The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1841
- Question
- Answer
- Explanation
- CISA Question 1842
- Question
- Answer
- Explanation
- CISA Question 1843
- Question
- Answer
- Explanation
- CISA Question 1844
- Question
- Answer
- Explanation
- CISA Question 1845
- Question
- Answer
- Explanation
- CISA Question 1846
- Question
- Answer
- Explanation
- CISA Question 1847
- Question
- Answer
- Explanation
- CISA Question 1848
- Question
- Answer
- Explanation
- CISA Question 1849
- Question
- Answer
- Explanation
- CISA Question 1850
- Question
- Answer
- Explanation
CISA Question 1841
Question
The purpose of a deadman door controlling access to a computer facility is primarily to:
A. prevent piggybacking.
B. prevent toxic gases from entering the data center.
C. starve a fire of oxygen.
D. prevent an excessively rapid entry to, or exit from, the facility.
Answer
A. prevent piggybacking.
Explanation
The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplished with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e.g., a fire.
CISA Question 1842
Question
The MOST likely explanation for a successful social engineering attack is:
A. that computers make logic errors.
B. that people make judgment errors.
C. the computer knowledge of the attackers.
D. the technological sophistication of the attack method.
Answer
B. that people make judgment errors.
Explanation
Humans make errors in judging others; they may trust someone when, in fact, the person is untrustworthy. Driven by logic, computers make the same error every time they execute the erroneous logic; however, this is not the basic argument in designing a social engineering attack.
Generally, social engineering attacks do not require technological expertise; often, the attacker is not proficient in information technology or systems. Social engineering attacks are human-based and generally do not involve complicated technology.
CISA Question 1843
Question
Which of the following biometrics has the highest reliability and lowest false-acceptance rate (FAR)?
A. Palm scan
B. Face recognition
C. Retina scan
D. Hand geometry
Answer
C. Retina scan
Explanation
Retina scan uses optical technology to map the capillary pattern of an eye’s retina. This is highly reliable and has the lowest false-acceptance rate (FAR) among the current biometric methods. Use of palm scanning entails placing a hand on a scanner where a palm’s physical characteristics are captured. Hand geometry, one of the oldest techniques, measures the physical characteristics of the user’s hands and fingers from a three dimensional perspective. The palm and hand biometric techniques lack uniqueness in the geometry data. In face biometrics, a reader analyzes the images captured for general facial characteristics. Though considered a natural and friendly biometric, the main disadvantage of face recognition is the lack of uniqueness, which means that people looking alike can fool the device.
CISA Question 1844
Question
A firm is considering using biometric fingerprint identification on all PCs that access critical datA. This requires:
A. that a registration process is executed for all accredited PC users.
B. the full elimination of the risk of a false acceptance.
C. the usage of the fingerprint reader be accessed by a separate password.
D. assurance that it will be impossible to gain unauthorized access to critical data.
Answer
A. that a registration process is executed for all accredited PC users.
Explanation
The fingerprints of accredited users need to be read, identified and recorded, i.e., registered, before a user may operate the system from the screened PCs.
Choice B is incorrect, as the false- acceptance risk of a biometric device may be optimized, but will never be zero because this would imply an unacceptably high risk of false rejection. Choice C is incorrect, as the fingerprint device reads the token (the user’s fingerprint) and does not need to be protected in itself by a password. Choice Dis incorrect because the usage of biometric protection on PCs does not guarantee that other potential security weaknesses in the system may not be exploited to access protected data.
CISA Question 1845
Question
The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?
A. Replay
B. Brute force
C. Cryptographic
D. Mimic
Answer
A. Replay
Explanation
Residual biometric characteristics, such as fingerprints left on a biometric capture device, may be reused by an attacker to gain unauthorized access. A brute force attack involves feeding the biometric capture device numerous different biometric samples. A cryptographic attack targets the algorithm or the encrypted data, in a mimic attack, the attacker reproduces characteristics similar to those of the enrolled user, such as forging a signature or imitating a voice.
CISA Question 1846
Question
Which of the following is the MOST effective control over visitor access to a data center?
A. Visitors are escorted.
B. Visitor badges are required.
C. Visitors sign in.
D. Visitors are spot-checked by operators.
Answer
A. Visitors are escorted.
Explanation
Escorting visitors will provide the best assurance that visitors have permission to access the data processing facility. Choices B and C are not reliable controls.
Choice D is incorrect because visitors should be accompanied at all times while they are on the premises, not only when they are in the data processing facility.
CISA Question 1847
Question
The BEST overall quantitative measure of the performance of biometric control devices is:
A. false-rejection rate.
B. false-acceptance rate.
C. equal-error rate.
D. estimated-error rate.
Answer
C. equal-error rate.
Explanation
A low equal-error rate (EER) is a combination of a low false-rejection rate and a low false- acceptance rate. EER, expressed as a percentage, is a measure of the number of times that the false-rejection and false-acceptance rates are equal. A low EER is the measure of the more effective biometrics control device. Low false-rejection rates or low false- acceptance rates alone do not measure the efficiency of the device. Estimatederror rate is nonexistent and therefore irrelevant.
CISA Question 1848
Question
The MOST effective control for addressing the risk of piggybacking is:
A. a single entry point with a receptionist.
B. the use of smart cards.
C. a biometric door lock.
D. a deadman door.
Answer
D. a deadman door.
Explanation
Deadman doors are a system of using a pair of (two) doors. For the second door to operate, the first entry door must close and lock with only one person permitted in the holding areA. This reduces the risk of an unauthorized person following an authorized person through a secured entry (piggybacking). The other choices are all physical controls over entry to a secure area but do not specifically address the risk of piggybacking.
CISA Question 1849
Question
An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?
A. False-acceptance rate (FAR)
B. Equal-error rate (EER)
C. False-rejection rate (FRR)
D. False-identification rate (FIR)
Answer
A. False-acceptance rate (FAR)
Explanation
FAR is the frequency of accepting an unauthorized person as authorized, thereby granting access when it should be denied, in an organization with high security requirements, user annoyance with a higher FRR is less important, since it is better to deny access to an authorized individual than to grant access to an unauthorized individual. EER is the point where the FAR equals the FRR; therefore, it does not minimize the FAR. FIR is the probability that an authorized person is identified, but is assigned a false ID.
CISA Question 1850
Question
What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?
A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized.
B. The contingency plan for the organization cannot effectively test controlled access practices.
C. Access cards, keys and pads can be easily duplicated allowing easy compromise of the control.
D. Removing access for those who are no longer authorized is complex.
Answer
A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized.
Explanation
The concept of piggybacking compromises all physical control established. Choice B would be of minimal concern in a disaster recovery environment. Items in choice C are not easily duplicated. Regarding choice D, while technology is constantly changing, card keys have existed for some time and appear to be a viable option for the foreseeable future.