Ch 11 Review Problems
A
A "fake" or "decoy" system used to provide early warning that attackers are targeting an organization's systems is called a(n): A.Honeypot B.SIEM C.IDS D.DMZ
C
A good relationship between the information security and internal audit functions is important because it A.eliminates security incidents. B.increases top management support for information security. C.improves the ability to detect serious issues involving employee noncompliance with security policies. D.increases security-related material internal control weaknesses.
C
One way to improve the efficiency and effectiveness of log analysis is to use a(n): A.Intrusion Detection System (IDS) B.DMZ C.SIEM D.None of these are correct
C
Running multiple systems (e.g., Windows, Unix, and Mac) on a single physical machine is referred to as: A.Cloud Computing B.None of these are correct C.Virtualization D.Internet of Things
The Trust Services Framework organizes IT-related controls into five principles that jointly contribute to systems reliability:
Security Confidentiality Privacy Processing Integrity Availability
Privacy
personal information about customers, employees, suppliers, or business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
Confidentiality
sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.
A
Which step should happen first as part of the incident response process? A.Recognition of an attack B.Containment of the problem by the incident response team C.Recovery from backups D.Analysis of the root cause of the incident
Security
access (both physical and logical) to the system and its data is controlled and restricted to legitimate users.
Processing Integrity
data are processed accurately, completely, in a timely manner, and only with proper authorization.
C
According to the time-based model of security, one way to increase the effectiveness is to A.Increase R B.All of these are correct C.Increase P D.Increase D`
A B D
Change management and change control processes need to be applied to any modifications to: (Check all that apply.) A.operating procedures. B.hardware. C.None of these statements are true. D.software.
A B D
Management seeks assurance that __________. (Check all that apply.) A.the information produced by the organization's own accounting system is reliable B.the Cloud service providers the company uses are reliable C.there is no security risk D.the company is complying with regulatory requirements
A
The Trust Services Principle "Confidentiality" focuses on A.protection of sensitive corporate data from unauthorized disclosure. B.ensuring the accuracy of data. C.ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. D.the accessibility of system and data when needed.
C
The Trust Services Principle "Privacy" focuses on A.ensuring the accuracy of data. B.protection of sensitive corporate data from unauthorized disclosure. C.ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. D.the accessibility of system and data when needed.
c
The Trust Services Principle "Processing Integrity" focuses on A.ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. B.the accessibility of system and data when needed. C.ensuring the accuracy of data. D.protection of sensitive corporate data from unauthorized disclosure.
C
Which activity are accountants most likely to participate in? A.Running an IDS B.Installing and monitoring a honeypot C.Continuous monitoring D.Log analysis
D
Which component of the time-based model of security does log analysis affect? A.Response B.Protection C.Reaction D.Detection
C
The time-based model of security posits that security is effective when the following equation is satisfied: A.P = D + R B.P < D + R C.P > D + R D.None of these are correct.
C
Which is the proper sequence of steps in the security life cycle? A.Assess threats and select risk response, acquire and implement solutions, monitor performance, develop and communicate policy B.Assess threats and select risk response, monitor performance, develop and communicate policy, acquire and implement solutions C.Assess threats and select risk response, develop and communicate policy, acquire and implement solutions, monitor performance D.Develop and communicate policy, monitor performance, assess threats and select risk response, acquire and implement solutions
A B C D
Which of the following are characteristics of a well-designed and effectively functioning change management and change control process? (Check all that apply.) A.Senior management review and approval of major changes. B.Development of "backout" plans in the event a change creates unexpected problems. C.Monitoring of how changes affect segregation of duties. D.Conversion controls to ensure that data is completely and accurately transferred to the new system.
A
Which of the following is an example of multi-factor authentication? A.All of these are examples of multi-factor authentication B.USB device plus retina scan C.Voice recognition plus answer to security question D.Password plus smart card
D
Which of the following is an example of multi-modal authentication? A.All of these are examples of multi-modal authentication B.Smart card plus fingerprint scan C.PIN plus ATM card D.Passphrase plus answer to a security question
B
Which of the following is the final phase of the incident response process? A.Recovery from backups B.Analysis of the root cause of the incident C.Recognition of an attack
B C D
Which of the following statements about improving the security of wireless is true? (Check all that apply.) A.Wireless SSIDs should use meaningful names such as "finance department" or "payroll" rather than names like "XYZ345". B.Wireless access points should be placed in the DMZ. C.Wireless devices should be configured to operate only in infrastructure mode, not ad hoc mode. D.All wireless traffic should be encrypted.
C
Which of the following statements about virtualization and cloud computing is(are) true? A.Perimeter protection techniques (e.g., firewalls, IDS, and IPS) are important B.The time-based model of security applies C.All of these are correct D.Strong user access controls are important
B
Which of the following statements are true? A.Virtualization reduces the need for timely patch management. B.The IoT provides the opportunity to enhance physical access controls by providing real-time monitoring of employee and visitor movements throughout the office building. C.The cloud, virtualization, and the IoT eliminate the need for a CIRT. D.Moving systems to the cloud eliminates the need for antimalware software.
A B
Which of the following statements are true? (Check all that apply.) A.Finding changes in log records is an indication that a system has been compromised. B.The goal of log analysis is to determine the reasons for events such as a failed login attempt. C.Log analysis should be done once a year. D.Log analysis can be automated by installing a SIEM.
A B
Which of the following statements are true? (Check all that apply.) A.Ideally, the CISO should report to a member of senior management, such as the COO or CEO, rather than to the CIO. B.Organizations that have a CISO are more likely to have a well-trained CIRT. C.The CIO needs to work closely with the person in charge of physical security because unauthorized physical access enables an attacker to bypass logical access controls. D.The CIO has responsibility that vulnerability risk assessments and security audits are periodically conducted.
C D
Which of the following statements are true? (Check all that apply.) A.Targeted e-mails are an example of a social engineering tactic that is called piggybacking. B.Senior management does not need security awareness training. C.Employees can be an organization's weakest link in terms of security. D.Employees should be taught how to follow security policies and why those policies exist.
A B C
Which of the following statements are true? (Check all that apply.) A.The CIRT should include technical specialists. B.Members of the CIRT must have multiple methods of communicating with one another (e.g., e-mail, landlines, cellphones, etc.). C.The CIRT should include members of senior management. D.None of these are correct
B
Which of the following statements is true? A.Routers should be configured to perform deep packet inspection. B.A DMZ is a separate network located outside the organization's internal information system. C.A firewall that inspects the data portion of a TCP packet is performing a process referred to as packet-filtering. D.Firewalls protect a network by looking for patterns in incoming traffic to identify and automatically block attacks.
A B
Which of the following statements is true? (Check all that apply.) A.Length (number of characters) is more important than complexity (number of different types of characters) in determining the strength of a password or passphrase. B.The authorization process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authentication process determines whether to grant an employee access to the system. C.Complexity (number of different types of characters) is more important than length (number of characters) in determining the strength of a password or passphrase. D.The authentication process controls what actions (e.g, print, create, delete, etc.) an employee can perform, whereas the authorization process determines whether to grant an employee access to the system.
B
Which of the following statements is(are) true? A.Cloud computing can either increase or decrease security, depending upon how it is implemented. B.All of these are correct C.The Internet of Things can either increase or decrease security, depending upon how it is implemented. D.Virtualization can either increase or decrease security, depending upon how it is implemented. Submit
A
Which of the following statements is(are) true? A.Penetration tests are authorized attacks. B.Penetration tests seldom succeed. C.Penetration tests show whether it is possible to break into a system. D.Vulnerability scanning is an alternative to penetration testing.
A C
Which of the following statements is(are) true? (Check all that apply.) A.Creating the position of CISO is one way to satisfy the time-based model of security by reducing the value of R. B.A CIRT can improve the time-based model of security by increasing the value of R. C.A CIRT can improve the time-based model of security by reducing the value of R. D.Creating the position of CISO is one way to satisfy the time-based model of security by increasing the value of R.
B C
Which of the following statements is(are) true? (Check all that apply.) A.Emergency changes do not need to be documented.B.Changes should be tested in a system separate from the one used for daily business processes.C.It is important to update system documentation after a change has been approved.D.An increase in the number of emergency changes is an indicator that the change management and change control process is functioning well.
A C
Which of the following statements is(are) true? (Check all that apply.) A.Good change management and change control results in better operating performance by reducing the number of problems that need to be fixed. B.Good change management and change control eliminates the need for penetration tests. C.Good change management and change control reduces the costs incurred when a security incident happens. D.Good change management and change control increases the number of "emergency" changes needed.
A B D
Which of the following statements is(are) true? (Check all that apply.) A.Virtualization increases the risk associated with unsupervised physical access. B.Cloud file-sharing services can distribute malware. C.The Internet of Things reduces the number of points of attack against an organization's information system. D.A Type 2 SOC 2 report provides information about the effectiveness of a cloud provider's information security controls.
D
Which of the following was developed jointly by the AICPA and the CICA? A.COBIT 2019 B.SOX C.GDPR D.Trust Services
Availability
the system and its information are available to meet operational and contractual obligations.