Interested to Buy Any Domain ? << Click Here >> for more details...
Passwords should be:
A. assigned by the security administrator.
B. changed every 30 days at the discretion of the user.
C. reused often to ensure the user does not forget the password.
D. displayed on the screen so that the user can ensure that
it has been entered properly.
- 2 Answers
- 5716 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Initial password assignment should be done discretely by the
security administrator. Passwords should be changed often
(e.g., every 30 days), however, changing should not be
voluntary. It should be required by the system. Systems
should not permit previous passwords(s) to be used again.
Old passwords may have been compromised and would thus
permit unauthorized access. Passwords should not be
displayed in any form.
| Is This Answer Correct ? | 3 Yes | 0 No |
Which of the following exposures could be caused by a line-grabbing technique? A. Unauthorized data access B. Excessive CPU cycle usage C. Lockout of terminal polling D. Multiplexor control dysfunction
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning
An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be PRIMARILY concerned about: A. the soundness of the impact analysis. B. hardware and software compatibility. C. differences in IS policies and procedures. D. frequency of system testing.
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
The PRIMARY objective of a firewall is to protect: A. internal systems from exploitation by external threats. B. external systems from exploitation by internal threats. C. internal systems from exploitation by internal threats. D. itself and attached systems against being used to attack other systems.
In a client-server architecture, a domain name service (DNS) is MOST important because it provides the: A. address of the domain server. B. resolution service for the name/address. C. IP addresses for the Internet. D. domain name system.
Which of the following is the MOST fundamental step in effectively preventing a virus attack? A. Executing updated antivirus software in the background on a periodic basis B. Buying standard antivirus software, which is installed on all servers and workstations C. Ensuring that all software is checked for a virus in a separate PC before being loaded into the production environment D. Adopting a comprehensive antivirus policy and communicating it to all users
A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.
The MOST effective method of preventing unauthorized use of data files is: A. automated file entry. B. tape librarian. C. access control software. D. locked library.
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
Cisco Certifications 
