Chapter 8

¡Supera tus tareas y exámenes ahora con Quizwiz!

What is a policy?

A plan or process put in place to guide actions

Which of the following is not IT governance?

A process that ensures that IT establishes control processes to achieve objectives

________ ________ _______ is a process that identifies events that may threaten an organization and provides a plan to ensure that the organization will either continue to operate when the threatened event occurs.

Business continuity planning

Having two employees authorize the release of a purchase order or requiring dual signatures on checks is an example of what type of control?

Compensatory controls

Attacks from outside the organization are known as _______ _______ ______ attacks.

Denial-of-service

Data changes that are automatically transmitted on a continuous basis to an off-site server maintained by a third party is known as:

Electronic vaulting

Data encryption:

Employs mathematical algorithms and encryption keys to encode data

A ______ is defined as someone who breaks into a computer system but does not hold malicious intent, while a _______ has a malicious intent.

Hacker, cracker

An ______ logs and monitors who is on or trying to access the network, while an ______ actively blocks unauthorized traffic using rules.

IDS, IPS

What is the purpose of the strategic IT plan?

It is used to set the direction for the IT projects

To ensure information system availability:

Maintain a hot site

Identify the item below that is not a category of a personnel control plan:

Monitoring and governance

Which of the following is not a part of monitoring control plans?

Monitoring, and observing the work of others

Which type of control plan influences the effectiveness of the control plans at lower levels of the control hierarchys?

Pervasive control plan

Program change controls:

Provide assurance that all modifications to programs are authorized and documented

The COBIT 5 framework:

Puts IT control within the larger context of enterprise-wide governance and management

The key objective of segregating duties is to:

Segregate authorization, execution, recording, and safeguarding functions

A ________ guides the IT organization in establishing and meeting user information requirements.

Steering committee

Which of the following procedures would an entity most likely include in its BDP?

Store duplicate copies of files in a location away from the computer center

Which of the following situations is not a segregation of duties violation within the revenue cycle?

The AR clerk reconciles the AR subledger to the Control account in the general ledger on a monthly basis and investigates discrepancies.

A disaster recovery plan typically does not include:

Upgrading the system

Which of the following is the correct encryption of the word SECURITY using an encryption algorithm of plus 3 letters?

VHFXULWB

All of the following are major elements of the strategic IT plan, except:

Write policies

What are layers of controls for restricting access?

a. Access rights and threat monitoring b. Identification c. Authentication d. ALL OF THESE CHOICES

_______ _______ ______ use some physical part of the body, unique to the individual, as the password.

a. Biometric identification systems

IT control process domains in COBIT 5 include:

a. Build, Acquire, and Implement (BAI) b.Evaluate, Deliver, and Monitor (EDM) c.Align, Plan, and Organize (APO) d.ALL OF THESE

A well-documented application typically includes:

a. Operations run and user manuals b. Program documentation c. Systems documentation d. ALL OF THESE CHOICES

Which of the following functions within the IT organization need to be segregated?

a. Process data received from user departments b. Create or update programs c. Protect data and computer equipment d. All of these choices are correct

Which of the following is not one of the enablers delineated by COBIT 5?

a. Processes b. Organizational structures c. Principles, policies, and frameworks d. ALL OF THESE CHOICES

Layers of controls for restricting physical access to computer facilities include:

a. Restricting access to the computer facility b. Restricting access to the facility itself c. Restricting access to the building d. ALL OF THESE CHOICES

Hacking techniques include:

a. Smoozing b. Shoulder surfing c. Phishing d. ALL OF THESE CHOICES

Major categories of pervasive controls include:

a. corporate policies IT controls and monitoring controls b. IT controls and monitoring controls c. organizational design and d. ALL OF THESE


Conjuntos de estudio relacionados

Digestive System - Primary & Secondary

View Set

Встановлення комуністичного тоталітарного режиму

View Set

Quiz #5, The Flow of Food: An Introduction

View Set

ExamFX for Life Health Insurance

View Set