To determine who has been given permission to use a particular system resource, an IS auditor should review:
Correct Answer: B
Access control lists are the authorization tables that document the users who have been given permission to use a particular system resource and the types of access they have been granted. The other choices would not document who has been given permission to use (access) specific system resources.
Question 917
In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire.' Which of the following recommendations would BEST address the risk with minimal disruption to the business?
Correct Answer: C
Question 918
Which of the following provides for the GREATEST cost reduction in a large data center?
Correct Answer: A
Section: Information System Operations, Maintenance and Support
Question 919
Which of the following is the MOST effective control over visitor access to highly secured areas?
Correct Answer: A
Explanation The most effective control over visitor access to highly secured areas is to require visitors to be escorted by authorized personnel. This control ensures that visitors are supervised at all times and do not enter any restricted or sensitive areas without permission. It also allows authorized personnel to verify the identity, purpose, and clearance of the visitors, and to monitor their behavior and activities. Escorting visitors also reduces the risk of tailgating, piggybacking, or unauthorized duplication of access credentials. Requiring visitors to use biometric authentication, monitoring visitors online by security cameras, and requiring visitors to enter through dead-man doors are all examples of technical controls that can enhance visitor access control, but they are not as effective as escorting visitors. Biometric authentication can provide a high level of identity verification, but it does not prevent visitors from accessing unauthorized areas or compromising security in other ways. Security cameras can provide a record of visitor movements and actions, but they may not deter or detect security breaches in real time. Dead-man doors can prevent unauthorized entry by requiring two-factor authentication, but they do not ensure that visitors are accompanied by authorized personnel. References: ISC Best Practices for Facility Access Control1 Visitor Management Best Practices From Top Organizations2 8 Best Practices for Setting Up a Visitor Management System3
Question 920
When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes?
Correct Answer: C
Risk assessment and business impact assessment are tools for understanding business-forbusiness continuity planning. Business continuity self-audit is a tool for evaluating the adequacy of the BCP, resource recovery analysis is a tool for identifying a business resumption strategy, while the role gap analysis can play in business continuity planning is to identify deficiencies in a plan. Neither of these is used for gaining an understanding of the business.
