Question 1

The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as

Accepted Answer

A) an intrusion prevention system. 
B) stateful packet filtering. 
C) static packet filtering. 
D) deep packet inspection. 
A) an intrusion prevention system. 
B) stateful packet filtering. 
C) static packet filtering. 
D) deep packet inspection.

Question 2

The process of maintaining a table listing all established connections between the organization's computers and the internet to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer is known as

Accepted Answer

A) stateful packet filtering. 
B) deep packet inspection. 
C) access control list. 
D) static packet filtering. 
A) stateful packet filtering. 
B) deep packet inspection. 
C) access control list. 
D) static packet filtering.

Question 3

Information security procedures protect information integrity by

Accepted Answer

A) preventing fictitious transactions. 
B) reducing the system cost. 
C) making the system more efficient. 
D) making it impossible for unauthorized users to access the system. 
A) preventing fictitious transactions. 
B) reducing the system cost. 
C) making the system more efficient. 
D) making it impossible for unauthorized users to access the system.

Question 4

The most effective method for protecting an organization from social engineering attacks is providing

Accepted Answer

A) a firewall. 
B) stateful packet filtering. 
C) a demilitarized zone. 
D) employee awareness training. 
A) a firewall. 
B) stateful packet filtering. 
C) a demilitarized zone. 
D) employee awareness training.

Question 5

If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is

Accepted Answer

A) effective. 
B) ineffective. 
C) overdone. 
D) undermanaged. 
A) effective. 
B) ineffective. 
C) overdone. 
D) undermanaged.

Question 6

On April 1,2012,students enrolled in an economics course at Harvard University received an e-mail stating that class would be cancelled.The e-mail claimed to be from the professor,but it wasn't.Computer forensic experts determined that the e-mail was sent from a computer in one of the campus labs at 6:32 A.M.They were then able to uniquely identify the computer that was used by means of its network interface card's ________ address.Security cameras revealed the identity of the student responsible for spoofing the class.

Accepted Answer

A) IDS 
B) TCP/IP 
C) MAC 
D) DMZ 
A) IDS 
B) TCP/IP 
C) MAC 
D) DMZ

Question 7

Describe the function of a computer incident response team (CIRT)and the steps that a CIRT should perform following a security incident.

Accepted Answer

A CIRT is responsible for dealing with m

Question 8

Explain the value of penetration testing.

Accepted Answer

Penetration testing involves an authoriz

Question 9

Describe what a man-trap is and how it contributes to information security.

Accepted Answer

A man-trap is a specially designed room

Question 10

When new employees are hired by Pacific Technologies,they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(n)

Accepted Answer

A) authorization control. 
B) biometric device. 
C) remote access control. 
D) defense in depth. 
A) authorization control. 
B) biometric device. 
C) remote access control. 
D) defense in depth.

Question 11

Explain social engineering.

Accepted Answer

Social engineering attacks use deception

Question 12

In 2007,a major U.S.financial institution hired a security firm to attempt to compromise its computer network.A week later,the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found.This is an example of a

Accepted Answer

A) preventive control. 
B) detective control. 
C) corrective control. 
D) standard control. 
A) preventive control. 
B) detective control. 
C) corrective control. 
D) standard control.

Question 13

The most common input-related vulnerability is

Accepted Answer

A) buffer overflow attack. 
B) hardening. 
C) war dialing. 
D) encryption. 
A) buffer overflow attack. 
B) hardening. 
C) war dialing. 
D) encryption.

Question 14

Identify one aspect of systems reliability that is not a source of concern with regards to a public cloud.

Accepted Answer

A) confidentiality 
B) privacy 
C) efficiency 
D) availability 
A) confidentiality 
B) privacy 
C) efficiency 
D) availability

Question 15

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

Accepted Answer

A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol 
A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol

Question 16

Identify three ways users can be authenticated and give an example of each.

Accepted Answer

Users can be authenticated by

Question 17

Identify the statement below which is not a useful control procedure regarding access to system outputs.

Accepted Answer

A) restricting access to rooms with printers 
B) coding reports to reflect their importance 
C) allowing visitors to move through the building without supervision 
D) requiring employees to log out of applications when leaving their desk 
A) restricting access to rooms with printers 
B) coding reports to reflect their importance 
C) allowing visitors to move through the building without supervision 
D) requiring employees to log out of applications when leaving their desk

Question 18

According to the Trust Services Framework,the reliability principle of integrity is achieved when the system produces data that

Accepted Answer

A) is available for operation and use at times set forth by agreement. 
B) is protected against unauthorized physical and logical access. 
C) can be maintained as required without affecting system availability,security,and integrity. 
D) is complete,accurate,and valid. 
A) is available for operation and use at times set forth by agreement. 
B) is protected against unauthorized physical and logical access. 
C) can be maintained as required without affecting system availability,security,and integrity. 
D) is complete,accurate,and valid.

Question 19

Which of the following is an example of a corrective control?

Accepted Answer

A) physical access controls 
B) encryption 
C) intrusion detection 
D) incident response teams 
A) physical access controls 
B) encryption 
C) intrusion detection 
D) incident response teams

Question 20

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?

Accepted Answer

A) training 
B) controlling physical access 
C) controlling remote access 
D) host and application hardening 
A) training 
B) controlling physical access 
C) controlling remote access 
D) host and application hardening

The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as

The process of maintaining a table listing all established connections between the organization's computers and the internet to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer is known as

Information security procedures protect information integrity by

The most effective method for protecting an organization from social engineering attacks is providing

If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is

Describe the function of a computer incident response team (CIRT)and the steps that a CIRT should perform following a security incident.

Explain the value of penetration testing.

Describe what a man-trap is and how it contributes to information security.

When new employees are hired by Pacific Technologies,they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(n)

Explain social engineering.

The most common input-related vulnerability is

Identify one aspect of systems reliability that is not a source of concern with regards to a public cloud.

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

Identify three ways users can be authenticated and give an example of each.

Identify the statement below which is not a useful control procedure regarding access to system outputs.

According to the Trust Services Framework,the reliability principle of integrity is achieved when the system produces data that

Which of the following is an example of a corrective control?

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?

Accounting Information Systems: an Overview

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design,implementation,and Operation

Filters

Exam 8: Controls for Information Security

The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as

The process of maintaining a table listing all established connections between the organization's computers and the internet to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer is known as

Information security procedures protect information integrity by

The most effective method for protecting an organization from social engineering attacks is providing

If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is

Describe the function of a computer incident response team (CIRT)and the steps that a CIRT should perform following a security incident.

Explain the value of penetration testing.

Describe what a man-trap is and how it contributes to information security.

When new employees are hired by Pacific Technologies,they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(n)

Explain social engineering.

The most common input-related vulnerability is

Identify one aspect of systems reliability that is not a source of concern with regards to a public cloud.

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

Identify three ways users can be authenticated and give an example of each.

Identify the statement below which is not a useful control procedure regarding access to system outputs.

According to the Trust Services Framework,the reliability principle of integrity is achieved when the system produces data that

Which of the following is an example of a corrective control?

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?

Accounting Information Systems: an Overview

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design,implementation,and Operation

Filters