Interested to Buy Any Domain ? << Click Here >> for more details...
The initial step in establishing an information security
program is the:
A. development and implementation of an information security
standards manual.
B. performance of a comprehensive security control review by
the IS auditor.
C. adoption of a corporate information security policy
statement.
D. purchase of security access control software.
- 2 Answers
- 16368 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: C
A policy statement reflects the intent and support provided
by executive management for proper security and establishes
a starting point for developing the security program.
| Is This Answer Correct ? | 8 Yes | 0 No |
Answer / guest
C. adoption of a corporate information security policy
statement.
| Is This Answer Correct ? | 3 Yes | 0 No |
The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
The window of time recovery of information processing capabilities is based on the: A. criticality of the processes affected. B. quality of the data to be processed. C. nature of the disaster. D. applications that are mainframe based.
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
Peer reviews to detect software errors during a program development activity are called: A. emulation techniques. B. structured walk-throughs. C. modular program techniques. D. top-down program construction.
To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review? A. System access log files B. Enabled access control software parameters C. Logs of access control violations D. System configuration files for control options used
When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator? A. READ access to data B. DELETE access to transaction data files C. Logged READ/EXECUTE access to programs D. UPDATE access to job control language/script files
When assessing the portability of a database application, the IS auditor should verify that: A. a structured query language (SQL) is used. B. information import and export procedures with other systems exist. C. indexes are used. D. all entities have a significant name and identified primary and foreign keys.
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
An Internet-based attack using password sniffing can: A. enable one party to act as if they are another party. B. cause modification to the contents of certain transactions. C. be used to gain access to systems containing proprietary information. D. result in major problems with billing systems and transaction processing agreements.
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but not the certificate authorities. B. Customers can make their transactions from any computer or mobile device. C. The certificate authority has several data processing subcenters to administrate certificates. D. The organization is the owner of the certificate authority.
Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly? A. Halon gas B. Wet-pipe sprinklers C. Dry-pipe sprinklers D. Carbon dioxide gas
Cisco Certifications 
