Latest CISA Exam Premium Dumps provide by TrainingQuiz.com to help you Passing CISA Exam! TrainingQuiz.com offers the updated CISA exam dumps, the TrainingQuiz.com CISA exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com CISA pdf dumps with Exam Engine here:
(1588 Q&As Dumps, 40%OFF Special Discount: DumpsDB)
Which of the following PBX feature provides the possibility to break into a busy line to inform another user of an important message?
Correct Answer: C
Explanation/Reference: Override feature of PBS provides for the possibility to break into a busy line to inform another user an important message. For CISA exam you should know below mentioned PBS features and Risks System Features Description Risk Automatic Call distribution Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available Tapping and control of traffic Call forwarding Allow specifying an alternate number to which calls will be forwarded based on certain condition User tracking Account codes Used to: Track calls made by certain people or for certain projects for appropriate billing Dial-In system access (user dials from outside and gain access to normal feature of the PBX) Changing the user class of service so a user can access a different set of features (i.e. the override feature) Fraud, user tracking, non authorized features Access Codes Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones. Non-authorized features Silent Monitoring Silently monitors other calls Eavesdropping Conferencing Allows for conversation among several users Eavesdropping, by adding unwanted/unknown parties to a conference override(intrude) Provides for the possibility to break into a busy line to inform another user an important message Eavesdropping Auto-answer Allows an instrument to automatically go when called usually gives an auditor or visible warning which can easily turned off Gaining information not normally available, for various purpose Tenanting Limits system user access to only those users who belong to the same tenant group - useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc Illegal usage, fraud, eavesdropping Voice mail Stores messages centrally and - by using a password - allows for retrieval from inside or outside lines. Disclosure or destruction of all messages of a user when that user's password in known or discovered by an intruder, disabling of the voice mail system and even the entire switch by lengthy messages or embedded codes, illegal access to external lines. Privacy release Supports shared extensions among several devices, ensuring that only one device at a time can use an extension. Privacy release disables the security by allowing devices to connect to an extension already in use. Eavesdropping No busy extension Allows calls to an in-use extension to be added to a conference when that extension is on conference and already off-hook Eavesdropping a conference in progress Diagnostics Allows for bypassing normal call restriction procedures. This kind of diagnostic is sometimes available from any connected device. It is a separate feature, in addition to the normal maintenance terminal or attendant diagnostics Fraud and illegal usage Camp-on or call waiting When activated, sends a visual audible warning to an off-hook instrument that is receiving another call. Another option of this feature is to conference with the camped-on or call waiting Making the called individual a party to a conference without knowing it. Dedicated connections Connections made through the PBX without using the normal dialing sequences. It can be used to create hot-lines between devices i.e. one rings when the other goes off-hook. It is also used for data connections between devices and the central processing facility Eavesdropping on a line The following were incorrect answers: Account Codes - that are use to: Track calls made by certain people or for certain projects for appropriate billing Dial-In system access (user dials from outside and gain access to normal feature of the PBX) Changing the user class of service so a user can access a different set of features (i.e. the override feature) Access Codes - Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones. Tenanting - Limits system user access to only those users who belong to the same tenant group useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc The following reference(s) were/was used to create this question: CISA review manual 2014 Page number358
Question 77
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?
Correct Answer: A
Explanation/Reference: Explanation: The most secure method is a virtual private network (VPN), using encryption, authentication and tunneling to allow data to travel securely from a private network to the internet. Choices B, C and D are network connectivity options that are normally too expensive to be practical for small- to medium-sized organizations.
Question 78
Squid is an example of:
Correct Answer: B
Squid is an example of a caching proxy, not a security proxy. It has the main purpose of locally storing copies of web pages that are popular, with the benefit of saving bandwidth.
Question 79
Which of the following is of greatest concern to the IS auditor?
Correct Answer: A
Explanation/Reference: Lack of reporting of a successful attack on the network is a great concern to an IS auditor.
Question 80
During a review, an IS auditor discovers that corporate users are able to access cloud-based applications and data any Internet-connected web browser. Which Of the following is the auditors BEST recommendation to prevent unauthorized access?
Correct Answer: C
The best recommendation to prevent unauthorized access in this scenario is to implement multi-factor authentication (MFA). According to the ISACA CISA Study Manual, "MFA is a security technique that requires two or more independent credentials for user authentication. MFA can be used to provide additional security for cloud-based services and applications." Thus, implementing MFA would be an effective way to prevent unauthorized access and maintain a secure environment. Multi-factor authentication (MFA) is a security measure that requires users to provide two or more pieces of evidence to verify their identity before accessing cloud-based applications and data123. MFA can prevent unauthorized access by making it harder for attackers to compromise user credentials or bypass password protection
