Question 1

Internal fraud prevention and detection measures are based on __________ and __________.

Accepted Answer

A) a detailed recovery plan;containment,including a fault-tolerant system 
B) perimeter defense technologies,such as e-mail scanners;human resource procedures,such as recruitment screening 
C) general controls;application controls 
D) physical controls,including authorization;authentication systems 
A) a detailed recovery plan;containment,including a fault-tolerant system 
B) perimeter defense technologies,such as e-mail scanners;human resource procedures,such as recruitment screening 
C) general controls;application controls 
D) physical controls,including authorization;authentication systems B

Question 2

A(n)__________ occurs when a server or Web site receives a flood of traffic-much more traffic or requests for service than it can handle,causing it to crash.

Accepted Answer

A) advanced persistent threat (APT) 
B) spoofing attack 
C) malware intrusion 
D) denial of service (DoS)attack 
A) advanced persistent threat (APT) 
B) spoofing attack 
C) malware intrusion 
D) denial of service (DoS)attack D

Question 3

Why are internal threats a major challenge for organizations? How can internal threats be minimized?

Accepted Answer

Threats from employees,referred to as internal threats,are a major challenge largely due to the many ways an employee can carry out malicious activity.Insiders may be able to bypass physical security (e.g. ,locked doors)and technical security (e.g. ,passwords)measures that organizations have in place to prevent unauthorized access.Why? Because defenses such as firewalls,intrusion detection systems (IDS),and locked doors mostly protect against external threats.
Insider incidents can be minimized with a layered defense strategy consisting of security procedures,acceptable use policies,and technology controls.

Question 4

Which of the following is not one of the essential defenses against botnets and malware?

Accepted Answer

A) Anti-malware tools and anti-virus software 
B) Intrusion detection systems (IDS) 
C) Spyware and warez software 
D) Intrusion prevention systems (IPS) 
A) Anti-malware tools and anti-virus software 
B) Intrusion detection systems (IDS) 
C) Spyware and warez software 
D) Intrusion prevention systems (IPS)

Question 5

Financial institutions,data processing firms,and retail businesses do not have to notify potential victims or reveal data breaches in which customers' personal financial information may have been stolen,lost,or compromised.

Accepted Answer

A) True 
 B)False

Question 6

In general,risk management is expensive to the organization,but convenient for users.

Accepted Answer

A) True 
 B)False

Question 7

Crime can be divided into two categories depending on the tactics used to carry out the crime.What are those two categories?

Accepted Answer

A) personal and non-personal 
B) felonies and misdemeanors 
C) insider and outsider 
D) violent and nonviolent 
A) personal and non-personal 
B) felonies and misdemeanors 
C) insider and outsider 
D) violent and nonviolent

Question 8

According to a Workplace E-Mail and Instant Messaging Survey of 840 U.S.companies,approximately__________ have had employee e-mail or text messages subpoenaed as part of a lawsuit or regulatory investigation.

Accepted Answer

A) 5% 
B) 10% 
C) 20% 
D) 33% 
A) 5% 
B) 10% 
C) 20% 
D) 33%

Question 9

__________ is the chain of events linking the business continuity plan to protection and to recovery.

Accepted Answer

A) Disaster recovery 
B) Auditing 
C) Date recovery 
D) Internal control 
A) Disaster recovery 
B) Auditing 
C) Date recovery 
D) Internal control

Question 10

Why do fraud prevention and detection require an effective monitoring system?

Accepted Answer

SOX and the SEC made it clear that if co

Question 11

The objective of IT security management practices is to defend __________.

Accepted Answer

A) data and data processing capabilities 
B) hardware and software applications and wireless devices 
C) data and networks 
D) data,hardware,software applications,and networks 
A) data and data processing capabilities 
B) hardware and software applications and wireless devices 
C) data and networks 
D) data,hardware,software applications,and networks

Question 12

The infosec defense strategies and controls depend on what needs to be protected and the cost-benefit analysis.That is,companies should neither under-invest nor over-invest.

Accepted Answer

A) True 
 B)False

Question 13

The Sarbanes-Oxley Act (SOX):

Accepted Answer

A) is an antifraud law. 
B) forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles)violations. 
C) makes it necessary to find and root out fraud. 
D) All of the above 
A) is an antifraud law. 
B) forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles)violations. 
C) makes it necessary to find and root out fraud. 
D) All of the above

Question 14

A majority of data breaches involve:

Accepted Answer

A) insider error or action that is either intentional or unintentional. 
B) insider action that is intentional. 
C) former employees and IT staff. 
D) hackers. 
A) insider error or action that is either intentional or unintentional. 
B) insider action that is intentional. 
C) former employees and IT staff. 
D) hackers.

Question 15

Locking a Blackberry does not provide strong data protection.Why?

Accepted Answer

A) Security company IronKey reported that password cracking software can quickly copy the contents of a BlackBerry's SD card and crack a 4-digit PIN in 30 seconds. 
B) Password cracking software can crack security on a handheld device without alerting the owner that the device's security has been compromised. 
C) password cracking software can store log-in information for the cracked handheld,allowing a hacker to access the hacked device again,unless the user changes the password. 
D) All of the above. 
A) Security company IronKey reported that password cracking software can quickly copy the contents of a BlackBerry's SD card and crack a 4-digit PIN in 30 seconds. 
B) Password cracking software can crack security on a handheld device without alerting the owner that the device's security has been compromised. 
C) password cracking software can store log-in information for the cracked handheld,allowing a hacker to access the hacked device again,unless the user changes the password. 
D) All of the above.

Question 16

Firewalls and intrusion detection systems are placed throughout networks to monitor and control traffic into and out of a network.

Accepted Answer

A) True 
 B)False

Question 17

Prior to 2002,what was the common perspective on infosec?

Accepted Answer

A) Infosec was mostly a financial issue assigned to the accounting department. 
B) The focus was on preemptive approaches to protect ahead of the threats. 
C) The biggest concerns were risks from employees and malware. 
D) Infosec was viewed as a cost rather than as a resource for preventing business disruptions. 
A) Infosec was mostly a financial issue assigned to the accounting department. 
B) The focus was on preemptive approaches to protect ahead of the threats. 
C) The biggest concerns were risks from employees and malware. 
D) Infosec was viewed as a cost rather than as a resource for preventing business disruptions.

Question 18

__________ refers to the deliberate misuse of the assets of one's employer for personal gain.

Accepted Answer

A) Corruption 
B) Conflict of interest 
C) Occupational fraud 
D) Earnings management 
A) Corruption 
B) Conflict of interest 
C) Occupational fraud 
D) Earnings management

Question 19

Symptoms of fraud that can be detected by internal controls include all of the following except:

Accepted Answer

A) missing documents. 
B) delayed bank deposits. 
C) employees who do not take vacations or go out of their way to work overtime. 
D) large increase in network traffic. 
A) missing documents. 
B) delayed bank deposits. 
C) employees who do not take vacations or go out of their way to work overtime. 
D) large increase in network traffic.

Question 20

__________ is the supervision,monitoring,and control of the organization's IT assets.COBIT is a guide to best practices in this area.

Accepted Answer

The answer of __________ is the supervision,monitoring,and control of the...

Internal fraud prevention and detection measures are based on and .

A(n)__________ occurs when a server or Web site receives a flood of traffic-much more traffic or requests for service than it can handle,causing it to crash.

Why are internal threats a major challenge for organizations? How can internal threats be minimized?

Which of the following is not one of the essential defenses against botnets and malware?

Financial institutions,data processing firms,and retail businesses do not have to notify potential victims or reveal data breaches in which customers' personal financial information may have been stolen,lost,or compromised.

In general,risk management is expensive to the organization,but convenient for users.

Crime can be divided into two categories depending on the tactics used to carry out the crime.What are those two categories?

According to a Workplace E-Mail and Instant Messaging Survey of 840 U.S.companies,approximately__________ have had employee e-mail or text messages subpoenaed as part of a lawsuit or regulatory investigation.

__________ is the chain of events linking the business continuity plan to protection and to recovery.

Why do fraud prevention and detection require an effective monitoring system?

The objective of IT security management practices is to defend __________.

The infosec defense strategies and controls depend on what needs to be protected and the cost-benefit analysis.That is,companies should neither under-invest nor over-invest.

The Sarbanes-Oxley Act (SOX):

A majority of data breaches involve:

Locking a Blackberry does not provide strong data protection.Why?

Firewalls and intrusion detection systems are placed throughout networks to monitor and control traffic into and out of a network.

Prior to 2002,what was the common perspective on infosec?

__________ refers to the deliberate misuse of the assets of one's employer for personal gain.

Symptoms of fraud that can be detected by internal controls include all of the following except:

__________ is the supervision,monitoring,and control of the organization's IT assets.COBIT is a guide to best practices in this area.

Information Systems in the 2010s

Infrastructure and Support Systems

Data,text,and Document Management

Network Management and Mobility

E-Business and E-Commerce

Mobile Computing and Commerce

Web 2.0 and Social Media

Operational Planning and Control Systems

Enterprise Information Systems

Business Intelligence and Decision Support

IT Strategic Planning

Business Process Management and Systems Development

Global Ecology, ethics, and Social Responsibility

Filters

Exam 5: IT Security, crime, compliance, and Continuity

Internal fraud prevention and detection measures are based on __________ and __________.

A(n)__________ occurs when a server or Web site receives a flood of traffic-much more traffic or requests for service than it can handle,causing it to crash.

Why are internal threats a major challenge for organizations? How can internal threats be minimized?

Which of the following is not one of the essential defenses against botnets and malware?

Financial institutions,data processing firms,and retail businesses do not have to notify potential victims or reveal data breaches in which customers' personal financial information may have been stolen,lost,or compromised.

In general,risk management is expensive to the organization,but convenient for users.

Crime can be divided into two categories depending on the tactics used to carry out the crime.What are those two categories?

According to a Workplace E-Mail and Instant Messaging Survey of 840 U.S.companies,approximately__________ have had employee e-mail or text messages subpoenaed as part of a lawsuit or regulatory investigation.

__________ is the chain of events linking the business continuity plan to protection and to recovery.

Why do fraud prevention and detection require an effective monitoring system?

The objective of IT security management practices is to defend __________.

The infosec defense strategies and controls depend on what needs to be protected and the cost-benefit analysis.That is,companies should neither under-invest nor over-invest.

The Sarbanes-Oxley Act (SOX):

A majority of data breaches involve:

Locking a Blackberry does not provide strong data protection.Why?

Firewalls and intrusion detection systems are placed throughout networks to monitor and control traffic into and out of a network.

Prior to 2002,what was the common perspective on infosec?

__________ refers to the deliberate misuse of the assets of one's employer for personal gain.

Symptoms of fraud that can be detected by internal controls include all of the following except:

__________ is the supervision,monitoring,and control of the organization's IT assets.COBIT is a guide to best practices in this area.

Information Systems in the 2010s

Infrastructure and Support Systems

Data,text,and Document Management

Network Management and Mobility

E-Business and E-Commerce

Mobile Computing and Commerce

Web 2.0 and Social Media

Operational Planning and Control Systems

Enterprise Information Systems

Business Intelligence and Decision Support

IT Strategic Planning

Business Process Management and Systems Development

Global Ecology, ethics, and Social Responsibility

Filters

Internal fraud prevention and detection measures are based on and .