Certified Information Systems Auditor (CISA) — Question 220

Which of the following is MOST important when evaluating the design effectiveness of multi-factor authentication?

Answer options

• A. Reviewing the physical controls related to the storage of the hardware tokens
• B. Ensuring segregation is maintained by storing the two factors in separate databases
• C. Determining the identification process for each factor and ensuring they are synchronized
• D. Evaluating whether false rejection and false acceptance rates have been adequately defined

Correct answer: C

Explanation

The correct answer, C, highlights the importance of understanding how each identification factor operates and making sure they are aligned, which is critical for the security of multi-factor authentication. Option A relates to physical security, which is important but secondary to the logical processes of authentication. Option B addresses storage segregation, which is relevant but not as crucial as the synchronization of factors. Option D focuses on performance metrics that are useful but do not directly impact the effectiveness of the authentication design itself.