CISAβCertified Information Systems Auditor - Part 308
1. An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that:
A) nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity.
B) access cards are not labeled with the organization's name and address to facilitate easy return of a lost card.
C) card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards.
D) the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure.
2. Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?
A) Overwriting the tapes
B) initializing the tape labels
C) Degaussing the tapes
D) Erasing the tapes
3. Which of the following is the MOST important objective of data protection?
A) identifying persons who need access to information
B) Ensuring the integrity of information
C) Denying or authorizing access to the IS system
D) Monitoring logical accesses
4. Which of the following aspects of symmetric key encryption influenced the development of asymmetric encryption?
A) Processing power
B) Volume of data
C) Key distribution
D) Complexity of the algorithm
5. A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?
A) Rewrite the hard disk with random Os and Is.
B) Low-level format the hard disk.
C) Demagnetize the hard disk.
D) Physically destroy the hard disk.
A) nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity.
B) access cards are not labeled with the organization's name and address to facilitate easy return of a lost card.
C) card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards.
D) the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure.
2. Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?
A) Overwriting the tapes
B) initializing the tape labels
C) Degaussing the tapes
D) Erasing the tapes
3. Which of the following is the MOST important objective of data protection?
A) identifying persons who need access to information
B) Ensuring the integrity of information
C) Denying or authorizing access to the IS system
D) Monitoring logical accesses
4. Which of the following aspects of symmetric key encryption influenced the development of asymmetric encryption?
A) Processing power
B) Volume of data
C) Key distribution
D) Complexity of the algorithm
5. A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?
A) Rewrite the hard disk with random Os and Is.
B) Low-level format the hard disk.
C) Demagnetize the hard disk.
D) Physically destroy the hard disk.
1. Right Answer: A
Explanation: Physical security is meant to control who is entering a secured area, so identification of all individuals is of utmost importance. It is not adequate to trust unknown external people by allowing them to write down their alleged name without proof, e.g., identity card, driver's license. Choice B is not a concern because if the name and address of the organization was written on the card, a malicious finder could use the card to enter the organization's premises. Separating card issuance from technical rights management is a method to ensure a proper segregation of duties so that no single person can produce a functioning card for a restricted area within the organization's premises. Choices B and C are good practices, not concerns. Choice D may be a concern, but not as important since a system failure of the card programming device would normally not mean that the readers do not function anymore. It simply means that no new cards can be issued, so this option is minor compared to the threat of improper identification.
2. Right Answer: C
Explanation: The best way to handle obsolete magnetic tapes is to degauss them. This action leaves a very low residue of magnetic induction, essentially erasing the data from the tapes. Overwriting or erasing the tapes may cause magnetic errors but would not remove the data completely.Initializing the tape labels would not remove the data that follows the label.
3. Right Answer: B
Explanation: Maintaining data integrity is the most important objective of data security. This is a necessity if an organization is to continue as a viable and successful enterprise.The other choices are important techniques for achieving the objective of data integrity.
4. Right Answer: C
Explanation: Symmetric key encryption requires that the keys be distributed. The larger the user group, the more challenging the key distribution. Symmetric key cryptosystems are generally less complicated and, therefore, use less processing power than asymmetric techniques, thus making it ideal for encrypting a large volume of data.The major disadvantage is the need to get the keys into the hands of those with whom you want to exchange data, particularly in e-commerce environments, where customers are unknown, untrusted entities
5. Right Answer: D
Explanation: Physically destroying the hard disk is the most economical and practical way to ensure that the data cannot be recovered. Rewriting data and low-level formatting are impractical, because the hard disk is damaged. Demagnetizing is an inefficient procedure, because it requires specialized and expensive equipment to be fully effective.
Explanation: Physical security is meant to control who is entering a secured area, so identification of all individuals is of utmost importance. It is not adequate to trust unknown external people by allowing them to write down their alleged name without proof, e.g., identity card, driver's license. Choice B is not a concern because if the name and address of the organization was written on the card, a malicious finder could use the card to enter the organization's premises. Separating card issuance from technical rights management is a method to ensure a proper segregation of duties so that no single person can produce a functioning card for a restricted area within the organization's premises. Choices B and C are good practices, not concerns. Choice D may be a concern, but not as important since a system failure of the card programming device would normally not mean that the readers do not function anymore. It simply means that no new cards can be issued, so this option is minor compared to the threat of improper identification.
2. Right Answer: C
Explanation: The best way to handle obsolete magnetic tapes is to degauss them. This action leaves a very low residue of magnetic induction, essentially erasing the data from the tapes. Overwriting or erasing the tapes may cause magnetic errors but would not remove the data completely.Initializing the tape labels would not remove the data that follows the label.
3. Right Answer: B
Explanation: Maintaining data integrity is the most important objective of data security. This is a necessity if an organization is to continue as a viable and successful enterprise.The other choices are important techniques for achieving the objective of data integrity.
4. Right Answer: C
Explanation: Symmetric key encryption requires that the keys be distributed. The larger the user group, the more challenging the key distribution. Symmetric key cryptosystems are generally less complicated and, therefore, use less processing power than asymmetric techniques, thus making it ideal for encrypting a large volume of data.The major disadvantage is the need to get the keys into the hands of those with whom you want to exchange data, particularly in e-commerce environments, where customers are unknown, untrusted entities
5. Right Answer: D
Explanation: Physically destroying the hard disk is the most economical and practical way to ensure that the data cannot be recovered. Rewriting data and low-level formatting are impractical, because the hard disk is damaged. Demagnetizing is an inefficient procedure, because it requires specialized and expensive equipment to be fully effective.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
