Interested to Buy Any Domain ? << Click Here >> for more details...
IS auditors, in performing detailed network assessments and
access control reviews should FIRST:
A. determine the points of entry.
B. evaluate users access authorization.
C. assess users identification and authorization.
D. evaluate the domain-controlling server configuration.
- 2 Answers
- 6376 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
In performing detailed network assessments and access
control reviews IS auditors should first determine the
points of entry to the system and accordingly review the
points of entry for appropriate controls. Evaluation of user
access authorization, assessment of user identification and
authorization and evaluation of the domain-controlling
server configuration are all implementation issues for
appropriate controls for the points of entry.
| Is This Answer Correct ? | 5 Yes | 0 No |
Which of the following is necessary to have FIRST in the development of a business continuity plan? A. Risk-based classification of systems B. Inventory of all assets C. Complete documentation of all disasters D. Availability of hardware and software
The reason for having controls in an IS environment: A. remains unchanged from a manual environment, but the implemented control features may be different. B. changes from a manual environment, therefore the implemented control features may be different. C. changes from a manual environment, but the implemented control features will be the same. D. remains unchanged from a manual environment and the implemented control features will also be the same.
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis
Reconfiguring which of the following firewall types will prevent inward downloading of files through the file transfer protocol (FTP)? A. Circuit gateway B. Application gateway C. Packet filter D. Screening router
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? A. Review software migration records and verify approvals. B. Identify changes that have occurred and verify approvals. C. Review change control documentation and verify approvals. D. Ensure that only appropriate staff can migrate changes into production.
Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
Which of the following should be in place to protect the purchaser of an application package in the event that the vendor ceases to trade? A. Source code held in escrow. B. Object code held by a trusted third party. C. Contractual obligation for software maintenance. D. Adequate training for internal programming staff.
The PRIMARY objective of a business continuity and disaster recovery plan should be to: A. safeguard critical IS assets. B. provide for continuity of operations. C. minimize the loss to an organization. D. protect human life.
Which of the following is the initial step in creating a firewall policy? A. A cost-benefits analysis of methods for securing the applications B. Identification of network applications to be externally accessed C. Identification of vulnerabilities associated with network applications to be externally accessed D. Creation of an applications traffic matrix showing protection methods
When developing a risk management program, the FIRST activity to be performed is a/an: A. threats assessment. B. classification of data. C. inventory of assets. D. criticality analysis.
The PRIMARY objective of a logical access controls review is to: A. review access controls provided through software. B. ensure access is granted per the organization's authorities. C. walkthrough and assess access provided in the IT environment. D. provide assurance that computer hardware is protected adequately against abuse.
Which of the following is a role of an IS steering committee? A. Initiate computer applications. B. Ensure efficient use of data processing resources. C. Prepare and monitor system implementation plans. D. Review the performance of the systems department.
Cisco Certifications 
