Question 1

Which of the following is not an example of a vulnerability within an Information System?

Accepted Answer

A) Outdated intrusion detection/prevention system. 
B) Lack of a disaster recovery plan. 
C) Improper system configuration. 
D) Failure to audit and terminate unused accounts in a timely manner. 
A) Outdated intrusion detection/prevention system. 
B) Lack of a disaster recovery plan. 
C) Improper system configuration. 
D) Failure to audit and terminate unused accounts in a timely manner. B

Question 2

Which of the following statements about asymmetric-key encryption is correct?

Accepted Answer

A) When using asymmetric-key encryption method,a total of two keys are necessary in electronic communication between two parties. 
B) Employees in the same company share the same public key. 
C) Most companies would like to manage the private keys for their employees. 
D) Most companies would like to use a Certificate Authority to manage the public keys of their employees. 
E) Two of the above are correct. 
A) When using asymmetric-key encryption method,a total of two keys are necessary in electronic communication between two parties. 
B) Employees in the same company share the same public key. 
C) Most companies would like to manage the private keys for their employees. 
D) Most companies would like to use a Certificate Authority to manage the public keys of their employees. 
E) Two of the above are correct. D

Question 3

When client's accounts payable computer system was relocated,the administrator provided support through a dial-up connection to server.Subsequently,the administrator left the company.No changes were made to the accounts payable system at that time.Which of the following situations represents the greatest security risk?

Accepted Answer

A) User passwords are not required to the in alpha-numeric format. 
B) Management procedures for user accounts are not documented. 
C) User accounts are not removed upon termination of employees. 
D) Security logs are not periodically reviewed for violations. 
A) User passwords are not required to the in alpha-numeric format. 
B) Management procedures for user accounts are not documented. 
C) User accounts are not removed upon termination of employees. 
D) Security logs are not periodically reviewed for violations. C

Question 4

Most companies use both symmetric-key and asymmetric-key encryption methods when conducting e-business.

Accepted Answer

A) True 
 B)False

Question 5

Which of the following is not one of the common techniques for information security risks and attacks?

Accepted Answer

A) Spam. 
B) Botnet. 
C) TraceRT. 
D) Social Engineering. 
A) Spam. 
B) Botnet. 
C) TraceRT. 
D) Social Engineering.

Question 6

Hashing process can be reversed and it is used for maintaining data confidentiality.

Accepted Answer

A) True 
 B)False

Question 7

Why do Certificate Authority (CA)play an important role in a company's information security management?

Accepted Answer

A) Using a CA is required by SOX in managing information security. 
B) A CA is responsible to generate session keys for encryption purposes. 
C) Most companies use CA to manage their employees' public keys. 
D) CA creates and maintains both the public and private keys for a company's employees. 
A) Using a CA is required by SOX in managing information security. 
B) A CA is responsible to generate session keys for encryption purposes. 
C) Most companies use CA to manage their employees' public keys. 
D) CA creates and maintains both the public and private keys for a company's employees.

Question 8

Information security is a critical factor in maintaining systems integrity.

Accepted Answer

A) True 
 B)False

Question 9

Select a correct statement regarding a hashing process.

Accepted Answer

A) It is reversible. 
B) The outcome is a message digest. 
C) It is not necessary to use a hashing process in creating a digital signature. 
D) It is used for authentication. 
A) It is reversible. 
B) The outcome is a message digest. 
C) It is not necessary to use a hashing process in creating a digital signature. 
D) It is used for authentication.

Question 10

Which of the following statements is incorrect about digital signatures?

Accepted Answer

A) A digital signature can ensure data integrity. 
B) A digital signature also authenticates the document creator. 
C) A digital signature is an encrypted message digest. 
D) A digital signature is a message digest encrypted using the document creator's public key. 
A) A digital signature can ensure data integrity. 
B) A digital signature also authenticates the document creator. 
C) A digital signature is an encrypted message digest. 
D) A digital signature is a message digest encrypted using the document creator's public key.

Question 11

What could result from the failure to audit and terminate unused accounts in a timely manner?

Accepted Answer

A) A disgruntled employee may send out phishing emails. 
B) A SOC 1 report will be generated. 
C) Computer hardware may be taken off premises. 
D) A disgruntled employee may tamper with company applications. 
A) A disgruntled employee may send out phishing emails. 
B) A SOC 1 report will be generated. 
C) Computer hardware may be taken off premises. 
D) A disgruntled employee may tamper with company applications.

Question 12

The symmetric-key encryption method is used to authenticate users.

Accepted Answer

A) True 
 B)False

Question 13

Which of the following describes the primary goals of the CIA approach to information security management?

Accepted Answer

A) Controls,Innovation,Analysis. 
B) Confidentiality,Integrity,Availability. 
C) Convenience,Integrity,Awareness. 
D) Confidentiality,Innovation,Availability. 
A) Controls,Innovation,Analysis. 
B) Confidentiality,Integrity,Availability. 
C) Convenience,Integrity,Awareness. 
D) Confidentiality,Innovation,Availability.

Question 14

Which of the following statements regarding authentication in conducting e-business is incorrect?

Accepted Answer

A) It is a process that establishes the origin of information or determines the identity of a user,process,or device. 
B) Only one key is used for encryption and decryption purposes in the authentication process. 
C) Successful authentication can prevent repudiation in electronic transactions. 
D) We need to use asymmetric-key encryption to authenticate the sender of a document or data set. 
A) It is a process that establishes the origin of information or determines the identity of a user,process,or device. 
B) Only one key is used for encryption and decryption purposes in the authentication process. 
C) Successful authentication can prevent repudiation in electronic transactions. 
D) We need to use asymmetric-key encryption to authenticate the sender of a document or data set.

Question 15

Which of the following is not an example of a physical security vulnerability?

Accepted Answer

A) Unescorted visitors on the premises. 
B) Poor choice of passwords. 
C) Lack of a smoke detector in the room housing servers. 
D) Lack of disaster recovery plan. 
A) Unescorted visitors on the premises. 
B) Poor choice of passwords. 
C) Lack of a smoke detector in the room housing servers. 
D) Lack of disaster recovery plan.

Question 16

Which of the following is not an example of vulnerability within the process of IT operations?

Accepted Answer

A) Software not patched. 
B) Inappropriate data classification. 
C) Ineffective training. 
D) Poor firewall rules. 
A) Software not patched. 
B) Inappropriate data classification. 
C) Ineffective training. 
D) Poor firewall rules.

Question 17

Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.

Accepted Answer

A) True 
 B)False

Question 18

Which of the following IT controls would best prevent a currency trader from concealing his/her trading errors?

Accepted Answer

A) End user access to source code. 
B) Multifactor authentication. 
C) Symmetric encryption. 
D) Use of a private key. 
A) End user access to source code. 
B) Multifactor authentication. 
C) Symmetric encryption. 
D) Use of a private key.

Question 19

For businesses considering a cloud computing solution,which of the following should they ask the cloud vendor to provide before entering into a contract for critical business operations?

Accepted Answer

A) FASB 51 Report. 
B) Audit Report. 
C) SAS 3 Report. 
D) SOC 2 Report. 
A) FASB 51 Report. 
B) Audit Report. 
C) SAS 3 Report. 
D) SOC 2 Report.

Question 20

A Certificate Authority (CA)issues digital certificates to bond the subscriber with a public key and a private key.

Accepted Answer

A) True 
 B)False

Which of the following is not an example of a vulnerability within an Information System?

Which of the following statements about asymmetric-key encryption is correct?

Most companies use both symmetric-key and asymmetric-key encryption methods when conducting e-business.

Which of the following is not one of the common techniques for information security risks and attacks?

Hashing process can be reversed and it is used for maintaining data confidentiality.

Why do Certificate Authority (CA)play an important role in a company's information security management?

Information security is a critical factor in maintaining systems integrity.

Select a correct statement regarding a hashing process.

Which of the following statements is incorrect about digital signatures?

What could result from the failure to audit and terminate unused accounts in a timely manner?

The symmetric-key encryption method is used to authenticate users.

Which of the following describes the primary goals of the CIA approach to information security management?

Which of the following statements regarding authentication in conducting e-business is incorrect?

Which of the following is not an example of a physical security vulnerability?

Which of the following is not an example of vulnerability within the process of IT operations?

Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.

Which of the following IT controls would best prevent a currency trader from concealing his/her trading errors?

For businesses considering a cloud computing solution,which of the following should they ask the cloud vendor to provide before entering into a contract for critical business operations?

A Certificate Authority (CA)issues digital certificates to bond the subscriber with a public key and a private key.

Accounting Information Systems and Firm Value

Accountants As Business Analysts

Data Modeling

Relational Databases and Enterprise Systems

Sales and Collections Business Process

Purchases and Payments Business Process

Conversion Business Process

Reporting Processes and Extensible Business Reporting Language Xbrl

Data Analytics in Accounting: Concepts and the Amps Model

Data Analytics in Accounting: Tools and Practice

Emerging Technologies: Blockchain and Ai Automation

Accounting Information Systems and Internal Controls

Monitoring and Auditing Ais

The Balanced Scorecard, Business Model Canvas, and Business Value of Information Technology

Evaluating Ais Investments

Filters

Exam 14: Information Security and Computer Fraud

Which of the following is not an example of a vulnerability within an Information System?

Which of the following statements about asymmetric-key encryption is correct?

Most companies use both symmetric-key and asymmetric-key encryption methods when conducting e-business.

Which of the following is not one of the common techniques for information security risks and attacks?

Hashing process can be reversed and it is used for maintaining data confidentiality.

Why do Certificate Authority (CA)play an important role in a company's information security management?

Information security is a critical factor in maintaining systems integrity.

Select a correct statement regarding a hashing process.

Which of the following statements is incorrect about digital signatures?

What could result from the failure to audit and terminate unused accounts in a timely manner?

The symmetric-key encryption method is used to authenticate users.

Which of the following describes the primary goals of the CIA approach to information security management?

Which of the following statements regarding authentication in conducting e-business is incorrect?

Which of the following is not an example of a physical security vulnerability?

Which of the following is not an example of vulnerability within the process of IT operations?

Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.

Which of the following IT controls would best prevent a currency trader from concealing his/her trading errors?

For businesses considering a cloud computing solution,which of the following should they ask the cloud vendor to provide before entering into a contract for critical business operations?

A Certificate Authority (CA)issues digital certificates to bond the subscriber with a public key and a private key.

Accounting Information Systems and Firm Value

Accountants As Business Analysts

Data Modeling

Relational Databases and Enterprise Systems

Sales and Collections Business Process

Purchases and Payments Business Process

Conversion Business Process

Reporting Processes and Extensible Business Reporting Language Xbrl

Data Analytics in Accounting: Concepts and the Amps Model

Data Analytics in Accounting: Tools and Practice

Emerging Technologies: Blockchain and Ai Automation

Accounting Information Systems and Internal Controls

Monitoring and Auditing Ais

The Balanced Scorecard, Business Model Canvas, and Business Value of Information Technology

Evaluating Ais Investments

Filters