Final Exam - Chapter 1

¡Supera tus tareas y exámenes ahora con Quizwiz!

The internal audit function may be outsourced to an external consulting firm. A. True B. False

A

Whereas only qualified auditors perform security audits, anyone may do security assessments. A. True B. False

A

NIST 800-53A provides ________.

A guide for assessing security controls

Which of the following is an assessment method that attempts to bypass controls and gain access to a specific system by simulating the actions of a would-be attacker? A. Policy review B. Penetration test C. Standards review D. Controls audit E. Vulnerability scan

B

Which of the following best describes an audit used to determine if a Fortune 500 health care company is adhering to Sarbanes-Oxley and HIPAA regulations? A. IT audit B. Operational audit C. Compliance audit D. Financial audit E. Investigative audit audit D. Financial audit E. Investigative audit

C

Compliance initiatives typically are efforts around all except which one of the following? A. To adhere to internal policies and standards B. To adhere to regulatory requirements C. To adhere to industry standards and best practices D. To adhere to an auditor's recommendation

D

Noncompliance with regulatory standards may result in which of the following? A. Brand damage B. Fines C. Imprisonment D. All of the above E. B and C only

D

Which of the following companies engaged in fraudulent activity and subsequently filed for bankruptcy? A. WorldCom B. Enron C. TJX D. All of the above E. A and B only

D

Which one of the following is not a method used for conducting an assessment of security controls? A. Examine B. Interview C. Test D. Remediate

D

At all levels of an organization, compliance is closely related to which of the following? A. Governance B. Risk management C. Government D. Risk assessment E. Both A and B F. Both C and D

E

Which one of the following is true with regard to audits and assessments? A. Assessments typically result in a pass or fail grade, whereas audits result in a list of recommendations to improve controls. B. Assessments are attributive and audits are not. C. An audit is typically a precursor to an assessment. D. An audit may be conducted independently of an organization, whereas internal IT staff always conducts an IT security assessment. E. Audits can result in blame being placed upon an individual.

E

A security assessment is a method for proving the strength of security systems.

False

Categorizing information and information systems and then selecting and implementing appropriate security controls is part of a ________.

Risk-based approach

Some regulations are subject to ________, which means even if there wasn't intent of noncompliance, an organization can still incur large fines.

Strict Liability

An IT security audit is an ________ assessment of an organization's internal policies, controls, and activities.

Independent


Conjuntos de estudio relacionados

PMI Project Management Professional (PMP) Exam

View Set

Chapter 56: Acute Intracranial Problems

View Set

Chapter 29: Structural pest control reports and repairs

View Set

History and Geography 800: Unit 8 Quiz 1

View Set

PrepU ch. 26: Safety, Security, and Emergency Preparedness

View Set

Chapter 5 Ethernet (802.3) Switched LANs

View Set

Evolve HESI Leadership/Management

View Set