Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following exposures associated with the
spooling of sensitive reports for offline printing would an
IS auditor consider to be the MOST serious?
A. Sensitive data can be read by operators.
B. Data can be amended without authorization.
C. Unauthorized report copies can be printed.
D. Output can be lost in the event of system failure.
- 2 Answers
- 9823 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: C
Unless controlled, spooling for offline printing may enable
additional copies to be printed. Print files are unlikely to
be available for online reading by operators. Data on spool
files are no easier to amend without authority than any
other file. There is usually a lesser threat of unauthorized
access to sensitive reports in the event of a system failure.
| Is This Answer Correct ? | 5 Yes | 0 No |
The process of using interpersonal communication skills to get unauthorized access to company assets is called: A. wire tapping. B. trap doors. C. war dialing. D. social engineering.
Which of the following provides the GREATEST assurance of message authenticity? A. The pre-hash code is derived mathematically from the message being sent. B. The pre-hash code is encrypted using the sender's private key. C. Encryption of the pre-hash code and the message using the secret key. D. Sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority.
An IS auditor is reviewing the change management process for an enterprise resource planning (ERP) application. Which of the following is the BEST method for testing program changes? A. Select a sample of change tickets and review them for authorization. B. Perform a walk-through by tracing a program change from start to finish. C. Trace a sample of modified programs to supporting change tickets. D. Use query software to analyze all change tickets for missing fields.
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.
Which of the following functions would be acceptable for the security administrator to perform in addition to his/her normal functions? A. Systems analyst B. Quality assurance C. Computer operator D. Systems programmer
The MOST important responsibility of a data security officer in an organization is: A. recommending and monitoring data security policies. B. promoting security awareness within the organization. C. establishing procedures for IT security policies. D. administering physical and logical access controls.
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules
Which of the following is intended to detect the loss or duplication of input? A. Hash totals B. Check digits C. Echo checks D. Transaction codes
During an audit of the tape management system at a data center, an IS auditor discovered that parameters are set to bypass or ignore the labels written on tape header records. The IS auditor also determined that effective staging and job setup procedures were in place. In this situation, the IS auditor should conclude that the: A. tape headers should be manually logged and checked by the operators. B. staging and job setup procedures are not appropriate compensating controls. C. staging and job setup procedures compensate for the tape label control weakness. D. tape management system parameters must be set to check all labels.
In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the: A. registration authority (RA). B. issuing certification authority (CA). C. subject CA. D. policy management authority.
Cisco Certifications 
