CISA Premium PDF & Test Engine Files with 690 Questions & Answers [Q366-Q386]

Share

CISA Premium PDF & Test Engine Files with 690 Questions & Answers

Get 100% Real CISA Exam Questions, Accurate & Verified Answers As Seen in the Real Exam!

NEW QUESTION # 366
Which of the following statement INCORRECTLY describes packet switching technique?

  • A. Fixed delays to reach each packet to destination
  • B. Traffic is usually burst in nature
  • C. Usually carries data-oriented data
  • D. Packet uses many different dynamic paths to get the same destination

Answer: A

Explanation:
Explanation/Reference:
The word INCORRECTLY is the keyword used in the question. You need to find out a statement which is not valid about packet switching. As in the network switching, packet traverse different path, there will be always variable delay for each packet to reach to destination.
For your exam you should know below information about WAN message transmission technique:
Message Switching
Message switching is a network switching technique in which data is routed in its entirety from the source node to the destination node, one hope at a time. During message routing, every intermediate switch in the network stores the whole message. If the entire network's resources are engaged or the network becomes blocked, the message-switched network stores and delays the message until ample resources become available for effective transmission of the message.
Message Switching

Image from: http://ecomputernotes.com/images/Message-Switched-data-Network.jpg Packet Switching
Refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message.
Packet Switching

Image from: http://upload.wikimedia.org/wikipedia/commons/f/f6/Packet_Switching.gif Circuit Switching
Circuit switching is a methodology of implementing a telecommunications network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate.
The circuit guarantees the full bandwidth of the channel and remains connected for the duration of the session. The circuit functions as if the nodes were physically connected similar to an electrical circuit.
The defining example of a circuit-switched network is the early analog telephone network. When a call is made from one telephone to another, switches within the telephone exchanges create a continuous wire circuit between the two telephones, for as long as the call lasts.
In circuit switching, the bit delay is constant during a connection, as opposed to packet switching, where packet queues may cause varying and potentially indefinitely long packet transfer delays. No circuit can be degraded by competing users because it is protected from use by other callers until the circuit is released and a new connection is set up. Even if no actual communication is taking place, the channel remains reserved and protected from competing users.
Circuit Switching

Image from: http://www.louiewong.com/wp-content/uploads/2010/09/Circuit_Switching.jpg See a table below comparing Circuit Switched versus Packet Switched networks:
Difference between Circuit and packet switching

Image from:http://www.hardware-one.com/reviews/network-guide-2/images/packet-vs-circuit.gif Virtual circuit
In telecommunications and computer networks, a virtual circuit (VC), synonymous with virtual connection and virtual channel, is a connection oriented communication service that is delivered by means of packet mode communication.
After a connection or virtual circuit is established between two nodes or application processes, a bit stream or byte stream may be delivered between the nodes; a virtual circuit protocol allows higher level protocols to avoid dealing with the division of data into segments, packets, or frames.
Virtual circuit communication resembles circuit switching, since both are connection oriented, meaning that in both cases data is delivered in correct order, and signaling overhead is required during a connection establishment phase. However, circuit switching provides constant bit rate and latency, while these may vary in a virtual circuit service due to factors such as:
varying packet queue lengths in the network nodes,
varying bit rate generated by the application,
varying load from other users sharing the same network resources by means of statistical multiplexing, etc.
The following were incorrect answers:
The other options presented correctly describes about packet switching.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 265


NEW QUESTION # 367
A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?

  • A. Design walk-throughs
  • B. Integration testing
  • C. Unit testing
  • D. Configuration management

Answer: B

Explanation:
A common system maintenance problem is that errors are often corrected quickly (especially when deadlines are tight), units are tested by the programmer, and then transferred to the acceptance test areA . This often results in system problems that should have been detected during integration or system testing. Integration testing aims at ensuring that the major components of the system interface correctly.


NEW QUESTION # 368
Who is responsible for the overall direction, costs, and timetables for systems-development projects?

  • A. The project sponsor
  • B. Senior management
  • C. The project steering committee
  • D. The project team leader

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
The project steering committee is responsible for the overall direction, costs, and timetables for systems- development projects.


NEW QUESTION # 369
An IS auditor previously worked in an organization s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. The auditor should FIRST.

  • A. communicate the conflict of interest to the audit manager prior to starting the assignment.
  • B. document the conflict in the audit report.
  • C. communicate the conflict of interest to the audit committee prior to starting the assignment
  • D. decline the audit assignment.

Answer: C


NEW QUESTION # 370
Which of the following is the MOST important requirement for an IS auditor to evaluate when reviewing a
transmission of personally identifiable information between two organizations?

  • A. Completeness
  • B. Accuracy
  • C. Necessity
  • D. Timeliness

Answer: C

Explanation:
Section: The process of Auditing Information System


NEW QUESTION # 371
An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

  • A. risk-reporting methodologies
  • B. security metrics
  • C. security requirements for the process being outsourced
  • D. service level agreements (SLAs)

Answer: D

Explanation:
Section: Governance and Management of IT


NEW QUESTION # 372
For which of the following applications would rapid recovery be MOST crucial?

  • A. Departmental chargeback
  • B. Point-of-sale system
  • C. Corporate planning
  • D. Regulatory reporting

Answer: B

Explanation:
A point-of-sale system is a critical online system that when inoperable will jeopardize the ability of Company.com to generate revenue and track inventory properly.


NEW QUESTION # 373
Which of the following BEST addresses the availability of an online store?

  • A. Online backups
  • B. RAID level 5 storage devices
  • C. A mirrored site at another location
  • D. Clustered architecture

Answer: C


NEW QUESTION # 374
When testing the adequacy of tape backup procedures, which step BEST verifies that regularly scheduled Backups are timely and run to completion?

  • A. Reviewing a sample of system-generated backup logs
  • B. Interviewing key personnel evolved In the backup process
  • C. Observing the execution of a daily backup run
  • D. Evaluating the backup policies and procedures

Answer: C


NEW QUESTION # 375
Which of the following exposures could be caused by a line grabbing technique?

  • A. Excessive CPU cycle usage
  • B. Lockout of terminal polling
  • C. Multiplexor control dysfunction
  • D. Unauthorized data access

Answer: D

Explanation:
Line grabbing will enable eavesdropping, thus allowing unauthorized data access, it will not necessarily cause multiplexor dysfunction, excessive CPU usage or lockout of terminal polling.


NEW QUESTION # 376
An IS auditor is reviewing a project to implement a payment system between a parent bank and a subsidiary. The IS auditor should FIRST verify that the:

  • A. technical platforms between the two companies are interoperable.
  • B. subsidiary can join as a co-owner of this payment system.
  • C. security features are in place to segregate subsidiary trades.
  • D. parent bank is authorized to serve as a service provider.

Answer: D

Explanation:
Even between parent and subsidiary companies, contractual agreement(s) should be in place to conduct shared services. This is particularly important in highly regulated organizations such as banking. Unless granted to serve as a service provider, itmay not be legal for the bank to extend business to the subsidiary companies. Technical aspects should always be considered; however, this can be initiated after confirming that the parent bank can serve as a service provider. Security aspects are another important factor; however, this should be considered after confirming that the parent bank can serve as a service provider. The ownership of the payment system is not as important as the legal authorization to operate the system.


NEW QUESTION # 377
What are intrusion-detection systems (IDS) primarily used for?

  • A. To identify AND prevent intrusion attempts to a network
  • B. To identify intrusion attempts to a network
  • C. To prevent intrusion attempts to a network
  • D. Forensic incident response

Answer: B

Explanation:
Explanation/Reference:
Intrusion-detection systems (IDS) are used to identify intrusion attempts on a network.


NEW QUESTION # 378
Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

  • A. Requiring an external security audits of the IT service provider
  • B. Defining the business recovery plan with the IT service provider
  • C. Defining information security requirements with internal IT
  • D. Requiring regular reporting from the IT service provider

Answer: D

Explanation:
Section: Governance and Management of IT


NEW QUESTION # 379
Digital signatures are an effective control method for information exchange over an insecure network because they:

  • A. authenticate the user biometrically.
  • B. are under the sole custody of the receiver.
  • C. are constant over time.
  • D. enable nonrepudiation.

Answer: D

Explanation:
Section: Protection of Information Assets


NEW QUESTION # 380
An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies?

  • A. Digitalized signatures
  • B. Parsing
  • C. Steganography
  • D. Hashing

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
Steganography is a technique for concealing the existence of messages or information. An increasingly important stenographical technique is digital watermarking, which hides data within data, e.g., by encoding rights information in a picture or music file without altering the picture or music's perceivable aesthetic qualities. Digitalized signatures are not related to digital rights management. Hashing creates a message hash or digest, which is used to ensure the integrity of the message; it is usually considered a part of cryptography. Parsing is the process of splitting up a continuous stream of characters for analytical purposes, and is widely applied in the design of programming languages or in data entry editing.


NEW QUESTION # 381
In an online application, which of the following would provide the information about the transaction audit trail?

  • A. System/process flowchart
  • B. Source code documentation
  • C. File layouts
  • D. Data architecture

Answer: B


NEW QUESTION # 382
During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?

  • A. Validate whether all incidents have been actioned.
  • B. Confirm the resolution time of the incidents.
  • C. Document the finding and present it to management.
  • D. Determine if a root cause analysis was conducted.

Answer: A

Explanation:
Section: The process of Auditing Information System


NEW QUESTION # 383
The MAIN purpose for periodically testing offsite facilities is to:

  • A. protect the integrity of the data in the database.
  • B. ensure that program and system documentation remains current.
  • C. ensure the continued compatibility of the contingency facilities.
  • D. eliminate the need to develop detailed contingency plans.

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
The main purpose of offsite hardware testing is to ensure the continued compatibility of the contingency
facilities. Specific software tools are available to protect the ongoing integrity of the database. Contingency
plans should not be eliminated and program and system documentation should be reviewed continuously
for currency.


NEW QUESTION # 384
When engaging services from external auditors, which of the following should be established FIRST?

  • A. Service level agreements
  • B. Termination conditions agreements
  • C. Nondisclosure agreements
  • D. Operational level agreements

Answer: C

Explanation:
Section: The process of Auditing Information System


NEW QUESTION # 385
An accounting department uses a spreadsheet to calculate sensitive financial transactions. Which of the following is the MOST important control for maintaining the security of data in the spreadsheet?

  • A. There is a reconciliation process between the spreadsheet and the finance system.
  • B. A separate copy of the spreadsheet is routinely backed up.
  • C. Access to the spreadsheet is given only to those who require access.
  • D. The spreadsheet is locked down to avoid inadvertent changes.

Answer: D


NEW QUESTION # 386
......

CISA Premium Files Practice Valid Exam Dumps Question: https://www.dumpsreview.com/CISA-exam-dumps-review.html

Practice with CISA Dumps for Certified Information Systems Auditor Certified Exam Questions & Answer: https://drive.google.com/open?id=1gXE87l1P9rprTd6xE85bEbeHfdU5eU5A