Which of the following controls would BEST detect intrusion?
A. User ids and user privileges are granted through
authorized procedures.
B. Automatic logoff is used when a workstation is inactive
for a particular period of time.
C. Automatic logoff of the system after a specified number
of unsuccessful attempts.
D. Unsuccessful logon attempts are monitored by the security
administrator.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
IIntrusion is detected by the active monitoring and review
of unsuccessful logons. User ids and the granting of user
privileges defines a policy, not a control. Automatic logoff
is a method of preventing access on inactive terminals and
is not a detective control. Unsuccessful attempts to log on
is a method for preventing intrusion, not detecting.
| Is This Answer Correct ? | 6 Yes | 1 No |
Which of the following would contribute MOST to an effective business continuity plan (BCP)? The BCP: A. document was circulated to all interested parties. B. planning involved all user departments. C. was approved by senior management. D. was audited by an external IS auditor.
For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback
An IS auditor performing a review of the backup processing facilities should be MOST concerned that: A. adequate fire insurance exists. B. regular hardware maintenance is performed. C. offsite storage of transaction and master files exists. D. backup processing facilities are tested fully.
Which of the following is the MOST important reason for an IS auditor to be involved in a system development project? A. Evaluate the efficiency of resource utilization. B. Develop audit programs for subsequent audits of the system. C. Evaluate the selection of hardware to be used by the system. D. Ensure that adequate controls are built into the system during development.
Utility programs that assemble software modules needed to execute a machine instruction application program version are: A. text editors. B. program library managers. C. linkage editors and loaders. D. debuggers and development aids.
Accountability for the maintenance of appropriate security measures over information assets resides with the: A. security administrator. B. systems administrator. C. data and systems owners. D. systems operations group.
Which of the following is critical to the selection and acquisition of the correct operating system software? A. Competitive bids B. User department approval C. Hardware-configuration analysis D. Purchasing department approval
A company disposing of personal computers that once were used to store confidential data should first: A. demagnetize the hard disk. B. low-level format the hard disk. C. delete all data contained on the hard disk. D. defragment the data contained on the hard disk.
Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties? A. Job submission B. Resource management C. Code correction D. Output distribution
The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.
A disaster recovery plan (DRP) for an organization should: A. reduce the length of the recovery time and the cost of recovery. B. increase the length of the recovery time and the cost of recovery. C. reduce the duration of the recovery time and increase the cost of recovery. D. not affect the recovery time nor the cost of recovery.
The development of an IS security policy is ultimately the responsibility of the: A. IS department. B. security committee. C. security administrator. D. board of directors.