Question 1

This network access control determines which IP packets are allowed entry to a network and which are dropped.

Accepted Answer

A) access control list 
B) deep packet inspection 
C) stateful packet filtering 
D) static packet filtering 
A) access control list 
B) deep packet inspection 
C) stateful packet filtering 
D) static packet filtering A

Question 2

Which of the following is an example of a preventive control?

Accepted Answer

A) The creation of a "security-aware" culture. 
B) The creation of a "Log user friendly" culture. 
C) The creation of a "continuous monitoring" culture. 
D) The creation of a chief information security officer position. 
A) The creation of a "security-aware" culture. 
B) The creation of a "Log user friendly" culture. 
C) The creation of a "continuous monitoring" culture. 
D) The creation of a chief information security officer position. A

Question 3

Describe the steps in the security life cycle.

Accepted Answer

There are four steps in the security life cycle.The first step in the security life cycle is to assess the information security-related threats that the organization faces and select an appropriate response.The second step involves developing information security policies and communicating them to all employees.The third step involves the acquisition or building of specific technological tools.The final step in the security life cycle entails regular monitoring of performance to evaluate the effectiveness of the organization's information security program.

Question 4

According to the Trust Services Framework,the reliability principle of availability is achieved when the system produces data that

Accepted Answer

A) is available for operation and use at times set forth by agreement. 
B) is protected against unauthorized physical and logical access. 
C) can be maintained as required without affecting system availability,security,and integrity. 
D) is complete,accurate,and valid. 
A) is available for operation and use at times set forth by agreement. 
B) is protected against unauthorized physical and logical access. 
C) can be maintained as required without affecting system availability,security,and integrity. 
D) is complete,accurate,and valid.

Question 5

Who bears the responsibility for information security in an organization?

Accepted Answer

A) CIO. 
B) CISO. 
C) CFO. 
D) COO. 
A) CIO. 
B) CISO. 
C) CFO. 
D) COO.

Question 6

Describe the security risks associated with virtualization and cloud computing.

Accepted Answer

Virtualization and cloud computing alter

Question 7

Identify one aspect of systems reliability that is not a source of concern with regards to a public cloud.

Accepted Answer

A) confidentiality 
B) privacy 
C) efficiency 
D) availability 
A) confidentiality 
B) privacy 
C) efficiency 
D) availability

Question 8

Describe what information security process the term hardening refers to.

Accepted Answer

Hardening is the process of mo

Question 9

Organizations are infrequently the target of deliberate attacks.

Accepted Answer

A) True 
 B)False

Question 10

Social engineering attacks often take place over the Internet.

Accepted Answer

A) True 
 B)False

Question 11

Identify the primary means of protecting data stored in a cloud from unauthorized access.

Accepted Answer

A) authentication 
B) authorization 
C) virtualization 
D) securitization 
A) authentication 
B) authorization 
C) virtualization 
D) securitization

Question 12

ShareIt is a social networking site that boasts over a million registered users and a quarterly membership growth rate in the double digits.As a consequence,the size of the information technology department has been growing very rapidly,with many new hires.Each employee is provided with a name badge with a photo and embedded computer chip that is used to gain entry to the facility.This is an example of a(n)

Accepted Answer

A) authentication control. 
B) biometric device. 
C) remote access control. 
D) authorization control. 
A) authentication control. 
B) biometric device. 
C) remote access control. 
D) authorization control.

Question 13

The process that uses automated tools to identify whether a system possesses any well-known security problems is known as a(n)

Accepted Answer

A) intrusion detection system. 
B) log analysis. 
C) penetration test. 
D) vulnerability scan. 
A) intrusion detection system. 
B) log analysis. 
C) penetration test. 
D) vulnerability scan.

Question 14

COBIT 5 management practice APO01.08 stresses the importance of ________ of both employee compliance with the organization's information security policies and overall performance of business processes.

Accepted Answer

A) continuous improvement of 
B) continuous reviewing 
C) continuous monitoring 
D) continuous auditing 
A) continuous improvement of 
B) continuous reviewing 
C) continuous monitoring 
D) continuous auditing

Question 15

The Trust Services Framework reliability principle that states sensitive information be protected from unauthorized disclosure is known as

Accepted Answer

A) availability. 
B) security. 
C) confidentiality. 
D) integrity. 
A) availability. 
B) security. 
C) confidentiality. 
D) integrity.

Question 16

According to the Trust Services Framework,the confidentiality principle of integrity is achieved when the system produces data that

Accepted Answer

A) is available for operation and use at times set forth by agreement. 
B) is protected against unauthorized physical and logical access. 
C) can be maintained as required without affecting system availability,security,and integrity. 
D) is complete,accurate,and valid. 
A) is available for operation and use at times set forth by agreement. 
B) is protected against unauthorized physical and logical access. 
C) can be maintained as required without affecting system availability,security,and integrity. 
D) is complete,accurate,and valid.

Question 17

A demilitarized zone

Accepted Answer

A) routes electronic communications within an organization. 
B) connects an organization's information system to the Internet. 
C) permits controlled access from the Internet to selected resources. 
D) serves as the main firewall. 
A) routes electronic communications within an organization. 
B) connects an organization's information system to the Internet. 
C) permits controlled access from the Internet to selected resources. 
D) serves as the main firewall.

Question 18

The process that allows a firewall to be more effective by examining the data in the body of an IP packet,instead of just the header,is known as

Accepted Answer

A) deep packet inspection. 
B) stateful packet filtering. 
C) static packet filtering. 
D) an intrusion prevention system. 
A) deep packet inspection. 
B) stateful packet filtering. 
C) static packet filtering. 
D) an intrusion prevention system.

Question 19

The Trust Services Framework reliability principle that states that users must be able to enter,update,and retrieve data during agreed-upon times is known as

Accepted Answer

A) availability. 
B) security. 
C) maintainability. 
D) integrity. 
A) availability. 
B) security. 
C) maintainability. 
D) integrity.

Question 20

The most effective method for protecting an organization from social engineering attacks is providing

Accepted Answer

A) a firewall. 
B) stateful packet filtering. 
C) a demilitarized zone. 
D) employee awareness training. 
A) a firewall. 
B) stateful packet filtering. 
C) a demilitarized zone. 
D) employee awareness training.

Exam 8: Controls for Information Security

This network access control determines which IP packets are allowed entry to a network and which are dropped.

Which of the following is an example of a preventive control?

Describe the steps in the security life cycle.

According to the Trust Services Framework,the reliability principle of availability is achieved when the system produces data that

Who bears the responsibility for information security in an organization?

Describe the security risks associated with virtualization and cloud computing.

Identify one aspect of systems reliability that is not a source of concern with regards to a public cloud.

Describe what information security process the term hardening refers to.

Organizations are infrequently the target of deliberate attacks.

Social engineering attacks often take place over the Internet.

Identify the primary means of protecting data stored in a cloud from unauthorized access.

The process that uses automated tools to identify whether a system possesses any well-known security problems is known as a(n)

COBIT 5 management practice APO01.08 stresses the importance of ________ of both employee compliance with the organization's information security policies and overall performance of business processes.

The Trust Services Framework reliability principle that states sensitive information be protected from unauthorized disclosure is known as

According to the Trust Services Framework,the confidentiality principle of integrity is achieved when the system produces data that

A demilitarized zone

The process that allows a firewall to be more effective by examining the data in the body of an IP packet,instead of just the header,is known as

The Trust Services Framework reliability principle that states that users must be able to enter,update,and retrieve data during agreed-upon times is known as

The most effective method for protecting an organization from social engineering attacks is providing

Conceptual Foundations of Accounting Information Systems

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design, implementation, and Operation

Filters