IS auditors reviewing access control should review data
classification to ensure that encryption parameters are
classified as:
A. sensitive.
B. confidential.
C. critical.
D. private.
Answer / guest
Answer: A
Sensitive applies to information that requires special
precautions to assure the integrity of the information, by
protecting it from unauthorized modification or deletion,
hence, encryption parameters should be classified as
sensitive. Confidential applies to the most sensitive
business information that is intended strictly for use
within an organization. Critical applies to information that
is an important to the organization's business objectives.
Private applies to personal information that is intended for
use within an organization.
Is This Answer Correct ? | 5 Yes | 0 No |
During an IT audit of a large bank, an IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk that the bank is exposed to is that the: A. business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. B. business continuity plan may not include all relevant applications and therefore may lack completeness in terms of its coverage. C. business impact of a disaster may not have been accurately understood by the management. D. business continuity plan may lack an effective ownership by the business owners of such applications.
Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
Congestion control is BEST handled by which OSI layer? A. Data link B. Session layer C. Transport layer D. Network layer
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:
Which of the following controls would provide the GREATEST assurance of database integrity? A. Audit log procedures B. Table link/reference checks C. Query/table access time checks D. Rollback and rollforward database features
A control log basic to a real-time application system is a(n): A. audit log. B. console log. C. terminal log. D. transaction log.
Which of the following independent duties is traditionally performed by the data control group? A. Access to data B. Authorization tables C. Custody of assets D. Reconciliation
A data warehouse is: A. object orientated. B. subject orientated. C. departmental specific. D. a volatile databases.
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP). B. A digital signature with RSA has been implemented. C. Digital certificates with RSA are being used. D. Work is being completed in.TCP services.
Which of the following is a control over component communication failure/errors? A. Restricting operator access and maintaining audit trails B. Monitoring and reviewing system engineering activity C. Providing network redundancy D. Establishing physical barriers to the data transmitted over the network