Free ISACA CISA Übungsprüfungen - Seite 20 von 55

Question #191

Which of the following BEST describes a digital signature?

A . It is under control of the receiver.
B . It is capable of authorization.
C . It dynamically validates modifications of data.
D . It is unique to the sender using it.

Richtige Antwort: D
D

Explanation:

A digital signature is a type of electronic signature that uses cryptographic techniques to provide authentication, integrity, and non-repudiation of digital documents. A digital signature is created by applying a mathematical function (called a hash function) to the document and then encrypting the

result with the sender’s private key. The encrypted hash, along with the sender’s public key and other information, forms the digital signature. The receiver can verify the digital signature by decrypting it with the sender’s public key and comparing the hash with the one computed from the document. If they match, it means that the document has not been altered and that it was signed by the owner of the private key.

Option D is correct because a digital signature is unique to the sender using it, as it depends on the sender’s private key, which only the sender knows and controls. No one else can create a valid digital signature with the same private key, and no one can forge or modify a digital signature without being detected.

Option A is incorrect because a digital signature is not under control of the receiver, but rather under control of the sender. The receiver can only verify the digital signature, but cannot create or modify it.

Option B is incorrect because a digital signature is not capable of authorization, but rather capable of authentication. Authorization is the process of granting or denying access to resources based on predefined rules or policies. Authentication is the process of verifying the identity or legitimacy of a person or entity. A digital signature can authenticate the sender of a document, but it cannot authorize what actions the receiver can perform on the document.

Option C is incorrect because a digital signature does not dynamically validate modifications of data, but rather statically validates the integrity of data. A digital signature is based on a snapshot of the document at the time of signing, and any subsequent changes to the document will invalidate the digital signature. A digital signature does not monitor or update itself based on data modifications.

References:

CISA Online Review Course1, Module 5: Protection of Information Assets, Lesson 2: Encryption Basics, slide 13-14.

CISA Review Manual (Digital Version)2, Chapter 5: Protection of Information Assets, Section 5.2:

Encryption Basics, p. 273-274.

CISA Review Manual (Print Version), Chapter 5: Protection of Information Assets, Section 5.2:

Encryption Basics, p. 273-274.

CISA Questions, Answers & Explanations Database3, Question ID: QAE_CISA_712.

What Is a Digital Signature (and How Does it Work)1

What are digital signatures and certificates?2

Digital Signature Definition3

Examples and uses of electronic signatures4

What is an Electronic Signature?5

Question #192

During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization.

Which of the following should be recommended as the PRIMARY factor to determine system criticality?

A . Key performance indicators (KPIs)
B . Maximum allowable downtime (MAD)
C . Recovery point objective (RPO)
D . Mean time to restore (MTTR)

Lösung einblenden Lösung ausblenden

Question #193

An IS auditor is analyzing a sample of accounts payable transactions for a specific vendor and identifies one transaction with a value five times as high as the average transaction.

Which of the following should the auditor do NEXT?

A . Report the variance immediately to the audit committee
B . Request an explanation of the variance from the auditee
C . Increase the sample size to 100% of the population
D . Exclude the transaction from the sample population

Lösung einblenden Lösung ausblenden

Question #194

Which of the following is the BEST indicator for measuring performance of IT help desk function?

A . Percentage of problems raised from incidents
B . Mean time to categorize tickets
C . Number 0t incidents reported
D . Number of reopened tickets

Lösung einblenden Lösung ausblenden

Richtige Antwort: D
D

Explanation:

The answer D is correct because the number of reopened tickets is the best indicator for measuring the performance of IT help desk function. Reopened tickets are tickets that have been marked as resolved by the help desk agents, but the customers are not satisfied with the resolution and reopen them for further assistance. Reopened tickets reflect the quality and effectiveness of the help desk service, as well as the customer satisfaction level. A high number of reopened tickets indicates that the help desk agents are not resolving the issues properly, or that they are not communicating well with the customers. This can lead to customer frustration, dissatisfaction, and churn. Therefore, minimizing the number of reopened tickets is a key goal for any help desk function.

The other options are not as good as option

D. Percentage of problems raised from incidents (option

A) is a metric that shows how many incidents are escalated to problems, which are more complex and require root cause analysis and long-term solutions. This metric reflects the complexity and severity of the issues faced by the customers, but it does not directly measure the performance of the help desk function. Mean time to categorize tickets (option B) is a metric that shows how long it takes for the help desk agents to assign a category to each ticket, such as technical, billing, or feedback. This metric reflects the efficiency and accuracy of the help desk agents, but it does not

measure the quality or effectiveness of the resolution. Number of incidents reported (option C) is a metric that shows how many issues are reported by the customers to the help desk function. This metric reflects the demand and workload of the help desk function, but it does not measure how well the issues are resolved or how satisfied the customers are.

References:

Key Metrics to Measure Help Desk Performance

8 service desk KPIs and performance metrics for IT support

13 Most Important Help Desk KPIs to Track and Measure Help Desk Performance

Question #195

Which of the following methods would BEST help detect unauthorized disclosure of confidential documents sent over corporate email?

A . Requiring all users to encrypt documents before sending
B . Installing firewalls on the corporate network
C . Reporting all outgoing emails that are marked as confidential
D . Monitoring all emails based on pre-defined criteria

Lösung einblenden Lösung ausblenden

Question #196

Which of the following would be an auditor’s GREATEST concern when reviewing data inputs from spreadsheets into the core finance system?

A . Undocumented code formats data and transmits directly to the database.
B . There is not a complete inventory of spreadsheets, and file naming is inconsistent.
C . The department data protection policy has not been reviewed or updated for two years.
D . Spreadsheets are accessible by all members of the finance department.

Lösung einblenden Lösung ausblenden

Question #197

Which of the following is an example of shadow IT?

A . An employee using a cloud based order management tool without approval from IT
B . An employee using a company provided laptop to access personal banking information
C . An employee using personal email to communicate with clients without approval from IT
D . An employee using a company-provided tablet to access social media during work hours

Lösung einblenden Lösung ausblenden

Question #198

Which of the following is the MOST important reason to classify a disaster recovery plan (DRP) as confidential?

A . Ensure compliance with the data classification policy.
B . Protect the plan from unauthorized alteration.
C . Comply with business continuity best practice.
D . Reduce the risk of data leakage that could lead to an attack.

Lösung einblenden Lösung ausblenden

Question #199

Based on best practices, which types of accounts should be disabled for interactive login?

A . Local accounts
B . Administrator accounts
C . Console accounts
D . Service accounts

Lösung einblenden Lösung ausblenden

Question #200

If a recent release of a program has to be backed out of production, the corresponding changes within the delta version of the code should be:

A . filed in production for future reference in researching the problem.
B . applied to the source code that reflects the version in production.
C . eliminated from the source code that reflects the version in production.
D . reinstalled when replacing the version back into production.

Lösung einblenden Lösung ausblenden