Chapter 11
A good relationship between the information security and internal audit functions is important because it A. increases security-related material internal control weaknesses. B. eliminates security incidents. C. increases top management support for information security. D. improves the ability to detect serious issues involving employee noncompliance with security policies.
D
A weakness an attacker can take advantage of to either disable or take control of a system is called a[n] __________. A. patch B. exploit C. attack D. vulnerability
D
Combining a password with which of the following is an example of multi-modal authentication? A. Your e-mail address B. Name of your first-grade teacher C. Correctly identifying a picture you had selected when you set up the account D. All of these are examples of multi-modal authentication
D
If the time an attacker takes to break through the organization's preventive controls is shorter than the sum of the time required for the organization to detect the attack and the time required to respond to the attack, then organization's security is considered A. efficient. B. inefficient. C. effective. D. ineffective.
D
The Trust Services Principle "Privacy" focuses on A. the accessibility of system and data when needed. B. ensuring the accuracy of data. C. protection of sensitive corporate data from unauthorized disclosure. D. ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies.
D
The Trust Services Principle "Processing Integrity" focuses on A. the accessibility of system and data when needed. B. ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. C. protection of sensitive corporate data from unauthorized disclosure. D. ensuring the accuracy of data.
D
Which is the proper sequence of steps in the security life cycle? A. Assess threats and select risk response, monitor performance, develop and communicate policy, acquire and implement solutions B. Develop and communicate policy, monitor performance, assess threats and select risk response, acquire and implement solutions C. Assess threats and select risk response, acquire and implement solutions, monitor performance, develop and communicate policy D. Assess threats and select risk response, develop and communicate policy, acquire and implement solutions, monitor performance
D
Which of the following is a corrective control designed to fix vulnerabilities? A. penetration testing B. virtualization C. authorization D. patch management
D
Which of the following is not an example of multi-factor authentication? A. A fingerprint and a USB device B. A password and a cellphone C. A 6-digit PIN and a smart card D. A passphrase and a security question
D
Which of the following statements is true? A. Changes should be tested in a system separate from the one used to process transactions. B. "Emergency" changes need to be documented once the problem is resolved. C. Change controls are necessary to maintain adequate segregation of duties. D. All of the above are true.
D
Which of the following statements is(are) true? A. Penetration tests show whether it is possible to break into a system. B. Penetration tests seldom succeed. C. Vulnerability scanning is an alternative to penetration testing. D. Penetration tests are authorized attacks.
D
Is the combination of three credentials together multimodal or multifactor authentication? Security Question + Smart Card + Retina Scan Security Question + Smart Card + Fingerprint Password + Smart Card + Retina Scan Password + Smart Card + Fingerprint
Multifactor
Is the combination of two credentials together multimodal or multifactor authentication? Smart Card + Fingerprint Smart Card + Retina Scan Password + Retina Scan Security Question + Fingerprint Security Question + Retina Scan Password + Fingerprint Security Question + Smart Card Password + Smart Card
Multifactor
Is the combination of three credentials together multimodal or multifactor authentication? Passphrase + UserID + Answer to Security Question Retina Scan + Fingerprint + Voice Recognition
Multimodal
Is the combination of two credentials together multimodal or multifactor authentication? Password + Security Question Finger Print + Retina Scan
Multimodal
Arrange the four steps of the incident response process into the proper sequence, starting with the first step at the top of the list
Recognition of an attack Containment of the problem by the incident response team Recover from backups Analysis of the root cause of the incident
Security
controls and restricts access to systems and data
Processing integrity
ensures accuracy of data
Privacy
ensures that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies
Confidentiality
protection of sensitive corporate data from unauthorized disclosure
Availability
system and data can be accessed when needed
Modifying default configurations to turn off unnecessary programs and features to improve security is called _______. A. hardening B. defense-in-depth C. user account management D. vulnerability scanning
A
The Trust Services Reliability Principle that states, "access to the system and its data is controlled and restricted to legitimate users," is known as A. security. B. confidentiality. C. processing integrity. D. privacy.
A
The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called __________. A. authorization B. intrusion prevention C. intrusion detection D. authentication
A
What is the objective of a penetration test? A. To identify where additional protections are most needed to increase the time and effort required to compromise the system B. To correct identified weaknesses by applying updates that eliminate known vulnerabilities C. To determine whether or not a system can be broken into D. To prevent employees from doing actions that are incompatible with their job functions
A
Which device blocks or admits individual packets by examining information in the TCP and IP headers? A. Intrusion prevention system (IPS) B. Firewalls C. Intrusion detection systems (IDS) D. DMZ
A
Which of the following is a detective control? A. penetration testing B. physical access controls C. endpoint hardening D. patch management
A
Which of the following is a preventive control? A. training B. CIRT C. log analysis D. virtualization
A
Which of the following is true? A. All of these are correct B. The Cloud and virtualization increase the risk associated with unsupervised physical access. C. Multifactor authentication is necessary for controlling access to virtualized systems. D. Network access controls (e.g., firewalls, IPS, and IDS) should be employed both in the cloud and in virtualized systems.
A
Which of the following statements are true? A. The IoT provides the opportunity to enhance physical access controls by providing real-time monitoring of employee and visitor movements throughout the office building. B. Virtualization reduces the need for timely patch management. C. The cloud, virtualization, and the IoT eliminate the need for a CIRT. D. Moving systems to the cloud eliminates the need for antimalware software.
A
Which of the following statements is true? A. A DMZ is a separate network located outside the organization's internal information system. B. Routers should be configured to perform deep packet inspection. C. Firewalls protect a network by looking for patterns in incoming traffic to identify and automatically block attacks. D. A firewall that inspects the data portion of a TCP packet is performing a process referred to as packet-filtering.
A
Which of the following statements is(are) true? A. All of these are correct B. Virtualization can either increase or decrease security, depending upon how it is implemented. C. Cloud computing can either increase or decrease security, depending upon how it is implemented. D. The Internet of Things can either increase or decrease security, depending upon how it is implemented.
A
Which of the following techniques is the most effective way for a firewall to protect the perimeter? A. Deep packet inspection B. Packet filtering C. Access control lists D. All of the above are equally effective.
A
Which step should happen first as part of the incident response process? A .Recognition of an attack B. Recovery from backups C. Analysis of the root cause of the incident D. Containment of the problem by the incident response team
A
Which of the following statements is(are) true? (Check all that apply.) A. Good change management and change control reduces the costs incurred when a security incident happens. B. Good change management and change control results in better operating performance by reducing the number of problems that need to be fixed. C. Good change management and change control eliminates the need for penetration tests. D. Good change management and change control increases the number of "emergency" changes needed.
A, B
Which of the following are characteristics of a well-designed and effectively functioning change management and change control process? (Check all that apply.) A. Senior management review and approval of major changes. B. Development of "backout" plans in the event a change creates unexpected problems. C. Monitoring of how changes affect segregation of duties. D. Conversion controls to ensure that data is completely and accurately transferred to the new system.
A, B, C, D
Management seeks assurance that __________. (Check all that apply.) A. the company is complying with regulatory requirements B. the information produced by the organization's own accounting system is reliable C. there is no security risk D. the Cloud service providers the company uses are reliable
A, B, D
Which of the following statements about improving the security of wireless is true? (Check all that apply.) A. Wireless devices should be configured to operate only in infrastructure mode, not ad hoc mode. B. Wireless access points should be placed in the DMZ. C. Wireless SSIDs should use meaningful names such as "finance department" or "payroll" rather than names like "XYZ345". D. All wireless traffic should be encrypted.
A, B, D
Which of the following statements are true? (Check all that apply.) A. The CIRT should include members of senior management. B. Members of the CIRT must have multiple methods of communicating with one another (e.g., e-mail, landlines, cellphones, etc.). C. None of these are correct D. The CIRT should include technical specialists.
A, B, D
Which of the following statements are true? (Check all that apply.) A. Organizations that have a CISO are more likely to have a well-trained CIRT. B. The CIO has responsibility that vulnerability risk assessments and security audits are periodically conducted. C. Ideally, the CISO should report to a member of senior management, such as the COO or CEO, rather than to the CIO. D. The CIO needs to work closely with the person in charge of physical security because unauthorized physical access enables an attacker to bypass logical access controls.
A, C
Which of the following statements is(are) true? (Check all that apply.) A. Cloud file-sharing services can distribute malware. B. The Internet of Things reduces the number of points of attack against an organization's information system. C. A Type 2 SOC 2 report provides information about the effectiveness of a cloud provider's information security controls. D. Virtualization increases the risk associated with unsupervised physical access.
A, C, D
Running multiple systems (e.g., Windows, Unix, and Mac) on a single physical machine is referred to as: A. None of these are correct B. Virtualization C. Cloud Computing D. Internet of Things
B
The Trust Services Principle "Confidentiality" focuses on A. ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. B. protection of sensitive corporate data from unauthorized disclosure. C. ensuring the accuracy of data. D. the accessibility of system and data when needed.
B
The time-based model of security posits that security is effective when the following equation is satisfied: A. P < D + R B. P > D + R C. P = D + R D. None of these are correct.
B
Which of the following combinations of credentials is an example of multifactor authentication? A. voice recognition and a fingerprint reader B. PIN and ATM cards C. password and a user ID D. All of the above
B
Which of the following is an example of multi-factor authentication? A. Voice recognition plus answer to security question B. All of these are examples of multi-factor authentication C. USB device plus retina scan D. Password plus smart card
B
Which of the following is the final phase of the incident response process? A. Recovery from backups B. Analysis of the root cause of the incident C. Recognition of an attack
B
Which of the following statements is true? A. The concept of defense-in-depth reflects the fact that security involves the use of a few sophisticated technical controls. B. Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources. C. Information security is primarily an IT issue, not a managerial concern. D. The time-based model of security can be expressed in the following formula: P < D + R.
B
Which of the following statements are true? (Check all that apply.) A. Senior management does not need security awareness training. B. Employees can be an organization's weakest link in terms of security. C. Employees should be taught how to follow security policies and why those policies exist. D. Targeted e-mails are an example of a social engineering tactic that is called piggybacking.
B, C
Which of the following statements is(are) true? (Check all that apply.) A. Emergency changes do not need to be documented. B. It is important to update system documentation after a change has been approved. C. Changes should be tested in a system separate from the one used for daily business processes. D. An increase in the number of emergency changes is an indicator that the change management and change control process is functioning well.
B, C
Change management and change control processes need to be applied to any modifications to: (Check all that apply.) A. None of these statements are true. B. software. C. operating procedures. D. hardware.
B, C, D
Which of the following statements are true? (Check all that apply.) A. Log analysis can be automated by installing a SIEM. B. Finding changes in log records is an indication that a system has been compromised. C. Log analysis should be done once a year. D. The goal of log analysis is to determine the reasons for events such as a failed login attempt.
B, D
Which of the following statements is true? (Check all that apply.) A. Complexity (number of different types of characters) is more important than length (number of characters) in determining the strength of a password or passphrase. B. The authorization process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authentication process determines whether to grant an employee access to the system. C. The authentication process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authorization process determines whether to grant an employee access to the system. D. Length (number of characters) is more important than complexity (number of different types of characters) in determining the strength of a password or passphrase.
B, D
A "fake" or "decoy" system used to provide early warning that attackers are targeting an organization's systems is called a(n): A. SIEM B. IDS C. Honeypot D. DMZ
C
According to the time-based model of security, one way to increase the effectiveness is to A. Increase R B. Increase D C. Increase P D. All of these are correct
C
One way to improve the efficiency and effectiveness of log analysis is to use a(n): A. Intrusion Detection System (IDS) B. DMZ C. SIEM D. None of these are correct
C
The Trust Services Framework identifies five principles for systems reliability. Which one of those five principles is a necessary prerequisite to the other four? A. Privacy B. Processing integrity C. Security D. Confidentiality E. Availability
C
Which activity are accountants most likely to participate in? A. Log analysis B. Installing and monitoring a honeypot C. Continuous monitoring D. Running an IDS
C
Which component of the time-based model of security does log analysis affect? A. Protection B. Response C. Detection D. Reaction
C
Which of the following are indicators that an organization's change management and change control process is effective? A. A low number of emergency changes B. A reduction in the number of problems that need to be fixed C. All of these are correct D. Testing of all changes takes place in a system separate from the one used for regular business operations
C
Which of the following is an example of multi-modal authentication? A. PIN plus ATM card B. All of these are examples of multi-modal authentication C. Passphrase plus answer to a security question D. Smart card plus fingerprint scan
C
Which of the following is the correct sequence of steps in the incident response process? A. Recognize that a problem exists, repair the damage, stop the attack, learn from the attack B. Stop the attack, recognize that a problem exists, repair the damage, learn from the attack C. Recognize that a problem exists, stop the attack, repair the damage, learn from the attack D. Stop the attack, repair the damage, recognize that a problem exists, learn from the attack
C
Which of the following statements about virtualization and cloud computing is(are) true? A. Strong user access controls are important B. Perimeter protection techniques (e.g., firewalls, IDS, and IPS) are important C. All of these are correct D. The time-based model of security applies
C
Which of the following was developed jointly by the AICPA and the CICA? A. GDPR B. COBIT 2019 C. Trust Services D. SOX
C
Which of the following statements is(are) true? (Check all that apply.) A. Creating the position of CISO is one way to satisfy the time-based model of security by increasing the value of R. B. A CIRT can improve the time-based model of security by increasing the value of R. C. Creating the position of CISO is one way to satisfy the time-based model of security by reducing the value of R. D. A CIRT can improve the time-based model of security by reducing the value of R.
C, D