Which policy helps an auditor to gain a better understanding of biometrics system in an organization?
Correct Answer: A
Explanation/Reference: The auditor should use a Biometric Information Management System (BIMS) Policy to gain better understanding of the biometric system in use. Management of Biometrics Management of biometrics should address effective security for the collection, distribution and processing of biometrics data encompassing: Data integrity, authenticity and non-repudiation Management of biometric data across its life cycle - compromised of the enrollment, transmission and storage, verification, identification, and termination process Usage of biometric technology, including one-to-one and one-to-many matching, for identification and authentication Application of biometric technology for internal and external, as well as logical and physical access control Encapsulation of biometric data Security of the physical hardware used throughout the biometric data life cycle Techniques for integrity and privacy protection of biometric data. Management should develop and approve a Biometric Information Management and Security (BIMS) policy. The auditor should use the BIMS policy to gain better understanding of the biometric system in use. With respect to testing, the auditor should make sure this policy has been developed and biometric information system is being secured appropriately. The identification and authentication procedures for individual enrollment and template creation should be specified in BIMS policy. The following were incorrect answers: All other choices presented were incorrect answers because they are not valid policies. The following reference(s) were/was used to create this question: CISA review manual 2014 Page number 331 and 332
Question 42
Cisco IOS based routers perform basic traffic filtering via which of the following mechanisms?
Correct Answer: B
Explanation/Reference: Explanation: In addition to deploying stateful firewall, you may setup basic traffic filtering on a more sophisticated router. As an example, on a Cisco IOS based router you may use ip access lists (ACL) to perform basic filtering on the network edge. Note that if they have denied too much traffic, something is obviously being too restrictive and you may want to reconfigure them.
Question 43
.What is the most common purpose of a virtual private network implementation?
Correct Answer: A
A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over an otherwise unsecured channel such as the Internet.
Question 44
A reduction in which of the following would indicate improved performance in the administration of information security?
Correct Answer: C
Section: Information System Operations, Maintenance and Support
Question 45
An IS auditor is reviewing a mobile app that allows customers to submit payments for bills. As part of the review, the auditor examines how code is developed and deployed to production. It is determined that a secure code review is done prior to each deployment to production. What type of control is being used?
