ISACA Domain 5 Exam Questions &
Answers (Grade A+)
The role of the certificate authority (CA) as a third party is to:
confirm the identity of the entity owning a certificate issued by that
certificate authority. - correct answer ✅The primary activity of the
CA is to issue certificates. The primary role of the CA is to check the
identity of the entity owning a certificate and to confirm the
integrity of any certificate it issued.
Web application developers sometimes use hidden fields on web
pages to save information about a client session. This technique is
used, in some cases, to store session variables that enable
persistence across web pages, such as maintaining the contents of a
shopping cart on a retail website. The most likely web based attack
due to this practice is: Parameter tampering - correct answer
✅Web application developers sometimes use hidden fields to save
information about a client session or to submit hidden parameters,
such as the language of the end user, to the underlying application.
Bc hidden form fields dont display in the browser, developers may
feel safe passing unvalidated data in hidden fields ( to be validated
later). This practice is not safe bc an attacker can intercept, modify,
and submit requests, which can discover information or perform
functions that the web developers never indented. The malicious
modification of web application parameters is known as parameter
tampering
,ISACA Domain 5 Exam Questions &
Answers (Grade A+)
Cross site scripting - correct answer ✅this involves the
compromise of the web page to redirect users to content on the
attacker web site.
Cookie poisioning - correct answer ✅refers to the interception
and modification of session cookies to impersonate the user or
steal log on credentials.
Stealth commanding - correct answer ✅is the hijacking of a
webserver by the installation of unauthorized code. the most
common server exploits involve vulnerabilities of the server
operating system or web server.
The most important difference between hashing and encryption is
that hashing: is irreversible - correct answer ✅Hashing works one
way- by applying a hashing algorithm to a message, a message
hash/digest is created. If the same hashing algorithm is applied to
the message digest it will not results in the same original message.
As such, hashing is irreversible, which encryption is reversible .
With a properly designed algorithm, there is no way to reverse the
hashing process to reveal the original password.
, ISACA Domain 5 Exam Questions &
Answers (Grade A+)
- hashing creates a fixed length outtput that is usually smaller than
the original message, and encryption creates an output that is
usually the same length as the original message
- hashing is used to verify the integrity of the message, but does not
address security
A firewall is being deployed at a new location. Which of the
following is the MOST important factor in ensuring a successful
deployment? Testing and validating the rules - correct answer ✅A
mistake in the rule set can render a firewall ineffective or insecure.
Therefore, testing and validating the rules is the most important
factor in ensuring a successful deployment.
- a regular review of logs would not start until the deployment has
been completed
A new business application requires deviation from the standard
configuration of the OS. What activity should the auditor
recommend to the security manager as a FIRST response?
Assessment of the risk and identification of compensating controls -
correct answer ✅Before approving any exception, the security
Answers (Grade A+)
The role of the certificate authority (CA) as a third party is to:
confirm the identity of the entity owning a certificate issued by that
certificate authority. - correct answer ✅The primary activity of the
CA is to issue certificates. The primary role of the CA is to check the
identity of the entity owning a certificate and to confirm the
integrity of any certificate it issued.
Web application developers sometimes use hidden fields on web
pages to save information about a client session. This technique is
used, in some cases, to store session variables that enable
persistence across web pages, such as maintaining the contents of a
shopping cart on a retail website. The most likely web based attack
due to this practice is: Parameter tampering - correct answer
✅Web application developers sometimes use hidden fields to save
information about a client session or to submit hidden parameters,
such as the language of the end user, to the underlying application.
Bc hidden form fields dont display in the browser, developers may
feel safe passing unvalidated data in hidden fields ( to be validated
later). This practice is not safe bc an attacker can intercept, modify,
and submit requests, which can discover information or perform
functions that the web developers never indented. The malicious
modification of web application parameters is known as parameter
tampering
,ISACA Domain 5 Exam Questions &
Answers (Grade A+)
Cross site scripting - correct answer ✅this involves the
compromise of the web page to redirect users to content on the
attacker web site.
Cookie poisioning - correct answer ✅refers to the interception
and modification of session cookies to impersonate the user or
steal log on credentials.
Stealth commanding - correct answer ✅is the hijacking of a
webserver by the installation of unauthorized code. the most
common server exploits involve vulnerabilities of the server
operating system or web server.
The most important difference between hashing and encryption is
that hashing: is irreversible - correct answer ✅Hashing works one
way- by applying a hashing algorithm to a message, a message
hash/digest is created. If the same hashing algorithm is applied to
the message digest it will not results in the same original message.
As such, hashing is irreversible, which encryption is reversible .
With a properly designed algorithm, there is no way to reverse the
hashing process to reveal the original password.
, ISACA Domain 5 Exam Questions &
Answers (Grade A+)
- hashing creates a fixed length outtput that is usually smaller than
the original message, and encryption creates an output that is
usually the same length as the original message
- hashing is used to verify the integrity of the message, but does not
address security
A firewall is being deployed at a new location. Which of the
following is the MOST important factor in ensuring a successful
deployment? Testing and validating the rules - correct answer ✅A
mistake in the rule set can render a firewall ineffective or insecure.
Therefore, testing and validating the rules is the most important
factor in ensuring a successful deployment.
- a regular review of logs would not start until the deployment has
been completed
A new business application requires deviation from the standard
configuration of the OS. What activity should the auditor
recommend to the security manager as a FIRST response?
Assessment of the risk and identification of compensating controls -
correct answer ✅Before approving any exception, the security
