An IS auditor, in evaluating proposed biometric control
devices reviews the false rejection rates (FRRs), false
acceptance rates (FARs) and equal error rates (ERRs) of
three different devices. The IS auditor should recommend
acquiring the device having the:
A. least ERR.
B. most ERR.
C. least FRR but most FAR.
D. least FAR but most FRR.
- 1 Answers
- 3768 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Equal error rate is the percent of times the false rejection
and acceptance are equal. The lower the overall measure, the
more effective the biometric. Neither a higher false
rejection rate nor false acceptance rate is desirable.
| Is This Answer Correct ? | 4 Yes | 0 No |
Which of the following risks would be increased by the installation of a database system? A. Programming errors B. Data entry errors C. Improper file access D. Loss of parity
Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.
Which of the following is an output control objective? A. Maintenance of accurate batch registers B. Completeness of batch processing C. Appropriate accounting for rejections and exceptions D. Authorization of file updates
When a PC that has been used for the storage of confidential data is sold on the open market the: A. hard disk should be demagnetized. B. hard disk should be mid-level formatted.s C. data on the hard disk should be deleted. D. data on the hard disk should be defragmented.
A network diagnostic tool that monitors and records network information is a/an: A. online monitor. B. downtime report. C. help desk report. D. protocol analyzer.
The impact of EDI on internal controls will be: A. that fewer opportunities for review and authorization will exist. B. an inherent authentication. C. a proper distribution of EDI transactions while in the possession of third parties. D. that IPF management will have increased responsibilities over data center controls.
The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest? A. Relocate the shut off switch. B. Install protective covers. C. Escort visitors. D. Log environmental failures.
Which of the following would be the LEAST helpful in restoring service from an incident currently underway? A. Developing a database repository of past incidents and actions to facilitate future corrective actions B. Declaring the incident, which not only helps to carry out corrective measures, but also improves the awareness level C. Developing a detailed operations plan that outlines specific actions to be taken to recover from an incident D. Establishing multidisciplinary teams consisting of executive management, security staff, information systems staff, legal counsel, public relations, etc., to carry out the response.
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
A data center has a badge-entry system. Which of the following is MOSTimportant to protect the computing assets in the center? A. Badge readers are installed in locations where tampering would be noticed B. The computer that controls the badge system is backed up frequently C. A process for promptly deactivating lost or stolen badges exists D. All badge entry attempts are logged
When reviewing the quality of an IS department's development process, the IS auditor finds that they do not use any formal, documented methodology and standards. The IS auditor's MOST appropriate action would be to: A. complete the audit and report the finding. B. investigate and recommend appropriate formal standards. C. document the informal standards and test for compliance. D. withdraw and recommend a further audit when standards are implemented.
Which of the following is a strength of a client-server security system? A. Change control and change management procedures are inherently strong. B. Users can manipulate data without controlling resources on the mainframe. C. Network components seldom become obsolete. D. Access to confidential data or data manipulation is controlled tightly.
Cisco Certifications 
