Interested to Buy Any Domain ? << Click Here >> for more details...
Java applets and ActiveX controls are distributed executable
programs that execute in the background of a web browser
client. This practice is considered reasonable when:
A. a firewall exists.
B. a secure web connection is used.
C. the source of the executable is certain.
D. the host website is part of your organization.
- 1 Answers
- 8890 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Acceptance of these mechanisms should be based on
established trust. The control is provided by only knowing
the source and then allowing the acceptance of the applets.
Hostile applets can be received from anywhere. It is
virtually impossible to filter at this level at this time. A
secure web connection or firewall are considered external
defenses. A firewall will find it more difficult to filter a
specific file from a trusted source. A secure web connection
provides confidentiality. Neither can identify an executable
as friendly. Hosting the website as part of the organization
is impractical. Enabling the acceptance of Java and/or
Active X is an all or nothing proposition. The client will
accept the program if the parameters are established to do so.
| Is This Answer Correct ? | 5 Yes | 0 No |
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness? A. Paper test B. Post test C. Preparedness test D. Walk-through
When reviewing a business process reengineering (BPR) project, which of the following is the MOST important for an IS auditor to evaluate? A. The impact of removed controls. B. The cost of new controls. C. The BPR project plans. D. The continuous improvement and monitoring plans.
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
IS auditors, in performing detailed network assessments and access control reviews should FIRST: A. determine the points of entry. B. evaluate users access authorization. C. assess users identification and authorization. D. evaluate the domain-controlling server configuration.
When auditing the requirements phase of a system development project, an IS auditor would: A. assess the adequacy of audit trails. B. identify and determine the criticality of the need. C. verify cost justifications and anticipated benefits. D. ensure that control specifications have been defined.
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.
An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review? A. Controls are implemented based on cost-benefit analysis. B. The risk management framework is based on global standards. C. The approval process for risk response is in place. D. IT risk is presented in business terms.
Which of the following network configuration options contains a direct link between any two host machines? A. Bus B. Ring C. Star D. Completely connected (mesh)
An IS auditor has just completed a review of an organization that has a mainframe and a client-server environment where all production data reside. Which of the following weaknesses would be considered the MOST serious? A. The security officer also serves as the database administrator (DBA.) B. Password controls are not administered over the client/server environment. C. There is no business continuity plan for the mainframe system?s non-critical applications. D. Most LANs do not back up file server fixed disks regularly.
During an IT audit of a large bank, an IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk that the bank is exposed to is that the: A. business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. B. business continuity plan may not include all relevant applications and therefore may lack completeness in terms of its coverage. C. business impact of a disaster may not have been accurately understood by the management. D. business continuity plan may lack an effective ownership by the business owners of such applications.
Cisco Certifications 
