Which of the following would be considered a business risk?
A. Former employees
B. Part-time and temporary personnel
C. Loss of competitive edge
D. Hackers
Answer / guest
Answer: C
Many organizations, especially service firms such as banks,
savings and loans and investment firms, need credibility and
public trust to maintain a competitive edge. A security
violation can severely damage this credibility, resulting in
the loss of business and prestige. Loss of credibility is a
risk. The other choices are threats. Former employees, who
left on unfavorable terms, are potential logical or physical
access violators. Part-time and temporary personnel often
have a great deal of physical access and may well be
competent in computing. Hackers are typically attempting to
test the limits of access restrictions to prove their
ability to overcome the obstacles. Although they usually do
not access a computer with the intent of destruction, this
is quite often the result.
Is This Answer Correct ? | 7 Yes | 0 No |
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? A. Function point analysis B. PERT chart C. Rapid application development D. Object-oriented system development
purchase orders issued to vendors have been authorized as per the authorization matrix
Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card? A. Intrusion detection systems B. Data mining techniques C. Firewalls D. Packet filtering routers
IS auditors who have participated in the development of an application system might have their independence impaired if they: A. perform an application development review. B. recommend control and other system enhancements. C. perform an independent evaluation of the application after its implementation. D. are involved actively in the design and implementation of the application system.
The success of control self-assessment (CSA) depends highly on: A. Having line managers assume a portion of the responsibility for control monitoring. B. Assigning staff managers the responsibility for building, but not monitoring, controls. C. The implementation of stringent control policy and rule- driven controls. D. The implementation of supervision and the monitoring of control assigned duties
Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.
Capacity monitoring software is used to ensure: A. maximum use of available capacity. B. that future acquisitions meet user needs. C. concurrent use by a large number of users. D. continuity of efficient operations.
Of the following, the MAIN purpose for periodically testing offsite backup facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.
A decision support system (DSS): A. is aimed at solving highly structured problems. B. combines the use of models with nontraditional data access and retrieval functions. C. emphasizes flexibility in the decision making approach of users. D. supports only structured decision-making tasks.
When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the: A. hardware is protected against power surges. B. integrity is maintained if the main power is interrupted. C. immediate power will be available if the main power is lost. D. hardware is protected against long-term power fluctuations.
The most common problem in the operation of an intrusion detection system (IDS) is: A. the detection of false positives. B. receiving trap messages. C. reject error rates. D. denial-of-service attacks.