Answer / guest

Answer: A

Data classification is necessary to define access rules
based on a need-to-do and need-to-know basis. The data owner
is responsible for defining the access rules are, hence
establishment of ownership is the first step in data
classification. The other choices are incorrect. A
criticality analysis is required for protection of data,
which takes input from data classification. Access
definition is complete after data classification and input
for a data dictionary is prepared from the data
classification process.

Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card? A. Intrusion detection systems B. Data mining techniques C. Firewalls D. Packet filtering routers

1 Answers  

---

Prices are charged on the basis of a standard master file rate that changes as volume increases. Any exceptions must be manually approved. What is the MOST effective automated control to help ensure that all price exceptions are approved? A. All amounts are displayed back to the data entry clerk, who must verify them visually. B. Prices outside the normal range should be entered twice to verify data entry accuracy. C. The system beeps when price exceptions are entered and prints such occurrences on a report. D. A second-level password must be entered before a price exception can be processed.

1 Answers  

---

The process of using interpersonal communication skills to get unauthorized access to company assets is called: A. wire tapping. B. trap doors. C. war dialing. D. social engineering.

1 Answers  

---

Which of the following alternative business recovery strategies would be LEAST appropriate for an organization with a large database and online communications network environment? A. Hot site B. Cold site C. Reciprocal agreement D. Dual information processing facilities

1 Answers  

---

The intent of application controls is to ensure that when inaccurate data is entered into the system, the data is: A. accepted and processed. B. accepted and not processed. C. not accepted and not processed. D. not accepted and processed.

1 Answers  

---

Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.

1 Answers  

---

Which of the following physical access controls would provide the highest degree of security over unauthorized access? A. Bolting door lock B. Cipher lock C. Electronic door lock D. Fingerprint scanner

1 Answers  

---

Which of the following is the MOST important function to be performed by IS management when a service has been outsource? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance

2 Answers  

---

Which of the following BEST describes the early stages of an IS audit? A. Observing key organizational facilities. B. Assessing the IS environment. C. Understanding business process and environment applicable to the review. D. Reviewing prior IS audit reports.

1 Answers  

---

Which of the following information valuation methods is LEAST likely to be used during a security review? A. Processing cost B. Replacement cost C. Unavailability cost D. Disclosure cost

1 Answers  

---

An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning

3 Answers  

---

The impact of EDI on internal controls will be: A. that fewer opportunities for review and authorization will exist. B. an inherent authentication. C. a proper distribution of EDI transactions while in the possession of third parties. D. that IPF management will have increased responsibilities over data center controls.

1 Answers  

---