When conducting an audit of client/server database security,
the IS auditor would be MOST concerned about the
availability of:
A. system utilities.
B. application program generators.
C. system security documentation.
D. access to stored procedures.
- 2 Answers
- 8048 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
System utilities may enable unauthorized changes to be made
to data on the client-server database. In an audit of
database security, the controls over such utilities would be
the primary concern of the IS auditor. Application program
generators are an intrinsic part of client-server
technology, and the IS auditor would evaluate the controls
over the generators access rights to the database rather
than their availability. Security documentation should be
restricted to authorized security staff, but this is not a
primary concern, nor is access to stored procedures.
| Is This Answer Correct ? | 12 Yes | 1 No |
An IS auditor when reviewing a network used for Internet communications, will FIRST examine the: A. validity of passwords change occurrences. B. architecture of the client-server application. C. network architecture and design. D. firewall protection and proxy servers.
When selecting software, which of the following business and technical issues is the MOST important to be considered? A. Vendor reputation B. Requirements of the organization C. Cost factors D. Installed base
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
Which of the following would be MOST appropriate to ensure the confidentiality of transactions initiated via the Internet? A. Digital signature B. Data encryption standard (DES) C. Virtual private network (VPN) D. Public key encryption
Which of the following normally would be the MOST reliable evidence for an auditor? A. A confirmation letter received from a third party verifying an account balance B. Assurance from line management that an application is working as designed C. Trend data obtained from World Wide Web (Internet) sources D. Ratio analysis developed by the IS auditor from reports supplied by line management
An Internet-based attack using password sniffing can: A. enable one party to act as if they are another party. B. cause modification to the contents of certain transactions. C. be used to gain access to systems containing proprietary information. D. result in major problems with billing systems and transaction processing agreements.
The purpose of debugging programs is to: A. generate random data that can be used to test programs before implementing them. B. protect, during the programming phase, valid changes from being overwritten by other changes. C. define the program development and maintenance costs to be include in the feasibility study. D. ensure that program abnormal terminations and program coding flaws are detected and corrected.
In a TCP/IP-based network, an IP address specifies a: A. network connection. B. router/gateway. C. computer in the network. D. device on the network.
The method of routing traffic through split cable facilities or duplicate cable facilities is called: A. alternative routing. B. diverse routing. C. redundancy. D. circular routing.
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.
Which of the following is a benefit of using callback devices? A. Provide an audit trail B. Can be used in a switchboard environment C. Permit unlimited user mobility D. Allow call forwarding
Cisco Certifications 
