Question 1

Cloud computing can potentially generate significant cost savings for an organization.

Accepted Answer

A) True 
 B)False

Question 2

A special purpose hardware device or software running on a general purpose computer,which filters information that is allowed to enter and leave the organization's information system,is known as a(n)

Accepted Answer

A) demilitarized zone. 
B) intrusion detection system. 
C) intrusion prevention system. 
D) firewall. 
A) demilitarized zone. 
B) intrusion detection system. 
C) intrusion prevention system. 
D) firewall.

Question 3

The steps that criminals take to identify potential points of remote entry is called

Accepted Answer

A) scanning and mapping the target. 
B) social engineering. 
C) research. 
D) reconnaissance. 
A) scanning and mapping the target. 
B) social engineering. 
C) research. 
D) reconnaissance.

Question 4

________ is/are an example of a detective control.

Accepted Answer

A) Physical access controls 
B) Encryption 
C) Emergency response teams 
D) Log analysis 
A) Physical access controls 
B) Encryption 
C) Emergency response teams 
D) Log analysis

Question 5

Which of the following is an example of a detective control?

Accepted Answer

A) Physical access controls. 
B) Encryption. 
C) Continuous monitoring. 
D) Incident response teams. 
A) Physical access controls. 
B) Encryption. 
C) Continuous monitoring. 
D) Incident response teams.

Question 6

New employees of Baker Technologies are assigned user names and appropriate permissions.Each of them were given a company's issued laptop that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(n)

Accepted Answer

A) authorization control. 
B) biometric device. 
C) remote access control. 
D) defense in depth. 
A) authorization control. 
B) biometric device. 
C) remote access control. 
D) defense in depth.

Question 7

All employees of E.C.Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted.Entry to secure areas,such as the Information Technology Department offices,requires further procedures.This is an example of a(n)

Accepted Answer

A) authentication control. 
B) authorization control. 
C) physical access control. 
D) hardening procedure. 
A) authentication control. 
B) authorization control. 
C) physical access control. 
D) hardening procedure.

Question 8

Which of the following is not a requirement of effective passwords?

Accepted Answer

A) Passwords should be changed at regular intervals. 
B) Passwords should be no more than 8 characters in length. 
C) Passwords should contain a mixture of upper and lowercase letters,numbers and characters. 
D) Passwords should not be words found in dictionaries. 
A) Passwords should be changed at regular intervals. 
B) Passwords should be no more than 8 characters in length. 
C) Passwords should contain a mixture of upper and lowercase letters,numbers and characters. 
D) Passwords should not be words found in dictionaries.

Question 9

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?

Accepted Answer

A) Training. 
B) Controlling physical access. 
C) Controlling remote access. 
D) Host and application hardening. 
A) Training. 
B) Controlling physical access. 
C) Controlling remote access. 
D) Host and application hardening.

Question 10

Describe four requirements of effective passwords .

Accepted Answer

1.Strong passwords should be long.2.Pass

Question 11

The most effective way to protect network resources that are exposed to the internet,yet reside outside of a network is

Accepted Answer

A) a firewall. 
B) employee training. 
C) a demilitarized zone. 
D) stateful packet filtering. 
A) a firewall. 
B) employee training. 
C) a demilitarized zone. 
D) stateful packet filtering.

Question 12

Identify the statement below which is not a useful control procedure regarding access to system outputs.

Accepted Answer

A) Restricting access to rooms with printers. 
B) Coding reports to reflect their importance. 
C) Allowing visitors to move through the building without supervision. 
D) Requiring employees to log out of applications when leaving their desk. 
A) Restricting access to rooms with printers. 
B) Coding reports to reflect their importance. 
C) Allowing visitors to move through the building without supervision. 
D) Requiring employees to log out of applications when leaving their desk.

Question 13

An access control matrix

Accepted Answer

A) is the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform. 
B) is used to implement authentication controls. 
C) matches the user's authentication credentials to his authorization. 
D) is a table specifying which portions of the system users are permitted to access. 
A) is the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform. 
B) is used to implement authentication controls. 
C) matches the user's authentication credentials to his authorization. 
D) is a table specifying which portions of the system users are permitted to access.

Question 14

A major financial institution hired a renowned security firm to attempt to compromise its computer network.A few days later,the security firm reported that it had successfully entered the financial institution's computer system without being detected.The security firm presented an analysis of the vulnerabilities that had been found to the financial institution.This is an example of a

Accepted Answer

A) preventive control. 
B) detective control. 
C) corrective control. 
D) security control. 
A) preventive control. 
B) detective control. 
C) corrective control. 
D) security control.

Question 15

The most important element of any preventive control is

Accepted Answer

A) the people. 
B) the performance. 
C) the procedure(s). 
D) the penalty. 
A) the people. 
B) the performance. 
C) the procedure(s). 
D) the penalty.

Question 16

Describe the differences between virtualization and cloud computing.

Accepted Answer

Virtualization takes advantage of the po

Question 17

Cloud computing is generally more secure than traditional computing.

Accepted Answer

A) True 
 B)False

Question 18

The steps that criminals take to find known vulnerabilities and learn how to take advantage of those vulnerabilities is called

Accepted Answer

A) scanning and mapping the target. 
B) social engineering. 
C) research. 
D) reconnaissance. 
A) scanning and mapping the target. 
B) social engineering. 
C) research. 
D) reconnaissance.

Question 19

In recent years,many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.

Accepted Answer

A) Code mastication. 
B) Boot sector corruption. 
C) URL injection. 
D) Buffer overflow. 
A) Code mastication. 
B) Boot sector corruption. 
C) URL injection. 
D) Buffer overflow.

Question 20

The most common input-related vulnerability is called the

Accepted Answer

A) softening attack. 
B) hardening attack. 
C) cross-site scripting attack. 
D) buffering attack. 
A) softening attack. 
B) hardening attack. 
C) cross-site scripting attack. 
D) buffering attack.

Exam 8: Controls for Information Security

Cloud computing can potentially generate significant cost savings for an organization.

A special purpose hardware device or software running on a general purpose computer,which filters information that is allowed to enter and leave the organization's information system,is known as a(n)

The steps that criminals take to identify potential points of remote entry is called

________ is/are an example of a detective control.

Which of the following is an example of a detective control?

New employees of Baker Technologies are assigned user names and appropriate permissions.Each of them were given a company's issued laptop that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(n)

All employees of E.C.Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted.Entry to secure areas,such as the Information Technology Department offices,requires further procedures.This is an example of a(n)

Which of the following is not a requirement of effective passwords?

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?

Describe four requirements of effective passwords .

The most effective way to protect network resources that are exposed to the internet,yet reside outside of a network is

Identify the statement below which is not a useful control procedure regarding access to system outputs.

An access control matrix

The most important element of any preventive control is

Describe the differences between virtualization and cloud computing.

Cloud computing is generally more secure than traditional computing.

The steps that criminals take to find known vulnerabilities and learn how to take advantage of those vulnerabilities is called

In recent years,many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.

The most common input-related vulnerability is called the

Conceptual Foundations of Accounting Information Systems

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design, implementation, and Operation

Filters