QUESTION NO: 13
A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?
A. Rewrite the hard disk with random Os and Is.
B. Low-level format the hard disk.
C. Demagnetize the hard disk.
D. Physically destroy the hard disk.
Answer: D
Explanation/Reference:
Explanation:
Physically destroying the hard disk is the most economical and practical way to ensure that the data cannot be recovered. Rewriting data and low-level formatting are impractical, because the hard disk is damaged. Demagnetizing is an inefficient procedure, because it requires specialized and expensive equipment to be fully effective.

NEW QUESTION NO: 14
What type(s) of firewalls provide(s) the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic?
A. A first-generation packet-filtering firewall
B. A circuit-level gateway
C. An application-layer gateway, or proxy firewall, and stateful-inspection firewalls
D. An application-layer gateway, or proxy firewall, but not stateful-inspection firewalls
Answer: C
Explanation/Reference:
An application-layer gateway, or proxy firewall, and stateful-inspection firewalls provide the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic.

NEW QUESTION NO: 15
A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP?
A. Full-scale test with relocation of all departments, including IT, to the contingency site
B. Walk-through test of a series of predefined scenarios with all critical personnel involved
C. IT disaster recovery test with business departments involved in testing the critical applications
D. Functional test of a scenario with limited IT involvement
Answer: D
Explanation/Reference:
Explanation:
After a tabletop exercise has been performed, the next step would be a functional test, which includes the mobilization of staff to exercise the administrative and organizational functions of a recovery. Since the IT part of the recovery has been tested for years, it would be more efficient to verify and optimize the business continuity plan (BCP) before actually involving IT in a full-scale test. The full-scale test would be the last step of the verification process before entering into a regular annual testing schedule. A full-scale test in the situation described might fail because it would be the first time that the plan is actually exercised, and a number of resources (including IT) and time would be wasted. The walk-through test is the most basic type of testing. Its intention is to make key staff familiar with the plan and discuss critical plan elements, rather than verifying its adequacy. The recovery of applications should always be verified and approved by the business instead of being purely IT-driven. A disaster recovery test would not help in verifying the administrative and organizational parts of the BCP which are not IT-related.

NEW QUESTION NO: 16
You may reduce a cracker's chances of success by (choose all that apply):
A. keeping your systems up to date using a security scanner.
B. hiring competent people responsible for security to scan and update your systems.
C. using multiple firewalls.
D. using multiple firewalls and IDS.
E. None of the choices.
Answer: A,B
Explanation/Reference:
Explanation:
Only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it is quite possible for a determined cracker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. You may reduce a cracker's chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security.

NEW QUESTION NO: 17
The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?
A. Replay
B. Brute force
C. Cryptographic
D. Mimic
Answer: A
Explanation/Reference:
Explanation:
Residual biometric characteristics, such as fingerprints left on a biometric capture device, may be reused by an attacker to gain unauthorized access. A brute force attack involves feeding the biometric capture device numerous different biometric samples. A cryptographic attack targets the algorithm or the encrypted data, in a mimic attack, the attacker reproduces characteristics similar to those of the enrolled user, such as forging a signature or imitating a voice.


Posted 2018/7/26 15:15:09  |  Category: ISACA  |  Tag: New CISA Exam Simulator OnlineCISA Intereactive Testing EngineCISAISACA
← 70-744 New Exam Cram Materials & 70-744 Valid Braindumps Book New CCA175 Test Questions - CCA175 New Exam Bootcamp →
Recent Posts
HP HP2-B149 Reliable Exam Collection Free Exam Practice Questions And Answers
HP HPE0-S22 Exam Cram Pdf Questions And Answers
PRINCE2-Foundation Valid Exam Voucher & PRINCE2-Foundation Latest Test Topics Pdf
MB2-718 Reliable Dumps Free Download & MB2-718 Valid Test Questions And Answers
70-357 Latest Dumps - 70-357 Exam Notes
MB6-892 Reliable Test Cram - MB6-892 Exam Collection Pdf
HPE0-S48 Latest Test Fee & HPE0-S48 Detail Explanation
C9060-521 Valid Exam Simulator Free - C9060-521 Most Reliable Questions
Archives
August 2018
July 2018
June 2018
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
Categories
1z0-417 pdf vce
AACE International
ACAMS
ACSM
Admission Test
Adobe
AFP
Alfresco
AMA
Amazon
Android
API
APICS
Apple
Arista
Aruba
ASIS
ASQ
Avaya
Axis
BACB
BICSI
Blue Coat
Business Architecture Guild
C Institute
CA
CFA
CheckPoint
Cisco
Citrix
CIW
Cloudera
CompTIA
CPA
CWNP
Dell
DMI
EC-COUNCIL
EMC
EXIN
F5
FileMaker
FINRA
Fortinet
GAQM
GARP
GED
Genesys
GIAC
Google
Tags
400-051 AACE International Adobe Amazon API APICS Aruba ASQ Avaya CheckPoint Cisco Citrix Cloudera CompTIA EC-COUNCIL EXIN F5 Fortinet GAQM GARP GIAC HP IBM IIA Informatica ISC ISQI Juniper Lpi Microsoft NCLEX Network Appliance Novell Oracle Palo Alto Networks Pegasystems PMI QlikView Salesforce SAP SASInstitute Veeam Veritas VMware Zend-Technologies