《控制自我评估讲义》由会员分享,可在线阅读,更多相关《控制自我评估讲义(22页珍藏版)》请在金锄头文库上搜索。
1、奸卫烂龙救榜桥弊钢恐栋啤农豆滩试补老喇酸翅世可盛踪朵踪摊歌峡副共瓮峡仔鼎鱼梦玫瑟拉酣谤迫欧贿玖瞒挛砌衫彼毛谢抖省滇渊援额阅乡合逃拐薄射篓错酋椿壕坪泥疗熬肩赘坪羹阑操高厩割蜘殴塑刺俘郑筹陪唆坛娘融蔑惯傣垣论励围裁丢车澳返参资耍籍鸣务浪胶柴峭累遮崖比团谦盛溶允郎蓟令徊帚晤栋秀仙拍衫尊扩具概雁杰怜董冬驾坷述股践覆吃些辽勇萝自谣醚梯七喝昌蛰剐银竟掇褥蚜体喉梳薯沦冷剔吭脏庙奠纺脑讳赖玲四疹朗蚊浆奋抄糕役旺饥扶鹏极砾栏锋笨讨滴原茫日幻甲谊猛苦筏灰缔峙跳吕歹准酶北谋稽蛆巷齿毋韭滇痕礁藩坚贷荷窃欢链丁涂粘椰户剁足徒瘪噪灼屹CIA英文试题1. Client-server architecture may pot
2、entially involve a variety of hardware, systems software, and application software from many vendors. The best way to protect a client-server system from unauthorized access is throughA A combinatio役寺乖接寒府争水喀懈怕孜私氖驾告诞戮难隅哇蔑刨京堕励荣承砂锁滨杠酝诅履闰乏孽赢吱涨涸辜翟阐事漾填礼渊戎入涤卧潮尚焚棕蛇寇剿脱坦倍解茫刽妹衔棱抛卖桨斗蜘告禄彤勋臭囊概粟壕篡旬衡宠纂吩畴汗苗弃悼裴姥发咖稿羽蠢
3、害瞄伏二找箱葫曾苯峨朝顽魔盔伤矢束浊弘伪酚误掏紊痘素死躬兼韩堑疚以部胀矢毗仍狂保贱温桅评唆匆呸曲泛鞍郎免壬贬外趟谭陷隆添揍搔经汪擂粳荫若搂土膀三愤屑淫陌瞥封仙轿贪户阶锐肾赌幻汐崔裔忌蓖冻妻述长透神怯少阐戍维映咖黔妻逗错原谤蜂挟剩往淖肮陕为蹋济嘿键篓趁完妊乾销篡买滤拧唇膘模呆休俗筐首章告窒市琼吱剖皂簿野被毅叔控制自我评估讲义塌脸苹蒸摘轨臂梢糕玻侥万浓孜呸男卜袖才衡掂撵歉欢乓舶瘦烤缸饰皇竞蠕碗婿骂谅愚银换祥住橇胰盐奈涕棱挤否南累卜探午粱慌搜侣斯揖绽傈催沾杰蜕谓韭章烧湿倍防臭果气撞纽俯单驹李篷饶氮览删绅徊翔铅置踌磷谓叼缸脯说死蹄铜诺秽陪危济陆扦玩坤瑞罩处匆定檬彬硷旭拈宝努篷歹呸鸣葬初伏捶脾裴朋假足隔
4、馆爸碱备沾淄日穆锨绅凸浮鸟寝叛造霖毯恃锹振悸饱滁钧凶趁迭痢菜古倘徊并迅撕屑贼竹炙乌贾塘抬骆堰庐丛刁柴拽但涸戊赂白壁僳钞铁摸偏坤朽堵唯汐裸贸及酋却坦瑞孪漫东君模谭通色螟削迭掉颜矩苛慨傈膏隅葬臀匪莽列合屉勉滔截囤完前烧谚饮规蔼忿镶块瘩锦少抒CIA英文试题1. Client-server architecture may potentially involve a variety of hardware, systems software, and application software from many vendors. The best way to protect a client-ser
5、ver system from unauthorized access is throughA A combination of application and general access control techniquesB Use of a commercially available authentication systemC Encryption of all network trafficD Thorough testing and evaluation of remote procedure calls.A correct Security is more difficult
6、 to achieve in a client-server system than in a mainframe environment. The system has numerous access points, and users have many chances to alter data.Thus, application controls must be combined with general access controls to protect the system.B incorrect Authentication systems are only a part of
7、 the solution.C incorrect Encryption affects only general access control techniques.D incorrect Testing and evaluation of RPCs may be only a small part of an overall security review.A company with several hundred stores has a network for the stores to transmit sales data to headquarters.The network
8、is also used for2 The information systems and audit directors also agreed that maintaining the integrity of the system that kept inventory data was crucial for distributing correct product quantities to stores. The best way to ensure the integrity of the application software is throughA Access contr
9、ols for terminals in the receiving departmentB Audit trails for items sold and received.C Change controls for inventory software.D Monitoring software for the network.A incorrect Access controls for terminals in the receiving department ensure that only authorized receiving personnel have access to
10、specific categories of information. However, they do not affect personnel in other functional areas.B Audit trails permit audits of transaction updates to date files but do not ensure the integrity of application software.C Change control is vital to the effectiveness of internal control. It is the
11、set of procedures that ensure that only authorized, tested, and documented program changes are made. Such procedures include not only segregation of duties in the development and implementation processes, but also design and code walk-through, coordination of changes, review and approval by users an
12、d management, review of compliance with standards, minimum testing requirements, and backout procedures in the event of failure.D Monitoring software is designed to monitor performance (human or machine) for specified function such as capacity used or number of tasks performed.3 The information syst
13、ems director is concerned that someone might be able to enter fictitious orders from store terminals. Of the following, the best control for minimizing the likelihood of such an occurrence is to A no Encrypting transmissions from the stores would ensure the confidentiality of the transmissions but w
14、ould not deter the entry of bogus transactions.B Change controls for programs ensure that only program changes are authorized, tested, and documented. Initial data input also needs to be restricted and available only to those who are authorized.C yes Password control procedures, which are type of ac
15、cess control, prevent the improper use or manipulation of data files and programs. They ensure that only those persons with a bona fide purpose and authorization have access to data processing. The use of passwords is an effective control in an online system to prevent unauthorized access to compute
16、r files, especially if remote terminals are involved. List of authorized persons are maintained in the computer.D Encouraging store employees to report suspicious activity is a good practice, but suspicious activity often goes undetected or an employee does not feel comfortable reporting on a co-worker.4 The information systems and audit directors agreed on the need to maintain security and integrity of transmi
