Which of the following would be of MOST concern to an IS
auditor reviewing a VPN implementation? Computers on the
network that are located:
A. on the enterprise's facilities.
B. at the backup site.
C. in employees' homes.
D. at the enterprise's remote offices.
- 1 Answers
- 4581 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
One risk of a VPN implementation is the chance of allowing
high-risk computers onto the enterprise's network. All
machines that are allowed onto the virtual network should be
subject to the same security policy. Home computers are
least subject to the corporate security policies and hence
are high-risk computers. Once a computer is hacked and
?owned?, any network that trusts that computer is at risk.
Implementation and adherence to corporate security policy is
easier when all computers on the network are on the
enterprise's campus. Internally to an enterprise's physical
network, there should be security policies in place to
detect and halt an outside attack that uses an internal
machine as a staging platform. Computers at the back up site
are subject to the corporate security policy. Hence, not
high-risk computers. Computers on the network that are at
the enterprise's remote offices, perhaps with different IS
and security employees who have different ideas about
security are more risky than choices A and B, but obviously
less risky than home computers.
| Is This Answer Correct ? | 8 Yes | 0 No |
The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.
An IS auditor performing a review of the backup processing facilities should be MOST concerned that: A. adequate fire insurance exists. B. regular hardware maintenance is performed. C. offsite storage of transaction and master files exists. D. backup processing facilities are tested fully.
A MAJOR risk of using single sign-on (SSO) is that it: A. has a single authentication point. B. represents a single point of failure. C. causes an administrative bottleneck. D. leads to a lockout of valid users.
Which of the following situations would increase the likelihood of fraud? A. Application programmers are implementing changes to production programs. B. Application programmers are implementing changes to test programs. C. Operations support staff are implementing changes to batch schedules. D. Database administrators are implementing changes to data structures.
An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit? A. Design further tests of the calculations that are in error. B. Identify variables that may have caused the test results to be inaccurate. C. Examine some of the test cases to confirm the results. D. Document the results and prepare a report of findings, conclusions and recommendations.
Which of the following is the basic objective of a control self-assessment program?
Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization? A. Alternate site selection B. Business impact analysis C. Test procedures and frequency D. Information classification
An organization is experiencing a growing backlog of undeveloped applications. As part of a plan to eliminate this backlog, end-user computing with prototyping, supported by the acquisition of an interactive application generator system is being introduced. Which of the following areas is MOST critical to the ultimate success of this venture? A. Data control B. Systems analysis C. Systems programming D. Application programming
Controls designed to ensure that unauthorized changes are not made to information residing in a computer file are known as: A. data security controls. B. implementation controls. C. program security controls. D. computer operations controls.
To help mitigate the effects of a denial of service attack, which mechanism can an Internet service provider (ISP) use to identify Internet protocol (IP) packets from unauthorized sources? A. Inbound traffic filtering B. Rate limiting C. Reverse address lookup D. Network performance monitoring
An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the: A. hardware configuration. B. access control software. C. ownership of intellectual property. D. application development methodology.
An organization is proposing to install a single sign-on facility giving access to all systems. The organization should be aware that: A. Maximum unauthorized access would be possible if a password is disclosed. B. User access rights would be restricted by the additional security parameters. C. The security administrator?s workload would increase. D. User access rights would be increased.
Cisco Certifications 
