Security administration procedures require read-only access to:
A. access control tables.
B. security log files.
C. logging options.
D. user profiles.
- 1 Answers
- 12560 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Security administration procedures require read-only access
to security log files to ensure that, once generated, the
logs are not modified. Logs provide evidence and track
suspicious transactions and activities. Security
administration procedures require write access, to access
control tables to manage and update the privileges according
to authorized business requirements. Logging options require
write access to allow the administrator to update the way
the transactions and user activities are monitored,
captured, stored, processed and reported.
| Is This Answer Correct ? | 12 Yes | 0 No |
Which of the following network topologies yields the GREATEST redundancy in the event of the failure of one node? A. Mesh B. Star C. Ring D. Bus
An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to: A. have its audit independence questioned. B. report more business-oriented and relevant findings. C. enhance the implementation of the auditor's recommendations. D. result in more effective action being taken on the recommendations.
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A. Acceptance testing is to be managed by users. B. A quality plan is not part of the contracted deliverables. C. Not all business functions will be available on initial implementation. D. Prototyping is being used to confirm that the system meets business requirements.
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to: A. maintain data integrity in the applications. B. restore application processing after a disruption. C. prevent unauthorized changes to programs and data. D. ensure recovery of data processing in case of a disaster.
Which of the following steps would an IS auditor normally perform FIRST in a data center security review? A. Evaluate physical access test results. B. Determine the risks/threats to the data center site. C. Review business continuity procedures. D. Test for evidence of physical access at suspect locations.
Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to: A. send and reconcile transaction counts and totals. B. have data transmitted back to the local site for comparison. C. compare data communications protocols with parity checking. D. track and account for the numerical sequence of sales orders at the production facility.
Which of the following has the LEAST effect on controlling physical access? A. Access to the work area is restricted through a swipe card. B. All physical assets have an identification tag and are properly recorded. C. Access to the premises is restricted and all visitors authorized for entry. D. Visitors are issued a pass and escorted in and out by a concerned employee.
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.
Which of the following protocols would be involved in the implementation of a router and interconnectivity device monitoring system? A. Simple network management B. File transfer C. Simple Mail Transfer Protocol D. Telnet
Which of the following would be included in an IS strategic plan?
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
Cisco Certifications 
