Interested to Buy Any Domain ? << Click Here >> for more details...
An IS steering committee should:
A. include a mix of members from different departments and
staff levels.
B. ensure that IS security policies and procedures have been
executed properly.
C. have formal terms of reference and maintain minutes of
its meetings.
D. be briefed about new trends and products at each meeting
by a vendor.
- 1 Answers
- 7438 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
It is important to keep detailed steering committee minutes
to document the decisions and activities of the IS steering
committee, and the board of directors should be informed on
a timely basis. Choice A is incorrect because only senior
management, or high staff levels should be members of this
committee because of its strategic mission. Choice B is not
a responsibility of this committee but the responsibility of
the security administrator. Choice D is incorrect because a
vendor should be invited to meetings only when appropriate.
| Is This Answer Correct ? | 7 Yes | 0 No |
The Primary purpose of audit trails is to
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation? A. Specific developments only B. Business requirements only C. All phases of the installation must be documented D. No need to develop a customer specific documentation
As a result of a business process reengineering (BPR) project: A. an IS auditor would be concerned with the key controls that existed in the prior business process and not those in the new process. B. system processes are automated in such a way that there are more manual interventions and manual controls. C. the newly designed business processes usually do not involve changes in the way(s) of doing business. D. advantages usually are realized when the reengineering process appropriately suits the business and risk.
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
The purpose of debugging programs is to: A. generate random data that can be used to test programs before implementing them. B. protect valid changes from being overwritten by other changes during programming. C. define the program development and maintenance costs to be include in the feasibility study. D. ensure that abnormal terminations and coding flaws are detected and corrected.
When an employee is terminated from service, the MOST important action is to: A. hand over all of the employee's files to another designated employee. B. take a back up of the employee's work. C. notify other employees of the termination. D. disable the employee's logical access.
Which of the following would normally be found in application run manuals? A. Details of source documents B. Error codes and their recovery actions C. Program flowcharts and file definitions D. Change records for the application source code
After implementation of a disaster recovery plan (DRP), pre-disaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon nature of the business.
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them? A. A neural network B. Database management software C. Management information systems D. Computer assisted audit techniques
An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities
Which of the following reports is a measure of telecommunication transmissions and determines whether transmissions are completed accurately? A. Online monitor reports B. Downtime reports C. Help desk reports D. Response time reports
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Cisco Certifications 
