Chp 10
New IT security technology A) Is usually worth the investment B) Is less vulnerable to cyberattacks C) May create vulnerabilities and risks to confidential data contained in the accounting system D) Are usually reliable enough to adequately safeguard accounting data
C
According to Verizon's 2012 Data Breach Investigations Report, what percentage of breaches were physical attacks, such as a stolen laptop? A) 10% B) 15% C) 23% D) 45%
A
) Which key is used by an algorithm to scramble the data? A) Transposition key B) Primary key C) Product key D) Substitution key
A
Security of the IT architecture should be considered in which phase of the system development life cycle (SDLC)? A) All the phases B) Design phase C) Install phase D) Build/purchase phase
A
The COSO internal control component Information and Communication usually maps to which COBIT domain for IT processes? A) PO2 Define the information architecture B) PO1 Define a strategic IT plan C) PO4 Define the IT processes, organization, and relationships D) PO9 Assess and manage IT risks
A
This security management principle ensures that sensitive data at each point in information processing is secure and protected from unauthorized access. A) Confidentiality B) Integrity C) Private D) Availability
A
Which IT process domain, as defined by COBIT, relates to IT strategy and tactics to contribute to attaining business goals? A) Plan and Organize (PO) Domain B) Deliver and Support (DS) Domain C) Acquire and Implement (AI) Domain D) Monitor and Evaluate (ME) Domain
A
Which access control threat uses programs or devices that examine traffic on the enterprise network? A) Network sniffers B) Phishing C) Identify theft D) Spoofing at log-on
A
Which of the following is NOT a network access point? A) Keyboard B) Bridge C) Computer D) Router
A
Which of the following is NOT considered a deterrent to the physical access to corporate offices? A) GPS tracking B) Locked doors C) Fences D) Cameras
A
Which of the following network hardware are typically personal computers and laptops connected to the network? A) Workstation computers B) Server computers C) Routing devices D) Peripherals
A
Which type of malware executes when a specific event happens within the computer? A) Logic bombs B) Bots C) Trojan horses D) Worms
A
Cybercrimes are crimes connected to what? (Select the best answer) A) Information assets and IT B) The financial services industry C) Electronic payments D) Electronic transfer of funds
A) Information assets and IT
) According to Verizon's 2012 Data Breach Investigations Report, what percentage of attacks were from activist groups? A) 63% B) 58% C) 52% D) 48%
B
) What is a microcomputer? A) A computer with moderate computing power B) A personal computer or laptop C) A smart phone D) A powerful, high-speed computer used for complex numerical calculations
B
In the COBIT framework, which IT resource category consists of manual and programmed procedures to process information? A) Infrastructure B) Applications C) People D) Information
B
The physical and environmental security domain addresses A) Activities and procedures required to keep information technology running securely B) The physical security of information technology components, such as hardware and software C) Security for telecommunications, networks, and the Internet D) Security for access to the enterprise system, including computers, networks, routers, and
B
Which IT process domain, as defined by COBIT, encompasses IT operations, security, and training? A) Plan and Organize (PO) Domain B) Deliver and Support (DS) Domain C) Acquire and Implement (AI) Domain D) Monitor and Evaluate (ME) Domain
B
Which authentication method involves analyzing the user's retina? A) Single sign-on B) Biometrics C) Token device D) Dynamic password
B
Which domain covers security for the electrical transmission of data through analog or digital transmission media? A) Security architecture and design B) Telecommunications C) Application security D) Cryptography
B
Which legislation requires each federal agency to develop, document, and implement an agency-wide information security program? A) Employee Privacy Issues B) Federal Information Security Management Act of 2002 (FISMA) C) Computer Fraud and Abuse Act D) Federal Privacy Act of 1974
B
Which network protocol (software) is commonly used to connect computers to create a LAN? A) Internet protocol (IP) B) Ethernet protocol C) Electronic data interchange (EDI) D) Transport control protocol (TCP)
B
Which of the following is NOT part of the information criteria as defined by COBIT? A) Integrity B) Scalability C) Availability D) Confidentiality
B
Which of the following is a combination of two encryption keys? A) Transposition key B) Product key C) Foreign key D) Substitution key
B
Which of the following is NOT part of the 10 domains of cybersecurity? A) Cryptography B) Database security C) Physical and environmental security D) Access control
B) Database security
) In the government sector, unauthorized disclosure of data with this classification might be harmful to national security. A) Sensitive But Unclassified B) Top Secret C) Confidential D) Secret
C
IT security management responsibility includes A) Developing contingency plans for virus attacks B) Input/output controls C) Maintaining security devices and software D) Training to all employees to inform and educate them regarding security policies and
C
Which legislation requires financial institutions to provide customers with privacy notices and prohibits the institutions from sharing customer information with nonaffiliated third parties? A) Federal Privacy Act of 1974 B) Sarbanes-Oxley C) Gramm-Leach-Bliley Act D) Computer Security Act of 1987
C
According to Verizon's 2012 Data Breach Investigations Report, what percentage of breaches were tied to organized criminal groups? A) 79% B) 65% C) 83% D) 58%
C) 83%
) In IT architecture security, what is NOT part of the software application ring? A) Accounting software B) Web browsers C) Word processing applications D) Relational database management system
D
A commercial disaster recovery service that provides IT services and can be fully operational is a few hours is which type of back up facility? A) Warm site B) Cold site C) Internal site D) Hot site
D
Operations security refers to A) Security for access to the enterprise system, including computers, networks, routers, and databases B) Security for telecommunications, networks, and the Internet C) The physical security of information technology components, such as hardware and software D) Activities and procedures required to keep information technology running securely
D
Which legislation requires organizations that handle credit and debit card data to meet cybersecurity requirements to safeguard data? A) Computer Fraud and Abuse Act B) Federal Information Security Management Act of 2002 (FISMA) C) Economic Espionage Act of 1996 D) Payment Card Industries Data Security Standards (PCI-DDS)
D
Which network protocol (software) allows the enterprise network to connect to the network of vendors and suppliers through proprietary lines? A) Transport control protocol (TCP) B) Ethernet protocol C) Internet protocol (IP) D) Electronic data interchange (EDI)
D
Which of the following firewalls destroys suspicious messages? A) Low-level security firewall B) Medium-level security firewall C) High-level security firewall D) Proxy firewall
D
Which of the following network hardware are utility devices connected to the network for shared use? A) Workstation computers B) Server computers C) Routing devices D) Peripherals
D