Naming conventions for system resources are important for
access control because they:
A. ensure that resource names are not ambiguous.
B. reduce the number of rules required to adequately protect
resources.
C. ensure that user access to resources is clearly and
uniquely identified.
D. ensure that internationally recognized names are used to
protect resources.
- 1 Answers
- 8743 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Naming conventions for system resources are important for
efficient administration of security controls. The
conventions can be structured so that resources beginning
with the same high-level qualifier can be governed by one or
more generic rules. This reduces the number of rules
required to adequately protect resources, which in turn
facilitates security administration and maintenance efforts.
Reducing the number of rules required to protect resources
allows for the grouping of resources and files by
application, which makes it easier to provide access.
Ensuring that resource names are not ambiguous can not be
achieved through the use of naming conventions. Ensuring the
clear and unique identification of user access to resources
is handled by access control rules, not naming conventions.
Internationally recognized names are not required to control
access to resources. It tends to be based on how each
organization wants to identify its resources.
| Is This Answer Correct ? | 7 Yes | 0 No |
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is: A. an independent review of the transaction listing. B. a programmed edit check to prevent entry of invalid data. C. programmed reasonableness checks with 20 percent data entry range. D. a visual verification of data entered by the processing department.
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should: A. compute the amortization of the related assets. B. calculate a return on investment (ROI). C. apply a qualitative approach. D. spend the time needed to define exactly the loss amount.
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure (PKI) with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but the certificate authorities (CAs) are not. B. Customers can make their transactions from any computer or mobile device. C. The CA has several data processing subcenters to administer certificates. D. The organization is the owner of the CA.
An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.
Which of the following audit techniques would an IS auditor place the MOST reliance on when determining whether an employee practices good preventive and detective security measures? A. Observation B. Detail testing C. Compliance testing D. Risk assessment
Which of the following is a data validation edit and control? A. Hash totals B. Reasonableness checks C. Online access controls D. Before and after image reporting
In planning an audit, the MOST critical step is the identification of the:
A programmer included a routine into a payroll application to search for his/her own payroll number. As a result, if this payroll number does not appear during the payroll run, a routine will generate and place random numbers onto every paycheck. This routine is known as: A. scavenging. B. data leakage. C. piggybacking. D. a trojan horse.
The BEST method of proving the accuracy of a system tax calculation is by: A. detailed visual review and analysis of the source code of the calculation programs. B. recreating program logic using generalized audit software to calculate monthly totals. C. preparing simulated transactions for processing and comparing the results to predetermined results. D. automatic flowcharting and analysis of the source code of the calculation programs.
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might: A. create new users. B. delete database and log files. C. access the system utility tools. D. access the system writeable directories.
Which of the following satisfies a two-factor user authentication? A. Iris scanning plus finger print scanning B. Terminal ID plus global positioning system (GPS) C. A smart card requiring the user's PIN D. User ID along with password
Cisco Certifications 
