A data center has a badge-entry system. Which of the
following is MOSTimportant to protect the computing assets
in the center?
A. Badge readers are installed in locations where tampering
would be noticed
B. The computer that controls the badge system is backed up
frequently
C. A process for promptly deactivating lost or stolen badges
exists
D. All badge entry attempts are logged
- 5 Answers
- 8548 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / baboo
The badge entry system is an access control mecahnism, which helps protect company assest by providing access based on business needs. The process of removing logical access when the badge is lost/employee leaves the organisation, contributes MOST to protection of assets.
Choice A, Tampering of badges is very difficult practically and may not be a feasible option.
Choice D, Logging is not a control. Reviewing logs is a control.
Backing up badge system is would not protect the organisation assets.
| Is This Answer Correct ? | 8 Yes | 1 No |
Answer / abir
C. A process for promptly deactivating lost or stolen badges exists
| Is This Answer Correct ? | 1 Yes | 0 No |
Answer / dinesh
The choices A,C and D are important to protect the assets
in data center. The question might be Which one is "Least
important". Kindly clarify.
| Is This Answer Correct ? | 0 Yes | 2 No |
Answer / guest
Choice D appears to be the appropriate answer in the sense that all badge entry attempts, successful or not are logged. This log can be reviewed for any malicious attempt to access the data center
| Is This Answer Correct ? | 0 Yes | 4 No |
Answer / s.arun
The computer that controls the badge system is backed up
frequently
| Is This Answer Correct ? | 0 Yes | 6 No |
Electromagnetic emissions from a terminal represent an exposure because they: A. affect noise pollution. B. disrupt processor functions. C. produce dangerous levels of electric current. D. can be detected and displayed.
Which of the following issues should be included in the business continuity plan? A. The staff required to maintain critical business functions in the short, medium and long term B. The potential for a natural disaster to occur, such as an earthquake C. Disastrous events impacting information systems processing and end-user functions D. A risk analysis that considers systems malfunctions, accidental file deletions or other failures
Prices are charged on the basis of a standard master file rate that changes as volume increases. Any exceptions must be manually approved. What is the MOST effective automated control to help ensure that all price exceptions are approved? A. All amounts are displayed back to the data entry clerk, who must verify them visually. B. Prices outside the normal range should be entered twice to verify data entry accuracy. C. The system beeps when price exceptions are entered and prints such occurrences on a report. D. A second-level password must be entered before a price exception can be processed.
Which of the following is a dynamic analysis tool for the purpose of testing software modules? A. Blackbox test B. Desk checking C. Structured walk-through D. Design and code
Receiving an EDI transaction and passing it through the communications interface stage usually requires: A. translating and unbundling transactions. B. routing verification procedures. C. passing data to the appropriate application system. D. creating a point of receipt audit log.
Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant? A. Ownership of program and files B. Statement of due care and confidentiality C. Continued service of outsourcer in the event of a disaster D. Detailed description of computer hardware used by the vendor
The technique used to ensure security in virtual private networks (VPNs) is: A. encapsulation. B. wrapping. C. transform. D. encryption.
The use of coding standards is encouraged by IS auditors because they: A. define access control tables. B. detail program documentation. C. standardize dataflow diagram methodology. D. ensure compliance with field naming conventions.
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
Which of the following audit procedures would MOST likely be used in an audit of a systems development project? A. Develop test transactions B. Use code comparison utilities C. Develop audit software programs D. Review functional requirements documentation
At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should: A. report the error as a finding and leave further exploration to the auditee's discretion. B. attempt to resolve the error. C. recommend that problem resolution be escalated. D. ignore the error, as it is not possible to get objective evidence for the software error.
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.
Cisco Certifications 
