Question 1

This is an authorized attempt by an internal audit team or an external security consultant to attempt to break into the organization's information system.

Accepted Answer

A) log analysis 
B) intrusion detection system 
C) penetration test 
D) vulnerability scan 
A) log analysis 
B) intrusion detection system 
C) penetration test 
D) vulnerability scan

Question 2

True or False: Cloud computing can potentially generate significant cost savings for an organization.

Accepted Answer

A) True 
 B)False

Question 3

When new employees are hired by Pacific Technologies,they are assigned user names and appropriate permissions are entered into the information system's access control matrix.This is an example of a(n)

Accepted Answer

A) authentication control. 
B) biometric device. 
C) remote access control. 
D) authorization control. 
A) authentication control. 
B) biometric device. 
C) remote access control. 
D) authorization control.

Question 4

The Trust Services Framework reliability principle that states access to the system and its data should be controlled and restricted to legitimate users is known as

Accepted Answer

A) availability. 
B) security. 
C) privacy. 
D) integrity. 
A) availability. 
B) security. 
C) privacy. 
D) integrity.

Question 5

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Accepted Answer

A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol 
A) access control list 
B) Internet protocol 
C) packet switching protocol 
D) transmission control protocol

Question 6

Describe what information security process the term hardening refers to.

Accepted Answer

Hardening is the process of mo

Question 7

The process that allows a firewall to be more effective by examining the data in the body of an IP packet,instead of just the header,is known as

Accepted Answer

A) deep packet inspection. 
B) stateful packet filtering. 
C) static packet filtering. 
D) an intrusion prevention system. 
A) deep packet inspection. 
B) stateful packet filtering. 
C) static packet filtering. 
D) an intrusion prevention system.

Question 8

________ is/are an example of a preventive control.

Accepted Answer

A) Emergency response teams 
B) Encryption 
C) Log analysis 
D) Intrusion detection 
A) Emergency response teams 
B) Encryption 
C) Log analysis 
D) Intrusion detection

Question 9

The process of turning off unnecessary features in the system is known as

Accepted Answer

A) deep packet inspection. 
B) hardening. 
C) intrusion detection. 
D) war dialing. 
A) deep packet inspection. 
B) hardening. 
C) intrusion detection. 
D) war dialing.

Question 10

Which of the following is not one of the three fundamental information security concepts?

Accepted Answer

A) Information security is a technology issue based on prevention. 
B) Security is a management issue,not a technology issue. 
C) The idea of defense-in-depth employs multiple layers of controls. 
D) The time-based model of security focuses on the relationship between preventive,detective and corrective controls. 
A) Information security is a technology issue based on prevention. 
B) Security is a management issue,not a technology issue. 
C) The idea of defense-in-depth employs multiple layers of controls. 
D) The time-based model of security focuses on the relationship between preventive,detective and corrective controls.

Question 11

A border router

Accepted Answer

A) routes electronic communications within an organization. 
B) connects an organization's information system to the Internet. 
C) permits controlled access from the Internet to selected resources. 
D) serves as the main firewall. 
A) routes electronic communications within an organization. 
B) connects an organization's information system to the Internet. 
C) permits controlled access from the Internet to selected resources. 
D) serves as the main firewall.

Question 12

True or False: Cloud computing is generally more secure than traditional computing.

Accepted Answer

A) True 
 B)False

Question 13

Identify the primary means of protecting data stored in a cloud from unauthorized access.

Accepted Answer

A) authentication 
B) authorization 
C) virtualization 
D) securitization 
A) authentication 
B) authorization 
C) virtualization 
D) securitization

Question 14

The process that screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header is known as

Accepted Answer

A) access control list. 
B) deep packet inspection. 
C) stateful packet filtering. 
D) static packet filtering. 
A) access control list. 
B) deep packet inspection. 
C) stateful packet filtering. 
D) static packet filtering.

Question 15

This network access control determines which IP packets are allowed entry to a network and which are dropped.

Accepted Answer

A) access control list 
B) deep packet inspection 
C) stateful packet filtering 
D) static packet filtering 
A) access control list 
B) deep packet inspection 
C) stateful packet filtering 
D) static packet filtering

Question 16

There are "white hat" hackers and "black hat" hackers.Cowboy451 was one of the "black hat" hackers.He had researched an exploit and determined that he could penetrate the target system,download a file containing valuable data,and cover his tracks in eight minutes.Six minutes into the attack he was locked out of the system.Using the notation of the time-based model of security,which of the following must be true?

Accepted Answer

A) P  6 
A) P  6

Question 17

The Trust Services Framework reliability principle that states that users must be able to enter,update,and retrieve data during agreed-upon times is known as

Accepted Answer

A) availability. 
B) security. 
C) maintainability. 
D) integrity. 
A) availability. 
B) security. 
C) maintainability. 
D) integrity.

Question 18

Verifying the identity of the person or device attempting to access the system is an example of

Accepted Answer

A) authentication. 
B) authorization. 
C) identification. 
D) threat monitoring. 
A) authentication. 
B) authorization. 
C) identification. 
D) threat monitoring.

Question 19

In recent years,many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.

Accepted Answer

A) code mastication 
B) boot sector corruption 
C) weak authentication 
D) buffer overflow 
A) code mastication 
B) boot sector corruption 
C) weak authentication 
D) buffer overflow

Question 20

Restricting access of users to specific portions of the system as well as specific tasks,is an example of

Accepted Answer

A) authentication. 
B) authorization. 
C) identification. 
D) threat monitoring. 
A) authentication. 
B) authorization. 
C) identification. 
D) threat monitoring.

Exam 8: Controls for Information Security

This is an authorized attempt by an internal audit team or an external security consultant to attempt to break into the organization's information system.

True or False: Cloud computing can potentially generate significant cost savings for an organization.

When new employees are hired by Pacific Technologies,they are assigned user names and appropriate permissions are entered into the information system's access control matrix.This is an example of a(n)

The Trust Services Framework reliability principle that states access to the system and its data should be controlled and restricted to legitimate users is known as

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

Describe what information security process the term hardening refers to.

The process that allows a firewall to be more effective by examining the data in the body of an IP packet,instead of just the header,is known as

________ is/are an example of a preventive control.

The process of turning off unnecessary features in the system is known as

Which of the following is not one of the three fundamental information security concepts?

A border router

True or False: Cloud computing is generally more secure than traditional computing.

Identify the primary means of protecting data stored in a cloud from unauthorized access.

The process that screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header is known as

This network access control determines which IP packets are allowed entry to a network and which are dropped.

The Trust Services Framework reliability principle that states that users must be able to enter,update,and retrieve data during agreed-upon times is known as

Verifying the identity of the person or device attempting to access the system is an example of

In recent years,many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.

Restricting access of users to specific portions of the system as well as specific tasks,is an example of

Accounting Information Systems: an Overview

Overview of Transaction Processing and Enterprise Resource Planning Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Confidentiality and Privacy Controls

Processing Integrity and Availability Controls

Auditing Computer-Based Information Systems

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

Database Design Using the Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design,implementation,and Operation

Filters