Which of the following types of firewalls provide the
GREATEST degree and granularity of control?
A. Screening router
B. Packet filter
C. Application gateway
D. Circuit gateway
- 1 Answers
- 13150 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The application gateway is similar to a circuit gateway, but
it has specific proxies for each service. To be able to
handle web services it has an HTTP proxy, which acts as an
intermediary between externals and internals, but
specifically for HTTP. This means that it not only checks
the packet IP addresses (layer 3) and the ports it is
directed to (in this case port 80, layer 4), it also checks
every http command (layer 5 and 7). Therefore, it works in a
more detailed (granularity) way than the others. Screening
router and packet filter (choices A and B) basically work at
the protocol, service and/or port level. This means that
they analyze packets from layers 3 and 4 (not from higher
levels). A circuit-gateway (choice D) is based on a proxy or
program that acts as an intermediary between external and
internal accesses. This means that, during an external
access, instead of opening a single connection to the
internal server, two connections are established-one from
the external to the proxy (which conforms the
circuit-gateway) and one from the proxy to the internal.
Layers 3 and 4 (IP and TCP) and some general features from
higher protocols are used to perform these tasks.
| Is This Answer Correct ? | 5 Yes | 1 No |
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:
An IS auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late-night shift a month as the senior computer operator. The MOST appropriate course of action for the IS auditor is to: A. advise senior management of the risk involved. B. agree to work with the security officer on these shifts as a form of preventative control. C. develop a computer-assisted audit technique to detect instances of abuses of this arrangement. D. review the system log for each of the late-night shifts to determine whether any irregular actions occurred.
Which of the following is the MOST fundamental step in effectively preventing a virus attack? A. Executing updated antivirus software in the background on a periodic basis B. Buying standard antivirus software, which is installed on all servers and workstations C. Ensuring that all software is checked for a virus in a separate PC before being loaded into the production environment D. Adopting a comprehensive antivirus policy and communicating it to all users
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? A. Function point analysis B. PERT chart C. Rapid application development D. Object-oriented system development
Which of the following normally would be the MOST reliable evidence for an auditor? A. A confirmation letter received from a third party verifying an account balance B. Assurance from line management that an application is working as designed C. Trend data obtained from World Wide Web (Internet) sources D. Ratio analysis developed by the IS auditor from reports supplied by line management
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? A. Review software migration records and verify approvals. B. Identify changes that have occurred and verify approvals. C. Review change control documentation and verify approvals. D. Ensure that only appropriate staff can migrate changes into production.
The success of control self-assessment (CSA) depends highly on: A. Having line managers assume a portion of the responsibility for control monitoring. B. Assigning staff managers the responsibility for building, but not monitoring, controls. C. The implementation of stringent control policy and rule- driven controls. D. The implementation of supervision and the monitoring of control assigned duties
Which of the following can be used to verify output results and control totals by matching them against the input data and control totals? A. Batch header forms B. Batch balancing C. Data conversion error corrections D. Access controls over print spools
Which of the following would be included in an IS strategic plan? A. Specifications for planned hardware purchases B. Analysis of future business objectives C. Target dates for development projects D. Annual budgetary targets for the IS department
Which of the following represents the GREATEST potential risk in an EDI environment? A. Transaction authorization B. Loss or duplication of EDI transmissions C. Transmission delay D. Deletion or manipulation of transactions prior to or after establishment of application controls
Controls designed to ensure that unauthorized changes are not made to information residing in a computer file are known as: A. data security controls. B. implementation controls. C. program security controls. D. computer operations controls.
Cisco Certifications 
