1. IT Infrastructure & 2. Cloud Computing

C. Prioritizing risk

Which of the following activities would fall within the Performance component of the COSO Integrating with Strategy and Performance Framework? A. Defining risk appetite B. Reviewing risk and performance C. Prioritizing risk D. Reporting on risk

C. Processing and storage can be rented in units of time, scaling up during peak usage times.

Which of the following are benefits of using a cloud service provider (CSP)? A. Flexibility to perform any maintenance needed on the underlying infrastructure. B. Ensure the application is running on the latest version of the operating system. C. Processing and storage can be rented in units of time, scaling up during peak usage times. D. Virtual machines can be stored off site or on a company's premises.

A. Presentation layer

A business analyst is attempting to diagnose why encrypted data is getting corrupted during transmission, causing decryption to fail. At what layer in the Open Systems Interconnection (OSI) model is the issue most likely occurring? A. Presentation layer B. Network layer C. Application layer D. Session layer

C. The provider's vertical scalability.

When evaluating a cloud service provider's data security measures, a company would appropriately consider each of the following risk factors, except: A. The provider's cloud-of-cloud agreements. B. The provider's multi-tenant architecture. C. The provider's vertical scalability. D. The provider's third-party suppliers.

A. Utilizing a community cloud deployment model.

A cloud service provider's vision is to provide reliable and consistent network connectivity for all customers. Part of its corporate strategy for achieving that is heavily reliant on all of the following except: A. Utilizing a community cloud deployment model. B. Full autonomy over disaster recovery processes. C. Owning the underlying physical IT infrastructure. D. Having all IT personnel on the company payroll.

C. Software-as-a-Service (SaaS)

The following depicts which type of cloud computing model? (Uptime, Data Center, Application design, Managed by: The organization, Cloud service providers, The organization A. Infrastructure-as-a-Service (IaaS) B. Platform-as-a-Service (PaaS) C. Software-as-a-Service (SaaS) D. On-premises

D. Lack of application portability (vendor lock-in)

Having an exit strategy for a cloud service provider (CSP) is a response to which of the following risks? A. CSP violation of service level agreement B. Favorable regulation changes C. Unfavorable operational budget variances D. Lack of application portability (vendor lock-in)

A. Routers

Which of the following are network devices that assign IP addresses? A. Routers B. Gateways C. Switches D. Servers

D. More than one organization using shared virtual infrastructure.

A multi-tenant cloud service provider serves: A. A single organization while allowing multiple users. B. Multiple organizations each using an exclusive virtual server. C. A single organization using multiple virtual servers across different geographic locations. D. More than one organization using shared virtual infrastructure.

B. Gateway

A piece of hardware that connects devices within a network by reading and converting protocols so that traffic can be transmitted across those devices is most likely which of the following networking components? A. Firewall B. Gateway C. Switch D. Router

C. Edge-enabled devices

An internal auditor is tasked with conducting an analysis of the company's payment processing network architecture. To examine the efficiency and distribution of the organization's payment network, the internal auditor would most likely see if the organization uses which of the following hardware components to decentralize its computing power? A. Routers B. Switching hardware C. Edge-enabled devices D. Gateways

C. Private to public.

The COSO Enterprise Risk Management Framework emphasizes that risk increases when an organization changes its cloud deployment model from: A. Public to on-premises. B. Hybrid to private. C. Private to public. D. Public to hybrid.

B. Redundancy and the ability to recover from a disaster is improved.

Which of the following best describes a benefit of using a cloud service provider (CSP)? A. On-site hardware support is eliminated. B. Redundancy and the ability to recover from a disaster is improved. C. Fixed pricing for usage that comes with CSPs makes budgeting more predictable. D. Data processing is more efficient due to CSPs having purely decentralized virtual locations.

C. Cloud service providers (CSP)

Which of the following best describes organizations that offer virtual computing power and expertise to other companies on managing IT infrastructure? A. Small and medium-sized tax consulting enterprises (SME) B. Consumer packaged goods (CPG) providers C. Cloud service providers (CSP) D. Business-to-business (B2B) payroll organizations

B. Firewall

Which of the following components controls the flow of data into and out of an organization's information system at network entry points during electronic commerce? A. Electronic envelope B. Firewall C. Electronic lockbox D. Turnkey system

C. Servers act as an intermediary among different networks.

Which of the following statements regarding a computer network is incorrect? A. Gateways convert protocols to communicate with other network devices. B. Routers assign IP addresses. C. Servers act as an intermediary among different networks. D. Switches can divide one connection into multiple connections.

D. Firewall.

The protective software and/or hardware that allows users to access the internet without exposing the organization's IT assets to unauthorized users is called a(n): A. Switch. B. Router. C. Server. D. Firewall.

A. Keep separate and distinct risk management strategies for the CSP and the organization.

COSO's guidance in its Enterprise Risk Management Framework asserts that organizations should do all of the following when adopting a cloud service provider (CSP), except: A. Keep separate and distinct risk management strategies for the CSP and the organization. B. Create a steering committee to oversee CSP implementation. C. Consider how adopting a CSP may affect the organization's risk profile. D. Define the systems and infrastructure controlled by the CSP versus the organization.

D. Uses shared resources over the internet to rent storage space, processing power, or proprietary software on remote servers from another company.

Cloud computing can best be defined as a model that: A. Streamlines business processes onto a well-secured and highly available in-house e-commerce platform to optimize customers' online experience. B. Is designed for rapid application deployment by making several virtual servers run on one physical host. C. Allows users to access network resources from remote locations through a virtual private network. D. Uses shared resources over the internet to rent storage space, processing power, or proprietary software on remote servers from another company.

A. Infrastructure-as-a-Service

Gibbs Energy Inc. is a power producer and distribution network operator that runs a power grid which generates, transmits, and distributes power to customers. These core business functions require a large amount of computing power to run highly customized software applications. These applications often require modifications to the operating system. Since the usage of energy and computing power varies, Gibbs rents servers, storage, and firewalls from a cloud service provider (CSP). What type of CSP does Gibbs most likely use? A. Infrastructure-as-a-Service B. Platform-as-a-Service C. Business-Process-as-a-Service D. Software-as-a-Service

B. Event Identification

Management of regional logistics firm, TLBOCo, is evaluating different cloud service providers (CSPs). During the evaluation process, management's primary focus is on understanding whether adverse incidents will be easier or harder to detect. Which of the following components of the COSO Enterprise Risk Management Framework does this align with? A. Risk Response B. Event Identification C. Monitoring D. Risk Assessment

B. Business processes-as-a-Service

Morrin Corp. provides Physician Practices Plus (PPP) with complete revenue cycle management services which helps PPP collect on its receivables, provide a payment portal for clients, issue refunds, and manage all other billing functions. This is referred to as what type of model? A. Infrastructure-as-a-Service B. Business processes-as-a-Service C. Platform-as-a-Service D. Payment processing network