Isaca CISA Quiz 181 Topic 4 Questions 901-905

Question: 1

For a discretionary access control to be effective, it must:

Aoperate within the context of mandatory access controls.

Boperate independently of mandatory access controls.

Cenable users to override mandatory access controls when necessary.

Dbe specifically permitted by the security policy.

Show Answer

Question: 2

An IS auditor examining a biometric user authentication system establishes the existence of a control weakness that would allow an unauthorized individual to update the centralized database on the server that is used to store biometric templates. Ofthe following, which is the BEST control against this risk?

AKerberos

BVitality detection

CMultimodal biometrics

DBefore-image/after-image logging

Show Answer

Question: 3

From a control perspective, the PRIMARY objective of classifying information assets is to:

Aestablish guidelines for the level of access controls that should be assigned.

Bensure access controls are assigned to all information assets.

Cassist management and auditors in risk assessment.

Didentify which assets need to be insured against losses.

Show Answer

Question: 4

An organization has been recently downsized, in light of this, an IS auditor decides to test logical access controls. The IS auditor's PRIMARY concern should be that:

Aall system access is authorized and appropriate for an individual's role and responsibilities.

Bmanagement has authorized appropriate access for all newly-hired individuals.

Conly the system administrator has authority to grant or modify access to individuals.

Daccess authorization forms are used to grant or modify access to individuals.

Show Answer

Question: 5

The logical exposure associated with the use of a checkpoint restart procedure is:

Adenial of service.

Ban asynchronous attack.

Cwire tapping.

Dcomputer shutdown.

Show Answer

Isaca CISA Quiz:181 Topic:4 Questions:901-905