Question 1

Security is a technology issue and not just a management issue.

Accepted Answer

A) True 
 B)False

Question 2

A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions is called

Accepted Answer

A) log analysis. 
B) intrusion detection systems. 
C) continuous monitoring. 
D) defense in depth. 
A) log analysis. 
B) intrusion detection systems. 
C) continuous monitoring. 
D) defense in depth.

Question 3

________ is/are an example of a preventive control.

Accepted Answer

A) Continuous monitoring 
B) Encryption 
C) Emergency response teams 
D) Log analysis 
A) Continuous monitoring 
B) Encryption 
C) Emergency response teams 
D) Log analysis

Question 4

Verifying the identity of the person or device attempting to access the system is an example of

Accepted Answer

A) authentication. 
B) authorization. 
C) identification. 
D) threat monitoring. 
A) authentication. 
B) authorization. 
C) identification. 
D) threat monitoring.

Question 5

According to the Trust Services Framework,the reliability principle of integrity is achieved when the system produces data that

Accepted Answer

A) is available for operation and use at times set forth by agreement. 
B) is protected against unauthorized physical and logical access. 
C) can be maintained as required without affecting system availability,security,and integrity. 
D) is complete,accurate,and valid. 
A) is available for operation and use at times set forth by agreement. 
B) is protected against unauthorized physical and logical access. 
C) can be maintained as required without affecting system availability,security,and integrity. 
D) is complete,accurate,and valid.

Question 6

Virtualization refers to the ability of

Accepted Answer

A) running multiple systems simultaneously on one physical computer. 
B) eliminating the need for a physical computer. 
C) using the Internet to perform all needed system functions. 
D) using web-based security to protect an organization. 
A) running multiple systems simultaneously on one physical computer. 
B) eliminating the need for a physical computer. 
C) using the Internet to perform all needed system functions. 
D) using web-based security to protect an organization.

Question 7

The steps that criminals take to study their target's physical layout to learn about the controls it has in place is called

Accepted Answer

A) scanning and mapping the target. 
B) social engineering. 
C) research. 
D) reconnaissance. 
A) scanning and mapping the target. 
B) social engineering. 
C) research. 
D) reconnaissance.

Question 8

A well-known hacker started her own computer security consulting business.Many companies pay her to attempt to gain unauthorized access to their network.If she is successful,she offers advice as to how to design and implement better controls.What is the name of the testing for which the hacker is being paid?

Accepted Answer

A) Penetration test. 
B) Vulnerability scan. 
C) Deep packet inspection 
D) Buffer overflow test. 
A) Penetration test. 
B) Vulnerability scan. 
C) Deep packet inspection 
D) Buffer overflow test.

Question 9

Identify three ways users can be authenticated and give an example of each.

Accepted Answer

Users can be authenticated by

Question 10

Kuzman Jovan called a meeting of the top management at Jovan Capital Management.Number one on the agenda was computer system security."The risk of security breach incidents has become unacceptable," he said,and turned to the Chief Information Officer."What do you intend to do?" Which of the following is the best answer?

Accepted Answer

A) Evaluate and modify the system using COBOL. 
B) Evaluate and modify the system using the CTC checklist. 
C) Evaluate and modify the system using the Trust Services framework 
D) Evaluate and modify the system using the COSO Internal Control Framework. 
A) Evaluate and modify the system using COBOL. 
B) Evaluate and modify the system using the CTC checklist. 
C) Evaluate and modify the system using the Trust Services framework 
D) Evaluate and modify the system using the COSO Internal Control Framework.

Question 11

The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as

Accepted Answer

A) an intrusion prevention system. 
B) stateful packet filtering. 
C) static packet filtering. 
D) deep packet inspection. 
A) an intrusion prevention system. 
B) stateful packet filtering. 
C) static packet filtering. 
D) deep packet inspection.

Question 12

________ is/are an example of a preventive control.

Accepted Answer

A) Emergency response teams 
B) Encryption 
C) Log analysis 
D) Intrusion detection 
A) Emergency response teams 
B) Encryption 
C) Log analysis 
D) Intrusion detection

Question 13

Which of the following is not a step in an organization's incident response process?

Accepted Answer

A) Recognition. 
B) Recovery. 
C) Isolation. 
D) Containment. 
A) Recognition. 
B) Recovery. 
C) Isolation. 
D) Containment.

Question 14

Multi-factor authentication

Accepted Answer

A) involves the use of two or more basic authentication methods. 
B) is a table specifying which portions of the systems users are permitted to access. 
C) provides weaker authentication than the use of effective passwords. 
D) requires the use of more than one effective password. 
A) involves the use of two or more basic authentication methods. 
B) is a table specifying which portions of the systems users are permitted to access. 
C) provides weaker authentication than the use of effective passwords. 
D) requires the use of more than one effective password.

Question 15

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Accepted Answer

A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol 
A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol

Question 16

There are "white hat" hackers and "black hat" hackers.Cowboy451 was one of the "black hat" hackers.He had researched an exploit and determined that he could penetrate the target system,download a file containing valuable data,and cover his tracks in eight minutes.Six minutes into the attack he was locked out of the system.Using the notation of the time-based model of security,which of the following must be true?

Accepted Answer

A) P  6 
A) P  6

Question 17

Information security procedures protect information integrity by

Accepted Answer

A) preventing fictitious transactions. 
B) reducing the system cost. 
C) making the system more efficient. 
D) making it impossible for unauthorized users to access the system. 
A) preventing fictitious transactions. 
B) reducing the system cost. 
C) making the system more efficient. 
D) making it impossible for unauthorized users to access the system.

Question 18

Describe what a man-trap is and how it contributes to information security.

Accepted Answer

A man-trap is a specially designed room

Question 19

Which of the below keeps a record of the network traffic permitted to pass through a firewall?

Accepted Answer

A) Intrusion detection system. 
B) Vulnerability scan. 
C) Log analysis. 
D) Penetration test. 
A) Intrusion detection system. 
B) Vulnerability scan. 
C) Log analysis. 
D) Penetration test.

Question 20

Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliability,as discussed in the Trust Services Framework?

Accepted Answer

A) Developing and documenting policies. 
B) Effectively communicating policies to all outsiders. 
C) Designing and employing appropriate control procedures to implement policies. 
D) Monitoring the system and taking corrective action to maintain compliance with policies. 
A) Developing and documenting policies. 
B) Effectively communicating policies to all outsiders. 
C) Designing and employing appropriate control procedures to implement policies. 
D) Monitoring the system and taking corrective action to maintain compliance with policies.

Security is a technology issue and not just a management issue.

A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions is called

________ is/are an example of a preventive control.

Verifying the identity of the person or device attempting to access the system is an example of

According to the Trust Services Framework,the reliability principle of integrity is achieved when the system produces data that

Virtualization refers to the ability of

The steps that criminals take to study their target's physical layout to learn about the controls it has in place is called

Identify three ways users can be authenticated and give an example of each.

The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as

________ is/are an example of a preventive control.

Which of the following is not a step in an organization's incident response process?

Multi-factor authentication

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Information security procedures protect information integrity by

Describe what a man-trap is and how it contributes to information security.

Which of the below keeps a record of the network traffic permitted to pass through a firewall?

Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliability,as discussed in the Trust Services Framework?

Conceptual Foundations of Accounting Information Systems

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design, implementation, and Operation

Filters

Exam 8: Controls for Information Security

Security is a technology issue and not just a management issue.

A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions is called

________ is/are an example of a preventive control.

Verifying the identity of the person or device attempting to access the system is an example of

According to the Trust Services Framework,the reliability principle of integrity is achieved when the system produces data that

Virtualization refers to the ability of

The steps that criminals take to study their target's physical layout to learn about the controls it has in place is called

Identify three ways users can be authenticated and give an example of each.

The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as

________ is/are an example of a preventive control.

Which of the following is not a step in an organization's incident response process?

Multi-factor authentication

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Information security procedures protect information integrity by

Describe what a man-trap is and how it contributes to information security.

Which of the below keeps a record of the network traffic permitted to pass through a firewall?

Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliability,as discussed in the Trust Services Framework?

Conceptual Foundations of Accounting Information Systems

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design, implementation, and Operation

Filters