Interested to Buy Any Domain ? << Click Here >> for more details...
When implementing continuous monitoring systems an IS
auditor's first step is to identify:
A. reasonable target thresholds.
B. high-risk areas within the organization.
C. the location and format of output files.
D. applications that provide the highest potential payback.
- 1 Answers
- 8412 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The first and most critical step in the process is to
identify high-risk areas within the organization. Business
department managers and senior executives are in the best
positions to offer insight as to these areas. Once potential
areas of implementation have been identified, an assessment
of potential impact should be completed to identify
applications that provide the highest potential payback to
the organization. At this point tests and reasonable target
thresholds should be determined prior to programming. During
systems development the location and format of the output
files generated by the monitoring programs should be defined.
| Is This Answer Correct ? | 5 Yes | 0 No |
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by: A. establishing outbound traffic filtering. B. enabling broadcast blocking. C. limiting allowable services. D. network performance monitoring.
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
An IS auditor doing penetration testing during an audit of Internet connections would: A. evaluate configurations. B. examine security settings. C. ensure virus-scanning software is in use. D. use tools and techniques that are available to a hacker.
The FIRST task an IS auditor should complete when performing an audit in an unfamiliar area is to: A. design the audit programs for each system or function involved. B. develop a set of compliance tests and substantive tests. C. gather background information pertinent to the new audit. D. assign human and economical resources.
Which of the following is an IS control objective? A. Output reports are locked in a safe place. B. Duplicate transactions do not occur. C. System backup/recovery procedures are updated periodically. D. System design and development meet users' requirements.
An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.
The use of residual biometric information to gain unauthorized access is an example of which of the following attacks? A. Replay B. Brute force C. Cryptographic D. Mimic
Which of the following types of risks assumes an absence of compensating controls in the area being reviewed? A. Control risk B. Detection risk C. Inherent risk D. Sampling risk
Which of the following network topologies yields the GREATEST redundancy in the event of the failure of one node? A. Mesh B. Star C. Ring D. Bus
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
During an audit, an IS auditor learns that lengthy and complex passwords are required to reach the network via modem. These passwords were established by an outside provider. The communications software allows users to select a ?remember password? option. What should the IS auditor's PRIMARY recommendation be? A. Disable the save password option and have users record them elsewhere. B. Request that the provider change the dial-in password to a group password. C. Establish and enforce a process to have users change their passwords. D. Allow users to change their passwords to something less complex.
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Cisco Certifications 
