After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?

Which of the following is a general operating system access control function?

Which of the following BEST restricts users to those functions needed to perform their duties?

For a discretionary access control to be effective, it must:

An IS auditor examining a biometric user authentication system establishes the existence of a control weakness that would allow an unauthorized individual to update the centralized database on the server that is used to store biometric templates. Ofthe following, which is the BEST control against this risk?

From a control perspective, the PRIMARY objective of classifying information assets is to:

An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor’s main concern should be that:

An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies?

The information security policy that states ‘each individual must have their badge read at every controlled door’ addresses which of the following attack methods?

Which of the following presents an inherent risk with no distinct identifiable preventive controls?