Ensurepass

 

QUESTION 711

Which of the following is an example of the defense in-depth security principle?

 

A.

Using two firewalls of different vendors to consecutively check the incoming network traffic

B.

Using a firewall as well as logical access controls on the hosts to control incoming network traffic

C.

Having no physical signs on the outside of a computer center building

D.

Using two firewalls in parallel to check different types of incoming traffic

 

Correct Answer: B

Explanation:

Defense in-depth means using different security mechanisms that back each other up. When network traffic passes the firewall unintentionally, the logical access controls form a secon
d line of defense. Using two firewalls of different vendors to consecutively check the incoming network traffic is an example of diversity in defense. The firewalls are the same security mechanisms. By using two different products the probability of both products having the same vulnerabilities is diminished. Havingno physical signs on the outside of a computer center building is a single security measure. Using two firewalls in parallel to check different types of incoming traffic is a single security mechanism and therefore no different than having a single firewall checking all traffic.

 

 

QUESTION 712

The MOST effective biometric control system is the one:

 

A.

which has the highest equal-error rate (EER).

B.

which has the lowest EER.

C.

for which the false-rejection rate (FRR) is equal to the false-acceptance rate (FAR).

D.

for which the FRR is equal to the failure-to-enroll rate (FER).

 

Correct Answer: B

Explanation:

The equal-error rate (EER) of a biometric system denotes the percent at which the false- acceptance rate (FAR) is equal to the false-rejection rate (FRR). The biometric that has the lowest EER is the most effective. The biometric that has the highestEER is the most ineffective. For any biometric, there will be a measure at which the FRR will be equal to the FAR. This is the EER. FER is an aggregate measure of FRR.

 

 

QUESTION 713

An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?

 

A.

False-acceptance rate (FAR)

B.

Equal-error rate (EER)

C.

False-rejection rate (FRR)

D.

False-identification rate (FIR)

 

Correct Answer: A

Explanation:

FAR is the frequency of accepting an unauthorized person as authorized, thereby granting access when it should be denied, in an organization with high security requirements, user annoyance with a higher FRR is less important, since it is better to deny access to an authorized individual than to grant access to an unauthorized individual. EER is the point where the FAR equals the FRR; therefore, it does not minimize the FAR. FIR is the probability that an authorized person is identified, but is assigned a false ID.

 

 

 

 

 

 

 

 

 

QUESTION 714

An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the nonupgradeabie access points. Which of the following would BEST justify the IS auditor’s recommendation?

 

A.

The new access points with stronger security are affordable.

B.

The old access points are poorer in terms of performance.

C.

The organization’s security would be as strong as its weakest points.

D.

The new access points are easier to manage.

 

Correct Answer: C

Explanation:

The old access points should be discarded and replaced with products having strong security; otherwise, they will leave security holes open for attackers and thus make the entire network as weak as they are. Affordability is not the auditor’s major concern. Performance is not as important as security in this situation. Product manageability is not the IS auditor’s concern.

 

 

QUESTION 715

The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all:

 

A.

outgoing traffic with IP source addresses externa! to the network.

B.

incoming traffic with discernible spoofed IP source addresses.

C.

incoming traffic with IP options set.

D.

incoming traffic to critical hosts.

 

Correct Answer: A

Explanation:

Outgoing traffic with an IP source address different than the IP range in the network is invalid, in most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack.

 

 

QUESTION 716

The GREATEST risk when end users have access to a database at its system level, instead of through the application, is that the users can:

 

A.

make unauthorized changes to the database directly, without an audit trail.

B.

make use of a system query language (SQL) to access information.

C.

remotely access the database.

D.

update data without authentication.

 

Correct Answer: A

Explanation:

Having access to the database could provide access to database utilities, which can update the database without an audit trail and without using the application. Using SQL only provides read access to information, in a networked environment, accessing the database remotely does not make a difference.

What is critical is what is possible or completed through this access. To access a database, it is necessary that a user is authenticated using a user ID.

 

 

QUESTION 717

The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?

 

A.

Replay

B.

Brute force

C.

Cryptographic

D.

Mimic

 

Correct Answer: A

Explanation:

Residual biometric characteristics, such as fingerprints left on a biometric capture device, may be reused by an attacker to gain unauthorized access. A brute force attack involves feeding the biometric capture device numerous different biometric samples. A cryptographic attack targets the algorithm or the encrypted data, in a mimic attack, the attacker reproduces characteristics similar to those of the enrolled user, such as forging a signature or imitating a voice.

 

 

QUESTION 718

The implementation of access controls FIRST requires:

 

A.

a classification of IS resources.

B.

the labeling of IS resources.

C.

the creation of an access control list.

D.

an inventory of IS resources.

 

Correct Answer: D

 

 

QUESTION 719

During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:

 

A.

an unauthorized user may use the ID to gain access.

B.

user access management is time consuming.

C.

passwords are easily guessed.

D.

user accountability may not be established.

 

Correct Answer: D

Explanation:

The use of a single user ID by more than one individual precludes knowing who in fact used that ID to access a system; therefore, it is literally impossible to hold anyone accountable. All user IDs, not just shared IDs, can be used by unauthorized individuals. Access management would not be any different with shared IDs, and shared user IDs do not necessarily have easily guessed passwords.

 

 

QUESTION 720

The PRIMARY objective of a logical access control review is to:

 

A.

review access controls provided through software.

B.

ensure access is granted per the organization’s authorities.

C.

walk through and assess the access provided in the IT environment.

D.

provide assurance that computer hardware is adequately protected against abuse.

 

Correct Answer: B

Explanation:

The scope of a logical access control review is primarily to determine whether or not access is granted per the organization’s authorizations. Choices A and C relate to procedures of a logical access control review, rather than objectives. Choice D is relevant to a physical access control review.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.