CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 262
1. Which of the following satisfies a two-factor user authentication?
A) Iris scanning plus fingerprint scanning
B) Terminal ID plus global positioning system (GPS)
C) A smart card requiring the user's PIN
D) User ID along with password
2. What is the MOST effective method of preventing unauthorized use of data files?
A) Automated file entry
B) Tape librarian
C) Access control software
D) Locked library
3. Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility?
A) Security awareness
B) Reading the security policy
C) Security committee
D) Logical access controls
4. When reviewing an organization's logical access security, which of the following should be of MOST concern to an IS auditor?
A) Passwords are not shared.
B) Password files are not encrypted.
C) Redundant logon IDs are deleted.
D) The allocation of logon IDs is controlled.
5. When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator?
A) Read access to data
B) Delete access to transaction data files
C) Logged read/execute access to programs
D) Update access to job control language/script files
A) Iris scanning plus fingerprint scanning
B) Terminal ID plus global positioning system (GPS)
C) A smart card requiring the user's PIN
D) User ID along with password
2. What is the MOST effective method of preventing unauthorized use of data files?
A) Automated file entry
B) Tape librarian
C) Access control software
D) Locked library
3. Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility?
A) Security awareness
B) Reading the security policy
C) Security committee
D) Logical access controls
4. When reviewing an organization's logical access security, which of the following should be of MOST concern to an IS auditor?
A) Passwords are not shared.
B) Password files are not encrypted.
C) Redundant logon IDs are deleted.
D) The allocation of logon IDs is controlled.
5. When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator?
A) Read access to data
B) Delete access to transaction data files
C) Logged read/execute access to programs
D) Update access to job control language/script files
1. Right Answer: C
Explanation: A smart card addresses what the user has. This is generally used in conjunction with testing what the user knows, e.g., a keyboard password or personal identification number (PIN). Proving who the user is usually requires a biometrics method, such as fingerprint, iris scan or voice verification, to prove biology. This is not a two-factor user authentication, because it proves only who the user is. A global positioning system (GPS) receiver reports on where the user is. The use of an ID and password (what the user knows) is a single- factor user authentication.
2. Right Answer: C
Explanation: Access control software is an active control designed to prevent unauthorized access to data.
3. Right Answer: D
Explanation: To retain a competitive advantage and meet basic business requirements, organizations must ensure that the integrity of the information stored on their computer systems preserve the confidentiality of sensitive data and ensure the continued availability of their information systems. To meet these goals, logical access controls must be in place. Awareness (choice A) itself does not protect against unauthorized access or disclosure of information. Knowledge of an information systems security policy (choice B), which should be known by the organization's employees, would help to protect information, but would not prevent the unauthorized access of information. A security committee (choice C) is key to the protection of information assets, but would address security issues within a broader perspective.
4. Right Answer: B
Explanation: When evaluating the technical aspects of logical security, unencrypted files represent the greatest risk. The sharing of passwords, checking for the redundancy of logon IDs and proper logon ID procedures are essential, but they are less important than ensuring that the password files are encrypted.
5. Right Answer: B
Explanation: Deletion of transaction data files should be a function of the application support team, not operations staff. Read access to production data is a normal requirement of a computer operator, as is logged access to programs and access to JCL to control job execution.
Explanation: A smart card addresses what the user has. This is generally used in conjunction with testing what the user knows, e.g., a keyboard password or personal identification number (PIN). Proving who the user is usually requires a biometrics method, such as fingerprint, iris scan or voice verification, to prove biology. This is not a two-factor user authentication, because it proves only who the user is. A global positioning system (GPS) receiver reports on where the user is. The use of an ID and password (what the user knows) is a single- factor user authentication.
2. Right Answer: C
Explanation: Access control software is an active control designed to prevent unauthorized access to data.
3. Right Answer: D
Explanation: To retain a competitive advantage and meet basic business requirements, organizations must ensure that the integrity of the information stored on their computer systems preserve the confidentiality of sensitive data and ensure the continued availability of their information systems. To meet these goals, logical access controls must be in place. Awareness (choice A) itself does not protect against unauthorized access or disclosure of information. Knowledge of an information systems security policy (choice B), which should be known by the organization's employees, would help to protect information, but would not prevent the unauthorized access of information. A security committee (choice C) is key to the protection of information assets, but would address security issues within a broader perspective.
4. Right Answer: B
Explanation: When evaluating the technical aspects of logical security, unencrypted files represent the greatest risk. The sharing of passwords, checking for the redundancy of logon IDs and proper logon ID procedures are essential, but they are less important than ensuring that the password files are encrypted.
5. Right Answer: B
Explanation: Deletion of transaction data files should be a function of the application support team, not operations staff. Read access to production data is a normal requirement of a computer operator, as is logged access to programs and access to JCL to control job execution.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment