Interested to Buy Any Domain ? << Click Here >> for more details...
The management of an organization has decided to establish a
security awareness program. Which of the following would
MOST likely be a part of the program?
A. Utilization of an intrusion detection system to report
incidents.
B. Mandating the use of passwords to access all software.
C. Installing an efficient user log system to track the
actions of each user
D. Provide training on a regular basis to all current and
new employees.
- 1 Answers
- 10347 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
Utilizing an intrusion detection system to report on
incidents that occur is an implementation of a security
program and is not effective in establishing a security
awareness program. Choices B and C do not address awareness.
Training is the only choice that is directed at security
awareness.
| Is This Answer Correct ? | 7 Yes | 0 No |
An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that in the event of an emergency it can be easily found. C. should be located in proximity to the originating site so that it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
Capacity monitoring software is used to ensure: A. maximum use of available capacity. B. that future acquisitions meet user needs. C. concurrent use by a large number of users. D. continuity of efficient operations.
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:
Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called: A. feedback error control. B. block sum check. C. forward error control. D. cyclic redundancy check.
During an IT audit of a large bank, an IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk that the bank is exposed to is that the: A. business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. B. business continuity plan may not include all relevant applications and therefore may lack completeness in terms of its coverage. C. business impact of a disaster may not have been accurately understood by the management. D. business continuity plan may lack an effective ownership by the business owners of such applications.
Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
IS management has decided to rewrite a legacy customer relations system using fourth-generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs? A. Inadequate screen/report design facilities B. Complex programming language subsets C. Lack of portability across operating systems D. Inability to perform data intensive operations
When logging on to an online system, which of the following processes would the system perform FIRST? A. Initiation B. Verification C. Authorization D. Authentication
An IS auditor conducting an access controls review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that: A. exposure is greater since information is available to unauthorized users. B. operating efficiency is enhanced since anyone can print any report, any time. C. operating procedures are more effective since information is easily available. D. user friendliness and flexibility is facilitated since there is a smooth flow of information among users.
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
The reason for having controls in an IS environment: A. remains unchanged from a manual environment, but the implemented control features may be different. B. changes from a manual environment, therefore the implemented control features may be different. C. changes from a manual environment, but the implemented control features will be the same. D. remains unchanged from a manual environment and the implemented control features will also be the same.
The window of time recovery of information processing capabilities is based on the: A. criticality of the processes affected. B. quality of the data to be processed. C. nature of the disaster. D. applications that are mainframe based.
Cisco Certifications 
