Question 1

Describe four requirements of effective passwords

Accepted Answer

1.Strong passwords should be at least 8

Question 2

A more rigorous test of the effectiveness of an organization's computer security.

Accepted Answer

A) Intrusion detection system 
B) Log analysis 
C) Penetration test 
D) Vulnerability scan 
A) Intrusion detection system 
B) Log analysis 
C) Penetration test 
D) Vulnerability scan

Question 3

In developing policies related to personal information about customers,Folding Squid Technologies adhered to the Trust Services framework.The standard applicable to these policies is

Accepted Answer

A) security. 
B) confidentiality. 
C) privacy. 
D) availability. 
A) security. 
B) confidentiality. 
C) privacy. 
D) availability.

Question 4

Which of the following is not one of the five basic principles that contribute to systems reliability according to the Trust Services framework.

Accepted Answer

A) Confidentiality 
B) Processing speed 
C) Security 
D) System availability 
A) Confidentiality 
B) Processing speed 
C) Security 
D) System availability

Question 5

In a private key system the sender and the receiver have __________,and in the public key system they have __________.

Accepted Answer

A) different keys; the same key 
B) a decrypting algorithm; an encrypting algorithm 
C) the same key; two separate keys 
D) an encrypting algorithm; a decrypting algorithm 
A) different keys; the same key 
B) a decrypting algorithm; an encrypting algorithm 
C) the same key; two separate keys 
D) an encrypting algorithm; a decrypting algorithm

Question 6

The device that connects an organization's information system to the Internet is a

Accepted Answer

A) Demilitarized zone 
B) Firewall 
C) Gateway 
D) Router 
A) Demilitarized zone 
B) Firewall 
C) Gateway 
D) Router

Question 7

Which of the following is an example of a preventive control?

Accepted Answer

A) Encryption 
B) Log analysis 
C) Intrusion detection 
D) Emergency response teams 
A) Encryption 
B) Log analysis 
C) Intrusion detection 
D) Emergency response teams

Question 8

If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is

Accepted Answer

A) effective 
B) ineffective 
C) overdone 
D) undermanaged 
A) effective 
B) ineffective 
C) overdone 
D) undermanaged

Question 9

This uses automated tools to identify whether a given system possesses any well-known security problems.

Accepted Answer

A) Intrusion detection system 
B) Log analysis 
C) Penetration test 
D) Vulnerability scan 
A) Intrusion detection system 
B) Log analysis 
C) Penetration test 
D) Vulnerability scan

Question 10

Which of the following preventive controls are necessary to provide adequate security that deals with social engineering?

Accepted Answer

A) Controlling remote access 
B) Encryption 
C) Host and application hardening 
D) Training 
A) Controlling remote access 
B) Encryption 
C) Host and application hardening 
D) Training

Question 11

This processes involves the firewall examining the data in the body of an IP packet.

Accepted Answer

A) Access control list 
B) Deep packet inspection 
C) Stateful packet filtering 
D) Static packet filtering 
A) Access control list 
B) Deep packet inspection 
C) Stateful packet filtering 
D) Static packet filtering

Question 12

Murray Snitzel called a meeting of the top management at Snitzel Capital Management.Number one on the agenda was computer system security."The risk of security breach incidents has become unacceptable," he said,and turned to the Chief Information Officer."This your responsibility! What do you intend to do?" Which of the following is the best answer?

Accepted Answer

A) Evaluate and modify the system using the Trust Services framework 
B) Evaluate and modify the system using the COBIT framework. 
C) Evaluate and modify the system using the CTC checklist. 
D) Evaluate and modify the system using COBOL. 
A) Evaluate and modify the system using the Trust Services framework 
B) Evaluate and modify the system using the COBIT framework. 
C) Evaluate and modify the system using the CTC checklist. 
D) Evaluate and modify the system using COBOL.

Question 13

How does an intrusion detection system work?

Accepted Answer

An intrusion detection system

Question 14

This is used to identify rogue modems (or by hackers to identify targets).

Accepted Answer

A) War chalking 
B) War dialing 
C) War driving 
D) None of the above 
A) War chalking 
B) War dialing 
C) War driving 
D) None of the above

Question 15

The system and processes used to issue and manage asymmetric keys and digital certificates.

Accepted Answer

A) Asymmetric encryption 
B) Certificate authority 
C) Digital signature 
D) Public key infrastructure 
A) Asymmetric encryption 
B) Certificate authority 
C) Digital signature 
D) Public key infrastructure

Question 16

Meaningful Discussions is a social networking site that boasts over a million registered users and a quarterly membership growth rate in the double digits.As a consequence,the size of the information technology department has been growing very rapidly,with many new hires.Each employee is provided with a name badge with a photo and embedded computer chip that is used to gain entry to the facility.This is an example of a(an)

Accepted Answer

A) authentication control. 
B) biometric device. 
C) remote access control. 
D) authorization control. 
A) authentication control. 
B) biometric device. 
C) remote access control. 
D) authorization control.

Question 17

According to SysTrust,the reliability principle of integrity is achieved when

Accepted Answer

A) the system is available for operation and use at times set forth by agreement. 
B) the system is protected against unauthorized physical and logical access. 
C) the system can be maintained as required without affecting system availability,security,and integrity. 
D) system processing is complete,accurate,timely,and authorized. 
A) the system is available for operation and use at times set forth by agreement. 
B) the system is protected against unauthorized physical and logical access. 
C) the system can be maintained as required without affecting system availability,security,and integrity. 
D) system processing is complete,accurate,timely,and authorized.

Question 18

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

Accepted Answer

A) Access control list 
B) Internet protocol 
C) Packet switching protocol 
D) Transmission control protocol 
A) Access control list 
B) Internet protocol 
C) Packet switching protocol 
D) Transmission control protocol

Question 19

An access control matrix

Accepted Answer

A) Does not have to be updated. 
B) Is a table specifying which portions of the system users are permitted to access. 
C) Is used to implement authentication controls. 
D) Matches the user's authentication credentials to his authorization. 
A) Does not have to be updated. 
B) Is a table specifying which portions of the system users are permitted to access. 
C) Is used to implement authentication controls. 
D) Matches the user's authentication credentials to his authorization.

Question 20

Encryption has a remarkably long and varied history.The invention of writing was apparently soon followed by a desire to conceal messages.One of the earliest methods,attributed to an ancient Roman emperor,was the simple substitution of numbers for letters,for example A = 1,B = 2,etc.This is an example of

Accepted Answer

A) a hashing algorithm. 
B) symmetric key encryption. 
C) asymmetric key encryption. 
D) a public key. 
A) a hashing algorithm. 
B) symmetric key encryption. 
C) asymmetric key encryption. 
D) a public key.

Describe four requirements of effective passwords

A more rigorous test of the effectiveness of an organization's computer security.

In developing policies related to personal information about customers,Folding Squid Technologies adhered to the Trust Services framework.The standard applicable to these policies is

Which of the following is not one of the five basic principles that contribute to systems reliability according to the Trust Services framework.

In a private key system the sender and the receiver have ,and in the public key system they have .

The device that connects an organization's information system to the Internet is a

Which of the following is an example of a preventive control?

If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is

This uses automated tools to identify whether a given system possesses any well-known security problems.

Which of the following preventive controls are necessary to provide adequate security that deals with social engineering?

This processes involves the firewall examining the data in the body of an IP packet.

How does an intrusion detection system work?

This is used to identify rogue modems (or by hackers to identify targets).

The system and processes used to issue and manage asymmetric keys and digital certificates.

According to SysTrust,the reliability principle of integrity is achieved when

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

An access control matrix

Accounting Information Systems

Overview of Business Processes

Systems Development and Documentation Techniques

Relational Databases

Computer Fraud and Security

Control and Accounting Information Systems

Auditing Computer-Based Information Systems

Auditing Computer-Based Informtion Systems

The Revenue Cycle: Sales an Cash Collections

The Expenditure Cycle: Purchasing and Cash Disbursements

The Production Cycle

The Human Resources Managementpayroll Cycle

General Ledger and Reporting System

Data Modeling and Database Design

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design, Implementation and Operation

Filters

Exam 7: Infromation System Controls for Systems Reliability

Describe four requirements of effective passwords

A more rigorous test of the effectiveness of an organization's computer security.

In developing policies related to personal information about customers,Folding Squid Technologies adhered to the Trust Services framework.The standard applicable to these policies is

Which of the following is not one of the five basic principles that contribute to systems reliability according to the Trust Services framework.

In a private key system the sender and the receiver have __________,and in the public key system they have __________.

The device that connects an organization's information system to the Internet is a

Which of the following is an example of a preventive control?

If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is

This uses automated tools to identify whether a given system possesses any well-known security problems.

Which of the following preventive controls are necessary to provide adequate security that deals with social engineering?

This processes involves the firewall examining the data in the body of an IP packet.

How does an intrusion detection system work?

This is used to identify rogue modems (or by hackers to identify targets).

The system and processes used to issue and manage asymmetric keys and digital certificates.

According to SysTrust,the reliability principle of integrity is achieved when

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

An access control matrix

Accounting Information Systems

Overview of Business Processes

Systems Development and Documentation Techniques

Relational Databases

Computer Fraud and Security

Control and Accounting Information Systems

Auditing Computer-Based Information Systems

Auditing Computer-Based Informtion Systems

The Revenue Cycle: Sales an Cash Collections

The Expenditure Cycle: Purchasing and Cash Disbursements

The Production Cycle

The Human Resources Managementpayroll Cycle

General Ledger and Reporting System

Data Modeling and Database Design

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development and Systems Analysis

Ais Development Strategies

Systems Design, Implementation and Operation

Filters

In a private key system the sender and the receiver have ,and in the public key system they have .