Interested to Buy Any Domain ? << Click Here >> for more details...
A utility is available to update critical tables in case of
data inconsistency. This utility can be executed at the OS
prompt or as one of menu options in an application. The BEST
control to mitigate the risk of unauthorized manipulation of
data is to:
A. delete the utility software and install it as and when
required.
B. provide access to utility on a need-to-use basis.
C. provide access to utility to user management
D. define access so that the utility can be only executed in
menu option.
- 2 Answers
- 7764 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
Utility software in this case is a data correction program
for correcting any inconsistency in data. However, this
utility can be used to over-ride wrong update of tables
directly. Hence, access to this utility should be restricted
on a need-to-use basis and a log should be automatically
generated whenever this utility is executed. The senior
management should review this log periodically. Deleting the
utility and installing it as and when required may not be
practically feasible as there would be time delay. Access to
utilities should not be provided to user management.
Defining access so that the utility can be executed in a
menu option may not generate a log.
| Is This Answer Correct ? | 12 Yes | 0 No |
Answer / antoine
B. provide access to utility on a need-to-use basis.
| Is This Answer Correct ? | 4 Yes | 0 No |
Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce? A. Registration authority B. Certification authority C. Certification relocation list D. Certification practice statement
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.
Which of the following is a control to detect an unauthorized change in a production environment? A. Denying programmers access to production data. B. Requiring change request to include benefits and costs. C. Periodically comparing control and current object and source programs. D. Establishing procedures for emergency changes.
Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site
In a small organization, where segregation of duties is not practical, an employee performs the function of computer operator and application programmer. Which of the following controls should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide segregation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them? A. A neural network B. Database management software C. Management information systems D. Computer assisted audit techniques
An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program? A. Utilization of an intrusion detection system to report incidents. B. Mandating the use of passwords to access all software. C. Installing an efficient user log system to track the actions of each user D. Provide training on a regular basis to all current and new employees.
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same? A. A substantive test of program library controls B. A compliance test of program library controls C. A compliance test of the program compiler controls D. A substantive test of the program compiler controls
Use of asymmetric encryption in an Internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the: A. customer over the authenticity of the hosting organization. B. hosting organization over the authenticity of the customer. C. customer over the confidentiality of messages from the hosting organization. D. hosting organization over the confidentiality of messages passed to the customer.
Which of the following concerns about the security of an electronic message would be addressed by digital signatures? A. Unauthorized reading B. Theft C. Unauthorized copying D. Alteration
Which of the following is a benefit of a risk-based approach to audit planning? Audit: A. scheduling may be performed months in advance. B. budgets are more likely to be met by the IS audit staff. C. staff will be exposed to a variety of technologies. D. resources are allocated to the areas of highest concern.
Cisco Certifications 
