Which of the following applet intrusion issues poses the
GREATEST risk of disruption to an organization?
A. A program that deposits a virus on a client machine
B. Applets recording keystrokes and, therefore, passwords
C. Downloaded code that reads files on a client's hard drive
D. Applets opening connections from the client machine
Answer / guest
Answer: D
An applet is a program downloaded from a web server to the
client, usually through a web browser that provides
functionality for database access, interactive web pages and
communications with other users. Applets opening connections
from the client machine to other machines on the network and
damaging those machines as a denial-of-service attack pose
the greatest threat to an organization and could disrupt
business continuity. A program that deposits a virus on a
client machine is referred to as a malicious attack
(specifically meant to cause harm to a client machine), but
may not necessarily result in a disruption of service.
Applets recording keystrokes and, therefore, passwords and
downloaded code that reads files on a client's hard drive
relate more to organizational privacy issues, and although
significant, are less likely to cause a significant
disruption of service.
Is This Answer Correct ? | 10 Yes | 0 No |
The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.
Which of the following is the MOST fundamental step in effectively preventing a virus attack? A. Executing updated antivirus software in the background on a periodic basis B. Buying standard antivirus software, which is installed on all servers and workstations C. Ensuring that all software is checked for a virus in a separate PC before being loaded into the production environment D. Adopting a comprehensive antivirus policy and communicating it to all users
Which of the following protocols would be involved in the implementation of a router and interconnectivity device monitoring system? A. Simple network management B. File transfer C. Simple Mail Transfer Protocol D. Telnet
When conducting an audit of client/server database security, the IS auditor would be MOST concerned about the availability of: A. system utilities. B. application program generators. C. system security documentation. D. access to stored procedures.
Which of the following controls would BEST detect intrusion? A. User ids and user privileges are granted through authorized procedures. B. Automatic logoff is used when a workstation is inactive for a particular period of time. C. Automatic logoff of the system after a specified number of unsuccessful attempts. D. Unsuccessful logon attempts are monitored by the security administrator.
An audit charter should: A. be dynamic and change often to coincide with the changing nature of technology and the audit profession. B. clearly state audit objectives for the delegation of authority for the maintenance and review of internal controls. C. document the audit procedures designed to achieve the planned audit objectives. D. outline the overall authority, scope and responsibilities of the audit function.
In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: A. isolation. B. consistency. C. atomicity. D. durability.
Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
Which of the following is an implementation risk within the process of decision support systems? A. Management control B. Semistructured dimensions C. Inability to specify purpose and usage patterns D. Changes in decision processes
When using public key encryption to secure data being transmitted across a network: A. both the key used to encrypt and decrypt the data are public. B. the key used to encrypt is private, but the key used to decrypt the data is public. C. the key used to encrypt is public, but the key used to decrypt the data is private. D. both the key used to encrypt and decrypt the data are private.
Which of the following would be included in an IS strategic plan? A. Specifications for planned hardware purchases B. Analysis of future business objectives C. Target dates for development projects D. Annual budgetary targets for the IS department