Section: Protection of Information Assets
Explanation:
Because of the configuration and the way IDS technology operates, the main problem in operating IDSs is
the recognition (detection) of events that are not really security incidents- false positives, the equivalent of a
false alarm. An IS auditor needs to be aware of this and should check for implementation of related
controls, such as IDS tuning, and incident handling procedures, such as the screening process to know if
an event is a security incident or a false positive. Trap messages are generated by the Simple Network
Management Protocol (SNMP) agents when an important event happens, but are not particularly related to
security or IDSs.
Reject-error rate is related to biometric technology and is not related to IDSs. Denial-of-service is a type of
attack and is not a problem in the operation of IDSs.

Explanation
Graphical user interface, text, application, email Description automatically generated

The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplished with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e.g., a fire.

Explanation
The IS quality assurance (QA) group is responsible for ensuring that program changes adhere to established standards. Program changes are modifications made to software applications or systems to fix errors, improve performance, add functionality, or meet changing requirements. Program changes should follow established standards for documentation, authorization, testing, implementation, and review. The IS QA group is responsible for verifying that program changes comply with these standards and meet the expected quality criteria. Designing procedures to protect data against accidental disclosure; ensuring that the output received from system processing is complete; and monitoring the execution of computer processing tasks are not responsibilities of the IS QA group. References: [ISACA CISA Review Manual 27th Edition], page 304.