Here is a sampling of questions in the format of the CISA exam. These questions are related to the technical infrastructure and operational practices, and will help test your understanding of this subject. Answers with explanations are provided in Appendix A.
The best way to understand the security configuration of an operating system is to
Consult the vendor's installation manuals
Review the security plan for the system
Interview the systems programmer who installed the software
Review the system-generated configuration parameters
What three things are the most important security controls that should be present when reviewing an operating systems security?
The code comes from a trusted source.
Audit logging is turned on.
Unnecessary services are turned off.
The default passwords are changed.
Systems administrators do not have any more access than they need to in order to perform their job.
I, II, and III
III, IV, and V
I, III, and IV
I, II, and IV
Databases are complex to evaluate from a risk perspective because
Access controls for application views, query permissions, field level table access, as well as access to reports and query results must be reviewed to assess the security of data.
They can have complex data structures that may be joined through several keys.
Data definitions must be maintained in order to understand the data classifications.
Data flows and data normalization processes make both table sizing and transaction mapping difficult.
In a two-phase commit database ...