Which of the following is the most effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?

Hi There!

ExamTopics is a free website but we constantly have to combat bots and content theft. Please forgive us for adding these measures.

Nội dung chính

• Why are we fighting bots and crawlers?
• Which of the following should be of greatest concern to an IS auditor when reviewing an information security policy the policy?
• Which of the following is most important for an IS auditor to verify when evaluating an organization's firewall?
• What is the main purpose of an organization's internal IS audit function?
• Which of the following is the most effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?

You can access all our content for free, but we'll have to ask you to register or login to continue.

ExamTopics team.

Why are we fighting bots and crawlers?

The web is full of websites offering paid exam dumps & materials.

Most of these websites just copy the contents from ExamTopics by using automated bots that crawl our website, and in-turn, selling it to unsuspecting users.

Want to unlock features that will help you study for CISA and support ExamTopics?

We work hard to maintain the website and the database.
By buying Contributor Access for yourself, you'll help us maintain and extend ExamTopics and you will also gain the following features for CISA:

• Question display customization
• View discussions bellow questions
• Printable versions of the exam
• Exams as PDFs (discussions included)
• No "Are You a Robot?" checks
• Website support

Contributor Access features are unlocked instantly after checkout.

1. Some users have the technical authority to print documents from the print spooler even though the users are not authorized with the appropriate classification to view the data they can print.

2. Some users have the technical authority to modify the print spooler file even though the users do not have the subject classification authority to modify data within the file.

3. Some users have the technical authority to delete the print job from the spooler even though the users do not have the authority to modify the data output of the print job.

4. Some users have the technical authority to pause the print jobs of certain information even though they do not have the subject classification authority to create, modify, or view the data output of the print job.

Answer: A. The question focuses on the confidentiality aspect of access control. A user with technical printer administration authority can print jobs from the print spooler, regardless of the user's authorization to view the print output. All other answers are potential compromises of information integrity or availability.

1. The firewall software has been configured with rules permitting or denying access to systems or networks based upon source and destination networks or systems, protocols, and user authentication.

2. The firewall software is configured with an implicit deny rule as the last rule in the rule base.

3. The firewall software is installed on a common operating system that is configured with default settings.

4. The firewall software is configured as a VPN endpoint for site-to-site VPN connections.

Answer: C. When auditing any critical application, an IS auditor is always concerned about software or an operating system that is installed according to default settings. Default settings are often published and provide an intruder with predictable configuration information, which allows easier system compromise. Installing firewall software onto an otherwise robust and fully functioning operating system poses a greater risk of firewall compromise. To mitigate this risk, firewall software is often installed onto a system using an operating system that has very limited functionality, providing only the services necessary to support the firewall software. An example of such an operating system is the ISO operating system installed onto Nokia routing/firewall appliances. ISO provides the functionality necessary to support installation of Check Point firewall software but little else. The remaining answers are normal firewall configurations and are not of concern to the IS auditor.

1. Network monitoring

2. Systems monitoring

3. Staffing monitoring

4. Capacity planning and management

Answer: D. Computer resources should be carefully monitored to match utilization needs with proper resource capacity levels. Capacity planning and management relies upon network, systems, and staffing monitoring to ensure that organizational goals and objectives regarding information confidentiality, integrity, and availability are met.

1. Network topology chart

2. Systems inventory

3. Applications inventory

4. Database architecture

Answer: A. Reviewing a diagram of the network topology is often the best first step when auditing IT systems. This diagram provides the auditor with a foundation-level understanding of how systems, applications, and databases interoperate. Obtaining the systems and applications inventory would be a logical next step. Reviewing the database architecture is much more granular and can be performed only after adequately understanding the basics of how an organization's systems and networks are set up.

1. Facilities

2. Operations

3. Configuration

4. Hardware

Answer: C. A configuration-management audit should always verify software licensing for authorized use. The remaining answers do not focus on software licensing.

1. Attribute integrity

2. Referential integrity

3. Relational integrity

4. Interface integrity

Answer: B. It is important that database referential integrity be enforced, to avoid orphaned references, or "dangling tuples." Relational integrity is enforced more at the record level. The remaining answers are misleading.

1. Careful network monitoring with a dynamic real-time alerting system

2. Integrated corrective network controls

3. Simple component redundancy

4. High network throughput rate

Answer: C. Providing network path redundancy is the best countermeasure or control for potential network device failures. Careful monitoring only supports timely response to component failure. Integrated corrective network controls is misleading and loosely describes simple component redundancy. High network throughput rate provides increased performance but does not address component failure.

1. Packet-filtering firewall or stateful inspection firewall

2. Application-layer gateway or stateful inspection firewall

3. Application-layer gateway or circuit-level gateway

4. Packet-filtering firewall or circuit-level gateway

Answer: B. An application-layer gateway, or proxy firewall, and stateful inspection firewalls provide the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic. A packet-filtering firewall, also known as a circuit-level gateway, reliably inspects only through OSI Layer 3.

1. Router

2. Hub

3. Repeater

4. Switch

Answer: D. A switch is most appropriate for segmenting the network into multiple collision domains to achieve the result of fewer network communications errors because of congestion-related collisions. As OSI Layer 1 devices, repeaters and hubs cannot understand MAC addressing, which is necessary to logically segment collision domains. As an OSI Layer 3 device, a router segments the network according to logical network addressing.

1. Mesh with host forwarding enabled

2. Ring

3. Star

4. Bus

Answer: A. Although it is not very practical because of physical implementation constraints, a fully connected mesh with host forwarding enabled provides the most redundancy of network communication paths.

Which of the following should be of greatest concern to an IS auditor when reviewing an information security policy the policy?

Which of the following should be of GREATEST concern to an IS auditor when reviewing an information security policy? The policy: Business objectives drive the information security policy, and the information security policy drives the selection of IT department objectives.

Which of the following is most important for an IS auditor to verify when evaluating an organization's firewall?

Answer : traffic analysis.

What is the main purpose of an organization's internal IS audit function?

The purpose of auditing internally is to provide insight into an organization's culture, policies, procedures, and aids board and management oversight by verifying internal controls such as operating effectiveness, risk mitigation controls, and compliance with any relevant laws or regulations.

Which of the following is the most effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?

Explanation. The most secure method is a virtual private network (VPN), using encryption, authentication and tunneling to allow data to travel securely from a private network to the internet.

Which of the following is the most effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines cisa?

Which of the following is the best control to mitigate the malware risk associated with an instant messaging IM system?

Which of the following is the best control to help prevent sensitive data leaving an organization via email?

Which of the following is an IS auditor's greatest concern when an organization does not regularly update software on individual workstations in the internal environment?