Which of the following is the BEST audit procedure to
determine if a firewall is configured in compliance with an
organization's security policy?
A. Review the parameter settings
B. Interview the firewall administrator
C. Review the actual procedures
D. Review the device's log file for recent attacks
- 1 Answers
- 7422 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
A review of the parameter settings will provide a good basis
for comparison of the actual configuration to the security
policy and will provide audit evidence documentation. The
other choices do not provide as strong audit evidence as
choice A.
| Is This Answer Correct ? | 9 Yes | 0 No |
Which of the following would an IS auditor expect to find in a console log? A. Names of system users B. Shift supervisor identification C. System errors D. Data edit errors
The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when: A. connecting points are available in the facility to connect laptops to the network. B. users take precautions to keep their passwords confidential. C. terminals with password protection are located in unsecured locations. D. terminals are located within the facility in small clusters under the supervision of an administrator.
Change management procedures are established by IS management to: A. control the movement of applications from the test environment to the production environment. B. control the interruption of business operations from lack of attention to unresolved problems. C. ensure the uninterrupted operation of the business in the event of a disaster. D. verify that system changes are properly documented.
Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly? A. Using key verification B. Segregating the data entry function from data entry verification C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks D. Adding check digits
IT governance ensures that an organization aligns its IT strategy with: A. Enterprise objectives. B. IT objectives. C. Audit objectives. D. Finance objectives.
Which of the following would be the BEST population to take a sample from when testing program changes? A. Test library listings B. Source program listings C. Program change requests D. Production library listings
In a client-server architecture, a domain name service (DNS) is MOST important because it provides the: A. address of the domain server. B. resolution service for the name/address. C. IP addresses for the Internet. D. domain name system.
Which of the following is an objective of a control self-assessment (CSA) program? A. Audit responsibility enhancement B. Problem identification C. Solution brainstorming D. Substitution for an audit
Which of the following audit procedures would MOST likely be used in an audit of a systems development project? A. Develop test transactions B. Use code comparison utilities C. Develop audit software programs D. Review functional requirements documentation
A validation which ensures that input data are matched to predetermined reasonable limits or occurrence rates, is known as: A. Reasonableness check. B. Validity check. C. Existence check. D. Limit check.
Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit? A. A hot site is contracted for and available as needed. B. A business continuity manual is available and current. C. Insurance coverage is adequate and premiums are current. D. Media backups are performed on a timely basis and stored offsite.
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization? A. Virtual private network B. Dedicated line C. Leased line D. Integrated services digital network
Cisco Certifications 
