Interested to Buy Any Domain ? << Click Here >> for more details...
An organization has outsourced network and desktop support.
Although the relationship has been reasonably successful,
risks remain due to connectivity issues. Which of the
following controls should FIRST be performed to assure the
organization reasonably mitigates these possible risks?
A. Network defense program
B. Encryption/Authentication
C. Adequate reporting between organizations
D. Adequate definition in contractual relationship
- 3 Answers
- 10159 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
The most effective and necessary control that has to be in
place first when a partnering arrangement is used is the
contract. The other answers are all good techniques used to
minimize/mitigate controls. However, these may not be
enforceable unless detailed in the contractual arrangement.
| Is This Answer Correct ? | 11 Yes | 1 No |
Answer / guest
D. Adequate definition in contractual relationship
| Is This Answer Correct ? | 3 Yes | 2 No |
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and: A. dials back to the user machine based on the user id and password using a telephone number from its database. B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection. C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database. D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
Automated teller machines (ATMs) are a specialized form of a point-of-sale terminal that: A. allows for cash withdrawal and financial deposits only. B. are usually located in populous areas to deter theft or vandalism. C. utilizes protected telecommunication lines for data transmissions. D. must include high levels of logical and physical security.
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but not the certificate authorities. B. Customers can make their transactions from any computer or mobile device. C. The certificate authority has several data processing subcenters to administrate certificates. D. The organization is the owner of the certificate authority.
The document used by the top management of organizations to delegate authority to the IS audit function is the: A. long-term audit plan. B. audit charter. C. audit planning methodology. D. steering committee minutes.
When using public key encryption to secure data being transmitted across a network: A. both the key used to encrypt and decrypt the data are public. B. the key used to encrypt is private, but the key used to decrypt the data is public. C. the key used to encrypt is public, but the key used to decrypt the data is private. D. both the key used to encrypt and decrypt the data are private.
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis (BIA)? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business
Which of the following is the MOST important consideration when developing a business continuity plan for a bank? A. Antivirus software B. Naming standards C. Customer balance list D. Password policy
Security administration procedures require read-only access to: A. access control tables. B. security log files. C. logging options. D. user profiles.
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
Cisco Certifications 
