收藏
下载资源下载资源 加入VIP,免费下载

CISA冲刺考试六Word格式.docx

上传人:b****2 文档编号:1402578 上传时间:2023-04-30 格式:DOCX 页数:8 大小:17.11KB
下载 相关 举报
CISA冲刺考试六Word格式.docx_第1页
第1页 / 共8页
CISA冲刺考试六Word格式.docx_第2页
第2页 / 共8页
CISA冲刺考试六Word格式.docx_第3页
第3页 / 共8页
CISA冲刺考试六Word格式.docx_第4页
第4页 / 共8页
CISA冲刺考试六Word格式.docx_第5页
第5页 / 共8页
CISA冲刺考试六Word格式.docx_第6页
第6页 / 共8页
CISA冲刺考试六Word格式.docx_第7页
第7页 / 共8页
CISA冲刺考试六Word格式.docx_第8页
第8页 / 共8页
亲,该文档总共8页,全部预览完了,如果喜欢就下载吧!
下载资源
资源描述

CISA冲刺考试六Word格式.docx

《CISA冲刺考试六Word格式.docx》由会员分享,可在线阅读,更多相关《CISA冲刺考试六Word格式.docx(8页珍藏版)》请在冰点文库上搜索。

CISA冲刺考试六Word格式.docx

004.JavaappletsandActiveXcontrolsaredistributedexecutableprogramsthatexecuteinthebackgroundofawebbrowserclient.Thispracticeisconsideredreasonablewhenthesourceoftheexecutablefileiscertain.

005.Inlargecorporatenetworkshavingsupplypartnersacrosstheglobenetworktrafficmaycontinuetorise.Theinfrastructurecomponentsinsuchenvironmentsshouldbescalable.Theappliancefirewallarchitecturelimitsfuturescalability.

006.Transmissionmedia,fiberopticcable,providethebestsecurityagainstunauthorizedaccess.

007.Reviewtheparametersettingsisthebestauditproceduretodetermineifafirewallisconfiguredincompliancewithanorganization'

ssecuritypolicy.

008.Todeterminehowdataareaccessedacrossdifferentplatformsinaheterogeneousenvironment,anISauditorshouldfirstreviewapplicationservices.

009.Anorganizationhasoutsourceditshelpdesk.Thebestindicatortoincludeintheservicelevelagreement(SLA):

percentageofincidentssolvedinthefirstcall.

010.Areviewofwideareanetwork(WAN)usagediscoversthattrafficononecommunicationlinebetweensites,synchronouslylinkingthemasterandstandbydatabase,peaksat96percentofthelinecapacity.AnISauditorshouldconcludethatanalysisisrequiredtodetermineifapatternemergesthatresultsinaservicelossforashortperiodoftime.

011.Duringtherequirementsdefinitionphaseforadatabaseapplication,performanceislistedasatoppriority.ToaccesstheDBMSfiles,storageareanetwork(SAN)shouldberecommendedforoptimalI/Operformance.

012.Thebestwaytominimizetheriskofcommunicationfailuresinane-commerceenvironmentwouldbetouseleasedasynchronoustransfermodelines.

013.AnISauditorreviewinganorganization'

sdatafilecontrolproceduresfindsthattransactionsareappliedtothemostcurrentfiles,whilerestartproceduresuseearlierversions.TheISauditorshouldrecommendtheimplementationofversion'

susagecontrol.

014.Thepurposeofcodesigningistoprovideassurancethatthesoftwarehasnotbeensubsequentlymodified.

015.AnISauditoranalyzingtheauditlogofadatabasemanagementsystem(DBMS)findsthatsometransactionswerepartiallyexecutedasaresultofanerror, 

andarenotrolledback.Inthiscase,atomicityhasbeenviolated.

016.Reverseproxytechnologyforwebserversshouldbedeployedifhttpserver'

saddressmustbehidden.

017.Clusteringtechniquebestlimitstheimpactofserverfailuresinadistributedenvironment.

018.Whenreviewingahardwaremaintenanceprogram,anISauditorshouldassesswhethertheparogramisvalidatedagainstvendorspecifications.

019.AnISauditorshouldrecommendtheuseoflibrarycontrolsoftwaretoprovidereasonableassurancethatprogramchangeshavebeenauthorized.

020.Whenauditingaproxy-basedfirewall,anISauditorshouldverifythatthefiltersappliedtoservicessuchasHTTPareeffective.

021.AddressResolutionProtocol(ARP)providesdynamicaddressmappingbetweenanIPaddressandhardwareaddress.

022.Theprimaryobjectiveofservice-levelmanagement(SLM)istodefine,agree,recordandmanagetherequiredlevelsofservice.

023.FromanISauditor'

sperspective,theprimaryobjectiveofauditingthemanagementofserviceprovidersshouldbetodetermineiftheservicesthatwererequestedwereprovidedinawaythatisacceptable,seamlessandinlinewithcontractualagreements.

024.ITbestpracticesfortheavailabilityandcontinuityofITservicesshouldprovidereasonableassurancethatagreeduponobligationstocustomerscanbemet.

025.Anorganizationhasrecentlyinstalledasecuritypatch,whichcrashedtheproductionserver.Tominimizetheprobabilityofthisoccurringagain,anISauditorshouldensurethatagoodchangemanagementprocessisinplace.

026.Duringmaintenanceofarelationaldatabase,severalvaluesoftheforeignkeyinatransactiontableofarelationaldatabasehavebeencorrupted.Theconsequenceisthatthedetailofinvolvedtransactionsmaynolongerbeassociatedwithmasterdata,causingerrorswhenthesetransactionsareprocessed.

027.Inarelationaldatabasewithreferentialintegrity,theuseofforeignkeywouldpreventdeletionofarowfromacustomertableaslongasthecustomernumberofthatrowisstoredwithliveordersontheorderstable.

028.Apostincidentreviewexaminesboththecauseandresponsetoanincident.Thelessonslearnedfromthereviewcanbeusedtoimproveinternalcontrols.Understandingthepurposeandstructureofpostincidentreviewsandfollow-upproceduresenablestheinformationsecuritymanagertocontinuouslyimprovethesecurityprogram.

029.AnISauditorexamingtheconfigurationofanoperatingsystemtoverifythecontrolsshouldreviewtheparametersettings.

030.Thecomputersecurityincidentresponseteam(CSIRT)ofanorganizationdisseminatesdetaileddescriptionsofrecentthreats.AnISauditor'

sgreatestconcernshouldbethattheusersmightusethisinformationtolaunchattacks.

031.InordertoensureanadequatesegregationofdutiesbetweenISandendusers,theapplicationownershouldberesponsibleforauthorizingaccesstodata.

032.Accountabilityforthemaintenanceofappropriatesecuritymeasuresoverinformationassetsresideswiththedataandsystemowners.

033.Thegreatestriskwhenendusershaveaccesstoadatabaseatitssystemlevel,insteadofthroughtheapplication,isthattheuserscanmakeunauthorizedchangestothedatabasedirectly,withoutanaudittrail.

034.Todeterminewhohasbeengivenpermissiontouseaparticularsystemresource,anISauditorshouldreviewaccesscontrollists.

035.Whengrantingtemporaryaccesstovendors,themosteffectivecontrol:

Useraccountsarecreatedwithexpirationdatesandarebasedonservicesprovided.

036.Duringalogicalaccesscontrolsreview,anISauditorobservesthatuseraccountsareshared.Thegreatestriskresultingfromthissituationisthatuseraccountablilitymaynotbeestablished.

037.Atwo-factoruserauthentication:

Asmartcardrequringtheuser'

sPIN.

038.Accesscontrolsoftwareisthemosteffectivemethodofpreventingunauthorizeduseofdatafiles.

039.Logicalaccesscontrolistheprimarysafeguardforsecuringsoftwareanddatawithinaninformationprocessingfacility.

040.Providesanaudittrailisabenefitofusingacallbackdevice.

041.Whenreviewinganorganizaion'

slogicalaccesssecurity,anISauditorshouldbemostconcerned:

Passwordfilesarenotencrypted.

042.Passwordsshouldbeassignedbythesecurityadministratorforfirsttimelogon.

043.Deletionoftransactiondatafilesshouldbeafunctionoftheapplicationsupportteam,notoperationsstaff.

044.Themostappropriatecontroltopreventunauthorizedentryistoterminateconnctionafteraspecifiednumberofattempts.

045.AnISauditorconductinganaccesscontrolreviewinaclient-serverenvironmentdiscoversthatallprintiingoptionsareaccessiblebyallusers.Inthissituation,theISauditorismostlikelytoconcludethatexposureisgreater,sinceinformationisavailabletounauthorizedusers.

046.Sign-onproceduresincludethecreationofauniqueuserIDandpassword.However,anISauditordiscoversthat,inmanycases,theusernameandpasswordarethesame.Thebestcontroltomitigatethisriskistobuildinvalidationstopreventthisduringusercreationandpasswordchange.

047.Theprimaryobjectiveofalogicalcontrolreviewistoensurethataccessisgrantedpertheorganizaion’sauthorities.

048.Namingconventionsforsystemresourecesareimportantforaccesscontrolbecausetheryreducethenumberofrulesrequiredtoadequatelyprotectresources.

049.Linegrabbingwillenableeavesdropping,thusallowingunauthorizeddataaccess.

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 小学教育 > 语文

copyright@ 2008-2023 冰点文库 网站版权所有

经营许可证编号:鄂ICP备19020893号-2