All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
business
auditing 12th
Questions and Answers of
Auditing 12th
If required, an auditor is justified in the use of security assessment techniques such as penetration testing and vulnerability analysis and may consider using the work of other experts.A. True B.
What does CAATT stand for?A. Computer Assisted Audit Tools and Techniques B. Computer Aided Assessment Tools and Techniques C. Compliance Auditing Assisted Tactical Techniques D. Compliance Assisted
Which of the following are examples of information provided by audit logs?A. Failed authentication attempts B. Account changes C. Privileged use D. All of the above
Which of the following benefits does an automated security information and event management log solution provide?A. Diagnosing and preventing operational problems B. Assigning appropriate
A configuration ________ database provides a central repository of configuration items.
Which one of the following best describes an assessment objective for a control?A. A high-level statement to determine the effectiveness of a control B. A detailed statement on what activities need
Which one of the following is not an example of a level of depth required to assess a control?A. Comprehensive B. Generalized C. Focused D. Detailed
Which of the following best describes documents such as policies, procedures, plans, and architectural designs?A. Specification objects B. Mechanism objects C. Activity objects D. Configuration
Preventing a user who approves a configuration change from being the person who implements the change is an example of which of the following?A. Rotation of duties B. Least privilege C. Segregation
Which of the following is not a purpose of the audit report?A. Provide an action plan for auditors to implement controls.B. Communicate the results.C. Prevent misunderstanding of the results.D.
An abstract of an audit report provides a brief review intended for senior-level management who might not have the time to read and understand the entire report.A. True B. False
An executive summary should never be more than one page long.A. True B. False
Which of the following best describes an audit finding?A. The procedures used to find IT controls B. A documented conclusion that identifies deficiencies C. A verbal recommendation to improve
Which level using the COBIT Process Capability Model would be assigned to a business that does not recognize the need for IT security, nor has a recognizable system security administration process?A.
Which one of the following is the product of the likelihood of a threat occurring and the impact the threat could have?A. Occurrence B. Risk C. Vulnerability D. Likelihood of impact
Which one of the following is not a privacy principle as identified by GAAP?A. Secrecy B. Choice and consent C. Collection D. Use and retention E. Disclosure to third parties
Which of the following best describes a business that is found to have unlicensed software installed throughout the environment?A. They have violated export restrictions on cryptographic software.B.
Which of the following best describes when compliance of a control cannot be determined due to a lack of collected evidence?A. Not determined B. Not applicable C. Compliant D. Answers A and B
The final audit report includes recommended actions, which should be associated with which of the following?A. Findings B. Vulnerabilities C. Threats D. None of the above
Which type of control only reports that a violation has occurred??A. Preventive B. Detective C. Corrective D. Restorative
The term ________ defines the components, including people, information, and conditions, that support business objectives.
Which of the following types of policies defines prohibited actions?A. Access control policy B. Password usage policy C. Acceptable use policy D. Violation action policy
Which of the following terms ensures at least two people must perform a series of actions to complete a task?A. Separation of duties B. Least privilege C. Need to know D. User clearance
When using DAC, a subject must possess sufficient clearance as well as ________ to access an object.
Which of the following terms defines a strategy in which you grant access that allows a user to complete assigned tasks and nothing else?A. Separation of duties B. Least privilege C. Need to know D.
Which type of agreement can protect the ability to file a patent application?A. Relinquish ownership agreement B. Security clearance waiver C. Background check agreement D. Confidentiality agreement
What condition must exist for a background check to be governed by FCRA?A. The investigation includes credit history.B. The investigation is performed by a third party.C. The investigation is
Which of the following best describes the purpose of auditing?A. It finds the root causes of violation issues.B. It assists investigators in identifying blame for violations.C. It verifies that
Using a RACI matrix, which attribute refers to the party that actually carries out the work?A. Responsible B. Accountable C. Consulted D. Informed
Which department should take the lead in User Domain compliance accountability?A. Information technology B. Information security C. Human resources D. Security
A confidentiality agreement sets the expectations of each employee and sets job performance standards.A. True B. False
Which of the following is a series of individual tasks that users accomplish to comply with one or more goals?A. Policy B. Standard C. Procedure D. Guideline
Which of the following is a collection of requirements the users must meet?A. Policy B. Standard C. Procedure D. Guideline
Discretionary access control is based on roles and granted permissions.A. True B. False
________ means the ongoing attention and care an organization places on security and compliance.
PCI DSS allows merchants to store the CVV number.A. True B. False
Which of the following choices protect your system from users transferring private data files from a server to a workstation? (Select two.)A. Increase the frequency of object access audits.B. Deliver
Some attackers use the process of ________ to find modems that may be used to attack a computer.
Which security-related act requires organizations to protect all personal medical information?A. HIPAA B. GLBA C. SOX D. SCM
Which of the following is the process of verifying credentials of a specific user?A. Authorization B. Identification C. Authentication D. Revocation
Which of the following is the process of providing additional private credentials that match the user ID or username?A. Authorization B. Identification C. Authentication D. Revocation
Which access control method is based on granting permissions?A. DAC B. MAC C. RBAC D. OAC
The ________ property of the C-I-A triad provides the assurance the information cannot be changed by unauthorized users.
What are the types of malware? (Select two.)A. Programs that actively spread or infect B. Programs that slow down data transfer C. Programs that cause damage D. Programs that hide
A ________ is a type of malware that is a self-contained program that replicates and sends copies of itself to other computers.
A LAN is a network that generally spans several city blocks.A. True B. False
A local resource is any resource connected to the local LAN.A. True B. False
Which of the following devices repeats input received to all ports?A. Switch B. Hub C. Gateway D. Router
________ cabling provides excellent protection from interference but can be expensive.
Even the newest wireless protocols are slower than using high-quality physical cable.A. True B. False
Which LAN device commonly has the ability to filter packets and deny traffic based on the destination address?A. Router B. Gateway C. Hub D. Switch
Which of the following would be the best use for a packet sniffer?A. To approve or deny traffic based on the destination address B. To encrypt confidential data C. To analyze packet contents for
Why is LAN device configuration control important?A. Configuration control helps to detect violations of LAN resource access controls.B. Configuration control can detect changes an attacker might
A(n) ________ is a dedicated computer on a LAN that runs network management software.
Which of the following controls would comply with the directive to limit access to payroll data to computers in the HR department?A. User-based authorization B. Group-based authorization C. Media
You should back up LAN device configuration settings as part of a LAN backup.A. True B. False
A successful DoS attack violates the ________ property of C-I-A.
Where must sensitive information be encrypted to ensure its confidentiality? (Select two.)A. While in use on a workstation B. During transmission over the network C. As it is stored on disk D. In
Why is mapping a LAN a productive exercise?A. Visual maps help to identify unnecessary controls.B. Visual maps help in understanding your LAN design.C. A LAN map is required before physically
How can some smart routers attempt to stop a DoS attack in progress?A. They can alert an attack responder.B. They can log all traffic coming from the source of the attack.C. They can terminate any
A distributed application is one in which the components that make up the application reside on different computers.A. True B. False
Which of the following is commonly the primary security control for data entering the LAN-to-WAN Domain?A. Filtering B. NAT C. Encryption D. Address validation
A(n) ________ makes requests for remote services on behalf of local clients.
A(n) ________ is an isolated part of a network that is connected both to the Internet and your internal secure network and is a common home for Internet-facing Web servers.
Which type of network device is most commonly used to filter network traffic?A. Router B. Firewall C. Switch D. IDS
If you only have one connection to the Internet and that connection fails, your organization loses its Internet connection. This is an example of a(n) ________.
Which of the following devices detect potential intrusions? (Select two.)A. Firewall B. IPS C. IDS D. Load balancer
What does it mean when there are differences between the last security configuration baseline and the current security configuration settings?A. Unauthorized changes have occurred.B. Authorized
Which of the following is a solution that defines and implements a policy that describes the requirements to access your network?A. NAC B. NAT C. NIC D. NOP
Which of the following best describes a dual-homed ISP connection?A. An ISP connection using two firewalls B. Connecting two LANs to the Internet using a single ISP connection C. A network that
Many organizations use a(n) ________ to allow remote users to connect to internal network resources.
You only need written authorization prior to conducting a penetration test that accesses resources outside your organization.A. True B. False
NAT is helpful to hide internal IP addresses from the outside world.A. True B. False
The ________ feature speeds up routing network packets by adding a label to each packet with routing information.
Which of the following best describes the term honeypot?A. A server that is deliberately set up in an unsecure manner to attract attackers B. A server that contains extremely sensitive data C. A
The WAN Domain commonly contains a DMZ.A. True B. False
One of the most important concerns when sending data across a WAN is confidentiality.A. True B. False
Which of the following is the primary type of control employed in the WAN Domain?A. Firewalls B. Encryption C. Hashing D. Compression
Who writes SLAs?A. Subscribing organization B. Telecom company C. WAN service provider D. SOC
Which type of WAN generally has the highest speed and is most secure?A. Dedicated line B. Circuit switching C. Packet switching D. MPLS network
The ________ contains the guaranteed availability for your WAN connection.
Which WAN technology is a cost-effective solution for connecting multiple locations?A. MPLS B. ISDN C. MAN D. L2TP
Most WAN protocols operate at which level in the OSI reference model?A. 7 B. 3 C. 2 D. 1
A(n) ________ can exclude unnecessary traffic from the WAN.
WAN subscription cost tends to decrease as availability increases.A. True B. False
By definition, VPN traffic is encrypted.A. True B. False
Which of the following is an internal control report for the services provided by a service provider?A. SLA B. WAN C. SOC D. MPLS
A ________ makes it easy to establish what appears to be a dedicated connection over a WAN.
Which of the following describes a common LAN protocol deployed to a network the size of a city?A. IPSec MAN B. Urban Ethernet C. TCP MAN D. Metro Ethernet
The primary concern for remote access is availability.A. True B. False
Which entity is responsible for controlling access to network traffic in the WAN?A. WAN optimizer B. Your organization C. WAN service provider D. Network management platform
________ is the primary security control used in the Remote Access Domain.
All VPN traffic is encrypted.A. True B. False
Given adequate security controls, PDAs are appropriate for use as remote access devices.A. True B. False
Which of the following terms means the process to decide what a user can do?A. Identification B. Authentication C. Clearance D. Authorization
Which of the following protocols is used for encrypted traffic?A. HTTPS B. SNMP C. IP D. L2TP
________ is a technique that creates a virtual encrypted channel that allows applications to use any protocol to communicate with servers and services without having to worry about addressing privacy
Which of the following protocols works well with firewalls?A. GRE B. SSTP C. L2TP D. L2F
Which of the following transmission techniques requires the entire bandwidth of a channel?A. Multiband B. Baseband C. Broadband D. Duplex
________ is a network protocol used to monitor network devices.
Showing 1000 - 1100
of 1786
First
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18