New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
auditing 12th
Auditing IT Infrastructures For Compliance 2nd Edition Martin Weiss, Michael G. Solomon - Solutions
Which one of the following is not an example of an audit facilitating tool defined by the IIA?A. Project management software B. Flowcharting software C. Electronic work papers D. Presentation software
The decision to apply or not apply controls is based on risk.A. True B. False
Which one of the following is the best example of avoiding risk?A. The IT department decides to install an antivirus device at its network border.B. The IT department outsources its vulnerability management program to a third party.C. The IT department disables the ability for end users to use
Which of the following is an examination of the current state of controls against the desired state of controls?A. Control objective B. Gap analysis C. Baseline analysis D. Log review
The purpose of a network scan is to identify as many vulnerabilities as possible.A. True B. False
A ________ is an assessment method that uses methods similar to what a real-world attacker might use.
Which one of the following is not an example of a review technique?A. Password cracking B. File integrity checking C. Log review D. Network sniffing
If required, an auditor is justified in the use of security assessment techniques such as penetration testing and vulnerability analysis and may consider using the work of other experts.A. True B. False
What does CAATT stand for?A. Computer Assisted Audit Tools and Techniques B. Computer Aided Assessment Tools and Techniques C. Compliance Auditing Assisted Tactical Techniques D. Compliance Assisted Audit Tactical Tools
Which of the following are examples of information provided by audit logs?A. Failed authentication attempts B. Account changes C. Privileged use D. All of the above
Which of the following benefits does an automated security information and event management log solution provide?A. Diagnosing and preventing operational problems B. Assigning appropriate responsibilities to security operations C. Management of a configuration change control board D. All of the
A configuration ________ database provides a central repository of configuration items.
Which one of the following best describes an assessment objective for a control?A. A high-level statement to determine the effectiveness of a control B. A detailed statement on what activities need to occur to implement a control C. A definition of responsibilities to be assigned to security
Which one of the following is not an example of a level of depth required to assess a control?A. Comprehensive B. Generalized C. Focused D. Detailed
Which of the following best describes documents such as policies, procedures, plans, and architectural designs?A. Specification objects B. Mechanism objects C. Activity objects D. Configuration objects
Preventing a user who approves a configuration change from being the person who implements the change is an example of which of the following?A. Rotation of duties B. Least privilege C. Segregation of duties D. Dual control
Which of the following is not a purpose of the audit report?A. Provide an action plan for auditors to implement controls.B. Communicate the results.C. Prevent misunderstanding of the results.D. Facilitate follow-up corrective action.
An abstract of an audit report provides a brief review intended for senior-level management who might not have the time to read and understand the entire report.A. True B. False
An executive summary should never be more than one page long.A. True B. False
Which of the following best describes an audit finding?A. The procedures used to find IT controls B. A documented conclusion that identifies deficiencies C. A verbal recommendation to improve controls D. The auditor’s fee
Which level using the COBIT Process Capability Model would be assigned to a business that does not recognize the need for IT security, nor has a recognizable system security administration process?A. Level 0 B. Level 1 C. Level 2 D. Level 3
Which one of the following is the product of the likelihood of a threat occurring and the impact the threat could have?A. Occurrence B. Risk C. Vulnerability D. Likelihood of impact
Which one of the following is not a privacy principle as identified by GAAP?A. Secrecy B. Choice and consent C. Collection D. Use and retention E. Disclosure to third parties
Which of the following best describes a business that is found to have unlicensed software installed throughout the environment?A. They have violated export restrictions on cryptographic software.B. They are not adequately protecting personal information.C. They have violated intellectual property
Which of the following best describes when compliance of a control cannot be determined due to a lack of collected evidence?A. Not determined B. Not applicable C. Compliant D. Answers A and B
The final audit report includes recommended actions, which should be associated with which of the following?A. Findings B. Vulnerabilities C. Threats D. None of the above
Which type of control only reports that a violation has occurred??A. Preventive B. Detective C. Corrective D. Restorative
The term ________ defines the components, including people, information, and conditions, that support business objectives.
Which of the following types of policies defines prohibited actions?A. Access control policy B. Password usage policy C. Acceptable use policy D. Violation action policy
Which of the following terms ensures at least two people must perform a series of actions to complete a task?A. Separation of duties B. Least privilege C. Need to know D. User clearance
When using DAC, a subject must possess sufficient clearance as well as ________ to access an object.
Which of the following terms defines a strategy in which you grant access that allows a user to complete assigned tasks and nothing else?A. Separation of duties B. Least privilege C. Need to know D. User clearance
Which type of agreement can protect the ability to file a patent application?A. Relinquish ownership agreement B. Security clearance waiver C. Background check agreement D. Confidentiality agreement
What condition must exist for a background check to be governed by FCRA?A. The investigation includes credit history.B. The investigation is performed by a third party.C. The investigation is performed by the prospective employer.D. The investigation includes criminal history.
Which of the following best describes the purpose of auditing?A. It finds the root causes of violation issues.B. It assists investigators in identifying blame for violations.C. It verifies that systems are operating in compliance.D. It searches for hidden unacceptable use of IT resources.
Using a RACI matrix, which attribute refers to the party that actually carries out the work?A. Responsible B. Accountable C. Consulted D. Informed
Which department should take the lead in User Domain compliance accountability?A. Information technology B. Information security C. Human resources D. Security
A confidentiality agreement sets the expectations of each employee and sets job performance standards.A. True B. False
Which of the following is a series of individual tasks that users accomplish to comply with one or more goals?A. Policy B. Standard C. Procedure D. Guideline
Which of the following is a collection of requirements the users must meet?A. Policy B. Standard C. Procedure D. Guideline
Discretionary access control is based on roles and granted permissions.A. True B. False
________ means the ongoing attention and care an organization places on security and compliance.
PCI DSS allows merchants to store the CVV number.A. True B. False
Which of the following choices protect your system from users transferring private data files from a server to a workstation? (Select two.)A. Increase the frequency of object access audits.B. Deliver current security policy training.C. Place access control to prohibit inappropriate actions.D.
Some attackers use the process of ________ to find modems that may be used to attack a computer.
Which security-related act requires organizations to protect all personal medical information?A. HIPAA B. GLBA C. SOX D. SCM
Which of the following is the process of verifying credentials of a specific user?A. Authorization B. Identification C. Authentication D. Revocation
Which of the following is the process of providing additional private credentials that match the user ID or username?A. Authorization B. Identification C. Authentication D. Revocation
Which access control method is based on granting permissions?A. DAC B. MAC C. RBAC D. OAC
The ________ property of the C-I-A triad provides the assurance the information cannot be changed by unauthorized users.
What are the types of malware? (Select two.)A. Programs that actively spread or infect B. Programs that slow down data transfer C. Programs that cause damage D. Programs that hide
A ________ is a type of malware that is a self-contained program that replicates and sends copies of itself to other computers.
A LAN is a network that generally spans several city blocks.A. True B. False
A local resource is any resource connected to the local LAN.A. True B. False
Which of the following devices repeats input received to all ports?A. Switch B. Hub C. Gateway D. Router
________ cabling provides excellent protection from interference but can be expensive.
Even the newest wireless protocols are slower than using high-quality physical cable.A. True B. False
Which LAN device commonly has the ability to filter packets and deny traffic based on the destination address?A. Router B. Gateway C. Hub D. Switch
Which of the following would be the best use for a packet sniffer?A. To approve or deny traffic based on the destination address B. To encrypt confidential data C. To analyze packet contents for known inappropriate traffic D. To track configuration changes to specific LAN devices
Why is LAN device configuration control important?A. Configuration control helps to detect violations of LAN resource access controls.B. Configuration control can detect changes an attacker might have made to allow harmful traffic in a LAN.C. It reduces the frequency of changes because they are
A(n) ________ is a dedicated computer on a LAN that runs network management software.
Which of the following controls would comply with the directive to limit access to payroll data to computers in the HR department?A. User-based authorization B. Group-based authorization C. Media Access Control–based authorization D. Smartcard-based authorization
You should back up LAN device configuration settings as part of a LAN backup.A. True B. False
A successful DoS attack violates the ________ property of C-I-A.
Where must sensitive information be encrypted to ensure its confidentiality? (Select two.)A. While in use on a workstation B. During transmission over the network C. As it is stored on disk D. In memory
Why is mapping a LAN a productive exercise?A. Visual maps help to identify unnecessary controls.B. Visual maps help in understanding your LAN design.C. A LAN map is required before physically installing any hardware or connection media.D. A visual map is the only way to define paths between devices.
How can some smart routers attempt to stop a DoS attack in progress?A. They can alert an attack responder.B. They can log all traffic coming from the source of the attack.C. They can terminate any connections with the source of the attack.D. They can reset all connections.
A distributed application is one in which the components that make up the application reside on different computers.A. True B. False
Which of the following is commonly the primary security control for data entering the LAN-to-WAN Domain?A. Filtering B. NAT C. Encryption D. Address validation
A(n) ________ makes requests for remote services on behalf of local clients.
A(n) ________ is an isolated part of a network that is connected both to the Internet and your internal secure network and is a common home for Internet-facing Web servers.
Which type of network device is most commonly used to filter network traffic?A. Router B. Firewall C. Switch D. IDS
If you only have one connection to the Internet and that connection fails, your organization loses its Internet connection. This is an example of a(n) ________.
Which of the following devices detect potential intrusions? (Select two.)A. Firewall B. IPS C. IDS D. Load balancer
What does it mean when there are differences between the last security configuration baseline and the current security configuration settings?A. Unauthorized changes have occurred.B. Authorized changes have occurred.C. Changes have occurred (either authorized or unauthorized).D. Unapproved changes
Which of the following is a solution that defines and implements a policy that describes the requirements to access your network?A. NAC B. NAT C. NIC D. NOP
Which of the following best describes a dual-homed ISP connection?A. An ISP connection using two firewalls B. Connecting two LANs to the Internet using a single ISP connection C. A network that maintains two ISP connections D. Using two routers to split a single ISP connection into two subnets
Many organizations use a(n) ________ to allow remote users to connect to internal network resources.
You only need written authorization prior to conducting a penetration test that accesses resources outside your organization.A. True B. False
NAT is helpful to hide internal IP addresses from the outside world.A. True B. False
The ________ feature speeds up routing network packets by adding a label to each packet with routing information.
Which of the following best describes the term honeypot?A. A server that is deliberately set up in an unsecure manner to attract attackers B. A server that contains extremely sensitive data C. A collection of computers that are vulnerable to attack and could allow your network to be compromised D.
The WAN Domain commonly contains a DMZ.A. True B. False
One of the most important concerns when sending data across a WAN is confidentiality.A. True B. False
Which of the following is the primary type of control employed in the WAN Domain?A. Firewalls B. Encryption C. Hashing D. Compression
Who writes SLAs?A. Subscribing organization B. Telecom company C. WAN service provider D. SOC
Which type of WAN generally has the highest speed and is most secure?A. Dedicated line B. Circuit switching C. Packet switching D. MPLS network
The ________ contains the guaranteed availability for your WAN connection.
Which WAN technology is a cost-effective solution for connecting multiple locations?A. MPLS B. ISDN C. MAN D. L2TP
Most WAN protocols operate at which level in the OSI reference model?A. 7 B. 3 C. 2 D. 1
A(n) ________ can exclude unnecessary traffic from the WAN.
WAN subscription cost tends to decrease as availability increases.A. True B. False
By definition, VPN traffic is encrypted.A. True B. False
Which of the following is an internal control report for the services provided by a service provider?A. SLA B. WAN C. SOC D. MPLS
A ________ makes it easy to establish what appears to be a dedicated connection over a WAN.
Which of the following describes a common LAN protocol deployed to a network the size of a city?A. IPSec MAN B. Urban Ethernet C. TCP MAN D. Metro Ethernet
The primary concern for remote access is availability.A. True B. False
Which entity is responsible for controlling access to network traffic in the WAN?A. WAN optimizer B. Your organization C. WAN service provider D. Network management platform
________ is the primary security control used in the Remote Access Domain.
All VPN traffic is encrypted.A. True B. False
Showing 1000 - 1100
of 1793
First
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Step by Step Answers
Get 50% OFF
Claim Now
