Exam 7: Infromation System Controls for Systems Reliability

It was 9:08 A.M.when Jiao Jan,the Network Administrator for Folding Squid Technologies,was informed that the intrusion detection system had identified an ongoing attempt to breach network security.By the time that Jiao had identified and blocked the attack,the hacker had accessed and downloaded several files from the company's server.Using the notation for the time-based model of security,in this case

This is an authorized attempt by an internal audit team or an external security consultant to break into the organization's information system.

In recent years,many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.

This is designed to identify and drop packets that are part of an attack.

When new employees are hired by Folding Squid Technologies,they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(an)

Which of the following is an example of a corrective control?

When new employees are hired by Folding Squid Technologies,they are assigned user names and appropriate permissions are entered into the information system's access control matrix.This is an example of a(an)

On March 3,2008,a laptop computer belonging to Folding Squid Technology was stolen from the trunk of Jiao Jan's car while he was attending a conference in Cleveland,Ohio.After reporting the theft,Jiao considered the implications of the theft for the company's network security and concluded there was nothing to worry about because

What are the problems with symmetric encryption?

This screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header..

The AICPA and the CICA have created an evaluation service known as SysTrust.SysTrust follows four principles to determine if a system is reliable.The reliability principle that states that users must be able to enter,update,and retrieve data during agreed-upon times is known as

Which of the following is not one of the three important factors determining the strength of any encryption system?

Information encrypted with the creator's private key that is used to authenticate the sender is.

What three factors determine the strength of any encryption system?

One way to circumvent the counterfeiting of public keys is by using

Verifying the identity of the person or device attempting to access the system is

Which of the following is commonly true of the default settings for most commercially available wireless access points?

Giving users regular,periodic reminders about security policies and training in complying with them is an example of which of the following trust services criteria?

All employees of E.C.Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted.Entry to secure areas,such as the Information Technology Department offices,requires further procedures.This is an example of a(an)

Which of the following descriptions is not associated with symmetric encryption?