Isaca CISA Practice Test - Questions Answers, Page 111

When a data center is attempting to restore computing facilities at an alternative site following a disaster, theoperating systemshould be restored FIRST. Here's why:

Operating System (OS):

The OS is the foundation of any computing environment. It manages hardware resources, provides essential services, and allows applications to run.

Restoring the OS ensures that the infrastructure is operational and ready for further recovery steps.

Without a functional OS, applications cannot execute, and data backups cannot be effectively restored.

Data Backups:

While data backups are critical for recovery, they depend on a working infrastructure.

If the OS is not operational, restoring data backups becomes challenging.

Data backups should follow the OS restoration.

Applications:

Applications rely on the OS to function.

Restoring applications before the OS may lead to compatibility issues or incomplete functionality.

Applications should be restored after ensuring a stable OS environment.

Decision Support System (DSS):

DSS is an application category.

It should follow the restoration of both the OS and critical applications.

In summary, prioritize restoring theoperating system, which forms the basis for subsequent recovery steps12. Once the OS is functional, proceed with data backups, applications, and other systems as needed.

Among the options provided, fingerprint scanning has the highest rate of false negatives. False negatives occur when a biometric system fails to recognize an authentic individual.Factors such as skin conditions (wet, dry, greasy), finger injuries, and inadequate scanning can contribute to false negatives in fingerprint scanning1.In comparison, iris recognition23, face recognition45, and retina scanning67generally have lower rates of false negatives.

How Accurate are today's Fingerprint Scanners? - Bayometric

25 Advantages and Disadvantages of Iris Recognition - Biometric Today

Iris Recognition Technology (or, Musings While Going through Airport ...

The Critics Were Wrong: NIST Data Shows the Best Facial Recognition Algorithms Are Neither Racist Nor Sexist | ITIF

NIST Launches Studies into Masks' Effect on Face Recognition Software

Retinal scan - Wikipedia

How accurate are retinal security scans - Smart Eye Technology

A self-checking digit is the most effective accuracy control for entry of a valid numeric part number. This method involves adding an extra digit at the end of every number which is calculated from the other digits.This digit is then used to check the accuracy of the entered number1. While hash totals, online review of description, and comparison to historical order pattern can be used as accuracy controls, they are not as effective as a self-checking digit.

A post-implementation change review is the best compensating control against segregation of duties conflicts in new code development.This process involves a thorough review of the changes after they have been implemented to ensure that they meet their objectives and that the stakeholders are satisfied with the results1. It provides an opportunity to identify and correct any issues or conflicts that may have arisen during the development and implementation process.While other options like adding developers to the change approval board, limiting code deployment access to a small number of people, and creating staging environments can also serve as compensating controls, a post-implementation change review provides a more comprehensive and effective control mechanism21.

Review and Close Change process ST 2 5 - Micro Focus

Change Management for SOC: Risks, Controls, Audits, Guidance

The greatest segregation of duties conflict would occur if the individual who performs the related tasks also has approval authority for purchase requisitions and purchase orders. This is because these two tasks are directly related to each other and involve financial transactions.If the same person is responsible for both tasks, it could lead to potential fraud or error12.For instance, the individual could approve a purchase order for a personal need and then also approve the payment for it, leading to misuse of company funds12.

Segregation of Duties: Examples of Roles, Duties & Violations - Pathlock

Functions in the Purchasing Process and how to Segregate Purchasing Duties

The performance and reliability of a job scheduling tool can be significantly affected if maintenance patches and the latest enhancement upgrades are missing1. These patches and upgrades often contain fixes for known issues and improvements to the tool's functionality.If they are not applied, the tool may continue to exhibit known problems or fail to benefit from enhancements that could improve its performance and reliability1.While factors like administrator password requirements23, number of support staff45, and tool classification64can impact various aspects of a tool's operation, they are less likely to be the direct cause of performance and reliability problems.

Patch Management Definition & Best Practices - Rapid7

Password must meet complexity requirements - Windows Security

NIST's New Password Rule Book: Updated Guidelines Offer Benefits and Risk - ISACA

Workforce optimization: Staff scheduling with AI | McKinsey

Poor Employee Scheduling - Major Consequences And Solutions

A Critical Analysis of Job Shop Scheduling in Context of Industry 4.0

While all the options can help reduce the risk of data leakage, providing education and guidelines to employees on the use of social networking sites would be the most effective.This is because it directly addresses the issue at hand - the use of social networking sites for business purposes1.Education and guidelines can help employees understand the risks associated with social media use and teach them how to safely and responsibly use these platforms for business purposes1.This includes understanding privacy settings, recognizing phishing attempts, and knowing what information should not be shared on these platforms1.

10 Social Media Guidelines for Employees in 2023 - Hootsuite

Parallel simulation involves running the same data through two systems and comparing the results1. In this case, the bank's data would be processed using both the modified interest calculation program and an audit software.The results from both systems would then be compared to check for discrepancies1.This technique provides strong evidence of the correctness of interest calculations as it directly tests the program's output against a known and trusted output1.While source code review23, manual verification of a sample of results4567, and review of QA test results8910can also provide valuable insights, they do not offer the same level of direct, comparative evidence as parallel simulation1.

Parallel simulation in IT testing - Universal CPA Review

5 code review best practices - Work Life by Atlassian

How to Make Good Code Reviews Better - Stack Overflow

Guidelines for the validation and verification of quantitative and qualitative test methods - Mathematics LibreTexts

Method Validation and Verification - University of Utah

Sample Procedure for Method Validation - NIST

Method validation and verification - CFS

Good Practices for Quality Assurance Reviewers: Assessing Evidence of Supervisory Review - IGNET

How do quality assurance engineers test calculations? - Software Quality Assurance & Testing Stack Exchange

Quality Assurance/Quality Control (QA/QC) Plan and Procedures - UNFCCC

A biometric access device installed at the entrance to a facility is a type of preventive control.Preventive controls are designed to deter or prevent undesirable events from occurring12.They are proactive measures that aim to inhibit incidents before they happen12.In this case, the biometric access device prevents unauthorized individuals from gaining access to the facility by requiring unique biological characteristics for authentication12.

Guide to Biometric Access Control & Door Lock Security - Avigilon

Biometric access control: meaning, types and implementation - Smowl