Question 1

A message that is made to look as though it is coming from a trusted source but is not is called

Accepted Answer

A)  a denial of service attack 
B)  digital signature forging 
C)  Internet protocol spoofing 
D)  URL masquerading 
A)  a denial of service attack 
B)  digital signature forging 
C)  Internet protocol spoofing 
D)  URL masquerading

Question 2

All of the following will reduce the exposure to computer viruses except

Accepted Answer

A)  install antivirus software 
B)  install factory-sealed application software 
C)  assign and control user passwords 
D)  install public-domain software from reputable bulletin boards 
A)  install antivirus software 
B)  install factory-sealed application software 
C)  assign and control user passwords 
D)  install public-domain software from reputable bulletin boards

Question 3

HTML tags are customized to delimit attributes,the content of which can be read and processed by computer applications.

Accepted Answer

A) True 
 B)False

Question 4

A distributed denial of service (DDoS)attack may take the form of a SYN flood but not a smurf attack.

Accepted Answer

A) True 
 B)False

Question 5

Which one of the following statements is correct?

Accepted Answer

A)  Cookies always contain encrypted data. 
B)  Cookies are text files and never contain encrypted data. 
C)  Cookies contain the URLs of sites visited by the user. 
D)  Web browsers cannot function without cookies. 
A)  Cookies always contain encrypted data. 
B)  Cookies are text files and never contain encrypted data. 
C)  Cookies contain the URLs of sites visited by the user. 
D)  Web browsers cannot function without cookies.

Question 6

Discuss three techniques for breaching operating system controls.

Accepted Answer

Browsing involves searching through area

Question 7

Which is not a biometric device?

Accepted Answer

A)  password 
B)  retina prints 
C)  voice prints 
D)  signature characteristics 
A)  password 
B)  retina prints 
C)  voice prints 
D)  signature characteristics

Question 8

Network protocols fulfill all of the following objectives except

Accepted Answer

A)  facilitate physical connection between network devices 
B)  provide a basis for error checking and measuring network performance 
C)  promote compatibility among network devices 
D)  result in inflexible standards 
A)  facilitate physical connection between network devices 
B)  provide a basis for error checking and measuring network performance 
C)  promote compatibility among network devices 
D)  result in inflexible standards

Question 9

What is an operating system? What does it do? What are operating system control objectives?

Accepted Answer

An operating system is a computer's cont

Question 10

Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host's network using a technique called

Accepted Answer

A)  spoofing. 
B)  spooling. 
C)  dual-homed. 
D)  screening. 
A)  spoofing. 
B)  spooling. 
C)  dual-homed. 
D)  screening.

Question 11

The intermediary in a smurf attack is also a victim.

Accepted Answer

A) True 
 B)False

Question 12

The rules that make it possible for users of networks to communicate are called protocols.

Accepted Answer

A) True 
 B)False

Question 13

In an electronic data interchange environment,customers routinely

Accepted Answer

A)  access the vendor's accounts receivable file with read/write authority 
B)  access the vendor's price list file with read/write authority 
C)  access the vendor's inventory file with read-only authority 
D)  access the vendor's open purchase order file with read-only authority 
A)  access the vendor's accounts receivable file with read/write authority 
B)  access the vendor's price list file with read/write authority 
C)  access the vendor's inventory file with read-only authority 
D)  access the vendor's open purchase order file with read-only authority

Question 14

Explain a SYN Flood attack.

Accepted Answer

Normally user establishes a connection o

Question 15

Explain the concept of discretionary access privileges.

Accepted Answer

In centralized systems,a system administ

Question 16

Which method will render useless data captured by unauthorized receivers?

Accepted Answer

A)  echo check 
B)  parity bit 
C)  public key encryption 
D)  message sequencing 
A)  echo check 
B)  parity bit 
C)  public key encryption 
D)  message sequencing

Question 17

Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages.

Accepted Answer

In the Private Encryption Standard appro

Question 18

In determining whether a system is adequately protected from attacks by computer viruses,all of the following policies are relevant except

Accepted Answer

A)  the policy on the purchase of software only from reputable vendors 
B)  the policy that all software upgrades are checked for viruses before they are implemented 
C)  the policy that current versions of antivirus software should be available to all users 
D)  the policy that permits users to take files home to work on them 
A)  the policy on the purchase of software only from reputable vendors 
B)  the policy that all software upgrades are checked for viruses before they are implemented 
C)  the policy that current versions of antivirus software should be available to all users 
D)  the policy that permits users to take files home to work on them

Question 19

HTTP

Accepted Answer

A)  is the document format used to produce Web pages. 
B)  controls Web browsers that access the Web. 
C)  is used to connect to Usenet groups on the Internet 
D)  is used to transfer text files, programs, spreadsheets, and databases across the Internet. 
E)  is a low-level encryption scheme used to secure transmissions in higher-level () format. 
A)  is the document format used to produce Web pages. 
B)  controls Web browsers that access the Web. 
C)  is used to connect to Usenet groups on the Internet 
D)  is used to transfer text files, programs, spreadsheets, and databases across the Internet. 
E)  is a low-level encryption scheme used to secure transmissions in higher-level () format.

Question 20

Audit objectives in the electronic data interchange (EDI)environment include all of the following except

Accepted Answer

A)  all EDI transactions are authorized 
B)  unauthorized trading partners cannot gain access to database records 
C)  a complete audit trail of EDI transactions is maintained 
D)  backup procedures are in place and functioning properly 
A)  all EDI transactions are authorized 
B)  unauthorized trading partners cannot gain access to database records 
C)  a complete audit trail of EDI transactions is maintained 
D)  backup procedures are in place and functioning properly

A message that is made to look as though it is coming from a trusted source but is not is called

All of the following will reduce the exposure to computer viruses except

HTML tags are customized to delimit attributes,the content of which can be read and processed by computer applications.

A distributed denial of service (DDoS)attack may take the form of a SYN flood but not a smurf attack.

Which one of the following statements is correct?

Discuss three techniques for breaching operating system controls.

Which is not a biometric device?

Network protocols fulfill all of the following objectives except

What is an operating system? What does it do? What are operating system control objectives?

Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host's network using a technique called

The intermediary in a smurf attack is also a victim.

The rules that make it possible for users of networks to communicate are called protocols.

In an electronic data interchange environment,customers routinely

Explain a SYN Flood attack.

Explain the concept of discretionary access privileges.

Which method will render useless data captured by unauthorized receivers?

Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages.

In determining whether a system is adequately protected from attacks by computer viruses,all of the following policies are relevant except

HTTP

Audit objectives in the electronic data interchange (EDI)environment include all of the following except

Auditing and Internal Control

Auditing IT Governance Controls

IT Security Part II: Auditing Database Systems

Systems Development and Program Change Activities

Overview of Transaction Processing and Financial Reporting Systems

Computer-Assisted Audit Tools and Techniques

Data Structures and CAATTs for Data Extraction

Auditing the Revenue Cycle

Auditing the Expenditure Cycle

Business Ethics, Fraud, and Fraud Detection

Enterprise Resource Planning Systems

Filters

Exam 3: Security Part I: Auditing Operating Systems and Networks

A message that is made to look as though it is coming from a trusted source but is not is called

All of the following will reduce the exposure to computer viruses except

HTML tags are customized to delimit attributes,the content of which can be read and processed by computer applications.

A distributed denial of service (DDoS)attack may take the form of a SYN flood but not a smurf attack.

Which one of the following statements is correct?

Discuss three techniques for breaching operating system controls.

Which is not a biometric device?

Network protocols fulfill all of the following objectives except

What is an operating system? What does it do? What are operating system control objectives?

Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host's network using a technique called

The intermediary in a smurf attack is also a victim.

The rules that make it possible for users of networks to communicate are called protocols.

In an electronic data interchange environment,customers routinely

Explain a SYN Flood attack.

Explain the concept of discretionary access privileges.

Which method will render useless data captured by unauthorized receivers?

Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages.

In determining whether a system is adequately protected from attacks by computer viruses,all of the following policies are relevant except

HTTP

Audit objectives in the electronic data interchange (EDI)environment include all of the following except

Auditing and Internal Control

Auditing IT Governance Controls

IT Security Part II: Auditing Database Systems

Systems Development and Program Change Activities

Overview of Transaction Processing and Financial Reporting Systems

Computer-Assisted Audit Tools and Techniques

Data Structures and CAATTs for Data Extraction

Auditing the Revenue Cycle

Auditing the Expenditure Cycle

Business Ethics, Fraud, and Fraud Detection

Enterprise Resource Planning Systems

Filters