Question 1

What is deep packet inspection?

Accepted Answer

DPI is a technique that searches individual network packets for protocol non-compliance and can identify and classify malicious packets based on a database of known attack signatures.

Question 2

IP spoofing

Accepted Answer

A)  combines the messages of multiple users into a "spoofing packet" where the IP addresses are interchanged and the messages are then distributes randomly among the targeted users. 
B)  is a form of masquerading to gain unauthorized access to a web server. 
C)  is used to establish temporary connections between network devices with different IP addresses for the duration of a communication session. 
D)  is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the IP address needed by other users. 
A)  combines the messages of multiple users into a "spoofing packet" where the IP addresses are interchanged and the messages are then distributes randomly among the targeted users. 
B)  is a form of masquerading to gain unauthorized access to a web server. 
C)  is used to establish temporary connections between network devices with different IP addresses for the duration of a communication session. 
D)  is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the IP address needed by other users. B

Question 3

What can be done to defeat a DDoS Attack?

Accepted Answer

Intrusion Prevention Systems (IPS) that employ deep packet inspection (DPI) are a countermeasure to DDoS attacks.

Question 4

In a hierarchical topology, network nodes communicate with each other via a central host computer.

Accepted Answer

A) True 
 B)False

Question 5

In a ring topology

Accepted Answer

A)  the network consists of a central computer which manages all communications between nodes 
B)  has a host computer connected to several levels of subordinate computers 
C)  all nodes are of equal status; responsibility for managing communications is distributed among the nodes 
D)  information processing units rarely communicate with each other 
A)  the network consists of a central computer which manages all communications between nodes 
B)  has a host computer connected to several levels of subordinate computers 
C)  all nodes are of equal status; responsibility for managing communications is distributed among the nodes 
D)  information processing units rarely communicate with each other

Question 6

What is event monitoring?

Accepted Answer

Event monitoring summarizes key activiti

Question 7

IP spoofing is a form of masquerading to gain unauthorized access to a Web server.

Accepted Answer

A) True 
 B)False

Question 8

All of the following techniques are used to validate electronic data interchange transactions except

Accepted Answer

A)  value added networks can compare passwords to a valid customer file before message transmission 
B)  prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database 
C)  the recipient's application software can validate the password prior to processing 
D)  the recipient's application software can validate the password after the transaction has been processed 
A)  value added networks can compare passwords to a valid customer file before message transmission 
B)  prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database 
C)  the recipient's application software can validate the password prior to processing 
D)  the recipient's application software can validate the password after the transaction has been processed

Question 9

Network communication poses some special types of risk for a business. What are the two broad areas of concern? Explain.

Accepted Answer

Two general types of risk exist when net

Question 10

What is an operating system? What does it do? What are operating system control objectives?

Accepted Answer

An operating system is a computer's cont

Question 11

In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?

Accepted Answer

A)  all EDI transactions are authorized 
B)  unauthorized trading partners cannot gain access to database records 
C)  authorized trading partners have access only to approved data 
D)  a complete audit trail is maintained 
A)  all EDI transactions are authorized 
B)  unauthorized trading partners cannot gain access to database records 
C)  authorized trading partners have access only to approved data 
D)  a complete audit trail is maintained

Question 12

Which of the following is considered an unintentional threat to the integrity of the operating system?

Accepted Answer

A)  a hacker gaining access to the system because of a security flaw 
B)  a hardware flaw that causes the system to crash 
C)  a virus that formats the hard drive 
D)  the systems programmer accessing individual user files 
A)  a hacker gaining access to the system because of a security flaw 
B)  a hardware flaw that causes the system to crash 
C)  a virus that formats the hard drive 
D)  the systems programmer accessing individual user files

Question 13

An IP Address:

Accepted Answer

A)  defines the path to a facility or file on the web. 
B)  is the unique address that every computer node and host attached to the Internet must have. 
C)  is represented by a 64-bit data packet. 
D)  is the address of the protocol rules and standards that governing the design of internet hardware and software. 
A)  defines the path to a facility or file on the web. 
B)  is the unique address that every computer node and host attached to the Internet must have. 
C)  is represented by a 64-bit data packet. 
D)  is the address of the protocol rules and standards that governing the design of internet hardware and software.

Question 14

Discuss three sources of exposure (threats) to the operating system.

Accepted Answer

1. Privileged personnel who abuse their

Question 15

Which of the following statements is correct?

Accepted Answer

A)  Packet switching combines the messages of multiple users into a "packet" for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users. 
B)  The decision to partition a database assumes that no identifiable primary user exists in the organization. 
C)  Packet switching is used to establish temporary connections between network devices for the duration of a communication session. 
D)  A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users. 
A)  Packet switching combines the messages of multiple users into a "packet" for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users. 
B)  The decision to partition a database assumes that no identifiable primary user exists in the organization. 
C)  Packet switching is used to establish temporary connections between network devices for the duration of a communication session. 
D)  A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users.

Question 16

What are the auditor's concerns in testing EDI controls?

Accepted Answer

When testing EDI controls, the auditor's

Question 17

A virtual private network:

Accepted Answer

A)  is a password-controlled network for private users rather than the general public. 
B)  is a private network within a public network. 
C)  is an Internet facility that links user sites locally and around the world. 
D)  defines the path to a facility or file on the web. 
E)  none of the above is true. 
A)  is a password-controlled network for private users rather than the general public. 
B)  is a private network within a public network. 
C)  is an Internet facility that links user sites locally and around the world. 
D)  defines the path to a facility or file on the web. 
E)  none of the above is true.

Question 18

The operating system performs all of the following tasks except

Accepted Answer

A)  translates third-generation languages into machine language 
B)  assigns memory to applications 
C)  authorizes user access 
D)  schedules job processing 
A)  translates third-generation languages into machine language 
B)  assigns memory to applications 
C)  authorizes user access 
D)  schedules job processing

Question 19

Only two types of motivation drive DoS attacks: 1) to punish an organization with which the perpetrator had a grievance; and 2) to gain bragging rights for being able to do it.

Accepted Answer

A) True 
 B)False

Question 20

A worm is software program that replicates itself in areas of idle memory until the system fails.

Accepted Answer

A) True 
 B)False

What is deep packet inspection?

IP spoofing

What can be done to defeat a DDoS Attack?

In a hierarchical topology, network nodes communicate with each other via a central host computer.

In a ring topology

What is event monitoring?

IP spoofing is a form of masquerading to gain unauthorized access to a Web server.

All of the following techniques are used to validate electronic data interchange transactions except

Network communication poses some special types of risk for a business. What are the two broad areas of concern? Explain.

What is an operating system? What does it do? What are operating system control objectives?

In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?

Which of the following is considered an unintentional threat to the integrity of the operating system?

An IP Address:

Discuss three sources of exposure (threats) to the operating system.

Which of the following statements is correct?

What are the auditor's concerns in testing EDI controls?

A virtual private network:

The operating system performs all of the following tasks except

Only two types of motivation drive DoS attacks: 1) to punish an organization with which the perpetrator had a grievance; and 2) to gain bragging rights for being able to do it.

A worm is software program that replicates itself in areas of idle memory until the system fails.

Auditing and Internal Control

Auditing IT Governance Controls

Auditing Database Systems

Systems Development and Program Change Activities

Transaction Processing and Financial Reporting Systems Overview

Computer Assisted Audit Tools and Techniques

Data Structures and Caatts for Data Extraction

Auditing the Revenue Cycle

Auditing the Expenditure Cycle

Enterprise Resource Planning Systems

Business Ethics, Fraud, and Fraud Detection

Filters

Exam 3: Auditing Operating Systems and Networks

What is deep packet inspection?

IP spoofing

What can be done to defeat a DDoS Attack?

In a hierarchical topology, network nodes communicate with each other via a central host computer.

In a ring topology

What is event monitoring?

IP spoofing is a form of masquerading to gain unauthorized access to a Web server.

All of the following techniques are used to validate electronic data interchange transactions except

Network communication poses some special types of risk for a business. What are the two broad areas of concern? Explain.

What is an operating system? What does it do? What are operating system control objectives?

In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?

Which of the following is considered an unintentional threat to the integrity of the operating system?

An IP Address:

Discuss three sources of exposure (threats) to the operating system.

Which of the following statements is correct?

What are the auditor's concerns in testing EDI controls?

A virtual private network:

The operating system performs all of the following tasks except

Only two types of motivation drive DoS attacks: 1) to punish an organization with which the perpetrator had a grievance; and 2) to gain bragging rights for being able to do it.

A worm is software program that replicates itself in areas of idle memory until the system fails.

Auditing and Internal Control

Auditing IT Governance Controls

Auditing Database Systems

Systems Development and Program Change Activities

Transaction Processing and Financial Reporting Systems Overview

Computer Assisted Audit Tools and Techniques

Data Structures and Caatts for Data Extraction

Auditing the Revenue Cycle

Auditing the Expenditure Cycle

Enterprise Resource Planning Systems

Business Ethics, Fraud, and Fraud Detection

Filters