Question 1

Which of the following best illustrates the use of multifactor authentication?

Accepted Answer

A) Requiring password changes every 30,60,or 90 days. 
B) Requiring the use of a smart card and a password. 
C) Requiring the use of upper case,lower case,numeric,and special characters for a password. 
D) The use of a fingerprint scanner for access to a device. 
A) Requiring password changes every 30,60,or 90 days. 
B) Requiring the use of a smart card and a password. 
C) Requiring the use of upper case,lower case,numeric,and special characters for a password. 
D) The use of a fingerprint scanner for access to a device.

Question 2

Which of the following does not represent a viable data backup method?

Accepted Answer

A) Disaster recovery plan. 
B) Redundant arrays of independent drives. 
C) Virtualization. 
D) Cloud computing. 
A) Disaster recovery plan. 
B) Redundant arrays of independent drives. 
C) Virtualization. 
D) Cloud computing.

Question 3

What is the primary objective of data security controls?

Accepted Answer

A) To establish a framework for controlling the design,security,and use of computer programs throughout an organization. 
B) To ensure that data storage media are subject to authorization prior to access,change,or destruction. 
C) To formalize standard,rules,and procedures to ensure the organization's control are properly executed. 
D) To monitor the use of system software to prevent unauthorized access to system software and computer programs. 
A) To establish a framework for controlling the design,security,and use of computer programs throughout an organization. 
B) To ensure that data storage media are subject to authorization prior to access,change,or destruction. 
C) To formalize standard,rules,and procedures to ensure the organization's control are properly executed. 
D) To monitor the use of system software to prevent unauthorized access to system software and computer programs.

Question 4

A Public Key Infrastructure (PKI)provides the ability to do which of the following?

Accepted Answer

A) Encrypt messages using a private key. 
B) Enable debit and credit card transactions. 
C) Read plaintext. 
D) Issue,maintain,and revoke digital certificates. 
A) Encrypt messages using a private key. 
B) Enable debit and credit card transactions. 
C) Read plaintext. 
D) Issue,maintain,and revoke digital certificates.

Question 5

Which of the following is not one of the main components of vulnerability management and assessment?

Accepted Answer

A) Identification. 
B) Remediation. 
C) Internalization. 
D) Maintenance. 
A) Identification. 
B) Remediation. 
C) Internalization. 
D) Maintenance.

Question 6

Disaster recovery planning and business continuity management are unrealted.

Accepted Answer

A) True 
 B)False

Question 7

Key distribution and key management are problematic under the symmetric-key encryption.

Accepted Answer

A) True 
 B)False

Question 8

Select a correct statement regarding encryption methods?

Accepted Answer

A) To use symmetric-key encryption,each user needs two different keys. 
B) Most companies prefer using symmetric-key encryption than asymmetric-key encryption method. 
C) Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority. 
D) When conducting e-business,most companies use both symmetric-key and asymmetric-key encryption methods. 
A) To use symmetric-key encryption,each user needs two different keys. 
B) Most companies prefer using symmetric-key encryption than asymmetric-key encryption method. 
C) Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority. 
D) When conducting e-business,most companies use both symmetric-key and asymmetric-key encryption methods.

Question 9

Encryption and hashing are similar process to maintain data confidentiality.

Accepted Answer

A) True 
 B)False

Question 10

Which of the following is a password security weakness?

Accepted Answer

A) Users are assigned passwords when accounts are created,but do not change them. 
B) Users have accounts on several systems with different passwords. 
C) Users write down their passwords on a note paper,and carry it with them. 
D) Users select passwords that are not part of an online password dictionary. 
A) Users are assigned passwords when accounts are created,but do not change them. 
B) Users have accounts on several systems with different passwords. 
C) Users write down their passwords on a note paper,and carry it with them. 
D) Users select passwords that are not part of an online password dictionary.

Question 11

A disaster recovery approach should include which of the following elements?

Accepted Answer

A) Encryption. 
B) Firewalls. 
C) Regular backups. 
D) Surge protectors. 
A) Encryption. 
B) Firewalls. 
C) Regular backups. 
D) Surge protectors.

Question 12

A RAID array implemented in a data center is an example of which of the following?

Accepted Answer

A) Virtualization. 
B) Uninterruptible power supply. 
C) Fault tolerance. 
D) SOC 3. 
A) Virtualization. 
B) Uninterruptible power supply. 
C) Fault tolerance. 
D) SOC 3.

Question 13

The purpose of using a digital signature is for authentication.

Accepted Answer

A) True 
 B)False

Question 14

An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

Accepted Answer

A) Password management. 
B) Data encryption. 
C) Digital certificates. 
D) Batch processing. 
A) Password management. 
B) Data encryption. 
C) Digital certificates. 
D) Batch processing.

Question 15

Why would companies want to use digital signatures when conducting e-business?

Accepted Answer

A) They are cheap. 
B) They are always the same so it can be verified easily. 
C) They are more convenient than requiring a real signature. 
D) They can authenticate the document sender and maintain data integrity. 
A) They are cheap. 
B) They are always the same so it can be verified easily. 
C) They are more convenient than requiring a real signature. 
D) They can authenticate the document sender and maintain data integrity.

Question 16

The goal of information security management is to enhance the confidence,integrity and authority (CIA)of a firm's information.

Accepted Answer

A) True 
 B)False

Question 17

When using asymmetric encryption algorithm,for two trading parties to conduct e-business,they need to use two keys.

Accepted Answer

A) True 
 B)False

Question 18

Which of the following controls would most likely assure that a company can reconstruct its financial records?

Accepted Answer

A) Security controls such as firewalls. 
B) Backup data are tested and stored safely. 
C) Personnel understand the data very well. 
D) Paper records. 
A) Security controls such as firewalls. 
B) Backup data are tested and stored safely. 
C) Personnel understand the data very well. 
D) Paper records.

Question 19

Both ISACA and the GTAG define vulnerability.Which of the following does not represent one of these definitions?

Accepted Answer

A) The nature of IT resources that can be exploited by a threat to cause damage. 
B) An organizations' exposure to disaster. 
C) Weaknesses or exposures in IT assets that may lead to business,compliance,or security risk. 
D) All of the other items represent the definitions of vulnerability stated by ISACA and the GTAG. 
A) The nature of IT resources that can be exploited by a threat to cause damage. 
B) An organizations' exposure to disaster. 
C) Weaknesses or exposures in IT assets that may lead to business,compliance,or security risk. 
D) All of the other items represent the definitions of vulnerability stated by ISACA and the GTAG.

Question 20

Which of the following IT controls would best prevent a developer from inappropriately accessing the system?

Accepted Answer

A) Forced password changes. 
B) Secondary code review. 
C) Symmetric encryption. 
D) Lack of authentication. 
A) Forced password changes. 
B) Secondary code review. 
C) Symmetric encryption. 
D) Lack of authentication.

Which of the following best illustrates the use of multifactor authentication?

Which of the following does not represent a viable data backup method?

What is the primary objective of data security controls?

A Public Key Infrastructure (PKI)provides the ability to do which of the following?

Which of the following is not one of the main components of vulnerability management and assessment?

Disaster recovery planning and business continuity management are unrealted.

Key distribution and key management are problematic under the symmetric-key encryption.

Select a correct statement regarding encryption methods?

Encryption and hashing are similar process to maintain data confidentiality.

Which of the following is a password security weakness?

A disaster recovery approach should include which of the following elements?

A RAID array implemented in a data center is an example of which of the following?

The purpose of using a digital signature is for authentication.

An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

Why would companies want to use digital signatures when conducting e-business?

The goal of information security management is to enhance the confidence,integrity and authority (CIA)of a firm's information.

When using asymmetric encryption algorithm,for two trading parties to conduct e-business,they need to use two keys.

Which of the following controls would most likely assure that a company can reconstruct its financial records?

Both ISACA and the GTAG define vulnerability.Which of the following does not represent one of these definitions?

Which of the following IT controls would best prevent a developer from inappropriately accessing the system?

Accounting Information Systems and Firm Value

Accountants As Business Analysts

Data Modeling

Relational Databases and Enterprise Systems

Sales and Collections Business Process

Purchases and Payments Business Process

Conversion Business Process

Reporting Processes and Extensible Business Reporting Language Xbrl

Data Analytics in Accounting: Concepts and the Amps Model

Data Analytics in Accounting: Tools and Practice

Emerging Technologies: Blockchain and Ai Automation

Accounting Information Systems and Internal Controls

Monitoring and Auditing Ais

The Balanced Scorecard, Business Model Canvas, and Business Value of Information Technology

Evaluating Ais Investments

Filters

Exam 14: Information Security and Computer Fraud

Which of the following best illustrates the use of multifactor authentication?

Which of the following does not represent a viable data backup method?

What is the primary objective of data security controls?

A Public Key Infrastructure (PKI)provides the ability to do which of the following?

Which of the following is not one of the main components of vulnerability management and assessment?

Disaster recovery planning and business continuity management are unrealted.

Key distribution and key management are problematic under the symmetric-key encryption.

Select a correct statement regarding encryption methods?

Encryption and hashing are similar process to maintain data confidentiality.

Which of the following is a password security weakness?

A disaster recovery approach should include which of the following elements?

A RAID array implemented in a data center is an example of which of the following?

The purpose of using a digital signature is for authentication.

An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

Why would companies want to use digital signatures when conducting e-business?

The goal of information security management is to enhance the confidence,integrity and authority (CIA)of a firm's information.

When using asymmetric encryption algorithm,for two trading parties to conduct e-business,they need to use two keys.

Which of the following controls would most likely assure that a company can reconstruct its financial records?

Both ISACA and the GTAG define vulnerability.Which of the following does not represent one of these definitions?

Which of the following IT controls would best prevent a developer from inappropriately accessing the system?

Accounting Information Systems and Firm Value

Accountants As Business Analysts

Data Modeling

Relational Databases and Enterprise Systems

Sales and Collections Business Process

Purchases and Payments Business Process

Conversion Business Process

Reporting Processes and Extensible Business Reporting Language Xbrl

Data Analytics in Accounting: Concepts and the Amps Model

Data Analytics in Accounting: Tools and Practice

Emerging Technologies: Blockchain and Ai Automation

Accounting Information Systems and Internal Controls

Monitoring and Auditing Ais

The Balanced Scorecard, Business Model Canvas, and Business Value of Information Technology

Evaluating Ais Investments

Filters