Answer / guest

Answer: B

The authorization and authentication of users is the most
significant aspect in a telecommunications access control
review as it is a preventive control. Weak controls at this
level can affect all other aspects. The maintenance of
access logs of usage of system resources is a detective
control. The adequate protection of data being transmitted
to and from servers by encryption or other means is a method
of protecting information during transmission and is not an
access issue. The accountability system and the ability to
identify any terminal accessing system resources deal with
controlling access through the identification of a terminal.

Answer / antoine

B. authorization and authentication of the user prior to
granting access to system resources.

Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential

1 Answers  

---

Which of the following is the MOST important objective of data protection? A. Identifying persons who need access to information B. Ensuring the integrity of information C. Denying or authorizing access to the IS system D. Monitoring logical accesses

1 Answers  

---

Which of the following tasks is performed by the same person in a well-controlled information processing facility/computer center? A. Security administration and management B. Computer operations and system development C. System development and change management D. System development and systems maintenance

1 Answers  

---

Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them? A. A neural network B. Database management software C. Management information systems D. Computer assisted audit techniques

2 Answers  

---

Which of the following testing methods is MOST effective during the initial phases of prototyping? A. System B. Parallel C. Volume D. Top-down

2 Answers  

---

In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether: A. there is an integration of IS and business staffs within projects. B. there is a clear definition of the IS mission and vision. C. there is a strategic information technology planning methodology in place. D. the plan correlates business objectives to IS goals and objectives.

1 Answers  

---

In a risk-based audit approach, an IS auditor should FIRST complete :

7 Answers  

---

Connection-oriented protocols in the TCP/IP suite are implemented in the: A. transport layer. B. application layer. C. physical layer. D. network layer.

1 Answers  

---

According to the Committee of Sponsoring Organizations (COSO), the internal control framework consists of which of the following? A. Processes, people, objectives. B. Profits, products, processes. C. Costs, revenues, margins. D. Return on investment, earnings per share, market share.

1 Answers  

---

A disaster recovery plan (DRP) for an organization should: A. reduce the length of the recovery time and the cost of recovery. B. increase the length of the recovery time and the cost of recovery. C. reduce the duration of the recovery time and increase the cost of recovery. D. not affect the recovery time nor the cost of recovery.

1 Answers  

---

A vendor/contractor?s performance against service level agreements must be evaluated by the: A. customer. B. contractor. C. third-party. D. contractor?s management.

1 Answers  

---

Which of the following should be of MOST concern to an IS auditor? A. Lack of reporting of a successful attack on the network B. Failure to notify police of an attempted intrusion C. Lack of periodic examination of access rights D. Lack of notification to the public of an intrusion

1 Answers  

---