Question 1

Which of the following is not included in the remediation phrase for vulnerability management?

Accepted Answer

A)  Risk Response Plan 
B)  Policy and procedures for remediation 
C)  Vulnerability Prioritization 
D)  Control Implementation 
A)  Risk Response Plan 
B)  Policy and procedures for remediation 
C)  Vulnerability Prioritization 
D)  Control Implementation C

Question 2

The goal of information security management is to maintain confidentiality,integrity and availability of a firm's information.

Accepted Answer

A) True 
 B)False  True

Question 3

Which of the following statement present an example of a general control for a computerized system?

Accepted Answer

A)  Limiting entry of sales transactions to only valid credit customers. 
B)  Creating hash totals from social security number for the weekly payroll. 
C)  Restricting entry of accounts payable transactions to only authorized users. 
D)  Restricting access to the computer center by use of biometric devices. 
A)  Limiting entry of sales transactions to only valid credit customers. 
B)  Creating hash totals from social security number for the weekly payroll. 
C)  Restricting entry of accounts payable transactions to only authorized users. 
D)  Restricting access to the computer center by use of biometric devices. D

Question 4

An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

Accepted Answer

A)  Password management. 
B)  Data encryption. 
C)  Digital certificates. 
D)  Batch processing. 
A)  Password management. 
B)  Data encryption. 
C)  Digital certificates. 
D)  Batch processing.

Question 5

Integrity of information means the information is:

Accepted Answer

A)  Accurate 
B)  Complete 
C)  Accessible 
D)  A and B are correct. 
A)  Accurate 
B)  Complete 
C)  Accessible 
D)  A and B are correct.

Question 6

Which of the following controls would most likely assure that a company can reconstruct its financial records?

Accepted Answer

A)  Security controls such as firewalls 
B)  Backup data are tested and stored safely 
C)  Personnel understand the data very well 
D)  Paper records 
A)  Security controls such as firewalls 
B)  Backup data are tested and stored safely 
C)  Personnel understand the data very well 
D)  Paper records

Question 7

Why would companies want to use digital signatures when conducting e-business?

Accepted Answer

A)  It is cheap. 
B)  It is always the same so it can be verified easily. 
C)  It is more convenient than requiring a real signature. 
D)  It can authenticate the document sender and maintain data integrity. 
A)  It is cheap. 
B)  It is always the same so it can be verified easily. 
C)  It is more convenient than requiring a real signature. 
D)  It can authenticate the document sender and maintain data integrity.

Question 8

A company's audit committee is responsible for fraud risk assessments.

Accepted Answer

A) True 
 B)False

Question 9

Which of the following statements is incorrect about digital signature?

Accepted Answer

A)  A digital signature can ensure data integrity. 
B)  A digital signature also authenticates the document creator. 
C)  A digital signature is an encrypted message digest. 
D)  A digital signature is a message digest encrypted using the document creator's public key. 
A)  A digital signature can ensure data integrity. 
B)  A digital signature also authenticates the document creator. 
C)  A digital signature is an encrypted message digest. 
D)  A digital signature is a message digest encrypted using the document creator's public key.

Question 10

Which of the following statements about asymmetric-key encryption is correct?

Accepted Answer

A)  When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties. 
B)  Employees in the same company share the same public key. 
C)  Most companies would like to manage the private keys for their employees. 
D)  Most companies would like to use a Certificate Authority to manage the public keys of their employees. 
E)  Two of the above are correct. 
A)  When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties. 
B)  Employees in the same company share the same public key. 
C)  Most companies would like to manage the private keys for their employees. 
D)  Most companies would like to use a Certificate Authority to manage the public keys of their employees. 
E)  Two of the above are correct.

Question 11

What is a digital signature? How could a digital signature ensure data integrity when conducting e-business?
B.
6) Receiver B receives the package and decrypts it using Receiver B's private key. Receiver B now has the document and Sender A's digital signature.
7) Receiver B decrypts Sender A's digital signature using Sender A's public key to get the sent-over MD. Receiver B also authenticates that Sender A is the document creator.
8) Receiver B makes a copy of the received document and uses SHA-256 to hash the copy and get a calculated MD.
9) If the sent-over MD is the same as the calculated MD, Receiver B ensures data integrity.

Accepted Answer

Digital signature is a message digest (M

Question 12

List the following steps regarding computer fraud risk assessments in sequence.
(a)Assessing the likelihood and business impact of a control failure and/or a fraud incident.
(b)Mapping existing controls to potential fraud schemes and identifying gaps.
(c)Identifying potential IT fraud schemes and prioritizing them based on likelihood and impact.
(d)Identifying relevant IT fraud risk factors.
(e)Testing operating effectiveness of fraud prevention and detection controls.

Accepted Answer

The answer of List the following steps regarding computer fraud...

Question 13

Asymmetric-key encryption is suitable for encrypting large data sets or messages.

Accepted Answer

A) True 
 B)False

Question 14

Which of the following outcomes is a likely benefit of information technology used for internal control?

Accepted Answer

A)  Processing of unusual or nonrecurring transactions. 
B)  Enhanced timeliness of information. 
C)  Potential loss of data. 
D)  Recording of unauthorized transactions. 
A)  Processing of unusual or nonrecurring transactions. 
B)  Enhanced timeliness of information. 
C)  Potential loss of data. 
D)  Recording of unauthorized transactions.

Question 15

Why do Certificate Authority (CA)play an important role in a company's information security management?

Accepted Answer

A)  Using a CA is required by SOX in managing information security. 
B)  Most companies use CA to manage their employees' public keys. 
C)  CA creates and maintains both the public and private keys for a company's employees. 
D)  None of the above is correct. 
A)  Using a CA is required by SOX in managing information security. 
B)  Most companies use CA to manage their employees' public keys. 
C)  CA creates and maintains both the public and private keys for a company's employees. 
D)  None of the above is correct.

Question 16

Which of the following does not represent a viable data backup method?

Accepted Answer

A)  Disaster recovery plan 
B)  Redundant arrays of independent drives 
C)  Virtualization 
D)  Cloud computing 
A)  Disaster recovery plan 
B)  Redundant arrays of independent drives 
C)  Virtualization 
D)  Cloud computing

Question 17

To prevent invalid data input,a bank added an extra number at the end of each account number and subjected the new number to an algorithm.This technique is known as:

Accepted Answer

A)  A validation check. 
B)  check digit verification. 
C)  A dependency check. 
D)  A format check. 
A)  A validation check. 
B)  check digit verification. 
C)  A dependency check. 
D)  A format check.

Question 18

In a large multinational organization,which of the following job responsibilities should be assigned to be network administrator?

Accepted Answer

A)  Managing remote access. 
B)  Developing application programs. 
C)  Reviewing security policy. 
D)  Installing operating system upgrades. 
A)  Managing remote access. 
B)  Developing application programs. 
C)  Reviewing security policy. 
D)  Installing operating system upgrades.

Question 19

Which of the following statements is incorrect?

Accepted Answer

A)  A fraud prevention program starts with a fraud risk assessment across the entire firm. 
B)  The audit committee typically has an oversight role in risk assessment process. 
C)  Communicating a firm's policy file to employees is one of the most important responsibilities of management. 
D)  A fraud prevention program should include an evaluation on the efficiency of business processes. 
A)  A fraud prevention program starts with a fraud risk assessment across the entire firm. 
B)  The audit committee typically has an oversight role in risk assessment process. 
C)  Communicating a firm's policy file to employees is one of the most important responsibilities of management. 
D)  A fraud prevention program should include an evaluation on the efficiency of business processes.

Question 20

The goal of information security management is to enhance the confidence,integrity and authority (CIA)of a firm's management.
TRUE

Accepted Answer

The answer of The goal of information security management is...

Which of the following is not included in the remediation phrase for vulnerability management?

The goal of information security management is to maintain confidentiality,integrity and availability of a firm's information.

Which of the following statement present an example of a general control for a computerized system?

An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

Integrity of information means the information is:

Which of the following controls would most likely assure that a company can reconstruct its financial records?

Why would companies want to use digital signatures when conducting e-business?

A company's audit committee is responsible for fraud risk assessments.

Which of the following statements is incorrect about digital signature?

Which of the following statements about asymmetric-key encryption is correct?

Asymmetric-key encryption is suitable for encrypting large data sets or messages.

Which of the following outcomes is a likely benefit of information technology used for internal control?

Why do Certificate Authority (CA)play an important role in a company's information security management?

Which of the following does not represent a viable data backup method?

To prevent invalid data input,a bank added an extra number at the end of each account number and subjected the new number to an algorithm.This technique is known as:

In a large multinational organization,which of the following job responsibilities should be assigned to be network administrator?

Which of the following statements is incorrect?

The goal of information security management is to enhance the confidence,integrity and authority (CIA)of a firm's management. TRUE

Accounting Information Systems and Firm Value

Accountants As Business Analysts

Data Modeling

Relational Databases and Enterprise Systems

Sales and Collections Business Process

Purchases and Payments Business Process

Conversion Business Process

Reporting Processes and Extensible Business Reporting Language XBRL

Accounting Information Systems and Internal Controls

Monitoring and Auditing AIS

The Balanced Scorecard and Business Value of Information Technology

Evaluating AIS Investments

The Systems Development Life Cycle and Project Management: Addressing the Challenges of Building Ais Systems

Filters

Exam 11: Information Security and Computer Fraud

Which of the following is not included in the remediation phrase for vulnerability management?

The goal of information security management is to maintain confidentiality,integrity and availability of a firm's information.

Which of the following statement present an example of a general control for a computerized system?

An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

Integrity of information means the information is:

Which of the following controls would most likely assure that a company can reconstruct its financial records?

Why would companies want to use digital signatures when conducting e-business?

A company's audit committee is responsible for fraud risk assessments.

Which of the following statements is incorrect about digital signature?

Which of the following statements about asymmetric-key encryption is correct?

Asymmetric-key encryption is suitable for encrypting large data sets or messages.

Which of the following outcomes is a likely benefit of information technology used for internal control?

Why do Certificate Authority (CA)play an important role in a company's information security management?

Which of the following does not represent a viable data backup method?

To prevent invalid data input,a bank added an extra number at the end of each account number and subjected the new number to an algorithm.This technique is known as:

In a large multinational organization,which of the following job responsibilities should be assigned to be network administrator?

Which of the following statements is incorrect?

The goal of information security management is to enhance the confidence,integrity and authority (CIA)of a firm's management. TRUE

Accounting Information Systems and Firm Value

Accountants As Business Analysts

Data Modeling

Relational Databases and Enterprise Systems

Sales and Collections Business Process

Purchases and Payments Business Process

Conversion Business Process

Reporting Processes and Extensible Business Reporting Language XBRL

Accounting Information Systems and Internal Controls

Monitoring and Auditing AIS

The Balanced Scorecard and Business Value of Information Technology

Evaluating AIS Investments

The Systems Development Life Cycle and Project Management: Addressing the Challenges of Building Ais Systems

Filters