Which of the following security techniques is the BEST
method for authenticating a user's identity?
A. Smart card
B. Biometrics
C. Challenge-response token
D. User ID and password
- 1 Answers
- 4064 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Biometrics is a security technique that verifies an
individual's identity by analyzing a physical attribute,
which is unique to that individual, e.g. a handprint. Hence,
biometrics ensures that the person who is authorized to
access the system is in actuality the person accessing the
system. Smart card (choice A) is an intelligent credit
card-sized device with a chip. Anybody having the possession
of the smart card and knowing the password can access the
system since the system is unable to know whether the
authorized user is using the smart card or not. A
challenge-response token (choice C) is a method of
authenticating a user, but the system is unable to know
whether the authorized user is using the token or not. User
ID and password (choice D) are things that could be known by
another individual.
| Is This Answer Correct ? | 6 Yes | 0 No |
The PRIMARY purpose of compliance tests is to verify whether: A. controls are implemented as prescribed. B. documentation is accurate and current. C. access to users is provided as specified. D. data validation procedures are provided.
An IS auditor has just completed a review of an organization that has a mainframe and a client-server environment where all production data reside. Which of the following weaknesses would be considered the MOST serious? A. The security officer also serves as the database administrator (DBA.) B. Password controls are not administered over the client/server environment. C. There is no business continuity plan for the mainframe system?s non-critical applications. D. Most LANs do not back up file server fixed disks regularly.
An IS auditor when reviewing a network used for Internet communications, will FIRST examine the: A. validity of passwords change occurrences. B. architecture of the client-server application. C. network architecture and design. D. firewall protection and proxy servers.
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP). B. A digital signature with RSA has been implemented. C. Digital certificates with RSA are being used. D. Work is being completed in TCP services.
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
Which of the following findings would an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault? A. There are three individuals with a key to enter the area. B. Paper documents also are stored in the offsite vault. C. Data files, which are stored in the vault, are synchronized. D. The offsite vault is located in a separate facility.
Which of the following types of transmission media provide the BEST security against unauthorized access? A. Copper wire B. Twisted pair C. Fiber-optic cables D. Coaxial cables
Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization? A. Alternate site selection B. Business impact analysis C. Test procedures and frequency D. Information classification
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the: A. EDI trading partner agreements. B. physical controls for terminals. C. authentication techniques for sending and receiving messages. D. program change control procedures.
Cisco Certifications 
