AIS Exam 3

Who plays a pivotal role in a company's cybersecurity program? Chief information officer (CIO) Chief financial officer (CFO) Chief executive officer (CEO) All of these

All of these

identifies events outside the normal behavior of a data set. Data summarization Anomaly detection Cluster analysis Process mining

Anomaly detection

Which of the following is not a method of attack used in the process of a full cyberattack? Reconnaissance Disruption Distancing Access

Distancing

Incorrect sender addresses are red flags indicating possible eavesdropping. phishing. Dumpster diving. ping sweeps.

Dumpster diving.

Which item is not an objective of the IT Evaluate, Direct, and Monitor domain? Ensure IT governance framework setting and maintenance. Ensure IT risk realization. Ensure stakeholder transparency. Manage an IT system of internal control.

Manage an IT system of internal control.

Which of the following is a computer program that appears to be legitimate but performs an illicit action when it is run? Redundant verification Parallel count Web crawler Trojan horse

Trojan horse

In 2017, Equifax made global news when hackers used Trojan horses to access its network. held a system hostage for ransom. accessed financial data of millions of Americans. deleted millions of records containing customer data.

accessed financial data of millions of Americans.

Eleanor Rigby's Crematorium and Pet Custodian Services wants to choose the strongest control method for accessing its systems. Eleanor should choose a sign-in log. biometrics. passwords. a two-way mirror.

biometrics.

An example of an asset misappropriation scheme is larceny. economic extortion. illegal gratuities. fictitious revenues.

larceny.

What is the most widely used international standard for IT governance? ISACA COSO ERM COBIT COSO Internal Control—Integrated Framework

COBIT

Which of the following are the descriptive components within a data set? Patterns Data compositions Quantitative values Categorical values

Categorical values

A controller is developing a disaster recovery plan for a corporation's computer systems. In the event of a disaster that makes the company's facilities unusable, the controller has arranged for the use of an alternative location and the delivery of duplicate computer hardware to this alternative location. Which of the following recovery plans would best describe this arrangement? Hot site Cold site Backup site Hot spare site agreement

Cold site

Which of the following is an example of fraudulent financial reporting? Company management changes inventory count tags and overstates ending inventory while understating cost of goods sold. The treasurer diverts customer payments to his personal bank account, concealing his actions by debiting an expense account, thus overstating expenses. An employee steals inventory, and the "shrinkage" is recorded in cost of goods sold. An employee steals small tools from the company and neglects to return them; the cost is reported as a miscellaneous operating expense.

Company management changes inventory count tags and overstates ending inventory while understating cost of goods sold.

Which of these is not a component of fraud? Concealment Act Damages Conversion

Conversion

What is the job title of a professional who, as an expert in statistics and coding, designs algorithms for predicative analytics? Business intelligence analyst Data engineer Data scientist Data analyst

Data engineer

IP spoofing is often used as part of which of the following? Viruses Trojan horses Worms Denial-of-service attacks

Denial-of-service attacks

A manager of an insurance company asks a data analyst to investigate why collision losses on newer cars were so high, the highest in history, in New Jersey in 2017. The data analyst should perform which type of analytics? Descriptive analytics Diagnostic analytics Predictive analytics Prescriptive analytics

Diagnostic analytics

Which is true of the differential backup strategy? It has the slowest backup time. It backs up all data since the last full backup. It backs up only the new data since the most recent backup of any type. It uses the highest amount of storage space.

It backs up all data since the last full backup.

Select the statement that is not true about COBIT 2019. Its organizational focus is IT governance. It focuses on all controls for assessing risk and providing assurance throughout an organization. It is a living document that welcomes feedback. It has five domains and 40 control objectives.

It focuses on all controls for assessing risk and providing assurance throughout an organization.

Which of these is not an advantage of a hot backup site? It is the most affordable option. The data backup process is integrated into the site. Immediate data recovery is possible. There is an immediate ramp-up to operations.

It is the most affordable option.

Which of the following best describes a confidence interval? It is the range of certainty that the true mean of the population is within the forecasted bounds. It is the estimate of the mean of the population. It is the length of time during which the forecast is reliable. It is a method of performing a break-even forecasting analysis.

It is the range of certainty that the true mean of the population is within the forecasted bounds.

Why did Amazon and Google choose to not build their new data centers near their headquarters? It wasn't financially feasible. They already owned land elsewhere. It was against regulations. They plan to leave those areas and relocate their headquarters.

It wasn't financially feasible.

The user reviews the outcome of some code. If the outcome is accurate, the user approves the change. The IT analyst tests the functionality of the code and authorizes it. The analyst then documents the testing. What stage of the change management process does this describe? Production Implementation Model Test

Model

Which of the following is not recommended for analyzing time series data? Natural language processing Process mining Forecasting Linear regression

Natural language processing

Which type of attack do network administrators not have control over preventing? Logical attacks Reconnaissance attacks Physical attacks Access attacks

Physical attacks

______ identifies active IP addresses, while ______ identifies the types of communication occurring on the network. Eavesdropping; phishing Phishing; port scanning Port scanning; ping sweeping Ping sweeping; port scanning

Port scanning; ping sweeping

________ uses ________ to present chronological activities in a visual flow format. Event data; network analysis Event data; process mining Process mining; event data Network analysis; event data

Process mining; event data

Which of the following is not one of the ways that the Equifax hackers hid their suspicious network activity? Purchased subscriptions to Equifax's third-party software service Created profiles using Equifax employee credentials Purchased remote computing services from other countries Blended into normal activity with encrypted communication channels

Purchased subscriptions to Equifax's third-party software service

Which of these access roles would you assign to the internal audit manager of a public company? Administration Creator Read-only Manager

Read-only

Which of these logical access controls relates to authorization rather than authentication? Role-based access Username and password Fingerprint scan Smart card

Role-based access

is a consistent movement in time series data that does not repeat, while is a consistent movement in time series data that repeats regularly. Seasonality; a time trend A time trend; noise Noise; seasonality A time trend; seasonality

Seasonality; a time trend

Which of the following best characterizes the function of a physical access control? Protects systems from Trojan horses Provides authentication of users attempting to log into the system Separates unauthorized individuals from computer resources Minimizes the risk of a power or hardware failure

Separates unauthorized individuals from computer resources

When a client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk? User passwords are not required to be in alphanumeric format. Management procedures for user accounts are not documented. User accounts are not removed upon termination of employees. Security logs are not periodically reviewed for violations.

User accounts are not removed upon termination of employees.

What is the primary difference between a virus and a worm? Viruses require human interaction, but worms replicate without assistance. Viruses must be activated before a worm can replicate. Viruses are only effective on Windows operating systems. Viruses are a type of malware, but worms are a type of denial-of-service attack.

Viruses are a type of malware, but worms are a type of denial-of-service attack.

Which of the following scenarios is not an example of a behavioral fraud red flag? Your coworker complains he didn't get a large enough bonus this year and won't be able to afford his son's soccer registration fees. Your coworker dislikes your manager and regularly complains about her. Your coworker brags about buying a new house in one of the most expensive parts of town, where a lot of the company's executives live. Your coworker never takes vacation days or sick days because he says nobody else could do his job right.

Your coworker complains he didn't get a large enough bonus this year and won't be able to afford his son's soccer registration fees.

IP spoofing disguises the ______ source address with the ______ IP address. attacker's; target's target's; attacker's recipient's; target's attacker's; recipient's

attacker's; recipient's

Managing cyber risks requires blocking all cyber breaching by relying on preventive controls. blocking all cyber breaching by relying on detective and corrective controls. attempting to prevent cyber breaching but addressing those that occur through detective and corrective controls. attempting to prevent cyber breaching but addressing those that occur through preventive controls.

attempting to prevent cyber breaching but addressing those that occur through detective and corrective controls.

Corruption fraud schemes include asset misappropriation, financial statement fraud, conflicts of interest, and illegal gratuities. economic extortion, illegal gratuities, asset misappropriation, and expense reimbursement fraud. asset misappropriation, bribery, stolen cash, and billing schemes. bribery, conflicts of interest, economic extortion, and illegal gratuities.

bribery, conflicts of interest, economic extortion, and illegal gratuities.

The fraud in which a company inflates its sales revenue by forcing more products through a distribution channel than the channel is capable of selling is called unauthorized sales sham sales. cutoff fraud. channel stuffing.

channel stuffing.

Only ___________ have access to the test environment. end users company leaders developers data analysts

developers

A fraud committed to lessen the amount of earnings that will be taxed this year is an example of misappropriation of assets. financial statement fraud that understates company performance. financial statement fraud that overstates company performance. skimming cash before it is recorded in the company's accounting books.

financial statement fraud that understates company performance.

One important purpose of COBIT is to guide managers, users, and auditors in adopting best practices related to the management of information technology. identify specific control plans that could be implemented to reduce the occurrence of fraud. specify the components of an information system that should be installed in an e-commerce environment. suggest the type of information that should be made available for management decision making.

guide managers, users, and auditors in adopting best practices related to the management of information technology.

The inside environment of a data center should include all the following except cable management system. backup power supply. fire response systems. heated floors.

heated floors.

If perceived pressure and opportunity to commit fraud are high and personal integrity is low, then the risk of fraud is low. medium. high. certain.

high.

Jonathan wants to know if the high summer temperatures in San Francisco have influenced the increase in ice cream sales at his dessert shop. In his linear regression equation, the temperature would be the dependent variable. independent variable. simple regression. multiple regression.

independent variable.

Cyberattacks are preventable. addressed in the original COSO pronouncements. assumable. inevitable.

inevitable.

Data analysis converts data into artificial intelligence. algorithms. information. processes.

information.

The IT department at Piggy Parts BBQ has recently learned of phishing attempts that rely on social engineering to break into its financial systems. Information about these attempts should be communicated to internal auditors. other personnel. all personnel. support functions.

internal auditors.

A major difference between skimming and cash larceny is that: skimming is on the books, while larceny is off the books. skimming occurs after the cash has been entered into the accounting system, while larceny occurs before it is entered into the system. larceny involves expense reimbursement schemes, while skimming involves recording fictitious revenues. larceny occurs after both the transaction and the cash have been entered into the accounting system, while skimming occurs without the transaction being entered into the system.

larceny occurs after both the transaction and the cash have been entered into the accounting system, while skimming occurs without the transaction being entered into the system.

The difference between eavesdropping and on-path attacks is that eavesdropping is ______ the communication, and an on-path attack is ______ the communication. writing over; injecting into listening to; writing over injecting into; listening to listening to; injecting into

listening to; injecting into

In investigating fraud, the type of analysis used to identify relationships between credit transactions, people, accounts, and events is called cluster analysis. network analysis. gamification analysis. optimization analysis

network analysis.

The element of the fraud triangle that a company has most influence over is rationalization. management perceptions of fraud. opportunity. perceived pressure.

opportunity.

The first behavioral element in the fraud triangle is perceived pressure. opportunity. rationalization. conversion.

perceived pressure.

A security guard opens the door to allow an authenticated person into the data center. A second person enters behind the first person without properly scanning through security. This method of circumventing physical access controls is called piggybacking, or tailgating. the access control vestibule. a backup plan. unlawful access.

piggybacking, or tailgating.

In ______ tailgating, the authorized user holds the door open for the tailgater. accidental spoofing polite forced

polite

"The company is so large it won't even notice it" is a type of opportunity. concealment. perceived pressure. rationalization.

rationalization.

Womping Wembley Corp. maintains three sets of backups, which are updated monthly, weekly, and daily. This approach illustrates a checkpoint and restart approach. RAID approach. redundant backup approach. storage area network (SAN) approach.

redundant backup approach.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends that companies facing cyberattacks that include ransom demands refuse to pay to discourage future attacks. pay immediately to protect public interests. consult lawyers before negotiating with criminals. consult NIST 800-53 for guidelines on negotiations.

refuse to pay to discourage future attacks.

When natural language processing (NLP) is used to classify emotions within communications, it is called sentiment analysis. building algorithms. process mining. network analysis.

sentiment analysis.

The major classes of asset misappropriation are skimming, larceny, and fraudulent disbursements. skimming, double dipping, and payroll fraud. skimming, fraudulent disbursements, and vendor fraud. skimming, larceny, and corruption.

skimming, larceny, and fraudulent disbursements

The most difficult asset misappropriation fraud scheme to detect, because it leaves no starting point or audit trail for auditors to investigate, is non-cash larceny. skimming. fraudulent disbursements. expense reimbursement fraud.

skimming.

A company's web server has been overwhelmed with a sudden surge of false requests that caused the server to crash. The company has most likely been the target of spoofing. piggybacking. an eavesdropping attack. a denial-of-service attack.

spoofing.

An auditor was examining a client's network and discovered that the users did not have any password protection. Which of the following would be the best example of a strong network password? trjunpqs 34787761 tr34ju78 tR34ju78

tR34ju78

The three stages in a change management process, in consecutive order, are production, test, model. test, model, production. model, test, implement. produce, test, model.

test, model, production.

The primary difference between simple regression and multiple regression is the number of independent variables. the number of dependent variables. the use of a mediator. the use of multiple data sets.

the number of independent variables.

An example of pressure to commit financial statement fraud is personal habits such as gambling or drugs. an employee bearing a grudge against the employer. unreasonable performance metrics set by management. reasonably expecting the fraud to go undetected.

unreasonable performance metrics set by management.

To identify fraudulent transactions by looking for unusual activities, you use unsupervised learning. classification. clustering. anomaly detection.

unsupervised learning.

The primary difference between classification and clustering is that classification uses machine learning, and clustering uses machine learning. reinforcement; supervised supervised; unsupervised unsupervised; supervised unsupervised; reinforcement

unsupervised; supervised