The potential for unauthorized system access by way of
terminals or workstations within an organization's facility
is increased when:
A. connecting points are available in the facility to
connect laptops to the network.
B. users take precautions to keep their passwords confidential.
C. terminals with password protection are located in
unsecured locations.
D. terminals are located within the facility in small
clusters under the supervision of an administrator.
Answer / guest
Answer: A
Any person with wrongful intentions can connect a laptop to
the network. The unsecured connecting points make
unauthorized access possible if the individual has knowledge
of a valid user id and password. The other choices are
controls for preventing unauthorized network access. If
system passwords are not readily available for intruders to
use, they must guess, which introduces an additional factor
and requires time. System passwords provide protection
against unauthorized use of terminals located in unsecured
locations. Supervision is a very effective control when used
to monitor access to a small operating unit or production
resources.
Is This Answer Correct ? | 9 Yes | 0 No |
Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems? A. Proxy server B. Firewall installation C. Network administrator D. Password implementation and administration
In the development of an important application affecting the entire organization, which of the following would be the MOST appropriate project sponsor? A. The information systems manager B. A member of executive management C. An independent management consultant D. The manager of the key user department
In a data warehouse, data quality is achieved by: A. cleansing. B. restructuring. C. source data credibility. D. transformation.
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules
Which of the following database administrator (DBA) activities is unlikely to be recorded on detective control logs? A. Deletion of a record B. Change of a password C. Disclosure of a password D. Changes to access rights
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:
An IS auditor conducting an access controls review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that: A. exposure is greater since information is available to unauthorized users. B. operating efficiency is enhanced since anyone can print any report, any time. C. operating procedures are more effective since information is easily available. D. user friendliness and flexibility is facilitated since there is a smooth flow of information among users.
Which of the following is an implementation risk within the process of decision support systems? A. Management control B. Semistructured dimensions C. Inability to specify purpose and usage patterns D. Changes in decision processes
The Primary purpose of audit trails is to
Which of the following concerns about the security of an electronic message would be addressed by digital signatures? A. Unauthorized reading B. Theft C. Unauthorized copying D. Alteration
IS management has decided to rewrite a legacy customer relations system using fourth-generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs? A. Inadequate screen/report design facilities B. Complex programming language subsets C. Lack of portability across operating systems D. Inability to perform data intensive operations
An organization has been an Internet user for several years and the business plan now calls for initiating e-commerce via web-based transactions. Which of the following will LEAST impact transactions in e-commerce? A. Encryption is required B. Timed authentication is required C. Firewall architecture hides the internal network D. Traffic is exchanged through the firewall at the application layer only