Chapter 8
What is a policy?
A plan or process put in place to guide actions
Which of the following is not IT governance?
A process that ensures that IT establishes control processes to achieve objectives
________ ________ _______ is a process that identifies events that may threaten an organization and provides a plan to ensure that the organization will either continue to operate when the threatened event occurs.
Business continuity planning
Having two employees authorize the release of a purchase order or requiring dual signatures on checks is an example of what type of control?
Compensatory controls
Attacks from outside the organization are known as _______ _______ ______ attacks.
Denial-of-service
Data changes that are automatically transmitted on a continuous basis to an off-site server maintained by a third party is known as:
Electronic vaulting
Data encryption:
Employs mathematical algorithms and encryption keys to encode data
A ______ is defined as someone who breaks into a computer system but does not hold malicious intent, while a _______ has a malicious intent.
Hacker, cracker
An ______ logs and monitors who is on or trying to access the network, while an ______ actively blocks unauthorized traffic using rules.
IDS, IPS
What is the purpose of the strategic IT plan?
It is used to set the direction for the IT projects
To ensure information system availability:
Maintain a hot site
Identify the item below that is not a category of a personnel control plan:
Monitoring and governance
Which of the following is not a part of monitoring control plans?
Monitoring, and observing the work of others
Which type of control plan influences the effectiveness of the control plans at lower levels of the control hierarchys?
Pervasive control plan
Program change controls:
Provide assurance that all modifications to programs are authorized and documented
The COBIT 5 framework:
Puts IT control within the larger context of enterprise-wide governance and management
The key objective of segregating duties is to:
Segregate authorization, execution, recording, and safeguarding functions
A ________ guides the IT organization in establishing and meeting user information requirements.
Steering committee
Which of the following procedures would an entity most likely include in its BDP?
Store duplicate copies of files in a location away from the computer center
Which of the following situations is not a segregation of duties violation within the revenue cycle?
The AR clerk reconciles the AR subledger to the Control account in the general ledger on a monthly basis and investigates discrepancies.
A disaster recovery plan typically does not include:
Upgrading the system
Which of the following is the correct encryption of the word SECURITY using an encryption algorithm of plus 3 letters?
VHFXULWB
All of the following are major elements of the strategic IT plan, except:
Write policies
What are layers of controls for restricting access?
a. Access rights and threat monitoring b. Identification c. Authentication d. ALL OF THESE CHOICES
_______ _______ ______ use some physical part of the body, unique to the individual, as the password.
a. Biometric identification systems
IT control process domains in COBIT 5 include:
a. Build, Acquire, and Implement (BAI) b.Evaluate, Deliver, and Monitor (EDM) c.Align, Plan, and Organize (APO) d.ALL OF THESE
A well-documented application typically includes:
a. Operations run and user manuals b. Program documentation c. Systems documentation d. ALL OF THESE CHOICES
Which of the following functions within the IT organization need to be segregated?
a. Process data received from user departments b. Create or update programs c. Protect data and computer equipment d. All of these choices are correct
Which of the following is not one of the enablers delineated by COBIT 5?
a. Processes b. Organizational structures c. Principles, policies, and frameworks d. ALL OF THESE CHOICES
Layers of controls for restricting physical access to computer facilities include:
a. Restricting access to the computer facility b. Restricting access to the facility itself c. Restricting access to the building d. ALL OF THESE CHOICES
Hacking techniques include:
a. Smoozing b. Shoulder surfing c. Phishing d. ALL OF THESE CHOICES
Major categories of pervasive controls include:
a. corporate policies IT controls and monitoring controls b. IT controls and monitoring controls c. organizational design and d. ALL OF THESE