Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following would be of MOST concern to an IS
auditor reviewing a VPN implementation? Computers on the
network that are located:
A. on the enterprise's facilities.
B. at the backup site.
C. in employees' homes.
D. at the enterprise's remote offices.
- 1 Answers
- 5264 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
One risk of a VPN implementation is the chance of allowing
high-risk computers onto the enterprise's network. All
machines that are allowed onto the virtual network should be
subject to the same security policy. Home computers are
least subject to the corporate security policies and hence
are high-risk computers. Once a computer is hacked and
?owned?, any network that trusts that computer is at risk.
Implementation and adherence to corporate security policy is
easier when all computers on the network are on the
enterprise's campus. Internally to an enterprise's physical
network, there should be security policies in place to
detect and halt an outside attack that uses an internal
machine as a staging platform. Computers at the back up site
are subject to the corporate security policy. Hence, not
high-risk computers. Computers on the network that are at
the enterprise's remote offices, perhaps with different IS
and security employees who have different ideas about
security are more risky than choices A and B, but obviously
less risky than home computers.
| Is This Answer Correct ? | 8 Yes | 0 No |
Of the following who is MOST likely to be responsible for network security operations? A. Users B. Security administrators C. Line managers D. Security officers
Utility programs that assemble software modules needed to execute a machine instruction application program version are: A. text editors. B. program library managers. C. linkage editors and loaders. D. debuggers and development aids.
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP? A. Full operational test B. Preparedness test C. Paper test D. Regression test
The information that requires special precaution to ensure integrity is termed? A. Public data B. Private data C. Personal data D. Sensitive data
Which of the following concerns associated with the World Wide Web would be addressed by a firewall? A. Unauthorized access from outside the organization B. Unauthorized access from within the organization C. A delay in Internet connectivity D. A delay in downloading using file transfer protocol (FTP)
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take? A. Personally delete all copies of the unauthorized software. B. Inform auditee of the unauthorized software, and follow up to confirm deletion. C. Report the use of the unauthorized software to auditee management and the need to prevent recurrence. D. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
The PRIMARY purpose of compliance tests is to verify whether: A. controls are implemented as prescribed. B. documentation is accurate and current. C. access to users is provided as specified. D. data validation procedures are provided.
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis (BIA)? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and inter-user communications D. Performance management, audit and control
Cisco Certifications 
