Interested to Buy Any Domain ? << Click Here >> for more details...
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that:
A. the users may not remember to manually encrypt the data before transmission.
B. the site credentials were sent to the financial services company via email.
C. personnel at the consulting firm may obtain access to sensitive data.
D. the use of a shared user ID to the FTP site does not allow for user accountability.
- 1 Answers
- 4464 Views
- I also Faced
- E-Mail Answers
the correct answer is A
A. If the data is not encrypted, an unauthorized external party may download sensitive company data.
B. Even though the possibility exists that the logon information was captured from the emails, data should be encrypted, so the theft of the data would not allow the attacker to read it.
C. Some of the employees at the consulting firm will have access to the sensitive data and the consulting firm must have procedures in place to protect the data.
D. Tracing accountability is of minimal concern compared to the compromise of sensitive data.
Question #: 802 CISA Job Practice Task Statement: 5.3
| Is This Answer Correct ? | 4 Yes | 0 No |
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that: A. this lack of knowledge may lead to unintentional disclosure of sensitive information. B. information security is not critical to all functions. C. IS audit should provide security training to the employees. D. the audit finding will cause management to provide continuous training to staff.
Before reporting results of an audit to senior management, an IS auditor should: A. Confirm the findings with auditees. B. Prepare an executive summary and send it to auditee management. C. Define recommendations and present the findings to the audit committee. D. Obtain agreement from the auditee on findings and actions to be taken.
Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan? A. Yes, because the IS auditor will evaluate the adequacy of the service bureau's plan and assist his/her company in implementing a complementary plan. B. Yes, because, based on the plan, the IS auditor will evaluate the financial stability of the service bureau and its ability to fulfill the contract. C. No, because the backup to be provided should be specified adequately in the contract. D. No, because the service bureau's business continuity plan is proprietary information.
Which of the following BEST determines that complete encryption and authentication protocols exist for protecting information while transmitted? A. A digital signature with RSA has been implemented. B. Work is being done in tunnel mode with the nested services of AH and ESP C. Digital certificates with RSA are being used. D. Work is being done in transport mode, with the nested services of AH and ESP
A hacker could obtain passwords without the use of computer tools or programs through the technique of: A. social engineering. B. sniffers. C. backdoors. D. trojan horses.
A PING command is used to measure: A. attenuation. B. throughput. C. delay distortion. D. latency.
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check
Which of the following would enable an enterprise to provide access to its intranet (i.e., extranet) across the Internet to its business partners? A. Virtual private network B. Client-server C. Dial-in access D. Network service provider
During which of the following steps in the business process reengineering should the benchmarking team visit the benchmarking partner? A. Observation B. Planning C. Analysis D. Adaptation
An IS auditor conducting an access controls review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that: A. exposure is greater since information is available to unauthorized users. B. operating efficiency is enhanced since anyone can print any report, any time. C. operating procedures are more effective since information is easily available. D. user friendliness and flexibility is facilitated since there is a smooth flow of information among users.
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
Cisco Certifications 
