The most common problem in the operation of an intrusion
detection system (IDS) is:
A. the detection of false positives.
B. receiving trap messages.
C. reject error rates.
D. denial-of-service attacks.
- 1 Answers
- 6956 Views
- ABC, I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Because of the configuration and the way IDS technology
operates, the main problem in operating IDSs is the
recognition (detection) of events that are not really
security incidents?false positives (equivalent of a false
alarm). The IS auditor needs to be aware of this, and should
check for implementation of related controls, such as IDS
tuning, incident handling procedures (like the screening
process to know if an event is a security incident or a
false positive). Trap messages are generated by the simple
network management protocol (SNMP) agents when an important
event happens, but are not particularly related to security
or IDSs. Reject error rate is related to biometric
technology and is not related to IDSs. Denial of service is
a type of attack and is not a problem in the operation of IDSs.
| Is This Answer Correct ? | 10 Yes | 0 No |
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but not the certificate authorities. B. Customers can make their transactions from any computer or mobile device. C. The certificate authority has several data processing subcenters to administrate certificates. D. The organization is the owner of the certificate authority.
An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low. B. hot sites can be used for an extended amount of time. C. hot sites can be made ready for operation within a short period of time. D. they do not require that equipment and systems software be compatible with the primary site.
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
For an online transaction processing system, transactions per second is a measure of: A. throughput. B. response time. C. turnaround time. D. uptime.
The most common reason for the failure of information systems to meet the needs of users is that: A. user needs are constantly changing. B. the growth of user requirements was forecast inaccurately. C. the hardware system limits the number of concurrent users. D. user participation in defining the system's requirements was inadequate.
Which of the following is the MOST reliable sender authentication method? A. Digital signatures B. Asymmetric cryptography C. Digital certificates D. Message authentication code
Various standards have emerged to assist IS organizations in achieving an operational environment that is predictable, measurable and repeatable. The standard that provides the definition of the characteristics and the associated quality evaluation process to be used when specifying the requirements for and evaluating the quality of software products throughout their life cycle is: A. ISO 9001. B. ISO 9002. C. ISO 9126. D. ISO 9003.
The BEST time to perform a control self-assessment involving line management, line staff and the audit department is at the time of: A. compliance testing. B. the preliminary survey. C. substantive testing. D. the preparation of the audit report.
Which of the following is an example of the physiological biometrics technique? A. Hand scans B. Voice scans C. Signature scans D. Keystroke monitoring
During a review of a large data center an IS auditor observed computer operators acting as backup tape librarians and security administrators. Which of these situations would be MOST critical to report? A. Computer operators acting as tape librarians B. Computer operators acting as security administrators C. Computer operators acting as a tape librarian and security administrator D. It is not necessary to report any of these situations.
A retail company recently installed data warehousing client software at geographically diverse sites. Due to time zone differences between the sites, updates to the warehouse are not synchronized. Which of the following will be affected the MOST? A. Data availability B. Data completeness C. Data redundancy D. Data inaccuracy
The device that connects two networks at the highest level of the ISO-OSI framework ( i.e., application layer) is a A. Gateway B. Router C. Bridge D. Brouter
Cisco Certifications 
