Interested to Buy Any Domain ? << Click Here >> for more details...
During an audit, an IS auditor learns that lengthy and
complex passwords are required to reach the network via
modem. These passwords were established by an outside
provider. The communications software allows users to select
a ?remember password? option. What should the IS auditor's
PRIMARY recommendation be?
A. Disable the save password option and have users record
them elsewhere.
B. Request that the provider change the dial-in password to
a group password.
C. Establish and enforce a process to have users change
their passwords.
D. Allow users to change their passwords to something less
complex.
- 1 Answers
- 4841 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Requiring users to change their passwords is a user account
management process. Passwords are a form of shared secrets,
useful only if they are secret. Having users select
something memorable is preferable to having it saved on the
machine. Disabling the save password option, would minimize
the ease or access by unauthorized persons with access to
the hardware. However, having users write their passwords
down or included in a file on their machine defeats the
purpose of having a complex password. Requesting the
provider to change the password to a group password would
decrease the usefulness of the audit trail and therefore the
ability to hold individual users accountable. Allowing users
to change their passwords is a better suggestion. However,
if users are not forced to do this on a periodic basis, this
also defeats the purpose.
| Is This Answer Correct ? | 8 Yes | 0 No |
Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally change jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.
Which of the following audit procedures would an IS auditor be LEAST likely to include in a security audit? A. Review the effectiveness and utilization of assets. B. Test to determine that access to assets is adequate. C. Validate physical, environmental and logical access policies per job profiles. D. Evaluate asset safeguards and procedures that prevent unauthorized access to the assets.
Which of the following concerns about the security of an electronic message would be addressed by digital signatures? A. Unauthorized reading B. Theft C. Unauthorized copying D. Alteration
An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.
Which of the following business recovery strategies would require the least expenditure of funds? A. Warm site facility B. Empty shell facility C. Hot site subscription D. Reciprocal agreement
Which of the following audit techniques would an IS auditor place the MOST reliance on when determining whether an employee practices good preventive and detective security measures? A. Observation B. Detail testing C. Compliance testing D. Risk assessment
The MOST significant level of effort for business continuity planning (BCP) generally is required during the: A. testing stage. B. evaluation stage. C. maintenance stage. D. early stages of planning.
A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to: A. maintain data integrity in the applications. B. restore application processing after a disruption. C. prevent unauthorized changes to programs and data. D. ensure recovery of data processing in case of a disaster.
The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when: A. connecting points are available in the facility to connect laptops to the network. B. users take precautions to keep their passwords confidential. C. terminals with password protection are located in unsecured locations. D. terminals are located within the facility in small clusters under the supervision of an administrator.
Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.
Which of the following methods of providing telecommunication continuity involves routing traffic through split- or duplicate-cable facilities? A. Diverse routing B. Alternative routing C. Redundancy D. Long haul network diversity
Which of the following is a detective control? A. Physical access controls B. Segregation of duties C. Backup procedures D. Audit trails
Cisco Certifications 
