Accounting Systems Chapter 11

multimodal authentication examples

1. Password + Security Question 2. Fingerprint + Retina Scan 3. Passphrase + UserID + Answer to Security Question 4. Retina Scan + Fingerprint + Voice Recognition

multifactor authentication examples

1. Password + Smart Card 2. Smart Card + Retina Scan 3. Password + Fingerprint 4. Password + Retina Scan 5. Security Question + Retina Scan 6. Security Question + Smart Card 7. Smart Card + Fingerprint 8. Security Question + Fingerprint. 9. Security Question + Smart Card + Retina Scan 10. Security Question + Smart Card + Fingerprint 11. Password + Smart Card + Retina Scan 12. Password + Smart Card + Fingerprint

Steps in the Incident Response Process

1. Recognize that a problem exists 2. Stop the attack 3. Repair the damage 4. Analyze findings

Which of the following is not an example of multi-factor authentication?

A passphrase and a security question - you know both of these things -multi-factor is something you know + something you have

Which of the following statements is(are) true? (Check all that apply.) A. A Type 2 SOC 2 report provides information about the effectiveness of a cloud provider's information security controls. B. Cloud file-sharing services can distribute malware. C. The Internet of Things reduces the number of points of attack against an organization's information system D. Virtualization increases the risk associated with unsupervised physical access.

A. A Type 2 SOC 2 report provides information about the effectiveness of a cloud provider's information security controls. B. Cloud file-sharing services can distribute malware. D. Virtualization increases the risk associated with unsupervised physical access.

Which of the following is true? A. All of these are correct B. The Cloud and virtualization increase the risk associated with unsupervised physical access. C. Multifactor authentication is necessary for controlling access to virtualized systems. D. Network access controls (e.g., firewalls, IPS, and IDS) should be employed both in the cloud and in virtualized systems.

A. All of these are correct

Which of the following statements are true? (Check all that apply.) A. Members of the CIRT must have multiple methods of communicating with one another (e.g., e-mail, landlines, cellphones, etc.). B. The CIRT should include technical specialists. C. None of these are correct D. The CIRT should include members of senior management.

A. Members of the CIRT must have multiple methods of communicating with one another (e.g., e-mail, landlines, cellphones, etc.). B. The CIRT should include technical specialists. D. The CIRT should include members of senior management.

Which of the following are characteristics of a well-designed and effectively functioning change management and change control process? (Check all that apply.) A. Monitoring of how changes affect segregation of duties. B. Conversion controls to ensure that data is completely and accurately transferred to the new system. C. Development of "backout" plans in the event a change creates unexpected problems. D. Senior management review and approval of major changes.

A. Monitoring of how changes affect segregation of duties. B. Conversion controls to ensure that data is completely and accurately transferred to the new system. C. Development of "backout" plans in the event a change creates unexpected problems. D. Senior management review and approval of major changes.

Which of the following statements are true? (Check all that apply.) A. Organizations that have a CISO are more likely to have a well-trained CIRT. B. Ideally, the CISO should report to a member of senior management, such as the COO or CEO, rather than to the CIO. C. The CIO has responsibility that vulnerability risk assessments and security audits are periodically conducted. D. The CIO needs to work closely with the person in charge of physical security because unauthorized physical access enables an attacker to bypass logical access controls.

A. Organizations that have a CISO are more likely to have a well-trained CIRT. B. Ideally, the CISO should report to a member of senior management, such as the COO or CEO, rather than to the CIO.

Which of the following statements about improving the security of wireless is true? (Check all that apply.) A. Wireless devices should be configured to operate only in infrastructure mode, not ad hoc mode. B. Wireless SSIDs should use meaningful names such as "finance department" or "payroll" rather than names like "XYZ345". C. Wireless access points should be placed in the DMZ. D. All wireless traffic should be encrypted.

A. Wireless devices should be configured to operate only in infrastructure mode, not ad hoc mode. C. Wireless access points should be placed in the DMZ. D. All wireless traffic should be encrypted.

Change management and change control processes need to be applied to any modifications to: (Check all that apply.) A. operating procedures. B. software. C. None of these statements are true. D. hardware.

A. operating procedures. B. software. D. hardware

Which of the following is an example of multi-factor authentication? A. USB device plus retina scan B. Voice recognition plus answer to security question C. Password plus smart card D. All of these are examples of multi-factor authentication

All of these are examples of multi-factor authentication

Which of the following is the final phase of the incident response process?

Analysis of the root cause of the incident

Which is the proper sequence of steps in the security life cycle?

Assess threats and select risk response, develop and communicate policy, acquire and implement solutions, monitor performance

Which of the following statements is(are) true? (Check all that apply.) A. An increase in the number of emergency changes is an indicator that the change management and change control process is functioning well. B. Changes should be tested in a system separate from the one used for daily business processes. C. It is important to update system documentation after a change has been approved. D. Emergency changes do not need to be documented.

B. Changes should be tested in a system separate from the one used for daily business processes. C. It is important to update system documentation after a change has been approved.

Which of the following statements are true? (Check all that apply.) A. Senior management does not need security awareness training. B. Employees should be taught how to follow security policies and why those policies exist. C. Targeted e-mails are an example of a social engineering tactic that is called piggybacking. D. Employees can be an organization's weakest link in terms of security.

B. Employees should be taught how to follow security policies and why those policies exist. D. Employees can be an organization's weakest link in terms of security.

Which of the following statements is(are) true? (Check all that apply.) A. Good change management and change control increases the number of "emergency" changes needed. B. Good change management and change control reduces the costs incurred when a security incident happens. C. Good change management and change control eliminates the need for penetration tests. D. Good change management and change control results in better operating performance by reducing the number of problems that need to be fixed.

B. Good change management and change control reduces the costs incurred when a security incident happens. D. Good change management and change control results in better operating performance by reducing the number of problems that need to be fixed.

Which of the following statements is true? (Check all that apply.) A. The authentication process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authorization process determines whether to grant an employee access to the system. B. The authorization process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authentication process determines whether to grant an employee access to the system. C. Complexity (number of different types of characters) is more important than length (number of characters) in determining the strength of a password or passphrase. D. Length (number of characters) is more important than complexity (number of different types of characters) in determining the strength of a password or passphrase.

B. The authorization process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authentication process determines whether to grant an employee access to the system. D. Length (number of characters) is more important than complexity (number of different types of characters) in determining the strength of a password or passphrase.

Combining a password with which of the following is an example of multi-modal authentication? A. your e-mail address B. all of these are examples of multi-modal authentication C. name of your first-grade teacher D. correctly identifying a picture you had selected when you set up the account

B. all of these are examples of multi-modal authentication

Management seeks assurance that __________. (Check all that apply.) A. there is no security risk B. the information produced by the organization's own accounting system is reliable C. the Cloud service providers the company uses are reliable D. the company is complying with regulatory requirements

B. the information produced by the organization's own accounting system is reliable C. the Cloud service providers the company uses are reliable D. the company is complying with regulatory requirements

Which of the following is an example of multi-modal authentication? A) PIN plus ATM card B) Smart card plus fingerprint scan C) Passphrase plus answer to a security question D) All of these are examples of multi-modal authentication

C) Passphrase plus answer to a security question

Which of the following statements is(are) true? A. Virtualization can either increase or decrease security, depending upon how it is implemented. B. The Internet of Things can either increase or decrease security, depending upon how it is implemented. C. All of these are correct D. Cloud computing can either increase or decrease security, depending upon how it is implemented.

C. All of these are correct

Which of the following statements is(are) true? (Check all that apply.) A. A CIRT can improve the time-based model of security by increasing the value of R. B. Creating the position of CISO is one way to satisfy the time-based model of security by increasing the value of R. C. Creating the position of CISO is one way to satisfy the time-based model of security by reducing the value of R. D. A CIRT can improve the time-based model of security by reducing the value of R.

C. Creating the position of CISO is one way to satisfy the time-based model of security by reducing the value of R. D. A CIRT can improve the time-based model of security by reducing the value of R.

Which of the following statements are true? A. Moving systems to the cloud eliminates the need for antimalware software. B. Virtualization reduces the need for timely patch management. C. The IoT provides the opportunity to enhance physical access controls by providing real-time monitoring of employee and visitor movements throughout the office building. D. The cloud, virtualization, and the IoT eliminate the need for a CIRT.

C. The IoT provides the opportunity to enhance physical access controls by providing real-time monitoring of employee and visitor movements throughout the office building.

Which of the following statements are true? (Check all that apply.) A. Log analysis should be done once a year. B. Log analysis can be automated by installing a SIEM. C. The goal of log analysis is to determine the reasons for events such as a failed login attempt. D. Finding changes in log records is an indication that a system has been compromised.

C. The goal of log analysis is to determine the reasons for events such as a failed login attempt. D. Finding changes in log records is an indication that a system has been compromised.

Which activity are accountants most likely to participate in?

Continuous monitoring

Which of the following statements is true? A. Firewalls protect a network by looking for patterns in incoming traffic to identify and automatically block attacks. B. A firewall that inspects the data portion of a TCP packet is performing a process referred to as packet-filtering. C. Routers should be configured to perform deep packet inspection. D.A DMZ is a separate network located outside the organization's internal information system.

D. A DMZ is a separate network located outside the organization's internal information system.

Which of the following are indicators that an organization's change management and change control process is effective? A. Testing of all changes takes place in a system separate from the one used for regular business operations B. A low number of emergency changes C. A reduction in the number of problems that need to be fixed D. All of these are correct

D. All of these are correct

Which of the following statements about virtualization and cloud computing is (are) true? A. Strong user access controls are important B. Perimeter protection techniques (e.g., firewalls, IDS, and IPS) are important C. The time-based model of security applies D. All of these are correct

D. All of these are correct

Which of the following techniques is the most effective way for a firewall to protect the perimeter?

Deep packet inspection - deep packet inspection examines the contents of the data in the body of the IP packet, not just the information in the packet header. This is the best way to catch malicious code

Which component of the time-based model of security does log analysis affect?

Detection

Which device blocks or admits individual packets by examining information in the TCP and IP headers?

Firewalls

A "fake" or "decoy" system used to provide early warning that attackers are targeting an organization's systems is called a(n):

Honeypot

According to the time-based model of security, one way to increase the effectiveness is to

Increase P

Which of the following statements is true?

Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources

The time-based model of security posits that security is effective when the following equation is satisfied:

P > D + R

Which of the following statements is(are) true? A. Vulnerability scanning is an alternative to penetration testing. B. Penetration tests are authorized attacks. C. Penetration tests show whether it is possible to break into a system. D. Penetration tests seldom succeed.

Penetration tests are authorized attacks.

Which of the following combinations of credentials is an example of multifactor authentication?

Pin and ATM cards - the pin is something a person has; the ATM card is something a person has

Which step should happen first as part of the incident response process?

Recognition of an attack

Which of the following is the correct sequence of steps in the incident response process?

Recognize that a problem exists, stop the attack, repair the damage, learn from the attack

One way to improve the efficiency and effectiveness of log analysis is to use a(n):

SIEM

The Trust Services Framework identifies five principles for systems reliability. Which one of those five principles is a necessary prerequisite to the other four?

Security

The Trust Services Reliability Principle that states, "access to the system and its data is controlled and restricted to legitimate users," is known as

Security

What is the objective of a penetration test?

To identify where additional protections are most needed to increase the time and effort required to compromise the system

Which of the following was developed jointly by the AICPA and the CICA?

Trust Services

Running multiple systems (e.g., Windows, Unix, and Mac) on a single physical machine is referred to as:

Virtualization

The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called

authorization - authorization is the process of controlling what actions--read, write, delete, etc.--a user is permitted to perform

The Trust Services Principle "Privacy" focuses on

ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies.

The Trust Services Principle "Processing Integrity" focuses on

ensuring the accuracy of data

Modifying default configurations to turn off unnecessary programs and features to improve security is called

hardening

A good relationship between the information security and internal audit functions is important because it

improves the ability to detect serious issues involving employee noncompliance with security policies.

If the time an attacker takes to break through the organization's preventive controls is shorter than the sum of the time required for the organization to detect the attack and the time required to respond to the attack, then organization's security is considered

ineffective

Which of the following is a corrective control designed to fix vulnerabilities?

patch management - patch management involves replacing flawed code that represents vulnerability with corrected code, called a patch

Which of the following is a detective control?

penetration testing - penetration testing is a detective control designed to identify how long it takes to detect and respond to an attack

The Trust Services Principle "Confidentiality" focuses on

protection of sensitive corporate data from unauthorized disclosure

Which of the following is a preventative control

training - training is designed to prevent employees from falling victim to social engineering attacks and unsafe practices such as clicking links embedded in email from unknown sources

A weakness an attacker can take advantage of to either disable or take control of a system is called

vulnerability