CISA冲刺考试六Word格式.docx
- 文档编号:1402578
- 上传时间:2023-04-30
- 格式:DOCX
- 页数:8
- 大小:17.11KB
CISA冲刺考试六Word格式.docx
《CISA冲刺考试六Word格式.docx》由会员分享,可在线阅读,更多相关《CISA冲刺考试六Word格式.docx(8页珍藏版)》请在冰点文库上搜索。
004.JavaappletsandActiveXcontrolsaredistributedexecutableprogramsthatexecuteinthebackgroundofawebbrowserclient.Thispracticeisconsideredreasonablewhenthesourceoftheexecutablefileiscertain.
005.Inlargecorporatenetworkshavingsupplypartnersacrosstheglobenetworktrafficmaycontinuetorise.Theinfrastructurecomponentsinsuchenvironmentsshouldbescalable.Theappliancefirewallarchitecturelimitsfuturescalability.
006.Transmissionmedia,fiberopticcable,providethebestsecurityagainstunauthorizedaccess.
007.Reviewtheparametersettingsisthebestauditproceduretodetermineifafirewallisconfiguredincompliancewithanorganization'
ssecuritypolicy.
008.Todeterminehowdataareaccessedacrossdifferentplatformsinaheterogeneousenvironment,anISauditorshouldfirstreviewapplicationservices.
009.Anorganizationhasoutsourceditshelpdesk.Thebestindicatortoincludeintheservicelevelagreement(SLA):
percentageofincidentssolvedinthefirstcall.
010.Areviewofwideareanetwork(WAN)usagediscoversthattrafficononecommunicationlinebetweensites,synchronouslylinkingthemasterandstandbydatabase,peaksat96percentofthelinecapacity.AnISauditorshouldconcludethatanalysisisrequiredtodetermineifapatternemergesthatresultsinaservicelossforashortperiodoftime.
011.Duringtherequirementsdefinitionphaseforadatabaseapplication,performanceislistedasatoppriority.ToaccesstheDBMSfiles,storageareanetwork(SAN)shouldberecommendedforoptimalI/Operformance.
012.Thebestwaytominimizetheriskofcommunicationfailuresinane-commerceenvironmentwouldbetouseleasedasynchronoustransfermodelines.
013.AnISauditorreviewinganorganization'
sdatafilecontrolproceduresfindsthattransactionsareappliedtothemostcurrentfiles,whilerestartproceduresuseearlierversions.TheISauditorshouldrecommendtheimplementationofversion'
susagecontrol.
014.Thepurposeofcodesigningistoprovideassurancethatthesoftwarehasnotbeensubsequentlymodified.
015.AnISauditoranalyzingtheauditlogofadatabasemanagementsystem(DBMS)findsthatsometransactionswerepartiallyexecutedasaresultofanerror,
andarenotrolledback.Inthiscase,atomicityhasbeenviolated.
016.Reverseproxytechnologyforwebserversshouldbedeployedifhttpserver'
saddressmustbehidden.
017.Clusteringtechniquebestlimitstheimpactofserverfailuresinadistributedenvironment.
018.Whenreviewingahardwaremaintenanceprogram,anISauditorshouldassesswhethertheparogramisvalidatedagainstvendorspecifications.
019.AnISauditorshouldrecommendtheuseoflibrarycontrolsoftwaretoprovidereasonableassurancethatprogramchangeshavebeenauthorized.
020.Whenauditingaproxy-basedfirewall,anISauditorshouldverifythatthefiltersappliedtoservicessuchasHTTPareeffective.
021.AddressResolutionProtocol(ARP)providesdynamicaddressmappingbetweenanIPaddressandhardwareaddress.
022.Theprimaryobjectiveofservice-levelmanagement(SLM)istodefine,agree,recordandmanagetherequiredlevelsofservice.
023.FromanISauditor'
sperspective,theprimaryobjectiveofauditingthemanagementofserviceprovidersshouldbetodetermineiftheservicesthatwererequestedwereprovidedinawaythatisacceptable,seamlessandinlinewithcontractualagreements.
024.ITbestpracticesfortheavailabilityandcontinuityofITservicesshouldprovidereasonableassurancethatagreeduponobligationstocustomerscanbemet.
025.Anorganizationhasrecentlyinstalledasecuritypatch,whichcrashedtheproductionserver.Tominimizetheprobabilityofthisoccurringagain,anISauditorshouldensurethatagoodchangemanagementprocessisinplace.
026.Duringmaintenanceofarelationaldatabase,severalvaluesoftheforeignkeyinatransactiontableofarelationaldatabasehavebeencorrupted.Theconsequenceisthatthedetailofinvolvedtransactionsmaynolongerbeassociatedwithmasterdata,causingerrorswhenthesetransactionsareprocessed.
027.Inarelationaldatabasewithreferentialintegrity,theuseofforeignkeywouldpreventdeletionofarowfromacustomertableaslongasthecustomernumberofthatrowisstoredwithliveordersontheorderstable.
028.Apostincidentreviewexaminesboththecauseandresponsetoanincident.Thelessonslearnedfromthereviewcanbeusedtoimproveinternalcontrols.Understandingthepurposeandstructureofpostincidentreviewsandfollow-upproceduresenablestheinformationsecuritymanagertocontinuouslyimprovethesecurityprogram.
029.AnISauditorexamingtheconfigurationofanoperatingsystemtoverifythecontrolsshouldreviewtheparametersettings.
030.Thecomputersecurityincidentresponseteam(CSIRT)ofanorganizationdisseminatesdetaileddescriptionsofrecentthreats.AnISauditor'
sgreatestconcernshouldbethattheusersmightusethisinformationtolaunchattacks.
031.InordertoensureanadequatesegregationofdutiesbetweenISandendusers,theapplicationownershouldberesponsibleforauthorizingaccesstodata.
032.Accountabilityforthemaintenanceofappropriatesecuritymeasuresoverinformationassetsresideswiththedataandsystemowners.
033.Thegreatestriskwhenendusershaveaccesstoadatabaseatitssystemlevel,insteadofthroughtheapplication,isthattheuserscanmakeunauthorizedchangestothedatabasedirectly,withoutanaudittrail.
034.Todeterminewhohasbeengivenpermissiontouseaparticularsystemresource,anISauditorshouldreviewaccesscontrollists.
035.Whengrantingtemporaryaccesstovendors,themosteffectivecontrol:
Useraccountsarecreatedwithexpirationdatesandarebasedonservicesprovided.
036.Duringalogicalaccesscontrolsreview,anISauditorobservesthatuseraccountsareshared.Thegreatestriskresultingfromthissituationisthatuseraccountablilitymaynotbeestablished.
037.Atwo-factoruserauthentication:
Asmartcardrequringtheuser'
sPIN.
038.Accesscontrolsoftwareisthemosteffectivemethodofpreventingunauthorizeduseofdatafiles.
039.Logicalaccesscontrolistheprimarysafeguardforsecuringsoftwareanddatawithinaninformationprocessingfacility.
040.Providesanaudittrailisabenefitofusingacallbackdevice.
041.Whenreviewinganorganizaion'
slogicalaccesssecurity,anISauditorshouldbemostconcerned:
Passwordfilesarenotencrypted.
042.Passwordsshouldbeassignedbythesecurityadministratorforfirsttimelogon.
043.Deletionoftransactiondatafilesshouldbeafunctionoftheapplicationsupportteam,notoperationsstaff.
044.Themostappropriatecontroltopreventunauthorizedentryistoterminateconnctionafteraspecifiednumberofattempts.
045.AnISauditorconductinganaccesscontrolreviewinaclient-serverenvironmentdiscoversthatallprintiingoptionsareaccessiblebyallusers.Inthissituation,theISauditorismostlikelytoconcludethatexposureisgreater,sinceinformationisavailabletounauthorizedusers.
046.Sign-onproceduresincludethecreationofauniqueuserIDandpassword.However,anISauditordiscoversthat,inmanycases,theusernameandpasswordarethesame.Thebestcontroltomitigatethisriskistobuildinvalidationstopreventthisduringusercreationandpasswordchange.
047.Theprimaryobjectiveofalogicalcontrolreviewistoensurethataccessisgrantedpertheorganizaion’sauthorities.
048.Namingconventionsforsystemresourecesareimportantforaccesscontrolbecausetheryreducethenumberofrulesrequiredtoadequatelyprotectresources.
049.Linegrabbingwillenableeavesdropping,thusallowingunauthorizeddataaccess.
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- CISA 冲刺 考试