An organization provides information to its supply-chain
partners and customers through an extranet infrastructure.
Which of the following should be the GREATEST concern to an
IS auditor reviewing the firewall security architecture?
A. A secure socket layer (SSL) has been implemented for user
authentication and remote administration of the firewall.
B. On the basis of changing requirements, firewall policies
are updated.
C. Inbound traffic is blocked unless the traffic type and
connections have been specifically permitted.
D. The firewall is placed on top of the commercial operating
system with all installation options.
- 1 Answers
- 7763 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The greatest concern when implementing firewalls on top of
commercial operating systems is the potential presence of
vulnerabilities that could undermine the security posture of
the firewall platform itself. In most circumstances when
commercial firewalls are breached, that breach is
facilitated by vulnerabilities in the underlying operating
system. Keeping all installation options available on the
system further increases the risks of vulnerabilities and
exploits. Using SSL for firewall administration (choice A)
is important, changes in user and supply chain partners'
roles and profiles will be dynamic and it is appropriate to
maintain the firewall policies daily (choice B), and it is a
prudent policy to block all inbound traffic unless permitted
(choice C).
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following would be the BEST population to take a sample from when testing program changes? A. Test library listings B. Source program listings C. Program change requests D. Production library listings
In a system that records all receivables for a company, the receivables are posted on a daily basis. Which of the following would ensure that receivables balances are unaltered between postings? A. Range checks B. Record counts C. Sequence checking D. Run-to-run control totals
While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies
Which of the following is MOST likely to occur when a system development project is in the middle of the programming/coding phase? A. Unit tests B. Stress tests C. Regression tests D. Acceptance tests
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
An organization is developing a new business system. Which of the following will provide the MOST assurance that the system provides the required functionality? A. Unit testing B. Regression testing C. Acceptance testing D. Integration testing
The purpose for requiring source code escrow in a contractual agreement is to: A. ensure the source code is available if the vendor ceases to exist. B. permit customization of the software to meet specified business requirements. C. review the source code for adequacy of controls. D. ensure the vendor has complied with legal requirements.
Which of the following data validation edits is effective in detecting transposition and transcription errors? A. Range check B. Check digit C. Validity check D. Duplicate check
The PRIMARY objective of an IS audit function is to: A. determine whether everyone uses IS resources according to their job description. B. determine whether information systems safeguard assets, and maintain data integrity. C. examine books of accounts and relative documentary evidence for the computerized system. D. determine the ability of the organization to detect fraud.
1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation
Change management procedures are established by IS management to: A. control the movement of applications from the test environment to the production environment. B. control the interruption of business operations from lack of attention to unresolved problems. C. ensure the uninterrupted operation of the business in the event of a disaster. D. verify that system changes are properly documented.
After a full operational contingency test, the IS auditor performs a review of the recovery steps and concludes that the elapsed time until the technological environment and systems were actually functioning, exceeded the required critical recovery time. Which of the following should the auditor recommend? A. Perform an integral review of the recovery tasks. B. Broaden the processing capacity to gain recovery time. C. Make improvements in the facility's circulation structure. D. Increase the amount of human resources involved in the recovery.
Cisco Certifications 
