Interested to Buy Any Domain ? << Click Here >> for more details...
An organization provides information to its supply-chain
partners and customers through an extranet infrastructure.
Which of the following should be the GREATEST concern to an
IS auditor reviewing the firewall security architecture?
A. A secure socket layer (SSL) has been implemented for user
authentication and remote administration of the firewall.
B. On the basis of changing requirements, firewall policies
are updated.
C. Inbound traffic is blocked unless the traffic type and
connections have been specifically permitted.
D. The firewall is placed on top of the commercial operating
system with all installation options.
- 1 Answers
- 7616 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The greatest concern when implementing firewalls on top of
commercial operating systems is the potential presence of
vulnerabilities that could undermine the security posture of
the firewall platform itself. In most circumstances when
commercial firewalls are breached, that breach is
facilitated by vulnerabilities in the underlying operating
system. Keeping all installation options available on the
system further increases the risks of vulnerabilities and
exploits. Using SSL for firewall administration (choice A)
is important, changes in user and supply chain partners'
roles and profiles will be dynamic and it is appropriate to
maintain the firewall policies daily (choice B), and it is a
prudent policy to block all inbound traffic unless permitted
(choice C).
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks? A. Spool B. Cluster controller C. Protocol converter D. Front end processor
The key difference between a microwave radio system and a satellite radiolink system is that: A. microwave uses line-of-sight and satellite uses transponders during transmission. B. microwave operates through transponders placed on the earth's orbit. C. satellite uses line-of-sight during transmission. D. microwave uses fiber optic cables.
An advantage of using sanitized live transactions in test data is that: A. all transaction types will be included. B. every error condition is likely to be tested. C. no special routines are required to assess the results. D. test transactions are representative of live processing.
An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the: A. hardware configuration. B. access control software. C. ownership of intellectual property. D. application development methodology.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
The PRIMARY objective of a firewall is to protect: A. internal systems from exploitation by external threats. B. external systems from exploitation by internal threats. C. internal systems from exploitation by internal threats. D. itself and attached systems against being used to attack other systems.
An organization is proposing to install a single sign-on facility giving access to all systems. The organization should be aware that: A. Maximum unauthorized access would be possible if a password is disclosed. B. User access rights would be restricted by the additional security parameters. C. The security administrator?s workload would increase. D. User access rights would be increased.
Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.
Which of the following tests confirm that the new system can operate in its target environment? A. Sociability testing B. Regression testing C. Validation testing D. Black box testing
A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced? A. Verifying production to customer orders B. Logging all customer orders in the ERP system C. Using hash totals in the order transmitting process D. Approving (production supervisor) orders prior to production
A web-based bookstore has included the customer relationship management (CRM) system in its operations. An IS auditor has been assigned to perform a call center review. Which of the following is the MOST appropriate first step for the IS auditor to take? A. Review the company's performance since the CRM was implemented. B. Review the IT strategy. C. Understand the business focus of the bookstore. D. Interview salespeople and supervisors.
A network diagnostic tool that monitors and records network information is a/an: A. online monitor. B. downtime report. C. help desk report. D. protocol analyzer.
Cisco Certifications 
