Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following security techniques is the BEST
method for authenticating a user's identity?
A. Smart card
B. Biometrics
C. Challenge-response token
D. User ID and password
- 1 Answers
- 4740 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Biometrics is a security technique that verifies an
individual's identity by analyzing a physical attribute,
which is unique to that individual, e.g. a handprint. Hence,
biometrics ensures that the person who is authorized to
access the system is in actuality the person accessing the
system. Smart card (choice A) is an intelligent credit
card-sized device with a chip. Anybody having the possession
of the smart card and knowing the password can access the
system since the system is unable to know whether the
authorized user is using the smart card or not. A
challenge-response token (choice C) is a method of
authenticating a user, but the system is unable to know
whether the authorized user is using the token or not. User
ID and password (choice D) are things that could be known by
another individual.
| Is This Answer Correct ? | 6 Yes | 0 No |
In a system development project the purpose of the program and procedure development phase is to: A. prepare, test and document all programs and manual procedures. B. document a business or system problem to a level at which management can select a solution. C. prepare a high-level design of a proposed system solution and present reasons for adopting a solution. D. expand the general design of an approved solution so that program and procedure writing can begin.
Which of the following would provide a mechanism whereby IS management can determine if the activities of the organization have deviated from the planned or expected levels? A. Quality management B. IS assessment methods C. Management principles D. Industry standards/benchmarking
To develop a successful business continuity plan, end user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis D. Testing and maintenance
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
The editing/validation of data entered at a remote site would be performed MOST effectively at the: A. central processing site after running the application system. B. central processing site during the running of the application system. C. remote processing site after transmission to the central processing site. D. remote processing site prior to transmission of the data to the central processing site.
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review? A. System access log files B. Enabled access control software parameters C. Logs of access control violations D. System configuration files for control options used
An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.
Which of the following is the PRIMARY reason for involving an IS auditor in the definition of a system's requirements? A. Post-application reviews do not need to be performed. B. Total budgeted system development costs can be reduced. C. It is costly to institute controls after a system becomes operational. D. The extent of user involvement in design activities is reduced.
Cisco Certifications 
