Inspirational journeys

Follow the stories of academics and their research expeditions

CISA—Certified Information Systems Auditor - Part 305

Mary Smith

Tue, 21 Apr 2026

CISA—Certified Information Systems Auditor - Part 305

1. An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators isMOST important?

A) False-acceptance rate (FAR)
B) Equal-error rate (EER)
C) False-rejection rate (FRR)
D) False-identification rate (FIR)



2. The MOST effective control for addressing the risk of piggybacking is:

A) a single entry point with a receptionist.
B) the use of smart cards.
C) a biometric door lock.
D) a deadman door.



3. The BEST overall quantitative measure of the performance of biometric control devices is:

A) false-rejection rate.
B) false-acceptance rate.
C) equal-error rate.
D) estimated-error rate.



4. Which of the following is the MOST effective control over visitor access to a data center?

A) Visitors are escorted.
B) Visitor badges are required.
C) Visitors sign in.
D) Visitors are spot-checked by operators.



5. The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?

A) Replay
B) Brute force
C) Cryptographic
D) Mimic



1. Right Answer: A
Explanation: FAR is the frequency of accepting an unauthorized person as authorized, thereby granting access when it should be denied, in an organization with high security requirements, user annoyance with a higher FRR is less important, since it is better to deny access to an authorized individual than to grant access to an unauthorized individual. EER is the point where the FAR equals the FRR; therefore, it does not minimize the FAR. FIR is the probability that an authorized person is identified, but is assigned a false ID.

2. Right Answer: D
Explanation: Deadman doors are a system of using a pair of (two) doors. For the second door to operate, the first entry door must close and lock with only one person permitted in the holding areA. This reduces the risk of an unauthorized person following an authorized person through a secured entry (piggybacking). The other choices are all physical controls over entry to a secure area but do not specifically address the risk of piggybacking.

3. Right Answer: C
Explanation: A low equal-error rate (EER) is a combination of a low false-rejection rate and a low false- acceptance rate. EER, expressed as a percentage, is a measure of the number of times that the false-rejection and false-acceptance rates are equal. A low EER is the measure of the more effective biometrics control device. Low false-rejection rates or low false- acceptance rates alone do not measure the efficiency of the device. Estimated-error rate is nonexistent and therefore irrelevant.

4. Right Answer: A
Explanation: Escorting visitors will provide the best assurance that visitors have permission to access the data processing facility. Choices B and C are not reliable controls.Choice D is incorrect because visitors should be accompanied at all times while they are on the premises, not only when they are in the data processing facility.

5. Right Answer: A
Explanation: Residual biometric characteristics, such as fingerprints left on a biometric capture device, may be reused by an attacker to gain unauthorized access. A brute force attack involves feeding the biometric capture device numerous different biometric samples. A cryptographic attack targets the algorithm or the encrypted data, in a mimic attack, the attacker reproduces characteristics similar to those of the enrolled user, such as forging a signature or imitating a voice.

0 Comments

Leave a comment