Which of the following should concern an IS auditor when reviewing security in a client-server
environment?
A.
Protecting data using an encryption technique
B.
Preventing unauthorized access using a diskless workstation
C.
The ability of users to access and modify the database directly
D.
Disabling floppy drives on the users’ machines
Explanation:
For the purpose of data security in a client-server environment, an IS auditor should be concerned
with the users ability to access and modify a database directly. This could affect the integrity of the
data in the database. Data protected by encryption aid in securing the datA . Diskless workstations
prevent copying of data into local disks and thus help to maintain the integrity and confidentiality of
datA . Disabling floppy drives is a physical access control, which helps to maintain the confidentiality
of data by preventing it from being copied onto a disk.