تكلم مع الذكاء الاصطناعي
Deck 11: Information Security and Computer Fraud
ملء الشاشة (f)
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
فتح الحزمة
قم بالتسجيل لفتح البطاقات في هذه المجموعة!
Unlock Deck
Unlock Deck
1/47
العب
ملء الشاشة (f)
Deck 11: Information Security and Computer Fraud
1
Integrity of information means the information is:
A) Accurate
B) Complete
C) Accessible
D) A and B are correct.
A) Accurate
B) Complete
C) Accessible
D) A and B are correct.
D
2
Key distribution and key management are problematic under the symmetric-key encryption.
True
3
An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:
A) Password management.
B) Data encryption.
C) Digital certificates.
D) Batch processing.
A) Password management.
B) Data encryption.
C) Digital certificates.
D) Batch processing.
D
4
Information security is a critical factor in maintaining systems integrity.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
5
Virus is a self-replicating,self-propagating,self-contained program that uses networking mechanisms to spread itself.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
6
The goal of information security management is to enhance the confidence,integrity and authority (CIA)of a firm's management.
TRUE
TRUE
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
7
Spam is a self-replicating program that runs and spreads by modifying other programs or files.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
8
A company's audit committee is responsible for fraud risk assessments.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
9
Disaster recovery planning and business continuity management are preventive controls.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
10
One type of fault tolerance is using redundant units to provide a system the ability to continue functioning when part of the system fails.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
11
Encryption and hashing are similar process to maintain data confidentiality.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
12
Fraud triangle includes incentive,opportunity and an attitude to rationalize the fraud.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
13
Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
14
The goal of information security management is to maintain confidentiality,integrity and availability of a firm's information.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
15
What is the primary objective of data security controls?
A) To establish a framework for controlling the design, security, and use of computer programs throughout an organization.
B) To ensure that data storage media are subject to authorization prior to access, change, or destruction.
C) To formalize standard, rules, and procedures to ensure the organization's control are properly executed.
D) To monitor the use of system software to prevent unauthorized access to system software and computer programs.
A) To establish a framework for controlling the design, security, and use of computer programs throughout an organization.
B) To ensure that data storage media are subject to authorization prior to access, change, or destruction.
C) To formalize standard, rules, and procedures to ensure the organization's control are properly executed.
D) To monitor the use of system software to prevent unauthorized access to system software and computer programs.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
16
Symmetric-key encryption method is used to authenticate users.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
17
Certificate Authority (CA)issues digital certificates to bond the subscriber with a public key and a private key.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
18
When client's accounts payable computer system was relocated,the administrator provided support through a dial-up connection to server.Subsequently,the administrator left the company.No changes were made to the accounts payable system at that time.Which of the following situations represents the greatest security risk?
A) User passwords are not required to the in alpha-numeric format.
B) Management procedures for user accounts are not documented.
C) User accounts are not removed upon termination of employees.
D) Security logs are not periodically reviewed for violations.
A) User passwords are not required to the in alpha-numeric format.
B) Management procedures for user accounts are not documented.
C) User accounts are not removed upon termination of employees.
D) Security logs are not periodically reviewed for violations.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
19
Which of the following statements is incorrect about digital signature?
A) A digital signature can ensure data integrity.
B) A digital signature also authenticates the document creator.
C) A digital signature is an encrypted message digest.
D) A digital signature is a message digest encrypted using the document creator's public key.
A) A digital signature can ensure data integrity.
B) A digital signature also authenticates the document creator.
C) A digital signature is an encrypted message digest.
D) A digital signature is a message digest encrypted using the document creator's public key.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
20
Asymmetric-key encryption is suitable for encrypting large data sets or messages.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
21
Which of the following is not included in the remediation phrase for vulnerability management?
A) Risk Response Plan
B) Policy and procedures for remediation
C) Vulnerability Prioritization
D) Control Implementation
A) Risk Response Plan
B) Policy and procedures for remediation
C) Vulnerability Prioritization
D) Control Implementation
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
22
Which of the following security controls would best prevent unauthorized access to a firm's internal network?
A) Use of a screen saver with a password.
B) Use of a firewall.
C) Encryption of data files.
D) Automatic log-off of inactive users.
A) Use of a screen saver with a password.
B) Use of a firewall.
C) Encryption of data files.
D) Automatic log-off of inactive users.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
23
In a large multinational organization,which of the following job responsibilities should be assigned to be network administrator?
A) Managing remote access.
B) Developing application programs.
C) Reviewing security policy.
D) Installing operating system upgrades.
A) Managing remote access.
B) Developing application programs.
C) Reviewing security policy.
D) Installing operating system upgrades.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
24
Bacchus,Inc.is a larger multinational corporation with various business units around the world.After a fire destroyed the corporation headquarters and largest manufacturing site,plans for which of the following would help Bacchus ensure a timely recovery?
A) Daily backup.
B) Network security.
C) Business continuity.
D) Backup power.
A) Daily backup.
B) Network security.
C) Business continuity.
D) Backup power.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
25
Why do Certificate Authority (CA)play an important role in a company's information security management?
A) Using a CA is required by SOX in managing information security.
B) Most companies use CA to manage their employees' public keys.
C) CA creates and maintains both the public and private keys for a company's employees.
D) None of the above is correct.
A) Using a CA is required by SOX in managing information security.
B) Most companies use CA to manage their employees' public keys.
C) CA creates and maintains both the public and private keys for a company's employees.
D) None of the above is correct.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
26
Which of the following statements regarding authentication in conducting e-business is incorrect?
A) It is a process that establishes the origin of information or determines the identity of a user, process, or device.
B) One key is used for encryption and decryption purposes in the authentication process.
C) Successful authentication can prevent repudiation in electronic transactions.
D) We need to use asymmetric-key encryption to authenticate the sender of a document or data set.
A) It is a process that establishes the origin of information or determines the identity of a user, process, or device.
B) One key is used for encryption and decryption purposes in the authentication process.
C) Successful authentication can prevent repudiation in electronic transactions.
D) We need to use asymmetric-key encryption to authenticate the sender of a document or data set.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
27
An information technology director collected the names and locations of key vendors,current hardware configuration,names of team members,and an alternative processing location.What is the director most likely preparing?
A) Data restoration plan.
B) Disaster recovery plan.
C) System security policy.
D) System hardware policy.
A) Data restoration plan.
B) Disaster recovery plan.
C) System security policy.
D) System hardware policy.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
28
Which of the following is a password security weakness?
A) Users are assigned passwords when accounts are created, but do not change them.
B) Users have accounts on several systems with different passwords.
C) Users write down their passwords on a note paper, and carry it with them.
D) Users select passwords that are not part of online password dictionary.
A) Users are assigned passwords when accounts are created, but do not change them.
B) Users have accounts on several systems with different passwords.
C) Users write down their passwords on a note paper, and carry it with them.
D) Users select passwords that are not part of online password dictionary.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
29
Which of the following controls would most likely assure that a company can reconstruct its financial records?
A) Security controls such as firewalls
B) Backup data are tested and stored safely
C) Personnel understand the data very well
D) Paper records
A) Security controls such as firewalls
B) Backup data are tested and stored safely
C) Personnel understand the data very well
D) Paper records
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
30
Why would companies want to use digital signatures when conducting e-business?
A) It is cheap.
B) It is always the same so it can be verified easily.
C) It is more convenient than requiring a real signature.
D) It can authenticate the document sender and maintain data integrity.
A) It is cheap.
B) It is always the same so it can be verified easily.
C) It is more convenient than requiring a real signature.
D) It can authenticate the document sender and maintain data integrity.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
31
A disaster recovery approach should include which of the following elements:
A) Encryption.
B) Firewalls.
C) Regular backups.
D) Surge protectors.
A) Encryption.
B) Firewalls.
C) Regular backups.
D) Surge protectors.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
32
Which of the following passwords would be most difficult to crack?
A) Go2Ca!ifornia4fun
B) language
C) jennyjenny
D) pass56word
A) Go2Ca!ifornia4fun
B) language
C) jennyjenny
D) pass56word
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
33
When computer programs or files can be accessed from terminals,users should be required to enter a(n)
A) Parity check.
B) Password as a personal identification code.
C) Check digit.
D) Echo check.
A) Parity check.
B) Password as a personal identification code.
C) Check digit.
D) Echo check.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
34
Which of the following statement present an example of a general control for a computerized system?
A) Limiting entry of sales transactions to only valid credit customers.
B) Creating hash totals from social security number for the weekly payroll.
C) Restricting entry of accounts payable transactions to only authorized users.
D) Restricting access to the computer center by use of biometric devices.
A) Limiting entry of sales transactions to only valid credit customers.
B) Creating hash totals from social security number for the weekly payroll.
C) Restricting entry of accounts payable transactions to only authorized users.
D) Restricting access to the computer center by use of biometric devices.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
35
Which of the following statements is incorrect?
A) A fraud prevention program starts with a fraud risk assessment across the entire firm.
B) The audit committee typically has an oversight role in risk assessment process.
C) Communicating a firm's policy file to employees is one of the most important responsibilities of management.
D) A fraud prevention program should include an evaluation on the efficiency of business processes.
A) A fraud prevention program starts with a fraud risk assessment across the entire firm.
B) The audit committee typically has an oversight role in risk assessment process.
C) Communicating a firm's policy file to employees is one of the most important responsibilities of management.
D) A fraud prevention program should include an evaluation on the efficiency of business processes.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
36
Which of the following outcomes is a likely benefit of information technology used for internal control?
A) Processing of unusual or nonrecurring transactions.
B) Enhanced timeliness of information.
C) Potential loss of data.
D) Recording of unauthorized transactions.
A) Processing of unusual or nonrecurring transactions.
B) Enhanced timeliness of information.
C) Potential loss of data.
D) Recording of unauthorized transactions.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
37
Which of the following does not represent a viable data backup method?
A) Disaster recovery plan
B) Redundant arrays of independent drives
C) Virtualization
D) Cloud computing
A) Disaster recovery plan
B) Redundant arrays of independent drives
C) Virtualization
D) Cloud computing
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
38
Which of the following statements about asymmetric-key encryption is correct?
A) When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties.
B) Employees in the same company share the same public key.
C) Most companies would like to manage the private keys for their employees.
D) Most companies would like to use a Certificate Authority to manage the public keys of their employees.
E) Two of the above are correct.
A) When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties.
B) Employees in the same company share the same public key.
C) Most companies would like to manage the private keys for their employees.
D) Most companies would like to use a Certificate Authority to manage the public keys of their employees.
E) Two of the above are correct.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
39
Select a correct statement regarding encryption methods?
A) To use symmetric-key encryption, each user needs two different keys.
B) Most companies prefer using symmetric-key encryption than asymmetric-key encryption method.
C) Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority.
D) When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods.
A) To use symmetric-key encryption, each user needs two different keys.
B) Most companies prefer using symmetric-key encryption than asymmetric-key encryption method.
C) Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority.
D) When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
40
To prevent invalid data input,a bank added an extra number at the end of each account number and subjected the new number to an algorithm.This technique is known as:
A) A validation check.
B) check digit verification.
C) A dependency check.
D) A format check.
A) A validation check.
B) check digit verification.
C) A dependency check.
D) A format check.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
41
What is a digital signature? How could a digital signature ensure data integrity when conducting e-business?
B.
6) Receiver B receives the package and decrypts it using Receiver B's private key. Receiver B now has the document and Sender A's digital signature.
7) Receiver B decrypts Sender A's digital signature using Sender A's public key to get the sent-over MD. Receiver B also authenticates that Sender A is the document creator.
8) Receiver B makes a copy of the received document and uses SHA-256 to hash the copy and get a calculated MD.
9) If the sent-over MD is the same as the calculated MD, Receiver B ensures data integrity.
B.
6) Receiver B receives the package and decrypts it using Receiver B's private key. Receiver B now has the document and Sender A's digital signature.
7) Receiver B decrypts Sender A's digital signature using Sender A's public key to get the sent-over MD. Receiver B also authenticates that Sender A is the document creator.
8) Receiver B makes a copy of the received document and uses SHA-256 to hash the copy and get a calculated MD.
9) If the sent-over MD is the same as the calculated MD, Receiver B ensures data integrity.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
42
A magnetic tape used to store data backups was lost while it was being transported to an offsite storage location.The data on the tape includes customers' credit card and personal information.Which preventive control(s)should have been used to minimize the potential loss?
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
43
What are the two prerequisites for vulnerability management?
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
44
Describe the process of using asymmetric-key encryption to authenticate the trading partner involved in e-business.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
45
List the following steps regarding computer fraud risk assessments in sequence.
(a)Assessing the likelihood and business impact of a control failure and/or a fraud incident.
(b)Mapping existing controls to potential fraud schemes and identifying gaps.
(c)Identifying potential IT fraud schemes and prioritizing them based on likelihood and impact.
(d)Identifying relevant IT fraud risk factors.
(e)Testing operating effectiveness of fraud prevention and detection controls.
(a)Assessing the likelihood and business impact of a control failure and/or a fraud incident.
(b)Mapping existing controls to potential fraud schemes and identifying gaps.
(c)Identifying potential IT fraud schemes and prioritizing them based on likelihood and impact.
(d)Identifying relevant IT fraud risk factors.
(e)Testing operating effectiveness of fraud prevention and detection controls.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
46
What are included in disaster recovery planning and business continuity management? Are these concepts related?
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
47
Describe the framework for vulnerability assessment and vulnerability management.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
فتح الحزمة
k this deck
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 47 في هذه المجموعة.
