Java applets and ActiveX controls are distributed executable
programs that execute in the background of a web browser
client. This practice is considered reasonable when:
A. a firewall exists.
B. a secure web connection is used.
C. the source of the executable is certain.
D. the host website is part of your organization.
- 1 Answers
- 8030 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Acceptance of these mechanisms should be based on
established trust. The control is provided by only knowing
the source and then allowing the acceptance of the applets.
Hostile applets can be received from anywhere. It is
virtually impossible to filter at this level at this time. A
secure web connection or firewall are considered external
defenses. A firewall will find it more difficult to filter a
specific file from a trusted source. A secure web connection
provides confidentiality. Neither can identify an executable
as friendly. Hosting the website as part of the organization
is impractical. Enabling the acceptance of Java and/or
Active X is an all or nothing proposition. The client will
accept the program if the parameters are established to do so.
| Is This Answer Correct ? | 5 Yes | 0 No |
When developing a risk management program, the FIRST activity to be performed is a/an: A. threats assessment. B. classification of data. C. inventory of assets. D. criticality analysis.
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the: A. manager's assistant perpetrated the fraud. B. perpetrator cannot be established beyond doubt. C. fraud must have been perpetrated by the manager. D. system administrator perpetrated the fraud.
Which is the first software capability maturity model (CMM) level to include a standard software development process? A. Initial (level 1) B. Repeatable (level 2) C. Defined (level 3) D. Optimizing (level 5)
If a database is restored using before-image dumps, where should the process be restarted following an interruption? A. Before the last transaction B. After the last transaction C. The first transaction after the latest checkpoint D. The last transaction before the latest checkpoint
Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)? A. Analyzer B. Administration console C. User interface D. Sensor
To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features that can be implemented in this environment, which of the following makes implementation and maintenance difficult? A. User isolation B. Controlled remote access C. Transparent remote access D. The network environments
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
The document used by the top management of organizations to delegate authority to the IS audit function is the: A. long-term audit plan. B. audit charter. C. audit planning methodology. D. steering committee minutes.
A hub is a device that connects: A. two LANs using different protocols. B. a LAN with a WAN. C. a LAN with a metropolitan area network (MAN). D. two segments of a single LAN.
Which of the following testing methods is MOST effective during the initial phases of prototyping? A. System B. Parallel C. Volume D. Top-down
Cisco Certifications 
