1. client-server architecture may potentially involve a variety of hardware, systems software, and application software from many vendors. the best way to protect a client-server system from unauthorized access is through
a a combination of application and general access control techniques
b use of a commercially available authentication system
c encryption of all network traffic
d thorough testing and evaluation of remote procedure calls.
a correct security is more difficult to achieve in a client-server system than in a mainframe environment. the system has numerous access points, and users have many chances to alter data. thus, application controls must be combined with general access controls to protect the system.
b incorrect authentication systems are only a part of the solution.
c incorrect encryption affects only general access control techniques.
d incorrect testing and evaluation of rpc’s may be only a small part of an overall security review. a company with several hundred stores has a network for the stores to transmit sales data to headquarters.the network is also used for
2 the information systems and audit directors also agreed that maintaining the integrity of the system that kept inventory data was crucial for distributing correct product quantities to stores. the best way to ensure the integrity of the application software is through
a access controls for terminals in the receiving department
b audit trails for items sold and received.
c change controls for inventory software.
d monitoring software for the network.
a incorrect access controls for terminals in the receiving department ensure that only authorized receiving personnel have access to specific categories of information. however, they do not affect personnel in other functional areas.
b audit trails permit audits of transaction updates to date files but do not ensure the integrity of application software.
c change control is vital to the effectiveness of internal control. it is the set of procedures that ensure that only authorized, tested, and documented program changes are made. such procedures include not only segregation of duties in the development and implementation processes, but also design and code walk-through, coordination of changes, review and approval by users and management, review of compliance with standards, minimum testing requirements, and backout procedures in the event of failure.
d monitoring software is designed to monitor performance (human or machine) for specified function such as capacity used or number of tasks performed.