Question 1

What is the primary objective of data security controls?

Accepted Answer

A)  To establish a framework for controlling the design, security, and use of computer programs throughout an organization. 
B)  To ensure that data storage media are subject to authorization prior to access, change, or destruction. 
C)  To formalize standard, rules, and procedures to ensure the organization's control are properly executed. 
D)  To monitor the use of system software to prevent unauthorized access to system software and computer programs. 
A)  To establish a framework for controlling the design, security, and use of computer programs throughout an organization. 
B)  To ensure that data storage media are subject to authorization prior to access, change, or destruction. 
C)  To formalize standard, rules, and procedures to ensure the organization's control are properly executed. 
D)  To monitor the use of system software to prevent unauthorized access to system software and computer programs.

Question 2

Symmetric-key encryption method is used to authenticate users.

Accepted Answer

A) True 
 B)False

Question 3

Fraud triangle includes incentive,opportunity and an attitude to rationalize the fraud.

Accepted Answer

A) True 
 B)False

Question 4

Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.

Accepted Answer

A) True 
 B)False

Question 5

Virus is a self-replicating,self-propagating,self-contained program that uses networking mechanisms to spread itself.

Accepted Answer

A) True 
 B)False

Question 6

Encryption and hashing are similar process to maintain data confidentiality.

Accepted Answer

A) True 
 B)False

Question 7

An information technology director collected the names and locations of key vendors,current hardware configuration,names of team members,and an alternative processing location.What is the director most likely preparing?

Accepted Answer

A)  Data restoration plan. 
B)  Disaster recovery plan. 
C)  System security policy. 
D)  System hardware policy. 
A)  Data restoration plan. 
B)  Disaster recovery plan. 
C)  System security policy. 
D)  System hardware policy.

Question 8

Information security is a critical factor in maintaining systems integrity.

Accepted Answer

A) True 
 B)False

Question 9

Which of the following passwords would be most difficult to crack?

Accepted Answer

A)  Go2Ca!ifornia4fun 
B)  language 
C)  jennyjenny 
D)  pass56word 
A)  Go2Ca!ifornia4fun 
B)  language 
C)  jennyjenny 
D)  pass56word

Question 10

Bacchus,Inc.is a larger multinational corporation with various business units around the world.After a fire destroyed the corporation headquarters and largest manufacturing site,plans for which of the following would help Bacchus ensure a timely recovery?

Accepted Answer

A)  Daily backup. 
B)  Network security. 
C)  Business continuity. 
D)  Backup power. 
A)  Daily backup. 
B)  Network security. 
C)  Business continuity. 
D)  Backup power.

Question 11

Certificate Authority (CA)issues digital certificates to bond the subscriber with a public key and a private key.

Accepted Answer

A) True 
 B)False

Question 12

Describe the framework for vulnerability assessment and vulnerability management.

Accepted Answer

The components of vulnerability assessme

Question 13

Disaster recovery planning and business continuity management are preventive controls.

Accepted Answer

A) True 
 B)False

Question 14

Which of the following statements regarding authentication in conducting e-business is incorrect?

Accepted Answer

A)  It is a process that establishes the origin of information or determines the identity of a user, process, or device. 
B)  One key is used for encryption and decryption purposes in the authentication process. 
C)  Successful authentication can prevent repudiation in electronic transactions. 
D)  We need to use asymmetric-key encryption to authenticate the sender of a document or data set. 
A)  It is a process that establishes the origin of information or determines the identity of a user, process, or device. 
B)  One key is used for encryption and decryption purposes in the authentication process. 
C)  Successful authentication can prevent repudiation in electronic transactions. 
D)  We need to use asymmetric-key encryption to authenticate the sender of a document or data set.

Question 15

Which of the following is a password security weakness?

Accepted Answer

A)  Users are assigned passwords when accounts are created, but do not change them. 
B)  Users have accounts on several systems with different passwords. 
C)  Users write down their passwords on a note paper, and carry it with them. 
D)  Users select passwords that are not part of online password dictionary. 
A)  Users are assigned passwords when accounts are created, but do not change them. 
B)  Users have accounts on several systems with different passwords. 
C)  Users write down their passwords on a note paper, and carry it with them. 
D)  Users select passwords that are not part of online password dictionary.

Question 16

One type of fault tolerance is using redundant units to provide a system the ability to continue functioning when part of the system fails.

Accepted Answer

A) True 
 B)False

Question 17

When computer programs or files can be accessed from terminals,users should be required to enter a(n)

Accepted Answer

A)  Parity check. 
B)  Password as a personal identification code. 
C)  Check digit. 
D)  Echo check. 
A)  Parity check. 
B)  Password as a personal identification code. 
C)  Check digit. 
D)  Echo check.

Question 18

Select a correct statement regarding encryption methods?

Accepted Answer

A)  To use symmetric-key encryption, each user needs two different keys. 
B)  Most companies prefer using symmetric-key encryption than asymmetric-key encryption method. 
C)  Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority. 
D)  When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods. 
A)  To use symmetric-key encryption, each user needs two different keys. 
B)  Most companies prefer using symmetric-key encryption than asymmetric-key encryption method. 
C)  Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority. 
D)  When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods.

Question 19

Which of the following security controls would best prevent unauthorized access to a firm's internal network?

Accepted Answer

A)  Use of a screen saver with a password. 
B)  Use of a firewall. 
C)  Encryption of data files. 
D)  Automatic log-off of inactive users. 
A)  Use of a screen saver with a password. 
B)  Use of a firewall. 
C)  Encryption of data files. 
D)  Automatic log-off of inactive users.

Question 20

What are the two prerequisites for vulnerability management?

Accepted Answer

First,determine the main objectives of i

What is the primary objective of data security controls?

Symmetric-key encryption method is used to authenticate users.

Fraud triangle includes incentive,opportunity and an attitude to rationalize the fraud.

Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.

Virus is a self-replicating,self-propagating,self-contained program that uses networking mechanisms to spread itself.

Encryption and hashing are similar process to maintain data confidentiality.

An information technology director collected the names and locations of key vendors,current hardware configuration,names of team members,and an alternative processing location.What is the director most likely preparing?

Information security is a critical factor in maintaining systems integrity.

Which of the following passwords would be most difficult to crack?

Bacchus,Inc.is a larger multinational corporation with various business units around the world.After a fire destroyed the corporation headquarters and largest manufacturing site,plans for which of the following would help Bacchus ensure a timely recovery?

Certificate Authority (CA)issues digital certificates to bond the subscriber with a public key and a private key.

Describe the framework for vulnerability assessment and vulnerability management.

Disaster recovery planning and business continuity management are preventive controls.

Which of the following statements regarding authentication in conducting e-business is incorrect?

Which of the following is a password security weakness?

One type of fault tolerance is using redundant units to provide a system the ability to continue functioning when part of the system fails.

When computer programs or files can be accessed from terminals,users should be required to enter a(n)

Select a correct statement regarding encryption methods?

Which of the following security controls would best prevent unauthorized access to a firm's internal network?

What are the two prerequisites for vulnerability management?

Accounting Information Systems and Firm Value

Accountants As Business Analysts

Data Modeling

Relational Databases and Enterprise Systems

Sales and Collections Business Process

Purchases and Payments Business Process

Conversion Business Process

Reporting Processes and Extensible Business Reporting Language XBRL

Accounting Information Systems and Internal Controls

Monitoring and Auditing AIS

The Balanced Scorecard and Business Value of Information Technology

Evaluating AIS Investments

The Systems Development Life Cycle and Project Management: Addressing the Challenges of Building Ais Systems

Filters

Exam 11: Information Security and Computer Fraud

What is the primary objective of data security controls?

Symmetric-key encryption method is used to authenticate users.

Fraud triangle includes incentive,opportunity and an attitude to rationalize the fraud.

Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.

Virus is a self-replicating,self-propagating,self-contained program that uses networking mechanisms to spread itself.

Encryption and hashing are similar process to maintain data confidentiality.

An information technology director collected the names and locations of key vendors,current hardware configuration,names of team members,and an alternative processing location.What is the director most likely preparing?

Information security is a critical factor in maintaining systems integrity.

Which of the following passwords would be most difficult to crack?

Bacchus,Inc.is a larger multinational corporation with various business units around the world.After a fire destroyed the corporation headquarters and largest manufacturing site,plans for which of the following would help Bacchus ensure a timely recovery?

Certificate Authority (CA)issues digital certificates to bond the subscriber with a public key and a private key.

Describe the framework for vulnerability assessment and vulnerability management.

Disaster recovery planning and business continuity management are preventive controls.

Which of the following statements regarding authentication in conducting e-business is incorrect?

Which of the following is a password security weakness?

One type of fault tolerance is using redundant units to provide a system the ability to continue functioning when part of the system fails.

When computer programs or files can be accessed from terminals,users should be required to enter a(n)

Select a correct statement regarding encryption methods?

Which of the following security controls would best prevent unauthorized access to a firm's internal network?

What are the two prerequisites for vulnerability management?

Accounting Information Systems and Firm Value

Accountants As Business Analysts

Data Modeling

Relational Databases and Enterprise Systems

Sales and Collections Business Process

Purchases and Payments Business Process

Conversion Business Process

Reporting Processes and Extensible Business Reporting Language XBRL

Accounting Information Systems and Internal Controls

Monitoring and Auditing AIS

The Balanced Scorecard and Business Value of Information Technology

Evaluating AIS Investments

The Systems Development Life Cycle and Project Management: Addressing the Challenges of Building Ais Systems

Filters