Passwords should be:
A. assigned by the security administrator.
B. changed every 30 days at the discretion of the user.
C. reused often to ensure the user does not forget the password.
D. displayed on the screen so that the user can ensure that
it has been entered properly.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Initial password assignment should be done discretely by the
security administrator. Passwords should be changed often
(e.g., every 30 days), however, changing should not be
voluntary. It should be required by the system. Systems
should not permit previous passwords(s) to be used again.
Old passwords may have been compromised and would thus
permit unauthorized access. Passwords should not be
displayed in any form.
Is This Answer Correct ? | 3 Yes | 0 No |
One of the purposes of library control software is to allow: A. programmers access to production source and object libraries. B. batch program updating. C. operators to update the control library with the production version before testing is completed. D. read-only access to source code.
The primary purpose of an audit charter is to: A. document the audit process used by the enterprise. B. formally document the audit department's plan of action. C. document a code of professional conduct for the auditor. D. describe the authority and responsibilities of the audit department.
Which of the following independent duties is traditionally performed by the data control group? A. Access to data B. Authorization tables C. Custody of assets D. Reconciliation
Automated teller machines (ATMs) are a specialized form of a point-of-sale terminal that: A. allows for cash withdrawal and financial deposits only. B. are usually located in populous areas to deter theft or vandalism. C. utilizes protected telecommunication lines for data transmissions. D. must include high levels of logical and physical security.
Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the Internet? A. Transport mode with authentication header plus encapsulating security payload (ESP) B. Secure socket layer (SSL) mode C. Tunnel mode with AH plus ESP D. Triple-DES encryption mode
Which of the following choices BEST ensures the effectiveness of controls related to interest calculation inside an accounting system? A. Re-performance B. Process walk-through C. Observation D. Documentation review
An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to: A. have its audit independence questioned. B. report more business-oriented and relevant findings. C. enhance the implementation of the auditor's recommendations. D. result in more effective action being taken on the recommendations.
Which of the following ensures completeness and accuracy of accumulated data? A. Processing control procedures B. Data file control procedures C. Output controls D. Application controls
The risk of an IS auditor using an inadequate test procedure and concluding that material errors do not exist when, in fact, they exist is:
A MAJOR risk of using single sign-on (SSO) is that it: A. has a single authentication point. B. represents a single point of failure. C. causes an administrative bottleneck. D. leads to a lockout of valid users.
An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit? A. Design further tests of the calculations that are in error. B. Identify variables that may have caused the test results to be inaccurate. C. Examine some of the test cases to confirm the results. D. Document the results and prepare a report of findings, conclusions and recommendations.
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.