Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 7: Infromation System Controls for Systems Reliability

Full screen (f)
exit full mode
Question
The device that connects an organization's information system to the Internet is a

A)Demilitarized zone
B)Firewall
C)Gateway
D)Router
Use Space or
up arrow
down arrow
to flip the card.
Question
Which of the following is an example of a detective control?

A)Physical access controls
B)Encryption
C)Log analysis
D)Emergency response teams
Question
An access control matrix

A)Does not have to be updated.
B)Is a table specifying which portions of the system users are permitted to access.
C)Is used to implement authentication controls.
D)Matches the user's authentication credentials to his authorization.
Question
If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is

A)effective
B)ineffective
C)overdone
D)undermanaged
Question
Preventive controls require two related functions,which are:

A)Access and control
B)Authentication and authorization
C)Detection and correction
D)Physical access and logical access
Question
According to SysTrust,the reliability principle of integrity is achieved when

A)the system is available for operation and use at times set forth by agreement.
B)the system is protected against unauthorized physical and logical access.
C)the system can be maintained as required without affecting system availability,security,and integrity.
D)system processing is complete,accurate,timely,and authorized.
Question
Which of the following is an example of a corrective control?

A)Physical access controls
B)Encryption
C)Intrusion detection
D)Emergency response teams
Question
Because planning is more effective than reacting,this is an important criteria for successfully implementing systems reliability:

A)Policy development
B)Effective communication of policies
C)Design/use of control procedures
D)Monitoring and remedial action
Question
Giving users regular,periodic reminders about security policies and training in complying with them is an example of which of the following trust services criteria?

A)Policy development
B)Effective communication of policies
C)Design/use of control procedures
D)Monitoring and remedial action
Question
Which of the following is not one of the three fundamental information security concepts?

A)Information security is a technology issue that hinges on prevention.
B)Security is a management issue,not a technology issue.
C)The idea of defense-in-depth employs multiple layers of controls.
D)The time-based model of security focuses on the relationship between preventive,detective and corrective controls.
Question
The trust services framework identifies four essential criteria for successfully implementing each of the principles that contribute to systems reliability.Which of the following is not one of those four essential criteria?

A)Developing and documenting policies
B)Effectively communicating policies to all outsiders
C)Designing and employing appropriate control procedures to implement policies
D)Monitoring the system and taking corrective action to maintain compliance with policies
Question
Which of the following is not a requirement of effective passwords?

A)Passwords should be changed at regular intervals.
B)Passwords should be no more than 8 characters in length.
C)Passwords should contain a mixture of upper and lowercase letters,numbers and characters.
D)Passwords should not be words found in dictionaries.
Question
Verifying the identity of the person or device attempting to access the system is

A)Authentication
B)Authorization
C)Identification
D)Threat monitoring
Question
Which of the following preventive controls are necessary to provide adequate security that deals with social engineering?

A)Controlling remote access
B)Encryption
C)Host and application hardening
D)Training
Question
Which of the following is not one of the five basic principles that contribute to systems reliability according to the Trust Services framework.

A)Confidentiality
B)Processing speed
C)Security
D)System availability
Question
Restricting access of users to specific portions of the system as well as specific tasks,is

A)Authentication
B)Authorization
C)Identification
D)Threat monitoring
Question
Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security.

A)Training
B)Controlling physical access
C)Controlling remote access
D)Host and application hardening
Question
The AICPA and the CICA have created an evaluation service known as SysTrust.SysTrust follows four principles to determine if a system is reliable.The reliability principle that states that users must be able to enter,update,and retrieve data during agreed-upon times is known as

A)availability.
B)security.
C)maintainability.
D)integrity.
Question
Which of the following is an example of a preventive control?

A)Encryption
B)Log analysis
C)Intrusion detection
D)Emergency response teams
Question
Multi-factor authentication

A)Involves the use of two or more basic authentication methods.
B)Is a table specifying which portions of the systems users are permitted to access.
C)Provides weaker authentication than the use of effective passwords.
D)Requires the use of more than one effective password.
Question
A process that takes plaintext of any length and transforms it into a short code.

A)Asymmetric encryption
B)Encryption
C)Hashing
D)Symmetric encryption
Question
This screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header..

A)Access control list
B)Deep packet inspection
C)Stateful packet filtering
D)Static packet filtering
Question
This is designed to identify and drop packets that are part of an attack.

A)Deep packet inspection
B)Intrusion prevention system
C)Stateful packet filtering
D)Static packet filtering
Question
A special purpose hardware device or software running on a general purpose computer which filters information that is allowed to enter and leave the organization's information system.

A)Demilitarized zone
B)Intrusion detection system
C)Intrusion prevention system
D)Firewall
Question
The most common input-related vulnerability is

A)Buffer overflow attack
B)Hardening
C)War dialing
D)Encryption
Question
Which of the following is not one of the three important factors determining the strength of any encryption system?

A)Key length
B)Key management policies
C)Encryption algorithm
D)Privacy
Question
The process of turning off unnecessary features in the system is known as

A)Deep packet inspection
B)Hardening
C)Intrusion detection
D)War dialing
Question
This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

A)Access control list
B)Internet protocol
C)Packet switching protocol
D)Transmission control protocol
Question
Compatibility tests utilize a(n)__________,which is a list of authorized users,programs,and data files the users are authorized to access or manipulate.

A)validity test
B)biometric matrix
C)logical control matrix
D)access control matrix
Question
These systems use the same key to encrypt and to decrypt.

A)Asymmetric encryption
B)Hashing encryption
C)Public key encryption
D)Symmetric encryption
Question
The final layer of preventive controls.

A)Authentication
B)Authorization
C)Encryption
D)Intrusion detection
Question
This determines which packets are allowed entry and which are dropped..

A)Access control list
B)Deep packet inspection
C)Stateful packet filtering
D)Static packet filtering
Question
Which of the following descriptions is not associated with symmetric encryption?

A)A shared secret key
B)Faster encryption
C)Lack of authentication
D)Separate keys for each communication party.
Question
The process of transforming normal text into cipher text

A)Encryption
B)Decryption
C)Filtering
D)Hardening
Question
Which of the following is not associated with asymmetric encryption?

A)No need for key exchange
B)Public keys
C)Private keys
D)Speed
Question
This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

A)Access control list
B)Internet protocol
C)Packet switching protocol
D)Transmission control protocol
Question
This processes involves the firewall examining the data in the body of an IP packet.

A)Access control list
B)Deep packet inspection
C)Stateful packet filtering
D)Static packet filtering
Question
These are used to create digital signatures.

A)Asymmetric encryption and hashing
B)Hashing and packet filtering
C)Packet filtering and encryption
D)Symmetric encryption and hashing
Question
This maintains a table that lists all established connections between the organization's computers and the Internet to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer..

A)Access control list
B)Deep packet inspection
C)Stateful packet filtering
D)Static packet filtering
Question
This is used to identify rogue modems (or by hackers to identify targets).

A)War chalking
B)War dialing
C)War driving
D)None of the above
Question
Information encrypted with the creator's private key that is used to authenticate the sender is.

A)Asymmetric encryption
B)Digital certificate
C)Digital signature
D)Public key
Question
Encryption has a remarkably long and varied history.Spies have been using it to convey secret messages ever since there were secret messages to convey.One powerful method of encryption uses random digits.Two documents are prepared with the same random sequence of numbers.The spy is sent out with one and the spy master retains the other.The digits are used as follows.Suppose that the word to be encrypted is SPY and the random digits are 352.Then S becomes V (three letters after S),P becomes U (five letters after P),and Y becomes A (two letters after Y,restarting at A after Z).The spy would encrypt a message and then destroy the document used to encrypt it.This is an early example of

A)a hashing algorithm.
B)asymmetric key encryption.
C)symmetric key encryption.
D)public key encryption.
Question
In recent years,many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.

A)Code mastication
B)Boot sector corruption
C)Weak authentication
D)Buffer overflow
Question
Meaningful Discussions is a social networking site that boasts over a million registered users and a quarterly membership growth rate in the double digits.As a consequence,the size of the information technology department has been growing very rapidly,with many new hires.Each employee is provided with a name badge with a photo and embedded computer chip that is used to gain entry to the facility.This is an example of a(an)

A)authentication control.
B)biometric device.
C)remote access control.
D)authorization control.
Question
In a private key system the sender and the receiver have __________,and in the public key system they have __________.

A)different keys; the same key
B)a decrypting algorithm; an encrypting algorithm
C)the same key; two separate keys
D)an encrypting algorithm; a decrypting algorithm
Question
The ___________ disseminates information about fraud,errors,breaches and other improper system uses and their consequences.

A)Chief information officer
B)Chief operations officer
C)Chief security officer
D)Computer emergency response team
Question
This uses automated tools to identify whether a given system possesses any well-known security problems.

A)Intrusion detection system
B)Log analysis
C)Penetration test
D)Vulnerability scan
Question
In 2007,a major U.S.financial institution hired a security firm to attempt to compromise its computer network.A week later,the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found.This is an example of a

A)preventive control.
B)detective control.
C)corrective control.
D)standard control.
Question
Using a combination of symmetric and asymmetric key encryption,Chris Kai sent a report to her home office in Syracuse,New York.She received an email acknowledgement that the document had been received and then,a few minutes later,she received a second email that indicated that the hash calculated from the report differed from that sent with the report.This most likely explanation for this result is that

A)the public key had been compromised.
B)the private key had been compromised.
C)the symmetric encryption key had been compromised.
D)the asymmetric encryption key had been compromised.
Question
The system and processes used to issue and manage asymmetric keys and digital certificates.

A)Asymmetric encryption
B)Certificate authority
C)Digital signature
D)Public key infrastructure
Question
Encryption has a remarkably long and varied history.The invention of writing was apparently soon followed by a desire to conceal messages.One of the earliest methods,attributed to an ancient Roman emperor,was the simple substitution of numbers for letters,for example A = 1,B = 2,etc.This is an example of

A)a hashing algorithm.
B)symmetric key encryption.
C)asymmetric key encryption.
D)a public key.
Question
A more rigorous test of the effectiveness of an organization's computer security.

A)Intrusion detection system
B)Log analysis
C)Penetration test
D)Vulnerability scan
Question
Which of the following describes one weakness of encryption?

A)Encrypted packets cannot be examined by a firewall.
B)Encryption protects the confidentiality of information while in storage.
C)Encryption protects the privacy of information during transmission.
D)Encryption provides for both authentication and non-repudiation.
Question
One way to circumvent the counterfeiting of public keys is by using

A)a digital certificate.
B)digital authority.
C)encryption.
D)cryptography.
Question
It was 9:08 A.M.when Jiao Jan,the Network Administrator for Folding Squid Technologies,was informed that the intrusion detection system had identified an ongoing attempt to breach network security.By the time that Jiao had identified and blocked the attack,the hacker had accessed and downloaded several files from the company's server.Using the notation for the time-based model of security,in this case

A)P > D
B)D > P
C)C > P
D)P > C
Question
An electronic document that certifies the identity of the owner of a particular public key.

A)Asymmetric encryption
B)Digital certificate
C)Digital signature
D)Public key
Question
These are established to deal with major security breaches.

A)CERTs
B)CSOs
C)FIRSTs
D)Intrusion detection systems
Question
Which of the following is commonly true of the default settings for most commercially available wireless access points?

A)The security level is set at the factory and cannot be changed.
B)Wireless access points present little danger of vulnerability so security is not a concern.
C)Security is set to the lowest level that the device is capable of.
D)Security is set to the highest level that the device is capable of.
Question
This is an authorized attempt by an internal audit team or an external security consultant to break into the organization's information system.

A)Intrusion detection system
B)Log analysis
C)Penetration test
D)Vulnerability scan
Question
This creates logs of network traffic that was permitted to pass the firewall

A)Intrusion detection system
B)Log analysis
C)Penetration test
D)Vulnerability scan
Question
Explain social engineering.
Question
How does an intrusion detection system work?
Question
When new employees are hired by Folding Squid Technologies,they are assigned user names and appropriate permissions are entered into the information system's access control matrix.This is an example of a(an)

A)authentication control.
B)biometric device.
C)remote access control.
D)authorization control.
Question
Which of the following is the most effective method of protecting against social engineering attacks on a computer system?

A)stateful packet filtering.
B)employee training.
C)a firewall.
D)a demilitarized zone.
Question
What are three ways users can be authenticated?
Question
Asymmetric key encryption combined with the information provided by a certificate authority allows unique identification of

A)the user of encrypted data.
B)the provider of encrypted data.
C)both the user and the provider of encrypted data.
D)either the user or the provider of encrypted data.
Question
What three factors determine the strength of any encryption system?
Question
What are the three fundamental information security concepts?
Question
What is a penetration test?
Question
On March 3,2008,a laptop computer belonging to Folding Squid Technology was stolen from the trunk of Jiao Jan's car while he was attending a conference in Cleveland,Ohio.After reporting the theft,Jiao considered the implications of the theft for the company's network security and concluded there was nothing to worry about because

A)the computer was protected by a password.
B)the computer was insured against theft.
C)it was unlikely that the thief would know how to access the company data stored on the computer.
D)the data stored on the computer was encrypted.
Question
The most effective way to protect network resources,like email servers,that are outside of the network and are exposed to the internet is

A)stateful packet filtering.
B)employee training.
C)a firewall.
D)a demilitarized zone.
Question
In developing policies related to personal information about customers,Folding Squid Technologies adhered to the Trust Services framework.The standard applicable to these policies is

A)security.
B)confidentiality.
C)privacy.
D)availability.
Question
When new employees are hired by Folding Squid Technologies,they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(an)

A)authorization control.
B)biometric device.
C)remote access control.
D)defense in depth.
Question
Information technology managers are often in a bind when a new exploit is discovered in the wild.They can respond by updating the affected software or hardware with new code provided by the manufacturer,which runs the risk that a flaw in the update will break the system.Or they can wait until the new code has been extensively tested,but that runs the risk that they will be compromised by the exploit during the testing period.Dealing with these issues is referred to as

A)change management.
B)hardening.
C)patch management.
D)defense in depth
Question
Describe four requirements of effective passwords
Question
On February 14,2008,students enrolled in an economics course at Swingline College received an email stating that class would be cancelled.The email claimed to be from the professor,but it wasn't.Computer forensic experts determined that the email was sent from a computer in one of the campus labs at 9:14 A.M.They were then able to uniquely identify the computer that was used by means of its network interface card's ______ address.Security cameras revealed the identity of the student responsible for spoofing the class.

A)TCP/IP
B)MAC
C)DMZ
D)IDS
Question
Murray Snitzel called a meeting of the top management at Snitzel Capital Management.Number one on the agenda was computer system security."The risk of security breach incidents has become unacceptable," he said,and turned to the Chief Information Officer."This your responsibility! What do you intend to do?" Which of the following is the best answer?

A)Evaluate and modify the system using the Trust Services framework
B)Evaluate and modify the system using the COBIT framework.
C)Evaluate and modify the system using the CTC checklist.
D)Evaluate and modify the system using COBOL.
Question
Identify the four basic principles that contribute to systems reliability according to the Trust Services framework developed by the AICPA and the CICA.
Question
All employees of E.C.Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted.Entry to secure areas,such as the Information Technology Department offices,requires further procedures.This is an example of a(an)

A)authentication control.
B)authorization control.
C)physical access control.
D)hardening procedure.
Question
There are "white hat" hackers and "black hat" hackers.Cowboy451 was one of the latter.He had researched an exploit and determined that he could penetrate the target system,download a file containing valuable data,and cover his tracks in eight minutes.Six minutes into the attack he was locked out of the system.Using the notation of the time-based model of security,which of the following must be true?

A)P < 6
B)D = 6
C)P = 6
D)P > 6
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/82
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 7: Infromation System Controls for Systems Reliability
1
The device that connects an organization's information system to the Internet is a

A)Demilitarized zone
B)Firewall
C)Gateway
D)Router
D
2
Which of the following is an example of a detective control?

A)Physical access controls
B)Encryption
C)Log analysis
D)Emergency response teams
C
3
An access control matrix

A)Does not have to be updated.
B)Is a table specifying which portions of the system users are permitted to access.
C)Is used to implement authentication controls.
D)Matches the user's authentication credentials to his authorization.
B
4
If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is

A)effective
B)ineffective
C)overdone
D)undermanaged
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
5
Preventive controls require two related functions,which are:

A)Access and control
B)Authentication and authorization
C)Detection and correction
D)Physical access and logical access
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
6
According to SysTrust,the reliability principle of integrity is achieved when

A)the system is available for operation and use at times set forth by agreement.
B)the system is protected against unauthorized physical and logical access.
C)the system can be maintained as required without affecting system availability,security,and integrity.
D)system processing is complete,accurate,timely,and authorized.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following is an example of a corrective control?

A)Physical access controls
B)Encryption
C)Intrusion detection
D)Emergency response teams
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
8
Because planning is more effective than reacting,this is an important criteria for successfully implementing systems reliability:

A)Policy development
B)Effective communication of policies
C)Design/use of control procedures
D)Monitoring and remedial action
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
9
Giving users regular,periodic reminders about security policies and training in complying with them is an example of which of the following trust services criteria?

A)Policy development
B)Effective communication of policies
C)Design/use of control procedures
D)Monitoring and remedial action
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following is not one of the three fundamental information security concepts?

A)Information security is a technology issue that hinges on prevention.
B)Security is a management issue,not a technology issue.
C)The idea of defense-in-depth employs multiple layers of controls.
D)The time-based model of security focuses on the relationship between preventive,detective and corrective controls.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
11
The trust services framework identifies four essential criteria for successfully implementing each of the principles that contribute to systems reliability.Which of the following is not one of those four essential criteria?

A)Developing and documenting policies
B)Effectively communicating policies to all outsiders
C)Designing and employing appropriate control procedures to implement policies
D)Monitoring the system and taking corrective action to maintain compliance with policies
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following is not a requirement of effective passwords?

A)Passwords should be changed at regular intervals.
B)Passwords should be no more than 8 characters in length.
C)Passwords should contain a mixture of upper and lowercase letters,numbers and characters.
D)Passwords should not be words found in dictionaries.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
13
Verifying the identity of the person or device attempting to access the system is

A)Authentication
B)Authorization
C)Identification
D)Threat monitoring
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following preventive controls are necessary to provide adequate security that deals with social engineering?

A)Controlling remote access
B)Encryption
C)Host and application hardening
D)Training
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following is not one of the five basic principles that contribute to systems reliability according to the Trust Services framework.

A)Confidentiality
B)Processing speed
C)Security
D)System availability
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
16
Restricting access of users to specific portions of the system as well as specific tasks,is

A)Authentication
B)Authorization
C)Identification
D)Threat monitoring
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
17
Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security.

A)Training
B)Controlling physical access
C)Controlling remote access
D)Host and application hardening
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
18
The AICPA and the CICA have created an evaluation service known as SysTrust.SysTrust follows four principles to determine if a system is reliable.The reliability principle that states that users must be able to enter,update,and retrieve data during agreed-upon times is known as

A)availability.
B)security.
C)maintainability.
D)integrity.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following is an example of a preventive control?

A)Encryption
B)Log analysis
C)Intrusion detection
D)Emergency response teams
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
20
Multi-factor authentication

A)Involves the use of two or more basic authentication methods.
B)Is a table specifying which portions of the systems users are permitted to access.
C)Provides weaker authentication than the use of effective passwords.
D)Requires the use of more than one effective password.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
21
A process that takes plaintext of any length and transforms it into a short code.

A)Asymmetric encryption
B)Encryption
C)Hashing
D)Symmetric encryption
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
22
This screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header..

A)Access control list
B)Deep packet inspection
C)Stateful packet filtering
D)Static packet filtering
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
23
This is designed to identify and drop packets that are part of an attack.

A)Deep packet inspection
B)Intrusion prevention system
C)Stateful packet filtering
D)Static packet filtering
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
24
A special purpose hardware device or software running on a general purpose computer which filters information that is allowed to enter and leave the organization's information system.

A)Demilitarized zone
B)Intrusion detection system
C)Intrusion prevention system
D)Firewall
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
25
The most common input-related vulnerability is

A)Buffer overflow attack
B)Hardening
C)War dialing
D)Encryption
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
26
Which of the following is not one of the three important factors determining the strength of any encryption system?

A)Key length
B)Key management policies
C)Encryption algorithm
D)Privacy
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
27
The process of turning off unnecessary features in the system is known as

A)Deep packet inspection
B)Hardening
C)Intrusion detection
D)War dialing
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
28
This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.

A)Access control list
B)Internet protocol
C)Packet switching protocol
D)Transmission control protocol
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
29
Compatibility tests utilize a(n)__________,which is a list of authorized users,programs,and data files the users are authorized to access or manipulate.

A)validity test
B)biometric matrix
C)logical control matrix
D)access control matrix
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
30
These systems use the same key to encrypt and to decrypt.

A)Asymmetric encryption
B)Hashing encryption
C)Public key encryption
D)Symmetric encryption
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
31
The final layer of preventive controls.

A)Authentication
B)Authorization
C)Encryption
D)Intrusion detection
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
32
This determines which packets are allowed entry and which are dropped..

A)Access control list
B)Deep packet inspection
C)Stateful packet filtering
D)Static packet filtering
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
33
Which of the following descriptions is not associated with symmetric encryption?

A)A shared secret key
B)Faster encryption
C)Lack of authentication
D)Separate keys for each communication party.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
34
The process of transforming normal text into cipher text

A)Encryption
B)Decryption
C)Filtering
D)Hardening
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
35
Which of the following is not associated with asymmetric encryption?

A)No need for key exchange
B)Public keys
C)Private keys
D)Speed
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
36
This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

A)Access control list
B)Internet protocol
C)Packet switching protocol
D)Transmission control protocol
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
37
This processes involves the firewall examining the data in the body of an IP packet.

A)Access control list
B)Deep packet inspection
C)Stateful packet filtering
D)Static packet filtering
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
38
These are used to create digital signatures.

A)Asymmetric encryption and hashing
B)Hashing and packet filtering
C)Packet filtering and encryption
D)Symmetric encryption and hashing
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
39
This maintains a table that lists all established connections between the organization's computers and the Internet to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer..

A)Access control list
B)Deep packet inspection
C)Stateful packet filtering
D)Static packet filtering
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
40
This is used to identify rogue modems (or by hackers to identify targets).

A)War chalking
B)War dialing
C)War driving
D)None of the above
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
41
Information encrypted with the creator's private key that is used to authenticate the sender is.

A)Asymmetric encryption
B)Digital certificate
C)Digital signature
D)Public key
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
42
Encryption has a remarkably long and varied history.Spies have been using it to convey secret messages ever since there were secret messages to convey.One powerful method of encryption uses random digits.Two documents are prepared with the same random sequence of numbers.The spy is sent out with one and the spy master retains the other.The digits are used as follows.Suppose that the word to be encrypted is SPY and the random digits are 352.Then S becomes V (three letters after S),P becomes U (five letters after P),and Y becomes A (two letters after Y,restarting at A after Z).The spy would encrypt a message and then destroy the document used to encrypt it.This is an early example of

A)a hashing algorithm.
B)asymmetric key encryption.
C)symmetric key encryption.
D)public key encryption.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
43
In recent years,many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.

A)Code mastication
B)Boot sector corruption
C)Weak authentication
D)Buffer overflow
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
44
Meaningful Discussions is a social networking site that boasts over a million registered users and a quarterly membership growth rate in the double digits.As a consequence,the size of the information technology department has been growing very rapidly,with many new hires.Each employee is provided with a name badge with a photo and embedded computer chip that is used to gain entry to the facility.This is an example of a(an)

A)authentication control.
B)biometric device.
C)remote access control.
D)authorization control.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
45
In a private key system the sender and the receiver have __________,and in the public key system they have __________.

A)different keys; the same key
B)a decrypting algorithm; an encrypting algorithm
C)the same key; two separate keys
D)an encrypting algorithm; a decrypting algorithm
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
46
The ___________ disseminates information about fraud,errors,breaches and other improper system uses and their consequences.

A)Chief information officer
B)Chief operations officer
C)Chief security officer
D)Computer emergency response team
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
47
This uses automated tools to identify whether a given system possesses any well-known security problems.

A)Intrusion detection system
B)Log analysis
C)Penetration test
D)Vulnerability scan
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
48
In 2007,a major U.S.financial institution hired a security firm to attempt to compromise its computer network.A week later,the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found.This is an example of a

A)preventive control.
B)detective control.
C)corrective control.
D)standard control.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
49
Using a combination of symmetric and asymmetric key encryption,Chris Kai sent a report to her home office in Syracuse,New York.She received an email acknowledgement that the document had been received and then,a few minutes later,she received a second email that indicated that the hash calculated from the report differed from that sent with the report.This most likely explanation for this result is that

A)the public key had been compromised.
B)the private key had been compromised.
C)the symmetric encryption key had been compromised.
D)the asymmetric encryption key had been compromised.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
50
The system and processes used to issue and manage asymmetric keys and digital certificates.

A)Asymmetric encryption
B)Certificate authority
C)Digital signature
D)Public key infrastructure
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
51
Encryption has a remarkably long and varied history.The invention of writing was apparently soon followed by a desire to conceal messages.One of the earliest methods,attributed to an ancient Roman emperor,was the simple substitution of numbers for letters,for example A = 1,B = 2,etc.This is an example of

A)a hashing algorithm.
B)symmetric key encryption.
C)asymmetric key encryption.
D)a public key.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
52
A more rigorous test of the effectiveness of an organization's computer security.

A)Intrusion detection system
B)Log analysis
C)Penetration test
D)Vulnerability scan
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
53
Which of the following describes one weakness of encryption?

A)Encrypted packets cannot be examined by a firewall.
B)Encryption protects the confidentiality of information while in storage.
C)Encryption protects the privacy of information during transmission.
D)Encryption provides for both authentication and non-repudiation.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
54
One way to circumvent the counterfeiting of public keys is by using

A)a digital certificate.
B)digital authority.
C)encryption.
D)cryptography.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
55
It was 9:08 A.M.when Jiao Jan,the Network Administrator for Folding Squid Technologies,was informed that the intrusion detection system had identified an ongoing attempt to breach network security.By the time that Jiao had identified and blocked the attack,the hacker had accessed and downloaded several files from the company's server.Using the notation for the time-based model of security,in this case

A)P > D
B)D > P
C)C > P
D)P > C
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
56
An electronic document that certifies the identity of the owner of a particular public key.

A)Asymmetric encryption
B)Digital certificate
C)Digital signature
D)Public key
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
57
These are established to deal with major security breaches.

A)CERTs
B)CSOs
C)FIRSTs
D)Intrusion detection systems
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
58
Which of the following is commonly true of the default settings for most commercially available wireless access points?

A)The security level is set at the factory and cannot be changed.
B)Wireless access points present little danger of vulnerability so security is not a concern.
C)Security is set to the lowest level that the device is capable of.
D)Security is set to the highest level that the device is capable of.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
59
This is an authorized attempt by an internal audit team or an external security consultant to break into the organization's information system.

A)Intrusion detection system
B)Log analysis
C)Penetration test
D)Vulnerability scan
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
60
This creates logs of network traffic that was permitted to pass the firewall

A)Intrusion detection system
B)Log analysis
C)Penetration test
D)Vulnerability scan
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
61
Explain social engineering.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
62
How does an intrusion detection system work?
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
63
When new employees are hired by Folding Squid Technologies,they are assigned user names and appropriate permissions are entered into the information system's access control matrix.This is an example of a(an)

A)authentication control.
B)biometric device.
C)remote access control.
D)authorization control.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following is the most effective method of protecting against social engineering attacks on a computer system?

A)stateful packet filtering.
B)employee training.
C)a firewall.
D)a demilitarized zone.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
65
What are three ways users can be authenticated?
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
66
Asymmetric key encryption combined with the information provided by a certificate authority allows unique identification of

A)the user of encrypted data.
B)the provider of encrypted data.
C)both the user and the provider of encrypted data.
D)either the user or the provider of encrypted data.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
67
What three factors determine the strength of any encryption system?
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
68
What are the three fundamental information security concepts?
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
69
What is a penetration test?
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
70
On March 3,2008,a laptop computer belonging to Folding Squid Technology was stolen from the trunk of Jiao Jan's car while he was attending a conference in Cleveland,Ohio.After reporting the theft,Jiao considered the implications of the theft for the company's network security and concluded there was nothing to worry about because

A)the computer was protected by a password.
B)the computer was insured against theft.
C)it was unlikely that the thief would know how to access the company data stored on the computer.
D)the data stored on the computer was encrypted.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
71
The most effective way to protect network resources,like email servers,that are outside of the network and are exposed to the internet is

A)stateful packet filtering.
B)employee training.
C)a firewall.
D)a demilitarized zone.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
72
In developing policies related to personal information about customers,Folding Squid Technologies adhered to the Trust Services framework.The standard applicable to these policies is

A)security.
B)confidentiality.
C)privacy.
D)availability.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
73
When new employees are hired by Folding Squid Technologies,they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(an)

A)authorization control.
B)biometric device.
C)remote access control.
D)defense in depth.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
74
Information technology managers are often in a bind when a new exploit is discovered in the wild.They can respond by updating the affected software or hardware with new code provided by the manufacturer,which runs the risk that a flaw in the update will break the system.Or they can wait until the new code has been extensively tested,but that runs the risk that they will be compromised by the exploit during the testing period.Dealing with these issues is referred to as

A)change management.
B)hardening.
C)patch management.
D)defense in depth
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
75
Describe four requirements of effective passwords
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
76
On February 14,2008,students enrolled in an economics course at Swingline College received an email stating that class would be cancelled.The email claimed to be from the professor,but it wasn't.Computer forensic experts determined that the email was sent from a computer in one of the campus labs at 9:14 A.M.They were then able to uniquely identify the computer that was used by means of its network interface card's ______ address.Security cameras revealed the identity of the student responsible for spoofing the class.

A)TCP/IP
B)MAC
C)DMZ
D)IDS
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
77
Murray Snitzel called a meeting of the top management at Snitzel Capital Management.Number one on the agenda was computer system security."The risk of security breach incidents has become unacceptable," he said,and turned to the Chief Information Officer."This your responsibility! What do you intend to do?" Which of the following is the best answer?

A)Evaluate and modify the system using the Trust Services framework
B)Evaluate and modify the system using the COBIT framework.
C)Evaluate and modify the system using the CTC checklist.
D)Evaluate and modify the system using COBOL.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
78
Identify the four basic principles that contribute to systems reliability according to the Trust Services framework developed by the AICPA and the CICA.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
79
All employees of E.C.Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted.Entry to secure areas,such as the Information Technology Department offices,requires further procedures.This is an example of a(an)

A)authentication control.
B)authorization control.
C)physical access control.
D)hardening procedure.
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
80
There are "white hat" hackers and "black hat" hackers.Cowboy451 was one of the latter.He had researched an exploit and determined that he could penetrate the target system,download a file containing valuable data,and cover his tracks in eight minutes.Six minutes into the attack he was locked out of the system.Using the notation of the time-based model of security,which of the following must be true?

A)P < 6
B)D = 6
C)P = 6
D)P > 6
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 82 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree