Sign Up Login


  1. Categories >> Certifications >> CISA Certification
  2. Suggest New Category

Java applets and ActiveX controls are distributed executable
programs that execute in the background of a web browser
client. This practice is considered reasonable when:

A. a firewall exists.

B. a secure web connection is used.

C. the source of the executable is certain.

D. the host website is part of your organization.

Question Posted / guest


Java applets and ActiveX controls are distributed executable programs that execute in the backgroun..

Answer / guest

Answer: C

Acceptance of these mechanisms should be based on
established trust. The control is provided by only knowing
the source and then allowing the acceptance of the applets.
Hostile applets can be received from anywhere. It is
virtually impossible to filter at this level at this time. A
secure web connection or firewall are considered external
defenses. A firewall will find it more difficult to filter a
specific file from a trusted source. A secure web connection
provides confidentiality. Neither can identify an executable
as friendly. Hosting the website as part of the organization
is impractical. Enabling the acceptance of Java and/or
Active X is an all or nothing proposition. The client will
accept the program if the parameters are established to do so.

Is This Answer Correct ?    5 Yes 0 No

Post New Answer

More CISA Certification Interview Questions

The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when: A. connecting points are available in the facility to connect laptops to the network. B. users take precautions to keep their passwords confidential. C. terminals with password protection are located in unsecured locations. D. terminals are located within the facility in small clusters under the supervision of an administrator.

1 Answers  

The FIRST task an IS auditor should complete when performing an audit in an unfamiliar area is to: A. design the audit programs for each system or function involved. B. develop a set of compliance tests and substantive tests. C. gather background information pertinent to the new audit. D. assign human and economical resources.

1 Answers  

Which of the following can identify attacks and penetration attempts to a network? A. Firewall B. Packet filters C. Stateful inspection D. Intrusion detection system (IDs)

1 Answers  

A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:

5 Answers   Cognizant,

An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.

1 Answers  




Which of the following is the MOST effective control procedure for security of a stand-alone small business computer environment? A. Supervision of computer usage B. Daily management review of the trouble log C. Storage of computer media in a locked cabinet D. Independent review of an application system design

1 Answers  

Security administration procedures require read-only access to: A. access control tables. B. security log files. C. logging options. D. user profiles.

1 Answers  

Which of the following is the basic objective of a control self-assessment program?

4 Answers  

IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.

2 Answers  

Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check

3 Answers  

Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices

1 Answers  

In the development of an important application affecting the entire organization, which of the following would be the MOST appropriate project sponsor? A. The information systems manager B. A member of executive management C. An independent management consultant D. The manager of the key user department

1 Answers  

For more CISA Certification Interview Questions Click Here
Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)