Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following should be included in an
organization's IS security policy?
A. A list of key IT resources to be secured
B. The basis for access authorization
C. Identity of sensitive security features
D. Relevant software security features
- 1 Answers
- 11423 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The security policy provides the broad framework of
security, as laid down and approved by the senior
management. It includes a definition of those authorized to
grant access and the basis for granting the access. Choices
A, B and C are more detailed than that which should be
included in a policy.
| Is This Answer Correct ? | 4 Yes | 0 No |
Which of the following is a control over database administration activities? A. A database checkpoint to restart processing after a system failure B. Database compression to reduce unused space C. Supervisory review of access logs D. Backup and recovery procedures to ensure database availability
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual's experience and: A. the length of service since this will help ensure technical competence. B. age as training in audit techniques may be impractical. C. IS knowledge since this will bring enhanced credibility to the audit function. D. ability, as an IS auditor, to be independent of existing IS relationships.
Which of the following steps would an IS auditor normally perform FIRST in a data center security review? A. Evaluate physical access test results. B. Determine the risks/threats to the data center site. C. Review business continuity procedures. D. Test for evidence of physical access at suspect locations.
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
An organization is considering installing a LAN in a site under construction. If system availability is the main concern, which of the following topologies is MOST appropriate? A. Ring B. Line C. Star D. Bus
A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced? A. Verifying production to customer orders B. Logging all customer orders in the ERP system C. Using hash totals in the order transmitting process D. Approving (production supervisor) orders prior to production
The PRIMARY objective of a logical access controls review is to: A. review access controls provided through software. B. ensure access is granted per the organization's authorities. C. walkthrough and assess access provided in the IT environment. D. provide assurance that computer hardware is protected adequately against abuse.
In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: A. isolation. B. consistency. C. atomicity. D. durability.
Which of the following is the MOST effective control over visitor access to a data center? A. Visitors are escorted. B. Visitor badges are required. C. Visitors sign in. D. Visitors are spot-checked by operators.
While copying files from a floppy disk a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus? A: A. scan of all floppy disks before use B. virus monitor on the network file server C. scheduled daily scan of all network drives D. virus monitor on the user's personal computer
Which of the following would be a MAJOR disadvantage of using prototyping as a systems development methodology? A. User expectations of project timescales may be overly optimistic. B. Effective change control and management is impossible to implement. C. User participation in day-to-day project management may be too extensive. D. Users usually are not sufficiently knowledgeable to assist in system development.
Which of the following is a threat? A. Lack of security B. Loss of goodwill C. Power outage D. Information services
Cisco Certifications 
