Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following would be of MOST concern to an IS
auditor reviewing a VPN implementation? Computers on the
network that are located:
A. on the enterprise's facilities.
B. at the backup site.
C. in employees' homes.
D. at the enterprise's remote offices.
- 1 Answers
- 5307 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
One risk of a VPN implementation is the chance of allowing
high-risk computers onto the enterprise's network. All
machines that are allowed onto the virtual network should be
subject to the same security policy. Home computers are
least subject to the corporate security policies and hence
are high-risk computers. Once a computer is hacked and
?owned?, any network that trusts that computer is at risk.
Implementation and adherence to corporate security policy is
easier when all computers on the network are on the
enterprise's campus. Internally to an enterprise's physical
network, there should be security policies in place to
detect and halt an outside attack that uses an internal
machine as a staging platform. Computers at the back up site
are subject to the corporate security policy. Hence, not
high-risk computers. Computers on the network that are at
the enterprise's remote offices, perhaps with different IS
and security employees who have different ideas about
security are more risky than choices A and B, but obviously
less risky than home computers.
| Is This Answer Correct ? | 8 Yes | 0 No |
At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should: A. report the error as a finding and leave further exploration to the auditee's discretion. B. attempt to resolve the error. C. recommend that problem resolution be escalated. D. ignore the error, as it is not possible to get objective evidence for the software error.
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when: A. a firewall exists. B. a secure web connection is used. C. the source of the executable is certain. D. the host website is part of your organization.
A manufacturer has been purchasing materials and supplies for its business through an e-commerce application. Which of the following should this manufacturer rely on to prove that the transactions were actually made? A. Reputation B. Authentication C. Encryption D. Nonrepudiation
Which of the following is an output control objective? A. Maintenance of accurate batch registers B. Completeness of batch processing C. Appropriate accounting for rejections and exceptions D. Authorization of file updates
1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation
Which of the following would be a MAJOR disadvantage of using prototyping as a systems development methodology? A. User expectations of project timescales may be overly optimistic. B. Effective change control and management is impossible to implement. C. User participation in day-to-day project management may be too extensive. D. Users usually are not sufficiently knowledgeable to assist in system development.
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
For an online transaction processing system, transactions per second is a measure of: A. throughput. B. response time. C. turnaround time. D. uptime.
An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.
Before reporting results of an audit to senior management, an IS auditor should: A. Confirm the findings with auditees. B. Prepare an executive summary and send it to auditee management. C. Define recommendations and present the findings to the audit committee. D. Obtain agreement from the auditee on findings and actions to be taken.
A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a: A. digest signature. B. electronic signature. C. digital signature. D. hash signature.
Cisco Certifications 
