Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 313/358
A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data?
Correct Answer: B
Section: Protection of Information Assets
Explanation:
When a single ID and password are embedded in a program, the best compensating control would be a sound access control over the application layer and procedures to ensure access to data is granted based on a user's role. The issue is user permissions, not authentication, therefore adding a stronger authentication does not improve the situation. Having a user input the ID and password for access would provide a better control because a database log would identify the initiator of the activity. However, this may not be efficient because each transaction would require a separate authentication process. It is a good practice to set an expiration date for a password. However, this might not be practical for an ID automatically logged in from the program. Often, this type of password is set not to expire.
Explanation:
When a single ID and password are embedded in a program, the best compensating control would be a sound access control over the application layer and procedures to ensure access to data is granted based on a user's role. The issue is user permissions, not authentication, therefore adding a stronger authentication does not improve the situation. Having a user input the ID and password for access would provide a better control because a database log would identify the initiator of the activity. However, this may not be efficient because each transaction would require a separate authentication process. It is a good practice to set an expiration date for a password. However, this might not be practical for an ID automatically logged in from the program. Often, this type of password is set not to expire.
- Question List (358q)
- Question 1: Which of the following append themselves to files as a prote...
- Question 2: An IT steering committee should review information systems P...
- Question 3: Which of the following intrusion detection systems (IDSs) wi...
- Question 4: An IS audit team is evaluating the documentation related to ...
- Question 5: Which of the following would provide the BEST evidence of su...
- Question 6: The frequent updating of which of the following is key to th...
- Question 7: An information security manager has observed multiple except...
- Question 8: To install backdoors, hackers generally prefer to use:...
- Question 9: The PRIMARY role of a control self-assessment (CSA) facilita...
- Question 10: A virtual private network (VPN) provides data confidentialit...
- Question 11: Which of the following is a characteristic of a single mirro...
- Question 12: Which of the following is the MOST effective control over vi...
- Question 13: When reviewing the procedures for the disposal of computers,...
- Question 14: Following best practices, formal plans for implementation of...
- Question 15: At the completion of a system development project, a post pr...
- Question 16: Which of the following would provide the STRONGEST indicatio...
- Question 17: Which of the following is MOST important with regard to an a...
- Question 18: An IS auditor attempting to determine whether access to prog...
- Question 19: Which of the following sampling techniques is BEST to use wh...
- Question 20: Which audit technique provides the BEST evidence of the segr...
- Question 21: Which of the following system deployments requires the cloud...
- Question 22: Which of the following should be of MOST concern to an IS au...
- Question 23: With a properly implemented public key infrastructure (PKI) ...
- Question 24: Which of the following layer of an enterprise data flow arch...
- Question 25: The MAIN reason for requiring that all computer clocks acros...
- Question 26: What increases encryption overhead and cost the most?...
- Question 27: What is a data validation edit control that matches input da...
- Question 28: Which of the following is the PRIMARY objective of baselinin...
- Question 29: The information security policy that states 'each individual...
- Question 30: What is an initial step in creating a proper firewall policy...
- Question 31: Which of the following cryptographic systems is MOST appropr...
- Question 32: Which of the following components is responsible for the col...
- Question 33: Which of the following is MOST critical for the effective im...
- Question 34: Which of the following should be an IS auditor's GREATEST co...
- Question 35: Which of the following is MOST important for an IS auditor t...
- Question 36: An IS audit manager is preparing the starling plan for an au...
- Question 37: Which of the following would an IS auditor consider to be th...
- Question 38: Which of the following is a prevalent risk in the developmen...
- Question 39: An external security audit risk has reported multiple instan...
- Question 40: An organization was severely impacted alter an advanced pers...
- Question 41: An organization has implemented an automated match between p...
- Question 42: Digital signatures are an effective control method for infor...
- Question 43: An IS auditor discovers that several desktop computers conta...
- Question 44: Which of the following is an effective method for controllin...
- Question 45: What is a risk associated with attempting to control physica...
- Question 46: What supports data transmission through split cable faciliti...
- Question 47: Identify the network topology from below diagram presented b...
- Question 48: The development of an IS security policy is ultimately the r...
- Question 49: The performance of an order-processing system can be measure...
- Question 50: Which of the following is the MOST effective way to achieve ...
- Question 51: Which of the following refers to the act of creating and usi...
- Question 52: An organization is acquiring a new customer relationship man...
- Question 53: Which of the following would BEST indicate the effectiveness...
- Question 54: Who is responsible for the overall direction, costs, and tim...
- Question 55: When classifying information, it is MOST important to align ...
- Question 56: The FIRST step in a successful attack to a system would be:...
- Question 57: John has been hired to fill a new position in one of the wel...
- Question 58: Many organizations require an employee to take a mandatory v...
- Question 59: Which of the following types of spyware was originally desig...
- Question 60: An IS auditor is assigned to perform a postimplementation re...
- Question 61: As an IS auditor it is very important to understand software...
- Question 62: Which of the following layer of the OSI model provides a sta...
- Question 63: An IS auditor is reviewing the performance outcomes of contr...
- Question 64: Overall responsibility for approving logical access rights t...
- Question 65: Which of the following controls should be implemented to BES...
- Question 66: An IS auditor should carefully review the functional require...
- Question 67: If an IS auditor observes that an IS department fails to use...
- Question 68: An IS auditor should review the configuration of which of th...
- Question 69: An IS audit manager was temporarily tasked with supervising ...
- Question 70: Which of the following access control situations represents ...
- Question 71: The PRIMARY advantage of a continuous audit approach is that...
- Question 72: You should know the difference between an exploit and a vuln...
- Question 73: Which of the following types of testing would determine whet...
- Question 74: A data breach has occurred at a third-party vendor used by a...
- Question 75: During the due diligence phase of an acquisition, the MOST i...
- Question 76: When reviewing the procedures for the disposal of computers,...
- Question 77: Which of the following tasks should be performed FIRST when ...
- Question 78: What is an effective control for granting temporary access t...
- Question 79: After discovering a security vulnerability in a third-party ...
- Question 80: Which of the following would an IS auditor consider to be th...
- Question 81: What is the purpose of a hypervisor?...
- Question 82: Which of the following is the FIRST step in initiating a dat...
- Question 83: Processing controls ensure that data is accurate and complet...
- Question 84: In an environment where most IT services have been outsource...
- Question 85: What is BEST for an IS auditor lo review when assessing the ...
- Question 86: An IS auditor examining the configuration of an operating sy...
- Question 87: The use of cookies constitutes the MOST significant security...
- Question 88: During an audit of a telecommunications system, an IS audito...
- Question 89: An IS auditor finds that needed security patches cannot be a...
- 1 commentQuestion 90: Which of the following attacks would MOST likely result in t...
- Question 91: Which of the following transmission media is LEAST vulnerabl...
- Question 92: Which of the following goals would you expect to find in an ...
- Question 93: Which of the following should be included in a feasibility s...
- Question 94: An IS auditor is reviewing security policies and finds no me...
- Question 95: The MAIN reason an organization's incident management proced...
- Question 96: Utilizing external resources for highly technical informatio...
- Question 97: Which of the following is MOST important when an incident ma...
- Question 98: To determine if unauthorized changes have been made to produ...
- Question 99: Proper segregation of duties prohibits a system analyst from...
- Question 100: Which of the following is the MOST effective control against...
- Question 101: Upon completion of audit work, an IS auditor should:...
- Question 102: Which of the following is the MOST important difference betw...
- Question 103: What is used as a control to detect loss, corruption, or dup...
- Question 104: While reviewing the IT infrastructure, an IS auditor notices...
- Question 105: A data administrator is responsible for:...
- Question 106: During an IS audit of a data center, it was found that progr...
- Question 107: An IS auditor has imported data from the client's database. ...
- Question 108: Which of the following can help detect transmission errors b...
- Question 109: A multinational organization is integrating its existing pay...
- Question 110: An IS auditor observes that the CEO has full access to the e...
- Question 111: Network environments often add to the complexity of program-...
- Question 112: Which of the following techniques would provide the BEST ass...
- Question 113: The information security policy that states 'each individual...
- Question 114: As part of business continuity planning, which of the follow...
- Question 115: Which of the following BEST enables timely detection of chan...
- Question 116: An IS auditor reviewing wireless network security determines...
- Question 117: Which of the following would provide the BEST assurance that...
- Question 118: The Secure Sockets Layer (SSL) protocol addresses the confid...
- Question 119: During a review of operations, it is noted that during a bat...
- Question 120: Which of the following comparisons are used for identificati...
- Question 121: A help desk has been contacted regarding a lost business mob...
- Question 122: When using a digital signature, the message digest is comput...
- Question 123: Which of the following control make sure that input data com...
- Question 124: Transmitting redundant information with each character or fr...
- Question 125: Mitigating the risk and impact of a disaster or business int...
- Question 126: To confirm integrity for a hashed message, the receiver shou...
- Question 127: To help ensure the organization's information assets are ade...
- Question 128: There are several types of penetration tests depending upon ...
- Question 129: The BEST way to assure an organization's board of directors ...
- Question 130: During an audit of a business continuity plan (BCP), an IS a...
- Question 131: Which of the following BEST reduces the ability of one devic...
- Question 132: Which of the following protocol is developed jointly by VISA...
- Question 133: Which is a clear indicator that an organization's IS strateg...
- Question 134: Relatively speaking, firewalls operated at the physical leve...
- Question 135: What a the BEST control to address SOL injection vulnerabili...
- Question 136: To determine who has been given permission to use a particul...
- Question 137: Proper segregation of duties normally does not prohibit a LA...
- Question 138: Which of the following is one most common way that spyware i...
- Question 139: To ensure confidentiality through the use of asymmetric encr...
- Question 140: An organization offers an online information security awaren...
- Question 141: Which of the following control testing approaches is BEST us...
- Question 142: Which of the following sampling methods is MOST useful when ...
- Question 143: An IS auditor is reviewing a project to implement a payment ...
- Question 144: Which of the following is an advantage of an integrated test...
- Question 145: To assist an organization in planning for IT investments, an...
- Question 146: Which of the following is a benefit of the DevOps developmen...
- Question 147: To ensure authentication, confidentiality and integrity of a...
- Question 148: Which of the following is the MOST important outcome of effe...
- Question 149: Which of the following would be the MOST cost-effective reco...
- Question 150: When auditing a proxy-based firewall, an IS auditor should:...
- Question 151: After an employee termination, a network account was removed...
- Question 152: Which of the following could an IS auditor recommend to impr...
- Question 153: The MOST effective biometric control system is the one:...
- Question 154: A technical lead who was working on a major project has left...
- Question 155: Which of the following is the BEST recommendation to prevent...
- Question 156: Which of the following would provide management with the MOS...
- Question 157: E-mail traffic from the Internet is routed via firewall-1 to...
- Question 158: During the review of a web-based software development projec...
- 1 commentQuestion 159: Which of the following is the FIRST step in initiating a dat...
- Question 160: Which of the following refers to a symmetric key cipher whic...
- Question 161: Which of the following should be performed FIRST when prepar...
- Question 162: Which of the following is an appropriate test method to appl...
- Question 163: Which of the following refers to any authentication protocol...
- Question 164: Which of the following weaknesses would have the GREATEST im...
- Question 165: An IS auditor is reviewing the performance outcomes of contr...
- Question 166: An IS auditor conducting audit follow-up activities learns t...
- Question 167: After initial investigation, an IS auditor has reasons to be...
- Question 168: Which of the following would represent an acceptable test of...
- Question 169: The use of risk assessment tools for classifying risk factor...
- Question 170: A risk analysis for a new system is being performed. For whi...
- Question 171: The logical exposure associated with the use of a checkpoint...
- Question 172: The PRIMARY purpose of audit trails is to:...
- Question 173: Which of the following would contribute MOST to an effective...
- Question 174: Which of the following fire suppression systems needs to be ...
- Question 175: Which of the following would BEST provide assurance of the i...
- Question 176: An IS auditor noted that an organization had adequate busine...
- Question 177: Which of the following is the GREATEST security threat when ...
- Question 178: A database administrator is responsible for:...
- Question 179: Which of the following is the MOST effective data loss contr...
- Question 180: The MOST effective control for reducing the risk related to ...
- Question 181: Which of the following is an IS auditor s GREATEST concern w...
- Question 182: Which of the following attack is MOSTLY performed by an atta...
- Question 183: During the extraction and transfer process of data from an a...
- Question 184: Which of the following is NOT a disadvantage of Single Sign ...
- Question 185: Which of the following is the BEST indicator of the effectiv...
- Question 186: Which of the following controls should be implemented to BES...
- Question 187: Sign-on procedures include the creation of a unique user ID ...
- Question 188: Proper segregation of duties prevents a computer operator (u...
- Question 189: When implementing an IT governance framework in an organizat...
- Question 190: The MAIN purpose for periodically testing offsite facilities...
- Question 191: Which of the following provides the MOST reliable audit evid...
- Question 192: An IS auditor should be concerned when a telecommunication a...
- Question 193: Since data storage of a critical business application is on ...
- Question 194: Which of the following would MOST effectively minimize the r...
- Question 195: An organization has installed blade server technology in its...
- Question 196: .What is an acceptable recovery mechanism for extremely time...
- Question 197: Which of the following functionality is NOT performed by the...
- Question 198: Which of the following is the MOST important reason to use s...
- Question 199: Which of the following reports should an IS auditor use to c...
- Question 200: Which of the following internet security threats could compr...
- Question 201: Which of the following type of an IDS resides on important s...
- Question 202: Which of the following is the MOST effective way to identify...
- Question 203: Which of the following is the BEST reason for delaying the a...
- Question 204: The PRIMARY objective of performing a postincident review is...
- Question 205: Sign-on procedures include the creation of a unique user ID ...
- Question 206: A review of wide area network (WAN) usage discovers that tra...
- Question 207: Which of the following is one most common way that spyware i...
- Question 208: An organization has implemented periodic reviews of logs sho...
- Question 209: An information security manager is developing evidence prese...
- Question 210: Which of the following protocol is used for electronic mail ...
- Question 211: Which of the following would BEST ensure continuity of a wid...
- Question 212: A manufacturing firm wants to automate its invoice payment s...
- Question 213: Which of the following types of attack works by taking advan...
- Question 214: Which of the following is the MOST robust method for disposi...
- Question 215: An IS auditor auditing the effectiveness of utilizing a hot ...
- Question 216: During an audit of a business continuity plan (BCP), an IS a...
- Question 217: Which of the following is the MOST important determining fac...
- Question 218: E-mail traffic from the Internet is routed via firewall-1 to...
- Question 219: Which of the following controls can BEST detect accidental c...
- Question 220: An organization has outsourced its wide area network (WAN) t...
- Question 221: The MOST effective control for addressing the risk of piggyb...
- Question 222: An IS auditor determines that a business impact analysis (BI...
- Question 223: The responsibility for authorizing access to application dat...
- Question 224: An IS auditor conducting a review of disaster recovery plann...
- Question 225: When conducting a post-implementation review of a new softwa...
- Question 226: The GREATEST risk posed by an improperly implemented intrusi...
- Question 227: A large insurance company is about to replace a major financ...
- Question 228: During a review of an insurance company s claims system, the...
- Question 229: Which of the following would provide the BEST evidence for u...
- Question 230: The PRIMARY reason for using digital signatures is to ensure...
- Question 231: Audit management has just completed the annual audit plan fo...
- Question 232: What is an effective countermeasure for the vulnerability of...
- Question 233: A top-down approach to the development of operational polici...
- Question 234: An organization performs nightly backups but does not have a...
- Question 235: An IS auditor is reviewing the business requirements 'or the...
- Question 236: Which of the following poses the GREATEST risk to the enforc...
- Question 237: What is the PRIMARY benefit of an audit approach which requi...
- Question 238: An organization has a mix of access points that cannot be up...
- Question 239: Which of the following should be considered FIRST when imple...
- Question 240: The traditional role of an IS auditor in a control self-asse...
- Question 241: During an IS audit, auditor has observed that authentication...
- Question 242: How does the SSL network protocol provide confidentiality?...
- Question 243: Which of the following provides the MOST useful information ...
- Question 244: The output of the risk management process is an input for ma...
- Question 245: An IS auditor is reviewing an organization's implementation ...
- Question 246: Which of the following issues should be the GREATEST concern...
- Question 247: Functional acknowledgements are used:...
- Question 248: Critical processes are not defined in an organization's busi...
- Question 249: Which of the following statements appearing in an organizati...
- Question 250: What should be the PRIMARY basis for scheduling a follow-up ...
- Question 251: Establishing data ownership is an important first step for w...
- Question 252: The BEST filter rule for protecting a network from being use...
- Question 253: An internet-based attack using password sniffing can:...
- Question 254: Which of the following should be done FIRST to effectively d...
- Question 255: Which of the following is MOST important for an organization...
- Question 256: What is the first step in a business process re-engineering ...
- Question 257: Hamid needs to shift users from using the application from t...
- Question 258: Which of the following is the MOST important consideration w...
- Question 259: Following a successful attack on an organization's web serve...
- Question 260: Which of the following are designed to detect network attack...
- Question 261: What is the primary objective of a control self-assessment (...
- Question 262: Which of the following would provide the BEST evidence of su...
- Question 263: During an ongoing audit management requests a briefing on th...
- Question 264: At a hospital, medical personal carry handheld computers whi...
- Question 265: A legacy application is running on an operating system that ...
- Question 266: A sender of an e-mail message applies a digital signature to...
- Question 267: Which of the following is the MOST critical step in planning...
- Question 268: During an audit of a disaster recovery plan (DRP) for a crit...
- Question 269: Which of the following would provide the BEST evidence for a...
- Question 270: In RFID technology which of the following risk could represe...
- Question 271: An organization has implemented a control to help ensure dat...
- Question 272: When developing metrics to measure the contribution of IT to...
- Question 273: The PRIMARY purpose of an IT forensic audit is:...
- Question 274: Which of the following should be an IS auditor's GREATEST co...
- Question 275: Which of the following tools are MOST helpful for benchmarki...
- Question 276: Which of the following should be of GREATEST concern to an I...
- Question 277: Data anonymizabon helps to prevent which types of attacks in...
- Question 278: Which of the following presents the GREATEST concern when im...
- Question 279: The GREATEST advantage of using web services for the exchang...
- Question 280: Diskless workstation is an example of:...
- Question 281: .When auditing third-party service providers, an IS auditor ...
- Question 282: .What is the recommended initial step for an IS auditor to i...
- Question 283: An organization is using an enterprise resource management (...
- Question 284: A multinational organization is introducing a security gover...
- Question 285: What control detects transmission errors by appending calcul...
- Question 286: The goal of an information system is to achieve integrity, a...
- Question 287: .Which of the following provides the strongest authenticatio...
- Question 288: An IS steering committee should:...
- Question 289: As a driver of IT governance, transparency of IT's cost, val...
- Question 290: Which of the following should be included in emergency chang...
- Question 291: A local area network (LAN) administrator normally would be r...
- Question 292: A database is denormalized in order to:...
- Question 293: Which of the following step of PDCA establishes the objectiv...
- Question 294: An IS auditor found that a company executive is encouraging ...
- Question 295: Which of the following is a distinctive feature of the Secur...
- Question 296: Which of the following methods of encryption has been proven...
- Question 297: Which of the following should be performed immediately after...
- Question 298: Which of the following is MOST important for an IS auditor t...
- Question 299: In planning an audit, the MOST critical step is the identifi...
- Question 300: IS management recently replaced its existing wired local are...
- Question 301: Talking about the different approaches to security in comput...
- Question 302: Which of the following is the MOST important prerequisite fo...
- Question 303: The BEST way to evaluate a shared control environment is to ...
- Question 304: Which of the following is the BEST approach to identify whet...
- Question 305: Change control for business application systems being develo...
- Question 306: An organization has recently implemented a Voice-over IP (Vo...
- Question 307: Which of the following cloud deployment model is provisioned...
- Question 308: During an IS audit, auditor has observed that authentication...
- Question 309: To aid management in achieving IT and business alignment, an...
- Question 310: Which of the following is the GREATEST concern associated wi...
- Question 311: Which of the following would be the MOST cost-effective reco...
- Question 312: Parity bits are a control used to validate:...
- Question 313: A business application system accesses a corporate database ...
- Question 314: If a database is restored using before-image dumps, where sh...
- Question 315: Which of the following is the BEST detective control for a j...
- Question 316: The MOST likely effect of the lack of senior management comm...
- Question 317: The reason a certification and accreditation process is perf...
- Question 318: What benefit does using capacity-monitoring software to moni...
- Question 319: By evaluating application development projects against the c...
- Question 320: When developing a risk management program, what is the FIRST...
- Question 321: If a programmer has update access to a live system, IS audit...
- Question 322: Responsibility and reporting lines cannot always be establis...
- Question 323: In the process of evaluating program change controls, an IS ...
- Question 324: Which of the following would BEST help to support an auditor...
- Question 325: Which of the following is the BEST indication that an organi...
- Question 326: What is a data validation edit control that matches input da...
- Question 327: An IS auditor reviews an organizational chart PRIMARILY for:...
- Question 328: Which of the following is a mechanism for mitigating risks?...
- Question 329: A grants management system is used to calculate grant paymen...
- Question 330: Which of the following would be the MOST effective control t...
- Question 331: the use of a cloud service provider to obtain additional com...
- Question 332: Which of the following is the MOST likely reason an organiza...
- Question 333: The difference between a vulnerability assessment and a pene...
- Question 334: Which of the following programs would a sound information se...
- Question 335: Which of the following access rights in the production envir...
- Question 336: maturity model is useful in the assessment of IT service man...
- Question 337: What would an IS auditor expect to find in the console log?...
- Question 338: An organization has recently acquired another organization. ...
- Question 339: A data administrator is responsible for:...
- Question 340: To address the issue that performance pressures on IT may co...
- Question 341: Which of the following should the IS auditor use to BEST det...
- Question 342: The success of control self-assessment (CSA) highly depends ...
- Question 343: Which of the following would be the MOST secure firewall sys...
- Question 344: An IS auditor Is reviewing a complete population of incident...
- Question 345: To support an organization's goals, an IS department should ...
- Question 346: Which of the following is an object-oriented technology char...
- Question 347: Which of the following database controls would ensure that t...
- Question 348: As part of an IS audit, the auditor notes the practices list...
- Question 349: What kind of protocols does the OSI Transport Layer of the T...
- Question 350: Which of the following is a distinguishing feature at the hi...
- Question 351: Which of the following backup schemes is the BEST option whe...
- Question 352: Although BCP and DRP are often implemented and tested by mid...
- Question 353: Which of the following layer of an enterprise data flow arch...
- Question 354: internal IS auditor recommends that incoming accounts payabl...
- Question 355: An IS auditor conducting audit follow-up activities learns t...
- Question 356: What topology provides the greatest redundancy of routes and...
- Question 357: An IS auditor previously worked in an organization s IT depa...
- Question 358: Which of the following is the BEST way to increase the effec...
