Exam 12: Information Security and Computer Fraud

Bacchus, Inc. is a large multinational corporation with various business units around the world. After a fire destroyed the corporation headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery? A. Daily backup. B. Network security. C. Business continuity. D. Backup power.

Key distribution and key management are problematic under the symmetric-key encryption.

Which of the following passwords would be most difficult to crack? A. Go2Ca!ifornia4fun B. language C. jennyjenny D. pass56word

Spam is a self-replicating program that runs and spreads by modifying other programs or files.

A Public Key Infrastructure (PKI) provides the ability to do which of the following? A. Encrypt messages using a private key. B. Enable debit and credit card transactions. C. Read plaintext. D. Issue, maintain, and revoke digital certificates.

Which of the following statements is most accurate with regard to business continuity management (BCM) and disaster recovery planning (DRP)? A. DRP is an important component of BCM. B. BCM and DRP should be considered independently of each other. C. BCM is an important component of DRP. D. DRP should be considered as optional, while BCM should be considered as necessary.

What are included in disaster recovery planning and business continuity management? Are these concepts related?

The goal of information security management is to maintain confidentiality, integrity and availability of a firm's information.

Which of the following statements is incorrect? A. A fraud prevention program starts with a fraud risk assessment across the entire firm B. The audit committee typically has an oversight role in risk assessment process C. Communicating a firm's policy file to employees is one of the most important responsibilities of management D. A fraud prevention program should include an evaluation on the efficiency of business processes.

Describe the framework for vulnerability assessment and vulnerability management.

A virus is a self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

Which of the following security controls would best prevent unauthorized access to a firm's internal network? A. Use of a screen saver with a password. B. Use of a firewall. C. Encryption of data files. D. Automatic log-off of inactive users.

Which of the following controls would most likely assure that a company can reconstruct its financial records? A. Security controls such as firewalls B. Backup data are tested and stored safely C. Personnel understand the data very well D. Paper records

Which of the following statements regarding authentication in conducting e-business is incorrect? A. It is a process that establishes the origin of information or determines the identity of a user, process, or device. B. One key is used for encryption and decryption purposes in the authentication process. C. Successful authentication can prevent repudiation in electronic transactions. D. We need to use asymmetric-key encryption to authenticate the sender of a document or data set.

Both ISACA and the GTAG define define vulnerability. Which of the following does not represent one of these definitions? A. The nature of IT resources that can be exploited by a threat to cause damage. B. An intruder's attempts to exploit weaknesses in IT resources. C. Weaknesses or exposures in IT assets that may lead to business, compliance, or security risk. D. All of the other items represent the definitions of vulnerability stated by ISACA and the GTAG.

Why would companies want to use digital signatures when conducting e-business? A. They are cheap. B. They are always the same so it can be verified easily. C. They are more convenient than requiring a real signature. D. They can authenticate the document sender and maintain data integrity.

Which of the following would most likely be used for a secure initial logon process? A. Symmetric-key encryption. B. Assymetric-key encryption. C. Dual-handshake encryption. D. 56-bit encryption.

In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator? A. Managing remote access. B. Developing application programs. C. Reviewing security policy. D. Installing operating system upgrades.

Which of the following statements about asymmetric-key encryption is correct? A. When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties. B. Employees in the same company share the same public key. C. Most companies would like to manage the private keys for their employees. D. Most companies would like to use a Certificate Authority to manage the public keys of their employees. E. Two of the above are correct.

The symmetric-key encryption method is used to authenticate users.