Interested to Buy Any Domain ? << Click Here >> for more details...
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that:
A. the users may not remember to manually encrypt the data before transmission.
B. the site credentials were sent to the financial services company via email.
C. personnel at the consulting firm may obtain access to sensitive data.
D. the use of a shared user ID to the FTP site does not allow for user accountability.
- 1 Answers
- 4423 Views
- I also Faced
- E-Mail Answers
the correct answer is A
A. If the data is not encrypted, an unauthorized external party may download sensitive company data.
B. Even though the possibility exists that the logon information was captured from the emails, data should be encrypted, so the theft of the data would not allow the attacker to read it.
C. Some of the employees at the consulting firm will have access to the sensitive data and the consulting firm must have procedures in place to protect the data.
D. Tracing accountability is of minimal concern compared to the compromise of sensitive data.
Question #: 802 CISA Job Practice Task Statement: 5.3
| Is This Answer Correct ? | 4 Yes | 0 No |
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.
Which of the following is LEAST likely to be contained in a digital certificate for the purposes of verification by a trusted third party (TTP)/certification authority (CA)? A. Name of the TTP/CA B. Public key of the sender C. Name of the public key holder D. Time period for which the key is valid
While reviewing an ongoing project, the IS auditor notes that the development team has spent eight hours of activity on the first day against a budget of 24 hours (over three days). The projected time to complete the remainder of the activity is 20 hours. The IS auditor should report that the project: A. is behind schedule. B. is ahead of schedule. C. is on schedule. D. cannot be evaluated until the activity is completed.
Data edits are an example of: A. preventive controls. B. detective controls. C. corrective controls. D. compensating controls.
An IS auditor conducting an access controls review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that: A. exposure is greater since information is available to unauthorized users. B. operating efficiency is enhanced since anyone can print any report, any time. C. operating procedures are more effective since information is easily available. D. user friendliness and flexibility is facilitated since there is a smooth flow of information among users.
The general ledger setup function in an enterprise resource package (ERP) allows for setting accounting periods. Access to this function has been permitted to users in finance, the warehouse and order entry. The MOST likely reason for such broad access is the: A. need to change accounting periods on a regular basis.. B. requirement to post entries for a closed accounting period. C. lack of policies and procedures for the proper segregation of duties. D. need to create/modify the chart of accounts and its allocations.
An audit charter should: A. be dynamic and change often to coincide with the changing nature of technology and the audit profession. B. clearly state audit objectives for the delegation of authority for the maintenance and review of internal controls. C. document the audit procedures designed to achieve the planned audit objectives. D. outline the overall authority, scope and responsibilities of the audit function.
Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.
Which of the following encrypt/decrypt steps provides the GREATEST assurance in achieving confidentiality, message integrity and nonrepudiation by either sender or recipient? A. The recipient uses his/her private key to decrypt the secret key. B. The encrypted pre-hash code and the message are encrypted using a secret key. C. The encrypted pre-hash code is derived mathematically from the message to be sent. D. The recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code.
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
During which of the following steps in the business process reengineering should the benchmarking team visit the benchmarking partner? A. Observation B. Planning C. Analysis D. Adaptation
Which of the following is an implementation risk within the process of decision support systems? A. Management control B. Semistructured dimensions C. Inability to specify purpose and usage patterns D. Changes in decision processes
Cisco Certifications 
