Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is the MOST fundamental step in
effectively preventing a virus attack?
A. Executing updated antivirus software in the background on
a periodic basis
B. Buying standard antivirus software, which is installed on
all servers and workstations
C. Ensuring that all software is checked for a virus in a
separate PC before being loaded into the production environment
D. Adopting a comprehensive antivirus policy and
communicating it to all users
- 1 Answers
- 5216 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The formulation of a comprehensive antivirus policy and
education of the users are the most fundamental steps in
preventing virus attacks. These provide the broad framework
and policy from which relevant operating procedures and
practices will be developed. If no policy exists, or the
policy is not communicated, ineffective ad hoc procedures
may be practiced. The other choices are procedures within
the overall policy that direct the measures to be adopted to
prevent, detect and recover from virus attacks.
| Is This Answer Correct ? | 3 Yes | 0 No |
The MOST effective method of preventing unauthorized use of data files is: A. automated file entry. B. tape librarian. C. access control software. D. locked library.
An organization is developing a new business system. Which of the following will provide the MOST assurance that the system provides the required functionality? A. Unit testing B. Regression testing C. Acceptance testing D. Integration testing
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? A. Function point analysis B. PERT chart C. Rapid application development D. Object-oriented system development
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
When reviewing an organization's logical access security, which of the following would be of the MOST concern to an IS auditor? A. Passwords are not shared. B. Password files are encrypted. C. Redundant logon IDs are deleted. D. The allocation of logon IDs is controlled.
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might: A. create new users. B. delete database and log files. C. access the system utility tools. D. access the system writeable directories.
An integrated test facility is considered a useful audit tool because it: A. is a cost-efficient approach to auditing application controls. B. enables the financial and IS auditors to integrate their audit tests. C. compares processing output with independently calculated data. D. provides the IS auditor with a tool to analyze a large range of information.
Receiving an EDI transaction and passing it through the communications interface stage usually requires: A. translating and unbundling transactions. B. routing verification procedures. C. passing data to the appropriate application system. D. creating a point of receipt audit log.
A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.
Security administration procedures require read-only access to: A. access control tables. B. security log files. C. logging options. D. user profiles.
In a risk-based audit approach, an IS auditor should FIRST complete :
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
Cisco Certifications 
