Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor performing a telecommunication access control
review should be concerned PRIMARILY with the:
A. maintenance of access logs of usage of various system
resources.
B. authorization and authentication of the user prior to
granting access to system resources.
C. adequate protection of stored data on servers by
encryption or other means.
D. accountability system and the ability to identify any
terminal accessing system resources.
- 1 Answers
- 4815 Views
- CISA, I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The authorization and authentication of users is the most
significant aspect in a telecommunications access control
review as it is a preventive control. Weak controls at this
level can affect all other aspects. The maintenance of
access logs of usage of system resources is a detective
control. The adequate protection of data being transmitted
to and from servers by encryption or other means is a method
of protecting information during transmission and is not an
access issue. The accountability system and the ability to
identify any terminal accessing system resources deal with
controlling access through the identification of a terminal.
| Is This Answer Correct ? | 5 Yes | 1 No |
Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review
When an employee is terminated from service, the MOST important action is to: A. hand over all of the employee's files to another designated employee. B. take a back up of the employee's work. C. notify other employees of the termination. D. disable the employee's logical access.
Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card? A. Intrusion detection systems B. Data mining techniques C. Firewalls D. Packet filtering routers
Which of the following should be of MOST concern to an IS auditor? A. Lack of reporting of a successful attack on the network B. Failure to notify police of an attempted intrusion C. Lack of periodic examination of access rights D. Lack of notification to the public of an intrusion
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure (PKI) with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but the certificate authorities (CAs) are not. B. Customers can make their transactions from any computer or mobile device. C. The CA has several data processing subcenters to administer certificates. D. The organization is the owner of the CA.
Which of the following reports should an IS auditor use to check compliance with a service level agreement (SLA) requirement for uptime? A. Utilization reports B. Hardware error reports C. System logs D. Availability reports
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
While reviewing the business continuity plan of an organization, the IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate? A. Deterrence B. Mitigation C. Recovery D. Response
Which of the following is the MOST reliable sender authentication method? A. Digital signatures B. Asymmetric cryptography C. Digital certificates D. Message authentication code
An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.
A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to: A. maintain data integrity in the applications. B. restore application processing after a disruption. C. prevent unauthorized changes to programs and data. D. ensure recovery of data processing in case of a disaster.
An IS auditor reviews an organization chart PRIMARILY for: A. an understanding of workflows. B. investigating various communication channels. C. understanding the responsibilities and authority of individuals. D. investigating the network connected to different employees.
Cisco Certifications 
