A data center has a badge-entry system. Which of the
following is MOSTimportant to protect the computing assets
in the center?
A. Badge readers are installed in locations where tampering
would be noticed
B. The computer that controls the badge system is backed up
frequently
C. A process for promptly deactivating lost or stolen badges
exists
D. All badge entry attempts are logged
Answers were Sorted based on User's Feedback
Answer / baboo
The badge entry system is an access control mecahnism, which helps protect company assest by providing access based on business needs. The process of removing logical access when the badge is lost/employee leaves the organisation, contributes MOST to protection of assets.
Choice A, Tampering of badges is very difficult practically and may not be a feasible option.
Choice D, Logging is not a control. Reviewing logs is a control.
Backing up badge system is would not protect the organisation assets.
Is This Answer Correct ? | 8 Yes | 1 No |
Answer / abir
C. A process for promptly deactivating lost or stolen badges exists
Is This Answer Correct ? | 1 Yes | 0 No |
Answer / dinesh
The choices A,C and D are important to protect the assets
in data center. The question might be Which one is "Least
important". Kindly clarify.
Is This Answer Correct ? | 0 Yes | 2 No |
Answer / guest
Choice D appears to be the appropriate answer in the sense that all badge entry attempts, successful or not are logged. This log can be reviewed for any malicious attempt to access the data center
Is This Answer Correct ? | 0 Yes | 4 No |
Answer / s.arun
The computer that controls the badge system is backed up
frequently
Is This Answer Correct ? | 0 Yes | 6 No |
A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.
Which of the following situations would increase the likelihood of fraud? A. Application programmers are implementing changes to production programs. B. Application programmers are implementing changes to test programs. C. Operations support staff are implementing changes to batch schedules. D. Database administrators are implementing changes to data structures.
An organization is proposing to install a single sign-on facility giving access to all systems. The organization should be aware that: A. Maximum unauthorized access would be possible if a password is disclosed. B. User access rights would be restricted by the additional security parameters. C. The security administrator?s workload would increase. D. User access rights would be increased.
Losses can be minimized MOST effectively by using outside storage facilities to do which of the following? A. Provide current, critical information in backup files B. Ensure that current documentation is maintained at the backup facility C. Test backup hardware D. Train personnel in backup procedures
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: A. users may prefer to use contrived data for testing. B. unauthorized access to sensitive data may result. C. error handling and credibility checks may not be fully proven. D. full functionality of the new process is not necessarily tested.
In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether: A. there is an integration of IS and business staffs within projects. B. there is a clear definition of the IS mission and vision. C. there is a strategic information technology planning methodology in place. D. the plan correlates business objectives to IS goals and objectives.
An organization has outsourced network and desktop support. Although the relationship has been reasonably successful, risks remain due to connectivity issues. Which of the following controls should FIRST be performed to assure the organization reasonably mitigates these possible risks? A. Network defense program B. Encryption/Authentication C. Adequate reporting between organizations D. Adequate definition in contractual relationship
Which of the following represents the GREATEST potential risk in an EDI environment? A. Transaction authorization B. Loss or duplication of EDI transmissions C. Transmission delay D. Deletion or manipulation of transactions prior to or after establishment of application controls
The PRIMARY objective of a firewall is to protect: A. internal systems from exploitation by external threats. B. external systems from exploitation by internal threats. C. internal systems from exploitation by internal threats. D. itself and attached systems against being used to attack other systems.
Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster? A. The alternate facility will be available until the original information processing facility is restored. B. User management was involved in the identification of critical systems and their associated critical recovery times. C. Copies of the plan are kept at the homes of key decision making personnel. D. Feedback to management assuring them that the business continuity plans are indeed workable and that the procedures are current.
Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might: A. create new users. B. delete database and log files. C. access the system utility tools. D. access the system writeable directories.