16.
Who is responsible for designating the appropriate information classification level?
- A.Data custodian
- B.Data user
- C.Data owner
- D.Security manager
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The data owner is responsible for designating the appropriate information security level and appointing the custodian. The data owner is usually a vice president or someone in a position higher up in the organization, up to an agency head. The data owner also specifi es the controls to be used. The audit committee and management can change the security level if the data owner fails to properly classify the data. |
17.
What is the best statement regarding the purpose of using the OSI model?
- A.To define separation of duties, controls, and boundaries
- B.To define which level of program-to-program gateways operate
- C.To define how networking protocols work for IT professionals
- D.To define the differences between OSI and IP protocols
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The Open Systems Interconnect (OSI) model is used to defi ne separation of duties for electronic services, personnel, control points, and boundaries used in service-level agreements, compliance rules, and legal contracts. Most IT professionals were never taught the actual content and don’t understand the incredibly valuable information they missed. |
18.
What is one of the bigger concerns regarding asset disposal?
- A.Residual asset value
- B.Employees taking disposed property home
- C.Standing data
- D.Environmental regulations
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Standing data should be purged from the equipment prior to disposal. Standing data refers to information that can be recovered from a device by using any means. |
19.
What is the primary purpose of database views?
- A.Restrict the viewing of selected data
- B.Provide a method for generating reports
- C.Allow the user access into the database
- D.Allow the system administrator access to maintain the database
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Database views are weak controls used to implement least privilege and restrict the data that can be viewed by the user. |
20.
Which step is necessary before moving into the next phase when using the System
Development Life Cycle?
- A.Phase meeting
- B.Change control
- C.Formal approval
- D.Review meeting
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Formal approval is necessary before moving into the next phase. A review meeting is held with the stakeholders, project manager, and executive chairperson. All of the projections and open issues are discussed. Each item is approved, rejected, or canceled. The project may advance to the next stage with formal approval. The auditor should look for evidence of formal approval and how the decision was made. |
|
|
||||||||||||||||||||||||||||
