Free Access ISACA.CISA.v2026-02-11.q999 Practice Test (Page 15)

Question 66

The use of symmetric key encryption controls to protect sensitive data transmitted over a communications network requires that.

A.encryption keys be changed only when a compromise is detected at both ends

B.encryption keys at one end be changed on a regular basis

C.public keys be stored in encrypted form.

D.primary keys for encrypting the data be stored in encrypted form

Question 67

Which of the following is penetration test where the penetration tester is provided with limited or no knowledge of the target's information systems?

A.External Testing

B.Internal Testing

C.Blind Testing

D.Targeted Testing

Correct Answer: C

Explanation/Reference:
Blind Testing refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target. Such a testing is expensive, since the penetration tester has to research the target and profile it based on publicly available information.
For your exam you should know below mentioned penetration types
External Testing -Refers to attack and control circumvention attempts on a target's network perimeter from outside the target's system is usually the Internet
Internal Testing - Refers to attack and control circumvention attempt on target from within the perimeter.
The objective is to identify what would occur if the external perimeter was successfully compromised and/ or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target's information systems. Such a testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.
Double Blind Testing -It is an extension of blind testing, since the administrator and security staff at the target are also not aware of test. Such a testing can effectively evaluate the incident handling and response capability of the target.
Targeted Testing - Refers to attack and control circumvention attempts on the target, while both the target's IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design. Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
The following were incorrect answers:
External Testing -Refers to attack and control circumvention attempts on a target's network perimeter from outside the target's system is usually the Internet
Internal Testing - Refers to attack and control circumvention attempt on target from within the perimeter.
The objective is to identify what would occur if the external perimeter was successfully compromised and/ or an authorized user from within the network wanted to compromise security of a specific resource on a network.
Targeted Testing - Refers to attack and control circumvention attempts on the target, while both the target's IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design. Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.
The Following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 369

Question 68

IT disaster recovery time objectives (RTOs) should be based on the:

A.business-defined criticality of the systems.

B.nature of the outage

C.maximum tolerable downtime (MTD).

D.maximum tolerable loss of data.

Question 69

An accounting department uses a spreadsheet lo calculate sensitive financial transactions Which of the following is the MOST important control for maintaining the security of data m the spreadsheet?

A.Access to the spreadsheet is given only to those who require access

B.There is a reconciliation process between the spreadsheet and the finance system

C.A separate copy of the spreadsheet is routinely backed up

D.The spreadsheet is locked down to avoid inadvertent changes

Question 70

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

A.The IS auditor implemented a specific control during the development of the application system.

B.The IS auditor provided consulting advice concerning application system best practices.

C.The IS auditor designed an embedded audit module exclusively for auditing the application system.

D.The IS auditor participated as a member of the application system project team, but did not have operational responsibilities.

Other Version: 5724ISACA.CISA.v2026-01-26.q999; 9530ISACA.CISA.v2025-05-24.q773; 3187ISACA.CISA.v2024-10-22.q310; 7453ISACA.CISA.v2023-10-02.q715; 4769ISACA.CISA.v2023-03-29.q119; 3557ISACA.CISA.v2023-02-09.q181; 2208ISACA.CISA.v2023-02-06.q107; 3732ISACA.CISA.v2022-08-28.q129; 5165ISACA.CISA.v2022-02-25.q148; 127ISACA.Actualtestpdf.CISA.v2021-11-13.by.sarah.721q.pdf; 6822ISACA.CISA.v2021-11-11.q194; 10345ISACA.CISA.v2021-10-08.q198; 11418ISACA.CISA.v2021-09-28.q199; 13605ISACA.CISA.v2021-09-11.q201

Latest Upload: 203PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 305Nokia.4A0-113.v2026-05-01.q69; 266EC-COUNCIL.312-49v11.v2026-04-30.q214; 230Microsoft.MB-820.v2026-04-30.q101; 213Salesforce.MC-202.v2026-04-30.q57; 208BICSI.INSTC_V8.v2026-04-29.q53; 340NMLS.MLO.v2026-04-28.q82; 245NCARB.Project-Management.v2026-04-28.q27; 466EMC.D-AV-DY-23.v2026-04-27.q184; 1126ServiceNow.CSA.v2026-04-27.q483

Question 66

Question 67

Question 68

Question 69

Question 70

Download PDF File