Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is the initial step in creating a
firewall policy?
A. A cost-benefits analysis of methods for securing the
applications
B. Identification of network applications to be externally
accessed
C. Identification of vulnerabilities associated with network
applications to be externally accessed
D. Creation of an applications traffic matrix showing
protection methods
- 1 Answers
- 13046 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Identification of the applications required across the
network should be identified first. After identification,
depending on the physical location of these applications in
the network and the network model, the person in-charge will
be able to understand the need and possible ways of
controlling access to these applications. Identifying
methods to protect against identified vulnerabilities and
their comparative cost-benefit analysis is the third step.
Having identified the applications, the next step is to
identify vulnerabilities (weaknesses) associated with the
network applications. The next step is to analyze the
application traffic and create a matrix showing how each
type of traffic will be protected.
| Is This Answer Correct ? | 10 Yes | 1 No |
IS auditors, in performing detailed network assessments and access control reviews should FIRST: A. determine the points of entry. B. evaluate users access authorization. C. assess users identification and authorization. D. evaluate the domain-controlling server configuration.
An IS auditor auditing hardware monitoring procedures should review A. system availability reports. B. cost-benefit reports. C. response time reports. D. database utilization reports.
The risk of an IS auditor using an inadequate test procedure and concluding that material errors do not exist when, in fact, they exist is:
An enterprise has established a steering committee to oversee its e-business program. The steering committee would MOST likely be involved in the: A. documentation of requirements. B. escalation of project issues. C. design of interface controls. D. specification of reports.
An IS auditor is assigned to perform a post implementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: A. implemented a specific control during the development of the application system. B. designed an embedded audit module exclusively for auditing the application system. C. participated as a member of the application system project team, but did not have operational responsibilities. D.provided consulting advice concerning application system best practices.
The editing/validation of data entered at a remote site would be performed MOST effectively at the: A. central processing site after running the application system. B. central processing site during the running of the application system. C. remote processing site after transmission to the central processing site. D. remote processing site prior to transmission of the data to the central processing site.
Without compensating controls, which of the following functions would represent a risk if combined with that of a system analyst? A. Application programming B. Data entry C. Quality assurance D. Database administrator
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and inter-user communications D. Performance management, audit and control
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
Separation of duties between computer opeartors and other data processing personnel is intended to: A. Prevent unauthorized modifications to program or data. B. Reduce overall cost of operations C. Allow operators to concentrate on their assigned duties D. Restrict operator access to data
Which of the following is the MOST important consideration when developing a business continuity plan for a bank? A. Antivirus software B. Naming standards C. Customer balance list D. Password policy
When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator? A. READ access to data B. DELETE access to transaction data files C. Logged READ/EXECUTE access to programs D. UPDATE access to job control language/script files
Cisco Certifications 
