Which of the following should be included in an
organization's IS security policy?
A. A list of key IT resources to be secured
B. The basis for access authorization
C. Identity of sensitive security features
D. Relevant software security features
- 1 Answers
- 10654 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The security policy provides the broad framework of
security, as laid down and approved by the senior
management. It includes a definition of those authorized to
grant access and the basis for granting the access. Choices
A, B and C are more detailed than that which should be
included in a policy.
| Is This Answer Correct ? | 4 Yes | 0 No |
In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether: A. there is an integration of IS and business staffs within projects. B. there is a clear definition of the IS mission and vision. C. there is a strategic information technology planning methodology in place. D. the plan correlates business objectives to IS goals and objectives.
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:
Electromagnetic emissions from a terminal represent an exposure because they: A. affect noise pollution. B. disrupt processor functions. C. produce dangerous levels of electric current. D. can be detected and displayed.
The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.
An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that in the event of an emergency it can be easily found. C. should be located in proximity to the originating site so that it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
An IS auditor needs to link his/her microcomputer to a mainframe system that uses binary synchronous data communications with block data transmission. However, the IS auditor's microcomputer, as presently configured, is capable of only asynchronous ASCII character data communications. Which of the following must be added to the IS auditor's computer to enable it to communicate with the mainframe system? A. Buffer capacity and parallel port B. Network controller and buffer capacity C. Parallel port and protocol conversion D. Protocol conversion and buffer capability
An organization has outsourced network and desktop support. Although the relationship has been reasonably successful, risks remain due to connectivity issues. Which of the following controls should FIRST be performed to assure the organization reasonably mitigates these possible risks? A. Network defense program B. Encryption/Authentication C. Adequate reporting between organizations D. Adequate definition in contractual relationship
IS auditors who have participated in the development of an application system might have their independence impaired if they: A. perform an application development review. B. recommend control and other system enhancements. C. perform an independent evaluation of the application after its implementation. D. are involved actively in the design and implementation of the application system.
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning
When implementing and application software package, which of the following presents the GREATEST risk? A. Uncontrolled multiple software versions B. Source programs that are not synchronized with object code C. Incorrectly set parameters D. Programming errors
A vendor/contractor?s performance against service level agreements must be evaluated by the: A. customer. B. contractor. C. third-party. D. contractor?s management.
When a new system is to be implemented within a short time frame, it is MOST important to: A. finish writing user manuals. B. perform user acceptance testing. C. add last-minute enhancements to functionalities. D. ensure that code has been documented and reviewed.
Cisco Certifications 
