Section: Protection of Information Assets
Explanation:
A smart card addresses what the user has. This is generally used in conjunction with testing what the user
knows, e.g., a keyboard password or personal identification number (PIN). An ID and password, what the
user knows, is a single-factor user authentication. Choice C is not a two- factor user authentication
because it is only biometric. Choice D is similar to choice A, but the magnetic card may be copied;
therefore, choice A is the best way to satisfy a two-factor user authentication.

The cyclic redundancy check (CRC) can check for a block of transmitted datA. The workstations generate the CRC and transmit it with the datA. The receiving workstation computes a CRC and compares it to the transmitted CRC. if both of them are equal.then the block is assumed error free, in this case (such as in parity error or echo check), multiple errors can be detected. In general, CRC can detect all single-bit and bubble-bit errors. Parity check (known as vertical redundancy check) also involves adding a bit (known as the parity bit) to each character during transmission. In this case, where there is a presence of bursts of errors (i.e., impulsing noise during high transmission rates), it has a reliability of approximately 50 percent. Inhigher transmission rates, this limitation is significant. Echo checks detect line errors by retransmitting data to the sending device for comparison with the original transmission.

Section: Information System Acquisition, Development and Implementation

Section: Governance and Management of IT

Section: Protection of Information Assets
Explanation:
Whenever business processes have been re-engineered, the IS auditor should attempt to identify and
quantify the impact of any controls that might have been removed, or controls that might not work as
effectively after business process changes.