Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is the BEST audit procedure to
determine if a firewall is configured in compliance with an
organization's security policy?
A. Review the parameter settings
B. Interview the firewall administrator
C. Review the actual procedures
D. Review the device's log file for recent attacks
- 1 Answers
- 8132 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
A review of the parameter settings will provide a good basis
for comparison of the actual configuration to the security
policy and will provide audit evidence documentation. The
other choices do not provide as strong audit evidence as
choice A.
| Is This Answer Correct ? | 9 Yes | 0 No |
In a data warehouse, data quality is achieved by: A. cleansing. B. restructuring. C. source data credibility. D. transformation.
The MOST appropriate person to chair the steering committee for a system development project with significant impact on a business area would be the: A. business analyst. B. chief information officer. C. project manager. D. executive level manager.
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
The PRIMARY reason for using digital signatures is to ensure data: A. confidentiality. B. integrity. C. availability. D. timeliness.
An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. internal control procedures. B. user acceptance test schedules. C. adequacy of the user training program. D. clerical processes for resubmission of rejected items.
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
The MOST significant level of effort for business continuity planning (BCP) generally is required during the: A. testing stage. B. evaluation stage. C. maintenance stage. D. early stages of planning.
Which of the following would be of the LEAST value to an IS auditor attempting to gain an understanding of an organization's IT process? A. IT planning documents with deliverables and performance results B. Policies and procedures relating to planning, managing, monitoring and reporting on performance C. Prior audit reports D. Reports of IT functional activities
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
A vendor/contractor?s performance against service level agreements must be evaluated by the: A. customer. B. contractor. C. third-party. D. contractor?s management.
Confidential data residing on a PC is BEST protected by: A. a password. B. file encryption. C. removable diskettes. D. a key operated power source.
Cisco Certifications 
