Download Certified Information Systems Auditor.CISA.Pass4Sure.2019-01-29.896q.vcex

Vendor: ISACA
Exam Code: CISA
Exam Name: Certified Information Systems Auditor
Date: Jan 29, 2019
File Size: 1 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which of the following protocol is developed jointly by VISA and Master Card to secure payment transactions among all parties involved in credit card transactions on behalf of cardholders and merchants?
  1. S/MIME
  2. SSH
  3. SET
  4. S/HTTP
Correct answer: C
Explanation:
Secure Electronic Transaction(SET) is a protocol developed jointly by VISA and Master Card to secure payment transaction among all parties involved in credit card transactions among all parties involved in credit card transactions on behalf of cardholders and merchants. As an open system specification, SET is an application-oriented protocol that uses trusted third party's encryption and digital-signature process, via PKI infrastructure of trusted third party institutions, to address confidentiality of information, integrity of data, cardholders authentication, merchant authentication and interoperability.   The following were incorrect answers:  S/MIME - Secure Multipurpose Internet Mail Extension (S/MIME) is a standard secure email protocol that authenticates the identity of the sender and receiver, verifies message integrity, and ensures the privacy of message's content's, including attachments.  SSH –A client server program that opens a secure, encrypted command-line shell session from the Internet for remote logon. Similar to a VPN, SSH uses strong cryptography to protect data, including password, binary files and administrative commands, transmitted between system on a network. SSH is typically implemented between two parties by validating each other's credential via digital certificates. SSH is useful in securing Telnet and FTP services, and is implemented at the application layer, as opposed to operating at network layer (IPSec Implementation)  Secure Hypertext Transfer Protocol (S/HTTP) -As an application layer protocol, S/HTTP transmits individual messages or pages securely between a web client and server by establishing SSL-type connection. Using the https:// designation in the URL, instead of the standard http://, directs the message to a secure port number rather than the default web port address. This protocol utilizes SSL secure features but does so as a message rather than the session-oriented protocol.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 352 and 353
Secure Electronic Transaction(SET) is a protocol developed jointly by VISA and Master Card to secure payment transaction among all parties involved in credit card transactions among all parties involved in credit card transactions on behalf of cardholders and merchants. As an open system specification, SET is an application-oriented protocol that uses trusted third party's encryption and digital-signature process, via PKI infrastructure of trusted third party institutions, to address confidentiality of information, integrity of data, cardholders authentication, merchant authentication and interoperability. 
  
The following were incorrect answers:
  
S/MIME - Secure Multipurpose Internet Mail Extension (S/MIME) is a standard secure email protocol that authenticates the identity of the sender and receiver, verifies message integrity, and ensures the privacy of message's content's, including attachments.  
SSH –A client server program that opens a secure, encrypted command-line shell session from the Internet for remote logon. Similar to a VPN, SSH uses strong cryptography to protect data, including password, binary files and administrative commands, transmitted between system on a network. SSH is typically implemented between two parties by validating each other's credential via digital certificates. SSH is useful in securing Telnet and FTP services, and is implemented at the application layer, as opposed to operating at network layer (IPSec Implementation)  
Secure Hypertext Transfer Protocol (S/HTTP) -As an application layer protocol, S/HTTP transmits individual messages or pages securely between a web client and server by establishing SSL-type connection. Using the https:// designation in the URL, instead of the standard http://, directs the message to a secure port number rather than the default web port address. This protocol utilizes SSL secure features but does so as a message rather than the session-oriented protocol.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 352 and 353
Question 2
An auditor needs to be aware of technical controls which are used to protect computer from malware. Which of the following technical control interrupts DoS and ROM BIOS call and look for malware like action?
  1. Scanners
  2. Active Monitors
  3. Immunizer
  4. Behavior blocker
Correct answer: B
Explanation:
Active monitors interpret DoS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.  For CISA exam you should know below mentioned different kinds of malware Controls A. Scanners Look for sequences of bit called signature that are typical malware programs.  The two primary types of scanner are 1. Malware mask or Signatures – Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file. 2. Heuristic Scanner – Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present). Scanners examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective. B. Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all.  The following were incorrect answers:Scanners -Look for sequences of bit called signature that are typical malware programs.  Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior.  Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 354 and 355
Active monitors interpret DoS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.  
For CISA exam you should know below mentioned different kinds of malware Controls 
A. Scanners Look for sequences of bit called signature that are typical malware programs.  
The two primary types of scanner are 
1. Malware mask or Signatures – Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file. 
2. Heuristic Scanner – Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present). Scanners examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective. 
B. Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. 
C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. 
D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all.  
The following were incorrect answers:
Scanners -Look for sequences of bit called signature that are typical malware programs.  
Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior.  
Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. 
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 354 and 355
Question 3
Which are the two primary types of scanner used for protecting against Malware? 
Malware mask/signatures and Heuristic Scanner 
Active and passive Scanner 
Behavioral Blockers and immunizer Scanner 
None of the above
  1. Malware mask/signatures and Heuristic Scanner
  2. Active and passive Scanner
  3. Behavioral Blockers and immunizer Scanner
  4. None of the above
Correct answer: A
Explanation:
Scanners Look for sequences of bit called signature that are typical malware programs. The two primary types of scanner are 1. Malware mask or Signatures – Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file. 2. Heuristic Scanner – Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present) Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective. For CISA exam you should know below mentioned different kinds of malware Controls A. Active Monitors - Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.  B. Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. C. Behavior Blocker - Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all. The following were incorrect answers:The other options presented are not a valid primary types of scanner.   The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 354 and 355
Scanners Look for sequences of bit called signature that are typical malware programs. 
The two primary types of scanner are 
1. Malware mask or Signatures – Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file. 
2. Heuristic Scanner – Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present) 
Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective. 
For CISA exam you should know below mentioned different kinds of malware Controls 
A. Active Monitors - Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.  
B. Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. 
C. Behavior Blocker - Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. 
D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all. 
The following were incorrect answers:
The other options presented are not a valid primary types of scanner. 
  
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 354 and 355
Question 4
Which of the following malware technical fool’s malware by appending section of themselves to files – somewhat in the same way that file malware append themselves?
  1. Scanners
  2. Active Monitors
  3. Immunizer
  4. Behavior blocker
Correct answer: C
Explanation:
Immunizers defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. For you exam you should know below mentioned different kinds of malware Controls A. Scanners- Look for sequences of bit called signature that are typical malware programs. The two primary types of scanner are 1. Malware mask or Signatures – Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file. 2. Heuristic Scanner – Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present) Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective. B. Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all. E. Active Monitors – Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files. The following were incorrect answers:Scanners -Look for sequences of bit called signature that are typical malware programs. Active Monitors – Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.  Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept.  The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 354 and 355
Immunizers defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. 
For you exam you should know below mentioned different kinds of malware Controls 
A. Scanners- Look for sequences of bit called signature that are typical malware programs. 
The two primary types of scanner are 
1. Malware mask or Signatures – Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file. 
2. Heuristic Scanner – Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present) 
Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective. 
B. Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. 
C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. 
D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all. 
E. Active Monitors – Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files. 
The following were incorrect answers:
Scanners -Look for sequences of bit called signature that are typical malware programs. 
Active Monitors – Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.  
Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept.  
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 354 and 355
Question 5
Which of the following statement INCORRECTLY describes anti-malware?
  1. 2
  2. 3
  3. 2 and 3
  4. None of the choices listed
Correct answer: D
Explanation:
The word INCORRECT is the keyword used in the question. All the terms presented in options correctly describes some type of anti-malware related activities. For your exam you should know below mentioned different kinds of malware Controls A. Scanners Look for sequences of bit called signature that are typical malware programs. The two primary types of scanner are 1. Malware mask or Signatures – Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file. 2. Heuristic Scanner – Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present) Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective. B. Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all. E. Active Monitors – Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files. The following were incorrect answers:All of the choices presented other than one were describing Anti-Malware related activities The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 354 and 355
The word INCORRECT is the keyword used in the question. All the terms presented in options correctly describes some type of anti-malware related activities. 
For your exam you should know below mentioned different kinds of malware Controls 
A. Scanners Look for sequences of bit called signature that are typical malware programs. 
The two primary types of scanner are 
1. Malware mask or Signatures – Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file. 
2. Heuristic Scanner – Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present) 
Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective. 
B. Immunizers – Defend against malware by appending sections of themselves to files – sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware. 
C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept. 
D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all. 
E. Active Monitors – Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files. 
The following were incorrect answers:
All of the choices presented other than one were describing Anti-Malware related activities 
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 354 and 355
Question 6
Which of the following statement is NOT true about Voice-Over IP (VoIP)? 
VoIP uses circuit switching technology 
Lower cost per call or even free calls, especially for long distance call 
Lower infrastructure cost 
VoIP is a technology where voice traffic is carried on top of existing data infrastructure
  1. VoIP uses circuit switching technology
  2. Lower cost per call or even free calls, especially for long distance call
  3. Lower infrastructure cost
  4. VoIP is a technology where voice traffic is carried on top of existing data infrastructure
Correct answer: A
Explanation:
The NOT is a keyword used in the question. You need to find out invalid statement about VoIP. VoIP uses packet switching and not circuit switching. For your exam you should know below information about VoIP:Voice-Over-IP IP telephony, internet telephony, is the technology that makes it possible to have a voice conversation over the Internet or over any dedicated IP network instead of dedicated transmission lines. The protocol is used to carry the signal over the IP network are commonly referred as Voice-Over-IP (VoIP).VoIP is a technology where voice traffic is carried on top of existing data infrastructure. Sounds are digitalized into IP packets and transferred through the network layer before being decode back into the original voice. VoIP allows the elimination of circuit switching and the associated waste of bandwidth. Instead, packet switching is used, where IP packets with voice data are sent over the network only when data needs to be sent. It has advantages over traditional telephony:Unlike traditional telephony, VoIP innovation progresses at market rates rather than at the rates of multilateral committee process of the International Telecommunication Union (ITU) Lower cost per call or even free calls, especially for long distance call Lower infrastructure costs. Once IP infrastructure is installed, no or little additional telephony infrastructure is needed VoIP Security Issues With the introduction of VoIP, the need for security is more important because it is needed to protect two assets – the data and the voice. Protecting the security of conversation is vital now.  In VoIP, packets are sent over the network from the user's computer or VoIP phone to similar equipment at other end. Packets may pass through several intermediate systems that are not under the control of the user’s ISP.The current Internet architecture does not provide same physical wire security as phone line.  The main concern of VoIP solution is that while, in the case of traditional telephones, if data system is disrupted, then the different sites of the organization could still be reached via telephone. Thus a backup communication facility should be planned for if the availability of communication is vital to organization.  Another issue might arises with the fact that IP telephones and their supporting equipment require the same care and maintenance as computer system do. To enhance the protection of the telephone system and data traffic, the VoIP infrastructure should be segregated using Virtual Local Area Network (VLAN). In many cases, session border controllers (SBCs) are utilized to provide security features for VoIP traffic similar to that provided by firewalls. The following were incorrect answers:Lower cost per call or even free calls, especially for long distance call - This is a valid statement about VoIP. In fact it is an advantage of VoIP. Lower infrastructure cost - This is a valid statement and advantage of using VoIP as compare to traditional telephony system. VoIP is a technology where voice traffic is carried on top of existing data infrastructure – This is also valid statement about VoIP. The following reference(s) were/was used to create this question:CISA review manual 2014 Page number355
The NOT is a keyword used in the question. You need to find out invalid statement about VoIP. VoIP uses packet switching and not circuit switching. 
For your exam you should know below information about VoIP:
Voice-Over-IP 
IP telephony, internet telephony, is the technology that makes it possible to have a voice conversation over the Internet or over any dedicated IP network instead of dedicated transmission lines. The protocol is used to carry the signal over the IP network are commonly referred as Voice-Over-IP (VoIP).VoIP is a technology where voice traffic is carried on top of existing data infrastructure. Sounds are digitalized into IP packets and transferred through the network layer before being decode back into the original voice. 
VoIP allows the elimination of circuit switching and the associated waste of bandwidth. Instead, packet switching is used, where IP packets with voice data are sent over the network only when data needs to be sent. 
It has advantages over traditional telephony:
Unlike traditional telephony, VoIP innovation progresses at market rates rather than at the rates of multilateral committee process of the International Telecommunication Union (ITU) 
Lower cost per call or even free calls, especially for long distance call 
Lower infrastructure costs. Once IP infrastructure is installed, no or little additional telephony infrastructure is needed 
VoIP Security Issues 
With the introduction of VoIP, the need for security is more important because it is needed to protect two assets – the data and the voice. 
Protecting the security of conversation is vital now.  
In VoIP, packets are sent over the network from the user's computer or VoIP phone to similar equipment at other end. Packets may pass through several intermediate systems that are not under the control of the user’s ISP.The current Internet architecture does not provide same physical wire security as phone line.  
The main concern of VoIP solution is that while, in the case of traditional telephones, if data system is disrupted, then the different sites of the organization could still be reached via telephone. Thus a backup communication facility should be planned for if the availability of communication is vital to organization.  
Another issue might arises with the fact that IP telephones and their supporting equipment require the same care and maintenance as computer system do. 
To enhance the protection of the telephone system and data traffic, the VoIP infrastructure should be segregated using Virtual Local Area Network (VLAN). 
In many cases, session border controllers (SBCs) are utilized to provide security features for VoIP traffic similar to that provided by firewalls. 
The following were incorrect answers:
Lower cost per call or even free calls, especially for long distance call - This is a valid statement about VoIP. In fact it is an advantage of VoIP. 
Lower infrastructure cost - This is a valid statement and advantage of using VoIP as compare to traditional telephony system. 
VoIP is a technology where voice traffic is carried on top of existing data infrastructure – This is also valid statement about VoIP. 
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number355
Question 7
Private Branch Exchange(PBX) environment involves many security risks, one of which is the people both internal and external to an organization. Which of the following risks are NOT associated with Private Branch Exchange? 
1. Theft of service 
2. Disclosure of information 
3. Data Modifications 
4. Denial of service 
5. Traffic Analysis
  1. 3 and 4
  2. 4 and 5
  3. 1-4
  4. They are ALL risks associated with PBX
Correct answer: D
Explanation:
The NOT is a keyword used in the question. You need to find out the risks which are NOT associated with PBX. All the risk listed within the options are associated with PBX. The threat of the PBX telephone system are many, depending on the goals of these attackers, and include:Theft of service - Toll fraud, probably the most common of motives for attacker. Disclosure of Information -Data disclosed without authorization, either by deliberate actionably accident. Examples includes eavesdropping on conversation and unauthorized access to routing and address data. Data Modification -Data altered in some meaningful way by recording, deleting or modifying it. For example, an intruder may change billing information or modify system table to gain additional services. Unauthorized access – Actions that permit an unauthorized user to gain access to system resources or privileges. Denial of service -Actions that prevent the system from functioning in accordance with its intended purpose. A piece of equipment or entity may be rendered inoperable or forced to operate in a degraded state; operations that depend on timeliness may be delayed. Traffic Analysis – A form of passive attack in which an intruder observes information about calls and make inferences, e.g. from the source and destination number or frequency and length of messages. For example, an intruder observes a high volume of calls between a company's legal department and patent office, and conclude that a patent is being filed.   The following were incorrect answers:All the risks presented in options are associated with PBX. So other options are not valid. The following reference(s) were/was used to create this question:CISA review manual 2014 Page number356
The NOT is a keyword used in the question. You need to find out the risks which are NOT associated with PBX. All the risk listed within the options are associated with PBX. 
The threat of the PBX telephone system are many, depending on the goals of these attackers, and include:
Theft of service - Toll fraud, probably the most common of motives for attacker. 
Disclosure of Information -Data disclosed without authorization, either by deliberate actionably accident. Examples includes eavesdropping on conversation and unauthorized access to routing and address data. 
Data Modification -Data altered in some meaningful way by recording, deleting or modifying it. For example, an intruder may change billing information or modify system table to gain additional services. 
Unauthorized access – Actions that permit an unauthorized user to gain access to system resources or privileges. 
Denial of service -Actions that prevent the system from functioning in accordance with its intended purpose. A piece of equipment or entity may be rendered inoperable or forced to operate in a degraded state; operations that depend on timeliness may be delayed. 
Traffic Analysis – A form of passive attack in which an intruder observes information about calls and make inferences, e.g. from the source and destination number or frequency and length of messages. For example, an intruder observes a high volume of calls between a company's legal department and patent office, and conclude that a patent is being filed. 
  
The following were incorrect answers:
All the risks presented in options are associated with PBX. So other options are not valid. 
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number356
Question 8
Which of the following is a sophisticated computer based switch that can be thought of as essentially a small in-house phone company for the organization?
  1. Private Branch Exchange
  2. Virtual Local Area Network
  3. Voice over IP
  4. Dial-up connection
Correct answer: A
Explanation:
A Private Branch Exchange(PBX) is a sophisticated computer based switch that can be thought of as essentially a small in-house phone company for the organization that operates it. Protection of PBX is thus a height priority. Failure to secure PBX can result in exposing the organization to toll fraud, theft of proprietary or confidential information, loss of revenue or legal entanglements. PBX environment involves many security risks, presented by people both internal and external to an organization. The threat of the PBX telephone system are many, depending on the goals of these attackers, and include:Theft of service - Toll fraud, probably the most common of motives for attacker. Disclosure of Information -Data disclosed without authorization, either by deliberate actionably accident. Examples includes eavesdropping on conversation and unauthorized access to routing and address data. Data Modification -Data altered in some meaningful way by recording, deleting or modifying it. For example, an intruder may change billing information or modify system table to gain additional services. Unauthorized access – Actions that permit an unauthorized user to gain access to system resources or privileges. Denial of service -Actions that prevent the system from functioning in accordance with its intended purpose. A piece of equipment or entity may be rendered inoperable or forced to operate in a degraded state; operations that depend on timeliness may be delayed. Traffic Analysis – A form of passive attack in which an intruder observes information about calls and make inferences, e.g. from the source and destination number or frequency and length of messages. For example, an intruder observes a high volume of calls between a company's legal department and patent office, and conclude that a patent is being filed. The following were incorrect answers:Virtual Local Area Network - A virtual local area network (VLAN) is a logical group of workstations, servers and network devices that appear to be on the same LAN despite their geographical distribution. A VLAN allows a network of computers and users to communicate in a simulated environment as if they exist in a single LAN and are sharing a single broadcast and multicast domain. VLANs are implemented to achieve scalability, security and ease of network management and can quickly adapt to change in network requirements and relocation of workstations and server nodes.  Voice over IP - VoIP is a technology where voice traffic is carried on top of existing data infrastructure. Sounds are digitalized into IP packets and transferred through the network layer before being decode back into the original voice.  Dial-up connection - Dial-up refers to an Internet connection that is established using a modem. The modem connects the computer to standard phone lines, which serve as the data transfer medium. When a user initiates a dial-up connection, the modem dials a phone number of an Internet Service Provider (ISP) that is designated to receive dial-up calls. The ISP then establishes the connection, which usually takes about ten seconds and is accompanied by several beeping an buzzing sounds. The following reference(s) were/was used to create this question:CISA review manual 2014 Page number356
A Private Branch Exchange(PBX) is a sophisticated computer based switch that can be thought of as essentially a small in-house phone company for the organization that operates it. Protection of PBX is thus a height priority. Failure to secure PBX can result in exposing the organization to toll fraud, theft of proprietary or confidential information, loss of revenue or legal entanglements. 
PBX environment involves many security risks, presented by people both internal and external to an organization. The threat of the PBX telephone system are many, depending on the goals of these attackers, and include:
Theft of service - Toll fraud, probably the most common of motives for attacker. 
Disclosure of Information -Data disclosed without authorization, either by deliberate actionably accident. Examples includes eavesdropping on conversation and unauthorized access to routing and address data. 
Data Modification -Data altered in some meaningful way by recording, deleting or modifying it. For example, an intruder may change billing information or modify system table to gain additional services. 
Unauthorized access – Actions that permit an unauthorized user to gain access to system resources or privileges. 
Denial of service -Actions that prevent the system from functioning in accordance with its intended purpose. A piece of equipment or entity may be rendered inoperable or forced to operate in a degraded state; operations that depend on timeliness may be delayed. 
Traffic Analysis – A form of passive attack in which an intruder observes information about calls and make inferences, e.g. from the source and destination number or frequency and length of messages. For example, an intruder observes a high volume of calls between a company's legal department and patent office, and conclude that a patent is being filed. 
The following were incorrect answers:
Virtual Local Area Network - A virtual local area network (VLAN) is a logical group of workstations, servers and network devices that appear to be on the same LAN despite their geographical distribution. A VLAN allows a network of computers and users to communicate in a simulated environment as if they exist in a single LAN and are sharing a single broadcast and multicast domain. VLANs are implemented to achieve scalability, security and ease of network management and can quickly adapt to change in network requirements and relocation of workstations and server nodes.  
Voice over IP - VoIP is a technology where voice traffic is carried on top of existing data infrastructure. Sounds are digitalized into IP packets and transferred through the network layer before being decode back into the original voice.  
Dial-up connection - Dial-up refers to an Internet connection that is established using a modem. The modem connects the computer to standard phone lines, which serve as the data transfer medium. When a user initiates a dial-up connection, the modem dials a phone number of an Internet Service Provider (ISP) that is designated to receive dial-up calls. The ISP then establishes the connection, which usually takes about ten seconds and is accompanied by several beeping an buzzing sounds. 
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number356
Question 9
Which of the following PBX feature provides the possibility to break into a busy line to inform another user of an important message?
  1. Account Codes
  2. Access Codes
  3. Override
  4. Tenanting
Correct answer: C
Explanation:
Override feature of PBS provides for the possibility to break into a busy line to inform another user an important message. For CISA exam you should know below mentioned PBS features and Risks System Features Description Risk Automatic Call distribution   Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available   Tapping and control of traffic Call forwarding Allow specifying an alternate number to which calls will be forwarded based on certain condition  User tracking Account codes Used to:Track calls made by certain people or for certain projects for appropriate billing Dial-In system access (user dials from outside and gain access to normal feature of the PBX) Changing the user class of service so a user can access a different set of features (i.e. the override feature) Fraud, user tracking, non authorized features Access Codes  Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones.   Non-authorized features Silent Monitoring  Silently monitors other calls Eavesdropping Conferencing   Allows for conversation among several users   Eavesdropping, by adding unwanted/unknown parties to a conference override(intrude)  Provides for the possibility to break into a busy line to inform another user an important message  Eavesdropping Auto-answer   Allows an instrument to automatically go when called usually gives an auditor or visible warning which can easily turned off   Gaining information not normally available, for various purpose Tenanting  Limits system user access to only those users who belong to the same tenant group – useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc   Illegal usage, fraud, eavesdropping Voice mail  Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines. Disclosure or destruction of all messages of a user when that user's password in known or discovered by an intruder, disabling of the voice mail system and even the entire switch by lengthy messages or embedded codes, illegal access to external lines. Privacy release Supports shared extensions among several devices, ensuring that only one device at a time can use an extension. Privacy release disables the security by allowing devices to connect to an extension already in use.   Eavesdropping No busy extension Allows calls to an in-use extension to be added to a conference when that extension is on conference and already off-hook  Eavesdropping a conference in progress Diagnostics  Allows for bypassing normal call restriction procedures. This kind of diagnostic is sometimes available from any connected device. It is a separate feature, in addition to the normal maintenance terminal or attendant diagnostics   Fraud and illegal usage Camp-on or call waiting When activated, sends a visual audible warning to an off-hook instrument that is receiving another call. Another option of this feature is to conference with the camped-on or call waiting Making the called individual a party to a conference without knowing it. Dedicated connections Connections made through the PBX without using the normal dialing sequences. It can be used to create hot-lines between devices i.e. one rings when the other goes off-hook. It is also used for data connections between devices and the central processing facility  Eavesdropping on a line The following were incorrect answers:Account Codes - that are use to:Track calls made by certain people or for certain projects for appropriate billing Dial-In system access (user dials from outside and gain access to normal feature of the PBX) Changing the user class of service so a user can access a different set of features (i.e. the override feature) Access Codes - Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones. Tenanting - Limits system user access to only those users who belong to the same tenant group useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc The following reference(s) were/was used to create this question:CISA review manual 2014 Page number358
Override feature of PBS provides for the possibility to break into a busy line to inform another user an important message. 
For CISA exam you should know below mentioned PBS features and Risks 
System Features 
Description 
Risk 
Automatic Call distribution 
  
Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available 
  
Tapping and control of traffic 
Call forwarding 
Allow specifying an alternate number to which calls will be forwarded based on certain condition  
User tracking 
Account codes 
Used to:
Track calls made by certain people or for certain projects for appropriate billing 
Dial-In system access (user dials from outside and gain access to normal feature of the PBX) 
Changing the user class of service so a user can access a different set of features (i.e. the override feature) 
Fraud, user tracking, non authorized features 
Access Codes  
Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones. 
  
Non-authorized features 
Silent Monitoring  
Silently monitors other calls 
Eavesdropping 
Conferencing 
  
Allows for conversation among several users 
  
Eavesdropping, by adding unwanted/unknown parties to a conference 
override(intrude)  
Provides for the possibility to break into a busy line to inform another user an important message  
Eavesdropping 
Auto-answer 
  
Allows an instrument to automatically go when called usually gives an auditor or visible warning which can easily turned off 
  
Gaining information not normally available, for various purpose 
Tenanting  
Limits system user access to only those users who belong to the same tenant group – useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc 
  
Illegal usage, fraud, eavesdropping 
Voice mail  
Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines. 
Disclosure or destruction of all messages of a user when that user's password in known or discovered by an intruder, disabling of the voice mail system and even the entire switch by lengthy messages or embedded codes, illegal access to external lines. 
Privacy release 
Supports shared extensions among several devices, ensuring that only one device at a time can use an extension. Privacy release disables the security by allowing devices to connect to an extension already in use. 
  
Eavesdropping 
No busy extension 
Allows calls to an in-use extension to be added to a conference when that extension is on conference and already off-hook  
Eavesdropping a conference in progress 
Diagnostics  
Allows for bypassing normal call restriction procedures. This kind of diagnostic is sometimes available from any connected device. It is a separate feature, in addition to the normal maintenance terminal or attendant diagnostics 
  
Fraud and illegal usage 
Camp-on or call waiting 
When activated, sends a visual audible warning to an off-hook instrument that is receiving another call. Another option of this feature is to conference with the camped-on or call waiting 
Making the called individual a party to a conference without knowing it. 
Dedicated connections 
Connections made through the PBX without using the normal dialing sequences. It can be used to create hot-lines between devices i.e. one rings when the other goes off-hook. It is also used for data connections between devices and the central processing facility  
Eavesdropping on a line 
The following were incorrect answers:
Account Codes - that are use to:
Track calls made by certain people or for certain projects for appropriate billing 
Dial-In system access (user dials from outside and gain access to normal feature of the PBX) 
Changing the user class of service so a user can access a different set of features (i.e. the override feature) 
Access Codes - Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones. 
Tenanting - Limits system user access to only those users who belong to the same tenant group useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc 
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number358
Question 10
Which of the following PBX feature allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available?
  1. Automatic Call distribution
  2. Call forwarding
  3. Tenanting
  4. Voice mail
Correct answer: A
Explanation:
Automatic Call distribution allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available For your exam you should know below mentioned PBX features and Risks:System Features Description Risk Automatic Call distribution Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available   Tapping and control of traffic Call forwarding Allow specifying an alternate number to which calls will be forwarded based on certain condition User tracking Account codes   Used to:Track calls made by certain people or for certain projects for appropriate billing Dial-In system access (user dials from outside and gain access to normal feature of the PBX) Changing the user class of service so a user can access a different set of features (i.e. the override feature)   Fraud, user tracking, non authorized features Access Codes  Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones.   Non-authorized features Silent Monitoring  Silently monitors other calls   Eavesdropping Conferencing Allows for conversation among several users Eavesdropping, by adding unwanted/unknown parties to a conference override(intrude) Provides for the possibility to break into a busy line to inform another user an important message   Eavesdropping Auto-answer   Allows an instrument to automatically go when called usually gives an auditor or visible warning which can easily turned off   Gaining information not normally available, for various purpose Tenanting Limits system user access to only those users who belong to the same tenant group – useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc   Illegal usage, fraud, eavesdropping Voice mail Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines.  Disclosure or destruction of all messages of a user when that user's password in known or discovered by an intruder, disabling of the voice mail system and even the entire switch by lengthy messages or embedded codes, illegal access to external lines. Privacy release Supports shared extensions among several devices, ensuring that only one device at a time can use an extension. Privacy release disables the security by allowing devices to connect to an extension already in use.   Eavesdropping No busy extension Allows calls to an in-use extension to be added to a conference when that extension is on conference and already off-hook   Eavesdropping a conference in progress Diagnostics Allows for bypassing normal call restriction procedures. This kind of diagnostic is sometimes available from any connected device. It is a separate feature, in addition to the normal maintenance terminal or attendant diagnostics   Fraud and illegal usage Camp-on or call waiting When activated, sends a visual audible warning to an off-hook instrument that is receiving another call. Another option of this feature is to conference with the camped-on or call waiting   Making the called individual a party to a conference without knowing it. Dedicated connections  Connections made through the PBX without using the normal dialing sequences. It can be used to create hot-lines between devices i.e. one rings when the other goes off-hook. It is also used for data connections between devices and the central processing facility   Eavesdropping on a line The following were incorrect answers:Call forwarding - Allow specifying an alternate number to which calls will be forwarded based on certain condition Tenanting - Limits system user access to only those users who belong to the same tenant group useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc Voice Mail - Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines. The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 358
Automatic Call distribution allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available 
For your exam you should know below mentioned PBX features and Risks:
System Features 
Description 
Risk 
Automatic Call distribution 
Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available 
  
Tapping and control of traffic 
Call forwarding 
Allow specifying an alternate number to which calls will be forwarded based on certain condition 
User tracking 
Account codes 
  
Used to:
Track calls made by certain people or for certain projects for appropriate billing 
Dial-In system access (user dials from outside and gain access to normal feature of the PBX) 
Changing the user class of service so a user can access a different set of features (i.e. the override feature) 
  
Fraud, user tracking, non authorized features 
Access Codes  
Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones. 
  
Non-authorized features 
Silent Monitoring  
Silently monitors other calls 
  
Eavesdropping 
Conferencing 
Allows for conversation among several users 
Eavesdropping, by adding unwanted/unknown parties to a conference 
override(intrude) 
Provides for the possibility to break into a busy line to inform another user an important message 
  
Eavesdropping 
Auto-answer 
  
Allows an instrument to automatically go when called usually gives an auditor or visible warning which can easily turned off 
  
Gaining information not normally available, for various purpose 
Tenanting 
Limits system user access to only those users who belong to the same tenant group – useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc 
  
Illegal usage, fraud, eavesdropping 
Voice mail 
Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines.  
Disclosure or destruction of all messages of a user when that user's password in known or discovered by an intruder, disabling of the voice mail system and even the entire switch by lengthy messages or embedded codes, illegal access to external lines. 
Privacy release 
Supports shared extensions among several devices, ensuring that only one device at a time can use an extension. Privacy release disables the security by allowing devices to connect to an extension already in use. 
  
Eavesdropping 
No busy extension 
Allows calls to an in-use extension to be added to a conference when that extension is on conference and already off-hook 
  
Eavesdropping a conference in progress 
Diagnostics 
Allows for bypassing normal call restriction procedures. This kind of diagnostic is sometimes available from any connected device. It is a separate feature, in addition to the normal maintenance terminal or attendant diagnostics 
  
Fraud and illegal usage 
Camp-on or call waiting 
When activated, sends a visual audible warning to an off-hook instrument that is receiving another call. Another option of this feature is to conference with the camped-on or call waiting 
  
Making the called individual a party to a conference without knowing it. 
Dedicated connections  
Connections made through the PBX without using the normal dialing sequences. It can be used to create hot-lines between devices i.e. one rings when the other goes off-hook. It is also used for data connections between devices and the central processing facility 
  
Eavesdropping on a line 
The following were incorrect answers:
Call forwarding - Allow specifying an alternate number to which calls will be forwarded based on certain condition 
Tenanting - Limits system user access to only those users who belong to the same tenant group useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc 
Voice Mail - Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines. 
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 358
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!