CISA考题-700题-中英版-汇总_更新

  • 格式:pdf
  • 大小:2.99 MB
  • 文档页数:423

英文1、The extent to which data will be collected during an IS audit should be determined based on the: A、availability of critical and required information. B、auditor's familiarity with the circumstances. C、auditee's ability to find relevant evidence. D、purpose and scope of the audit being done. ANSWER: D NOTE: The extent to which data will be collected during an IS audit should be related directly to the scope a2、Which of the following ensures a sender's authenticity and an e-mail's confidentiality? A、Encrypting the hash of the message with the sender's private key and thereafter encrypting the hash of theB、The sender digitally signing the message and thereafter encrypting the hash of the message with the senderC、Encrypting the hash of the message with the sender's private key and thereafter encrypting the message witD、Encrypting the message with the sender's private key and encrypting the message hash with the receiver's pANSWER: C NOTE: To ensure authenticity and confidentiality, a message must be encrypted twice: first with the sender's 3、Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption? A、Computation speed B、Ability to support digital signatures C、Simpler key distribution D、Greater strength for a given key length ANSWER: A NOTE: The main advantage of elliptic curve encryption over RSA encryption is its computation speed. This meth4、Which of the following controls would provide the GREATEST assurance of database integrity? A、Audit log procedures B、Table link/reference checks C、Query/table access time checks D、Rollback and rollforward database features ANSWER: B NOTE: Performing table link/reference checks serves to detect table linking errors (such as completeness and 5、A benefit of open system architecture is that it: A、facilitates interoperability. B、facilitates the integration of proprietary components. C、will be a basis for volume discounts from equipment vendors. D、allows for the achievement of more economies of scale for equipment. ANSWER: A NOTE: Open systems are those for which suppliers provide components whose interfaces are defined by public st6、An IS auditor discovers that developers have operator access to the command line of a production environmeA、Commands typed on the command line are logged B、Hash keys are calculated periodically for programs and matched against hash keys calculated for the most rC、Access to the operating system command line is granted through an access restriction tool with preapprovedD、Software development tools and compilers have been removed from the production environment ANSWER: B NOTE: The matching of hash keys over time would allow detection of changes to files. Choice A is incorrect be7、Which of the following BEST ensures the integrity of a server's operating system? A、Protecting the server in a secure location B、Setting a boot password C、Hardening the server configuration

第 1 页,共 423 页英文D、Implementing activity logging ANSWER: C NOTE: Hardening a system means to configure it in the most secure manner (install latest security patches, pr8、An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one hA、encrypting the hash of the newsletter using the advisor's private key. B、encrypting the hash of the newsletter using the advisor's public key. C、digitally signing the document using the advisor's private key. D、encrypting the newsletter using the advisor's private key. ANSWER: A NOTE: There is no attempt on the part of the investment advisor to prove their identity or to keep the newsle9、In reviewing the IS short-range (tactical) plan, an IS auditor should determine whether: A、there is an integration of IS and business staffs within projects. B、there is a clear definition of the IS mission and vision. C、a strategic information technology planning methodology is in place. D、the plan correlates business objectives to IS goals and objectives. ANSWER: A NOTE: The integration of IS and business staff in projects is an operational issue and should be considered w10、An IS auditor is performing an audit of a network operating system. Which of the following is a user featA、Availability of online network documentation B、Support of terminal access to remote hosts C、Handling file transfer between hosts and interuser communications D、Performance management, audit and control ANSWER: A NOTE: Network operating system user features include online availability of network documentation. Other feat11、An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long.A、Electromagnetic interference (EMI) B、Cross-talk C、Dispersion D、Attenuation ANSWER: D NOTE: Attenuation is the weakening of signals during transmission. When the signal becomes weak, it begins to12、Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving confidentialityA、The recipient uses their private key to decrypt the secret key. B、The encrypted prehash code and the message are encrypted using a secret key. C、The encrypted prehash code is derived mathematically from the message to be sent. D、The recipient uses the sender's public key, verified with a certificate authority, to decrypt the prehash ANSWER: D NOTE: Most encrypted transactions use a combination of private keys, public keys, secret keys, hash functions13、To determine how data are accessed across different platforms in a heterogeneous environment, an IS auditA、business software. B、infrastructure platform tools. C、application services. D、system development tools. ANSWER: C NOTE: Projects should identify the complexities of the IT Infrastructure that can be simplified or isolated b14、The MOST significant security concern when using flash memory (e.g., USB removable disk) is that the: