Which of the following is a strength of a client-server
security system?
A. Change control and change management procedures are
inherently strong.
B. Users can manipulate data without controlling resources
on the mainframe.
C. Network components seldom become obsolete.
D. Access to confidential data or data manipulation is
controlled tightly.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
Among the choices the only strength associated with a
client-server system is that users can manipulate and change
data without controlling resources on the mainframe. All
other answers are false and are disadvantages of a
client-server system.
Is This Answer Correct ? | 6 Yes | 3 No |
Answer / ghosty
How in the world "Users can manipulate data without controlling resources on the mainframe" is a Strength? The answer posted is wrong. The correct answer should be D. The question is referring to a Strength in security and controlling access to confidential data or data manipulation is a strength of a client-server security system.
Is This Answer Correct ? | 1 Yes | 0 No |
Which of the following audit techniques would an IS auditor place the MOST reliance on when determining whether an employee practices good preventive and detective security measures? A. Observation B. Detail testing C. Compliance testing D. Risk assessment
Receiving an EDI transaction and passing it through the communications interface stage usually requires: A. translating and unbundling transactions. B. routing verification procedures. C. passing data to the appropriate application system. D. creating a point of receipt audit log.
Which of the following is necessary to have FIRST in the development of a business continuity plan? A. Risk-based classification of systems B. Inventory of all assets C. Complete documentation of all disasters D. Availability of hardware and software
An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to: A. have its audit independence questioned. B. report more business-oriented and relevant findings. C. enhance the implementation of the auditor's recommendations. D. result in more effective action being taken on the recommendations.
The use of coding standards is encouraged by IS auditors because they: A. define access control tables. B. detail program documentation. C. standardize dataflow diagram methodology. D. ensure compliance with field naming conventions.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.
Which of the following MUST exist to ensure the viability of a duplicate information processing facility? A. The site is near the primary site to ensure quick and efficient recovery. B. The site contains the most advanced hardware available. C. The workload of the primary site is monitored to ensure adequate backup is available. D. The hardware is tested when it is installed to ensure it is working properly.
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? A. Allow changes to be made only with the DBA user account. B. Make changes to the database after granting access to a normal user account C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.