Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is the initial step in creating a
firewall policy?
A. A cost-benefits analysis of methods for securing the
applications
B. Identification of network applications to be externally
accessed
C. Identification of vulnerabilities associated with network
applications to be externally accessed
D. Creation of an applications traffic matrix showing
protection methods
- 1 Answers
- 12936 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Identification of the applications required across the
network should be identified first. After identification,
depending on the physical location of these applications in
the network and the network model, the person in-charge will
be able to understand the need and possible ways of
controlling access to these applications. Identifying
methods to protect against identified vulnerabilities and
their comparative cost-benefit analysis is the third step.
Having identified the applications, the next step is to
identify vulnerabilities (weaknesses) associated with the
network applications. The next step is to analyze the
application traffic and create a matrix showing how each
type of traffic will be protected.
| Is This Answer Correct ? | 10 Yes | 1 No |
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? A. Allow changes to be made only with the DBA user account. B. Make changes to the database after granting access to a normal user account C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.
In the ISO/OSI model, which of the following protocols is the FIRST to establish security for the user application? A. Session layer. B. Transport layer C. Network layer D. Presentation layer
Authentication is the process by which the: A. system verifies that the user is entitled to input the transaction requested. B. system verifies the identity of the user. C. user identifies himself to the system. D. user indicates to the system that the transaction was processed correctly.
Which of the following describes a difference between unit testing and system testing? A. Unit testing is more comprehensive. B. Programmers are not involved in system testing. C. System testing relates to interfaces between programs. D. System testing proves user requirements are complete.
The PRIMARY reason for using digital signatures is to ensure data: A. confidentiality. B. integrity. C. availability. D. timeliness.
Which of these has the potential to improve security incident response processes? A. Review the incident response procedures. B. Post-mortem or post-event reviews by the security team. C. Getting the hot-site ready. D. Reviw the BCP plan every six months
Which of the following is a control to detect an unauthorized change in a production environment? A. Denying programmers access to production data. B. Requiring change request to include benefits and costs. C. Periodically comparing control and current object and source programs. D. Establishing procedures for emergency changes.
Which of the following BEST describes the objectives of following a standard system development methodology? A. To ensure that appropriate staffing is assigned and to provide a method of controlling costs and schedules B. To provide a method of controlling costs and schedules and to ensure communication among users, IS auditors, management and IS personnel C. To provide a method of controlling costs and schedules and an effective means of auditing project development D. To ensure communication among users, IS auditors, management and personnel and to ensure that appropriate staffing is assigned
When using public key encryption to secure data being transmitted across a network: A. both the key used to encrypt and decrypt the data are public. B. the key used to encrypt is private, but the key used to decrypt the data is public. C. the key used to encrypt is public, but the key used to decrypt the data is private. D. both the key used to encrypt and decrypt the data are private.
Which of the following groups should assume ownership of a systems development project and the resulting system? A. User management B. Senior management C. Project steering committee D. Systems development management
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
Cisco Certifications 
