A control for a company that wants to prevent virus-infected
programs (or other type of unauthorized modified programs)
would be to:
A. utilize integrity checkers.
B. verify program's lengths.
C. backup the source and object code.
D. implement segregation of duties.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Integrity checkers (such as the ones included in many
antivirus programs or freeware, like tripwire) compute for
each selected program some type of hash, checksum or cyclic
redundancy check (CRC), then store this number in a database
file. Before each execution of the program, the checker
recomputes the hash or checksum and compares it to the value
stored in the database. If the values do not match, the
program is not executed thus detecting a possible virus or
modified program. Verifying a progam's length is not
practical, and some virus do not affect the length of
infected programs. A backup of source and object code does
not help detect a modified program. Segregation of duties is
useful to minimize risk, however, it does not detect a
modified program.
Is This Answer Correct ? | 3 Yes | 1 No |
For an online transaction processing system, transactions per second is a measure of: A. throughput. B. response time. C. turnaround time. D. uptime.
Which of the following is a data validation edit and control? A. Hash totals B. Reasonableness checks C. Online access controls D. Before and after image reporting
As a business process reengineering (BPR) project takes hold it is expected that: A. business priorities will remain stable. B. information technologies will not change. C. the process will improve product, service and profitability. D. input from clients and customers will no longer be necessary.
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is: A. data integrity. B. authentication. C. nonrepudiation. D. replay protection.
Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
Without causing a conflict of interest, a duty compatible with those of a security administrator would be: A. quality assurance. B. application programming. C. systems programming. D. data entry.
To prevent unauthorized entry to the data maintained in a dial-up fast response system, an IS auditor should recommend: A. online terminals be placed in restricted areas. B. online terminals be equipped with key locks. C. ID cards be required to gain access to online terminals. D. online access be terminated after three unsuccessful attempts.
The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.
A primary reason for an IS auditor's involvement in the development of a new application system is to ensure that: A. adequate controls are built into the system. B. user requirements are satisfied by the system. C. sufficient hardware is available to process the system. D. data are being developed for pre-implementation testing of the system.
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different.