Interested to Buy Any Domain ? << Click Here >> for more details...
The development of an IS security policy is ultimately the
responsibility of the:
A. IS department.
B. security committee.
C. security administrator.
D. board of directors.
- 1 Answers
- 8657 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
Normally the designing of an information systems security
policy is the responsibility of top management or the board
of directors. The IS department is responsible for the
execution of the policy, having no authority in framing the
policy. The security committee also functions within the
broad security policy framed by the board of directors. The
security administrator is responsible for implementing,
monitoring and enforcing the security rules that management
has established and authorized.
| Is This Answer Correct ? | 4 Yes | 0 No |
The Primary purpose of audit trails is to
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and: A. dials back to the user machine based on the user id and password using a telephone number from its database. B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection. C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database. D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database.
Which of the following is a control over database administration activities? A. A database checkpoint to restart processing after a system failure B. Database compression to reduce unused space C. Supervisory review of access logs D. Backup and recovery procedures to ensure database availability
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
Which of the following is an example of the physiological biometrics technique? A. Hand scans B. Voice scans C. Signature scans D. Keystroke monitoring
Which of the following provides nonrepudiation services for e-commerce transactions? A. Public key infrastructure (PKI) B. Data encryption standard (DES) C. Message authentication code (MAC) D. Personal identification number (PIN)
Which of the following is the MOST important objective of data protection? A. Identifying persons who need access to information B. Ensuring the integrity of information C. Denying or authorizing access to the IS system D. Monitoring logical accesses
Which of the following is widely accepted as one of the critical components in networking management? A. Configuration management B. Topological mappings C. Application of monitoring tools D. Proxy server trouble shooting
When reviewing the IT strategic planning process, an IS auditor should ensure that the plan: A. incorporates state of the art technology. B. addresses the required operational controls. C. articulates the IT mission and vision. D. specifies project management practices.
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.
Of the following, the MAIN purpose for periodically testing offsite backup facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
Cisco Certifications 
