An organization is introducing a single sign-on (SSO)
system. Under the SSO system, users will be required to
enter only one user ID and password for access to all
application systems. Under the SSO system, unauthorized access:
A. is less likely.
B. is more likely.
C. will have a greater impact.
D. will have a smaller impact.
- 1 Answers
- 3716 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The impact will be greater since the hacker needs to know
only one password to gain access to all systems and can,
therefore, cause greater mischief than if only the password
to one of the systems is known. Less likely would be the
correct answer if the single sign-on system were to be
introduced with a stronger form of authentication, such as a
smart card/challenge response system. There is no indication
that the probability of someone attempting to gain access to
systems after introduction of single sign-on is greater than
before. The impact can only be greater, not smaller, since
the access gained is wider.
| Is This Answer Correct ? | 5 Yes | 2 No |
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning
An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely: A. evaluate the record retention plans for off-premises storage. B. interview programmers about the procedures currently being followed. C. compare utilization records to operations schedules. D. review data file access records to test the librarian function.
An integrated test facility is considered a useful audit tool because it: A. is a cost-efficient approach to auditing application controls. B. enables the financial and IS auditors to integrate their audit tests. C. compares processing output with independently calculated data. D. provides the IS auditor with a tool to analyze a large range of information.
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
Which of the following provides a mechanism for coding and compiling programs interactively? A. Firmware B. Utility programs C. Online programming facilities D. Network management software
During a review of a customer master file an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication the IS auditor would use: A. test data to validate data input. B. test data to determine system sort capabilities. C. generalized audit software to search for address field duplications. D. generalized audit software to search for account field duplications.
During which of the following steps in the business process reengineering should the benchmarking team visit the benchmarking partner? A. Observation B. Planning C. Analysis D. Adaptation
To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features that can be implemented in this environment, which of the following makes implementation and maintenance difficult? A. User isolation B. Controlled remote access C. Transparent remote access D. The network environments
Which of the following can identify attacks and penetration attempts to a network? A. Firewall B. Packet filters C. Stateful inspection D. Intrusion detection system (IDs)
Which of the following would be included in an IS strategic plan? A. Specifications for planned hardware purchases B. Analysis of future business objectives C. Target dates for development projects D. Annual budgetary targets for the IS department
The objective of IT governance is to ensure that the IT strategy is aligned with the objectives of (the): A. enterprise. B. IT. C. audit. D. finance.
Cisco Certifications 
