Interested to Buy Any Domain ? << Click Here >> for more details...
Naming conventions for system resources are important for
access control because they:
A. ensure that resource names are not ambiguous.
B. reduce the number of rules required to adequately protect
resources.
C. ensure that user access to resources is clearly and
uniquely identified.
D. ensure that internationally recognized names are used to
protect resources.
- 1 Answers
- 9526 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Naming conventions for system resources are important for
efficient administration of security controls. The
conventions can be structured so that resources beginning
with the same high-level qualifier can be governed by one or
more generic rules. This reduces the number of rules
required to adequately protect resources, which in turn
facilitates security administration and maintenance efforts.
Reducing the number of rules required to protect resources
allows for the grouping of resources and files by
application, which makes it easier to provide access.
Ensuring that resource names are not ambiguous can not be
achieved through the use of naming conventions. Ensuring the
clear and unique identification of user access to resources
is handled by access control rules, not naming conventions.
Internationally recognized names are not required to control
access to resources. It tends to be based on how each
organization wants to identify its resources.
| Is This Answer Correct ? | 7 Yes | 0 No |
An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as: A. critical. B. vital. C. sensitive. D. noncritical.
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
Information requirement definitions, feasibility studies and user requirements are significant considerations when: A. defining and managing service levels. B. identifying IT solutions. C. managing changes. D. assessing internal IT control.
A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced? A. Verifying production to customer orders B. Logging all customer orders in the ERP system C. Using hash totals in the order transmitting process D. Approving (production supervisor) orders prior to production
In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the: A. application programmer copy the source program and compiled object module to the production libraries. B. as paul says, C. production control group compile the object module to the production libraries using the source program in the test environment. D. production control group copy the source program to the production libraries and then compile the program.
Which of the following situations would increase the likelihood of fraud? A. Application programmers are implementing changes to production programs. B. Application programmers are implementing changes to test programs. C. Operations support staff are implementing changes to batch schedules. D. Database administrators are implementing changes to data structures.
Which of the following is the MOST effective technique for providing security during data transmission? A. Communication log B. Systems software log C. Encryption D. Standard protocol
Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.
The MAIN reason for requiring that all computer clocks across an organization be synchronized is to: A. prevent omission or duplication of transactions. B. ensure smooth data transition from client machines to servers. C. ensure that email messages have accurate time stamps. D. support the incident investigation process.
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations
Which of the following Internet security threats could compromise integrity? A. Theft of data from the client B. Exposure of network configuration information C. A trojan horse browser D. Eavesdropping on the net
Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties? A. Job submission B. Resource management C. Code correction D. Output distribution
Cisco Certifications 
