Interested to Buy Any Domain ? << Click Here >> for more details...
Naming conventions for system resources are important for
access control because they:
A. ensure that resource names are not ambiguous.
B. reduce the number of rules required to adequately protect
resources.
C. ensure that user access to resources is clearly and
uniquely identified.
D. ensure that internationally recognized names are used to
protect resources.
- 1 Answers
- 9649 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Naming conventions for system resources are important for
efficient administration of security controls. The
conventions can be structured so that resources beginning
with the same high-level qualifier can be governed by one or
more generic rules. This reduces the number of rules
required to adequately protect resources, which in turn
facilitates security administration and maintenance efforts.
Reducing the number of rules required to protect resources
allows for the grouping of resources and files by
application, which makes it easier to provide access.
Ensuring that resource names are not ambiguous can not be
achieved through the use of naming conventions. Ensuring the
clear and unique identification of user access to resources
is handled by access control rules, not naming conventions.
Internationally recognized names are not required to control
access to resources. It tends to be based on how each
organization wants to identify its resources.
| Is This Answer Correct ? | 7 Yes | 0 No |
Change control procedures to prevent scope creep during an application development project should be defined during: A. design. B. feasibility. C. implementation. D. requirements definition.
Which of the following BEST determines that complete encryption and authentication protocols exist for protecting information while transmitted? A. A digital signature with RSA has been implemented. B. Work is being done in tunnel mode with the nested services of AH and ESP C. Digital certificates with RSA are being used. D. Work is being done in transport mode, with the nested services of AH and ESP
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
The act that describes a computer intruder capturing a stream of data packets and inserting these packets into the network as if it were another genuine message stream is called: A. eavesdropping. B. message modification. C. a brute-force attack. D. packet replay.
In a client-server architecture, a domain name service (DNS) is MOST important because it provides the: A. address of the domain server. B. resolution service for the name/address. C. IP addresses for the Internet. D. domain name system.
The PRIMARY benefit of database normalization is the: A. minimization redundancy of information in tables required to satisfy users? needs. B. ability to satisfy more queries. C. maximization of database integrity by providing information in more than one table. D. minimization of response time through faster processing of information.
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
An IS auditor when reviewing a network used for Internet communications, will FIRST examine the: A. validity of passwords change occurrences. B. architecture of the client-server application. C. network architecture and design. D. firewall protection and proxy servers.
Cisco Certifications 
