Interested to Buy Any Domain ? << Click Here >> for more details...
Naming conventions for system resources are important for
access control because they:
A. ensure that resource names are not ambiguous.
B. reduce the number of rules required to adequately protect
resources.
C. ensure that user access to resources is clearly and
uniquely identified.
D. ensure that internationally recognized names are used to
protect resources.
- 1 Answers
- 9585 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Naming conventions for system resources are important for
efficient administration of security controls. The
conventions can be structured so that resources beginning
with the same high-level qualifier can be governed by one or
more generic rules. This reduces the number of rules
required to adequately protect resources, which in turn
facilitates security administration and maintenance efforts.
Reducing the number of rules required to protect resources
allows for the grouping of resources and files by
application, which makes it easier to provide access.
Ensuring that resource names are not ambiguous can not be
achieved through the use of naming conventions. Ensuring the
clear and unique identification of user access to resources
is handled by access control rules, not naming conventions.
Internationally recognized names are not required to control
access to resources. It tends to be based on how each
organization wants to identify its resources.
| Is This Answer Correct ? | 7 Yes | 0 No |
When auditing a mainframe operating system, what would the IS auditor do to establish which control features are in operation? A. Examine the parameters used when the system was generated B. Discuss system parameter options with the vendor C. Evaluate the systems documentation and installation guide D. Consult the systems programmers
Connection-oriented protocols in the TCP/IP suite are implemented in the: A. transport layer. B. application layer. C. physical layer. D. network layer.
A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy: A. payroll reports should be compared to input forms. B. gross payroll should be recalculated manually. C. checks (cheques) should be compared to input forms. D. checks (cheques) should be reconciled with output reports.
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
The risk of an IS auditor using an inadequate test procedure and concluding that material errors do not exist when, in fact, they exist is:
Which of the following is the primary purpose for conducting parallel testing? A. To determine if the system is cost-effective. B. To enable comprehensive unit and system testing. C. To highlight errors in the program interfaces with files. D. To ensure the new system meets user requirements.
The initial step in establishing an information security program is the: A. development and implementation of an information security standards manual. B. performance of a comprehensive security control review by the IS auditor. C. adoption of a corporate information security policy statement. D. purchase of security access control software.
When conducting an audit of client/server database security, the IS auditor would be MOST concerned about the availability of: A. system utilities. B. application program generators. C. system security documentation. D. access to stored procedures.
What type of transmission requires modems? A. Encrypted B. Digital C. Analog D. Modulated
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same? A. A substantive test of program library controls B. A compliance test of program library controls C. A compliance test of the program compiler controls D. A substantive test of the program compiler controls
An organization acquiring other businesses continues using its legacy EDI systems, and uses three separate value added network (VAN) providers. No written VAN agreements exist. The IS auditor should recommend that management: A. obtain independent assurance of the third party service providers. B. set up a process for monitoring the service delivery of the third party. C. ensure that formal contracts are in place. D. consider agreements with third party service providers in the development of continuity plans.
During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.
Cisco Certifications 
