O'Reilly logo

The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam by John Kramer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A.3. Chapter 3—Technical Infrastructure and Operational Practices

Here are the answers to the questions in Chapter 3:

  1. The best way to understand the security configuration of an operating system is to

    1. Consult the vendor's installation manuals

    2. Review the security plan for the system

    3. Interview the systems programmer who installed the software

    4. Review the system-generated configuration parameters

    Answer: D

    The correct answer is D, review the actual parameters generated from a direct query of the system. The system programmers (C) and the security plan (B) may give you information about the point in time when the system was installed, but patches and modification since that time may have significantly changed the current security since then. The vendor's manual (A) will explain what your options are and may even recommend settings, but they have no bearing on the actual set up.

  2. What three things are the most important security controls that should be present when reviewing an operating systems security?

    1. The code comes from a trusted source.

    2. Audit logging is turned on.

    3. Unnecessary services are turned off.

    4. The default passwords are changed.

    5. Systems administrators do not have any more access than they need to in order to perform their job.

    1. I, II, and III

    2. III, IV, and V

    3. I, III, and IV

    4. I, II, and IV

    Answer: C

    The correct answer is C. Audit logging does need to be turned on (II), but this is only effective when a process is in place to monitor and react to the logs. Systems administrators (V) should use their ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required