During an audit, an IS auditor learns that lengthy and
complex passwords are required to reach the network via
modem. These passwords were established by an outside
provider. The communications software allows users to select
a ?remember password? option. What should the IS auditor's
PRIMARY recommendation be?
A. Disable the save password option and have users record
them elsewhere.
B. Request that the provider change the dial-in password to
a group password.
C. Establish and enforce a process to have users change
their passwords.
D. Allow users to change their passwords to something less
complex.
- 1 Answers
- 4085 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Requiring users to change their passwords is a user account
management process. Passwords are a form of shared secrets,
useful only if they are secret. Having users select
something memorable is preferable to having it saved on the
machine. Disabling the save password option, would minimize
the ease or access by unauthorized persons with access to
the hardware. However, having users write their passwords
down or included in a file on their machine defeats the
purpose of having a complex password. Requesting the
provider to change the password to a group password would
decrease the usefulness of the audit trail and therefore the
ability to hold individual users accountable. Allowing users
to change their passwords is a better suggestion. However,
if users are not forced to do this on a periodic basis, this
also defeats the purpose.
| Is This Answer Correct ? | 8 Yes | 0 No |
An IS auditor reviews an organization chart PRIMARILY for: A. an understanding of workflows. B. investigating various communication channels. C. understanding the responsibilities and authority of individuals. D. investigating the network connected to different employees.
Which of the following fire suppressant systems would an IS auditor expect to find when conducting an audit of an unmanned computer center? A. Carbon dioxide B. Halon C. Dry-pipe sprinkler D. Wet-pipe sprinkler
Which of the following is MOST important to have provided for in a disaster recovery plan? A. Backup of compiled object programs B. Reciprocal processing agreement C. Phone contact list D. Supply of special forms
If inadequate, which of the following would be the MOST likely contributor to a denial-of-service attack? A. Router configuration and rules B. Design of the internal network C. Updates to the router system software D. Audit testing and review techniques
At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should: A. report the error as a finding and leave further exploration to the auditee's discretion. B. attempt to resolve the error. C. recommend that problem resolution be escalated. D. ignore the error, as it is not possible to get objective evidence for the software error.
The database administrator has recently informed you of the decision to disable certain normalization controls in the database management system (DBMS) software to provide users with increased query performance. This will MOST likely increase the risk of: A. loss of audit trails. B. redundancy of data. C. loss of data integrity. D. unauthorized access to data.
There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is: A. alternative routing. B. diverse routing. C. long-haul network diversity. D. last mile circuit protection.
The PRIMARY benefit of database normalization is the: A. minimization redundancy of information in tables required to satisfy users? needs. B. ability to satisfy more queries. C. maximization of database integrity by providing information in more than one table. D. minimization of response time through faster processing of information.
The MOST appropriate person to chair the steering committee for a system development project with significant impact on a business area would be the: A. business analyst. B. chief information officer. C. project manager. D. executive level manager.
Which of the following group/individuals should assume overall direction and responsibility for costs and timetables of system development projects? A. User management B. Project steering committee C. Senior management D. Systems development management
Which of the following provides a mechanism for coding and compiling programs interactively? A. Firmware B. Utility programs C. Online programming facilities D. Network management software
A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing? A. Unit testing B. Integration testing C. Design walk-throughs D. Configuration management
Cisco Certifications 
