Question 1

The Trust Services Framework reliability principle that states sensitive information be protected from unauthorized disclosure is known as

Accepted Answer

A) availability. 
B) security. 
C) confidentiality. 
D) integrity. 
A) availability. 
B) security. 
C) confidentiality. 
D) integrity. C

Question 2

Describe what a man-trap is and how it contributes to information security.

Accepted Answer

A man-trap is a specially designed room to trap unauthorized individuals.Typically,a man-trap room contains two doors.Entry to the first door requires the person insert and ID card and enter a password.Successful authentication opens the first door,permitting the individual into the room.Once inside the room,the door closes and locks behind the individual.Then,the individual must successfully pass a second set of authentication controls that typically includes a biometric credential.Failure to pass results in the individual being trapped in the room.

Question 3

A special purpose hardware device or software running on a general purpose computer,which filters information that is allowed to enter and leave the organization's information system,is known as a(n)

Accepted Answer

A) demilitarized zone. 
B) intrusion detection system. 
C) intrusion prevention system. 
D) firewall. 
A) demilitarized zone. 
B) intrusion detection system. 
C) intrusion prevention system. 
D) firewall. D

Question 4

Which of the following is not one of the three fundamental information security concepts?

Accepted Answer

A) Information security is a technology issue based on prevention. 
B) Security is a management issue, not a technology issue. 
C) The idea of defense-in-depth employs multiple layers of controls. 
D) The time-based model of security focuses on the relationship between preventive, detective and corrective controls. 
A) Information security is a technology issue based on prevention. 
B) Security is a management issue, not a technology issue. 
C) The idea of defense-in-depth employs multiple layers of controls. 
D) The time-based model of security focuses on the relationship between preventive, detective and corrective controls.

Question 5

There are "white hat" hackers and "black hat" hackers.Cowboy451 was one of the "black hat" hackers.He had researched an exploit and determined that he could penetrate the target system,download a file containing valuable data,and cover his tracks in eight minutes.Six minutes into the attack he was locked out of the system.Using the notation of the time-based model of security,which of the following must be true?

Accepted Answer

A) P  6 
A) P  6

Question 6

________ is/are an example of a detective control.

Accepted Answer

A) Physical access controls 
B) Encryption 
C) Emergency response teams 
D) Log analysis 
A) Physical access controls 
B) Encryption 
C) Emergency response teams 
D) Log analysis

Question 7

It was 8:03 A.M.when Jiao Jan,the Network Administrator for South Asian Technologies,was informed that the intrusion detection system had identified an ongoing attempt to breach network security.By the time that Jiao had identified and blocked the attack,the hacker had accessed and downloaded several files from the company's server.Using the notation for the time-based model of security,in this case

Accepted Answer

A) D > P 
B) P > D 
C) P > C 
D) C > P 
A) D > P 
B) P > D 
C) P > C 
D) C > P

Question 8

The Trust Services Framework reliability principle that states access to the system and its data should be controlled and restricted to legitimate users is known as

Accepted Answer

A) availability. 
B) security. 
C) privacy. 
D) integrity. 
A) availability. 
B) security. 
C) privacy. 
D) integrity.

Question 9

COBIT 5 management practice APO01.08 stresses the importance of ________ of both employee compliance with the organization's information security policies and overall performance of business processes.

Accepted Answer

A) continuous improvement of 
B) continuous reviewing 
C) continuous monitoring 
D) continuous auditing 
A) continuous improvement of 
B) continuous reviewing 
C) continuous monitoring 
D) continuous auditing

Question 10

The process of turning off unnecessary features in the system is known as

Accepted Answer

A) deep packet inspection. 
B) hardening. 
C) intrusion detection. 
D) modaling. 
A) deep packet inspection. 
B) hardening. 
C) intrusion detection. 
D) modaling.

Question 11

The Trust Services Framework reliability principle that states access to the system and its data should be accessible to meet operational and contractual obligations to legitimate users is known as

Accepted Answer

A) availability. 
B) security. 
C) privacy. 
D) integrity. 
A) availability. 
B) security. 
C) privacy. 
D) integrity.

Question 12

The most effective method for protecting an organization from social engineering attacks is providing

Accepted Answer

A) a firewall. 
B) stateful packet filtering. 
C) a demilitarized zone. 
D) employee awareness training. 
A) a firewall. 
B) stateful packet filtering. 
C) a demilitarized zone. 
D) employee awareness training.

Question 13

Identify the statement below which is not a useful control procedure regarding access to system outputs.

Accepted Answer

A) Restricting access to rooms with printers. 
B) Coding reports to reflect their importance. 
C) Allowing visitors to move through the building without supervision. 
D) Requiring employees to log out of applications when leaving their desk. 
A) Restricting access to rooms with printers. 
B) Coding reports to reflect their importance. 
C) Allowing visitors to move through the building without supervision. 
D) Requiring employees to log out of applications when leaving their desk.

Question 14

Verifying the identity of the person or device attempting to access the system is an example of

Accepted Answer

A) authentication. 
B) authorization. 
C) identification. 
D) threat monitoring. 
A) authentication. 
B) authorization. 
C) identification. 
D) threat monitoring.

Question 15

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?

Accepted Answer

A) Training. 
B) Controlling physical access. 
C) Controlling remote access. 
D) Host and application hardening. 
A) Training. 
B) Controlling physical access. 
C) Controlling remote access. 
D) Host and application hardening.

Question 16

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Accepted Answer

A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol 
A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol

Question 17

Describe the differences between virtualization and cloud computing.

Accepted Answer

Virtualization takes advantage of the po

Question 18

An access control matrix

Accepted Answer

A) is the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform. 
B) is used to implement authentication controls. 
C) matches the user's authentication credentials to his authorization. 
D) is a table specifying which portions of the system users are permitted to access. 
A) is the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform. 
B) is used to implement authentication controls. 
C) matches the user's authentication credentials to his authorization. 
D) is a table specifying which portions of the system users are permitted to access.

Question 19

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

Accepted Answer

A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol 
A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol

Question 20

Which of the following is not a requirement of effective passwords?

Accepted Answer

A) Passwords should be changed at regular intervals. 
B) Passwords should be no more than 8 characters in length. 
C) Passwords should contain a mixture of upper and lowercase letters, numbers and characters. 
D) Passwords should not be words found in dictionaries. 
A) Passwords should be changed at regular intervals. 
B) Passwords should be no more than 8 characters in length. 
C) Passwords should contain a mixture of upper and lowercase letters, numbers and characters. 
D) Passwords should not be words found in dictionaries.

The Trust Services Framework reliability principle that states sensitive information be protected from unauthorized disclosure is known as

Describe what a man-trap is and how it contributes to information security.

A special purpose hardware device or software running on a general purpose computer,which filters information that is allowed to enter and leave the organization's information system,is known as a(n)

Which of the following is not one of the three fundamental information security concepts?

________ is/are an example of a detective control.

The Trust Services Framework reliability principle that states access to the system and its data should be controlled and restricted to legitimate users is known as

COBIT 5 management practice APO01.08 stresses the importance of ________ of both employee compliance with the organization's information security policies and overall performance of business processes.

The process of turning off unnecessary features in the system is known as

The Trust Services Framework reliability principle that states access to the system and its data should be accessible to meet operational and contractual obligations to legitimate users is known as

The most effective method for protecting an organization from social engineering attacks is providing

Identify the statement below which is not a useful control procedure regarding access to system outputs.

Verifying the identity of the person or device attempting to access the system is an example of

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Describe the differences between virtualization and cloud computing.

An access control matrix

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

Which of the following is not a requirement of effective passwords?

Conceptual Foundations of Accounting Information Systems

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design, implementation, and Operation

Filters

Exam 8: Controls for Information Security

The Trust Services Framework reliability principle that states sensitive information be protected from unauthorized disclosure is known as

Describe what a man-trap is and how it contributes to information security.

A special purpose hardware device or software running on a general purpose computer,which filters information that is allowed to enter and leave the organization's information system,is known as a(n)

Which of the following is not one of the three fundamental information security concepts?

________ is/are an example of a detective control.

The Trust Services Framework reliability principle that states access to the system and its data should be controlled and restricted to legitimate users is known as

COBIT 5 management practice APO01.08 stresses the importance of ________ of both employee compliance with the organization's information security policies and overall performance of business processes.

The process of turning off unnecessary features in the system is known as

The Trust Services Framework reliability principle that states access to the system and its data should be accessible to meet operational and contractual obligations to legitimate users is known as

The most effective method for protecting an organization from social engineering attacks is providing

Identify the statement below which is not a useful control procedure regarding access to system outputs.

Verifying the identity of the person or device attempting to access the system is an example of

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Describe the differences between virtualization and cloud computing.

An access control matrix

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

Which of the following is not a requirement of effective passwords?

Conceptual Foundations of Accounting Information Systems

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design, implementation, and Operation

Filters