ISACA 801-900 Flashcards
An accuracy measure for a biometric system is:
A. system response time.
B. registration time.
C. input file size.
D. false-acceptance rate (FAR).
D. false-acceptance rate (FAR).
After reviewing its business processes, a large organization is deploying a new web application based on a Voice-over Internet Protocol (VoIP) technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?
A. Fine-grained access control
B. Role-based access control (RBAC)
C. Access control lists
D. Network/service access control
B. Role-based access control (RBAC)
The BEST overall quantitative measure of the performance of biometric control devices is:
A. false-rejection rate (FRR).
B. false-acceptance rate (FAR).
C. equal-error rate (EER).
D. estimated-error rate.
C. equal-error rate (EER).
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site’s address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor’s GREATEST concern with this process is that:
A. the users may not remember to manually encrypt the data before transmission.
B. the site credentials were sent to the financial services company via email.
C. personnel at the consulting firm may obtain access to sensitive data.
D. the use of a shared user ID to the FTP site does not allow for user accountability.
A. the users may not remember to manually encrypt the data before transmission.
A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?
A. Badge readers are installed in locations where tampering would be noticed.
B. The computer that controls the badge system is backed up frequently.
C. A process for promptly deactivating lost or stolen badges exists.
D. All badge entry attempts are logged.
C. A process for promptly deactivating lost or stolen badges exists.
During an audit, the IS auditor notes that the application developer also performs quality assurance testing on a particular application. Which of the following should the IS auditor do?
A. Recommend compensating controls.
B. Review the code created by the developer.
C. Analyze the quality assurance dashboards.
D. Report the identified condition.
D. Report the identified condition.
During an IS risk assessment of a healthcare organization regarding protected healthcare information (PHI), an IS auditor interviews IS management. Which of the following findings from the interviews would be of MOST concern to the IS auditor?
A. The organization does not encrypt all of its outgoing email messages.
B. Staff have to type “[PHI]” in the subject field of email messages to be encrypted.
C. An individual’s computer screen saver function is disabled.
D. Server configuration requires the user to change the password annually.
B. Staff have to type “[PHI]” in the subject field of email messages to be encrypted.
