ais chapter 11
Which of the following security controls would best prevent unauthorized access to a firm's internal network?
Automatic log-off of inactive users
An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?
Disaster recovery plan
Which of the following does not represent a viable data backup method?
Disaster recovery plan
Which of the following outcomes is a likely benefit of information technology used for internal control?
Enhanced timeliness of information
Why would companies want to use digital signatures when conducting e-business?
It can authenticate the document sender and maintain data integrity
When client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?
User accounts are not removed upon termination of employees
Which of the following is a password security weakness?
Users are assigned passwords when accounts are created, but do not change them
Which of the following is not included in the remediation phrase for vulnerability management?
Vulnerability Prioritization
Select a correct statement regarding encryption methods?
When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods
Integrity of information means the information is:
accurate and complete
In a large multinational organization, which of the following job responsibilities should be assigned to be network administrator?
Managing remote access
Why do Certificate Authority (CA) play an important role in a company's information security management?
Most companies use CA to manage their employees' public keys
Which of the following statements about asymmetric-key encryption is correct?
Most companies would like to use a Certificate Authority to manage the public keys of their employees
Which of the following statements regarding authentication in conducting e-business is incorrect?
One key is used for encryption and decryption purposes in the authentication process
When computer programs or files can be accessed from terminals, users should be required to enter a(n)
Password as a personal identification code
Fraud triangle includes incentive, opportunity and an attitude to rationalize the fraud
t
Information security is a critical factor in maintaining systems integrity.
t
Key distribution and key management are problematic under the symmetric-key encryption
t
One type of fault tolerance is using redundant units to provide a system the ability to continue functioning when part of the system fails.
t
The goal of information security management is to enhance the confidence, integrity and authority (CIA) of a firm's management.
t
The goal of information security management is to maintain confidentiality, integrity and availability of a firm's information.
t
Which of the following statements is incorrect about digital signature?
A digital signature is a message digest encrypted using the document creator's public key
Which of the following statements is incorrect?
A fraud prevention program should include an evaluation on the efficiency of business processes
Which of the following controls would most likely assure that a company can reconstruct its financial records?
Backup data are tested and stored safely
An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:
Batch processing
Bacchus, Inc. is a larger multinational corporation with various business units around the world. After a fire destroyed the corporation headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery?
Business continuity
A disaster recovery approach should include which of the following elements:
Regular backups
Which of the following statement present an example of a general control for a computerized system?
Restricting access to the computer center by use of biometric devices
What is the primary objective of data security controls?
To ensure that data storage media are subject to authorization prior to access, change, or destruction
To prevent invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as:
check digit verification
A company's audit committee is responsible for fraud risk assessments.
f
Asymmetric-key encryption is suitable for encrypting large data sets or messages
f
Disaster recovery planning and business continuity management are preventive controls
f
Encryption and hashing are similar process to maintain data confidentiality
f
Spam is a self-replicating program that runs and spreads by modifying other programs or files.
f
Symmetric-key encryption method is used to authenticate users.
f
Virus is a self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
f
Certificate Authority (CA) issues digital certificates to bond the subscriber with a public key and a private key.
t
Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.
t