Professional Documents
Culture Documents
6) More than half the damage suffered in security breaches is caused by:
A) the inability to safely answer questionnaires.
B) carelessness, errors, or omissions.
C) having email read by unauthorized persons.
D) failure to lock the web browsers.
E) not having a firewall to protect the data .
Answer: B
Diff: 2 Type: MC Page Ref: 89
Skill: R Objective: 1
8) Which of the following would be part of the disaster recovery plan of a company?
A) operations controls
B) physical controls
C) backup hardware locations
D) the number of check digits there should be in the application controls
E) none of the above
Answer: C
Diff: 2 Type: MC Page Ref: 98
Skill: A Objective: 3
13) The term that describes the privileges that a user has within a system is ________.
A) physical controls
B) authentication
C) non-repudiation
D) authorization
E) data management
Answer: D
Diff: 2 Type: MC Page Ref: 106
Skill: A Objective: 6
16) A janitor brought her children to work in the evening and let them into the server
room to use the network server to play games because her computer was already
logged on. What control has been broken?
A) physical controls
B) logical access controls
C) general access controls
D) security management controls
E) all of the above
Answer: E
Diff: 2 Type: MC Page Ref: 92, 93
Skill: A Objective: 2
17) An employee created a new database system to track promotional materials and
linked it into the ERP system. Soon after, the ERP system’s inventory module
suffered a crash. This crash is likely the result of ________.
A) physical controls
B) non-repudiation
C) developmental controls
D) digital signatures
E) firewall errors
Answer: C
Diff: 3 Type: MC Page Ref: 95
Skill: A Objective: 2
21) The use of electronic devices attached to transmission lines that can detect and
capture data transmissions on those lines is called:
23) A potential problem with some Intrusion Detection Systems is the generation of a
large volume of ________.
A) false-positives
B) false-negatives
C) true-positives
D) true-negatives
E) all of the above
Answer: A
Diff: 3 Type: MC Page Ref: 95
Skill: R Objective: 4
24) The annual report of Canadian Tire’s financial activities contains a tag containing the
time that it was created, modified and moved. This is an example of ________.
A) auto tagging
B) digital tagging
C) time stamping
D) authentication
E) auto stamping
Answer: C
Diff: 2 Type: MC Page Ref: 98
Skill: A Objective: 2
E) processing
Answer: D
Diff: 3 Type: MC Page Ref: 106
Skill: A Objective: 6
27) An entity’s security program must address all but the following:
A) its users’ security awareness
B) procedural guidance and training
C) compliance incentives
D) business process improvement
E) compliance monitoring.
Answer: D
Diff: 3 Type: MC Page Ref: 90
Skill: A Objective: 1
28) An access control technique used on the web to prevent unauthorized software from
masquerading as a person, presenting a set of distorted squiggly letters and numbers
that people can decipher but computers cannot is called ________.
A) GOTCHA
B) a digitial signature
C) CAPTCHA
D) a public key
E) encryption
Answer: C
Diff: 3 Type: MC Page Ref: 93
Skill: A Objective: 2
30) All applications that a business uses require controls for input, processing, output,
storage, and:
A) communications.
B) access
C) authorization
D) performance
E) privacy
Answer: A
Diff: 3 Type: MC Page Ref: 98
Skill: A Objective: 5
31) With current technology, security risks are becoming much less of a concern.
A) True
B) False
Answer: False
Diff: 2 Type: TF Page Ref: 89
Skill: R Objective: 1
32) Logical access controls include locking the door to the server room.
A) True
B) False
Answer: False
Diff: 2 Type: TF Page Ref: 93
Skill: A Objective: 2
34) The encryption of information is all that is needed to ensure that a network is safe
from attacks.
A) True
B) False
Answer: False
Diff: 2 Type: TF Page Ref: 99
Skill: A Objective: 4
35) A company can build its security platform on public key infrastructure.
A) True
B) False
Answer: True
Diff: 2 Type: TF Page Ref: 101
Skill: A Objective: 4
36) Lack of standards, regulations and rules, and support systems are examples of
internal risks associated with new business models.
A) True
B) False
Answer: False
Diff: 2 Type: TF Page Ref: 89
Skill: A Objective: 1
37) Studies on stock prices of ebusiness entities have shown that security breaches
involving access to confidential data and website outages are associated with
significant stock price declines.
A) True
B) False
Answer: True
Diff: 2 Type: TF Page Ref: 91
Skill: A Objective: 1
38) An International Development System (IDS) monitors devices and processes for
security threats and can alert security personnel of the occurrence of unusual activity
as it occurs.
A) True
B) False
Answer: False
Diff: 3 Type: TF Page Ref: 95
Skill: A Objective: 4
39) The process of encryption converts data into a form called cipher.
A) True
B) False
Answer: True
Diff: 1 Type: TF Page Ref: 99
Skill: R Objective: 4
41) Outsourcing IT activities can lead to a loss of control over the entity’s business
activities.
A) True
B) False
Answer: True
Diff: 2 Type: TF Page Ref: 90
Skill: R Objective: 1
45) What pair of “keys” is used to encrypt and decrypt messages and other data
transmissions?
Answer:
Private/public
Diff: 2 Type: ES Page Ref: 100
Skill: A Objective: 4
the company’s computer resources and information only for authorized business
purposes.
It also sets out responsibilities for backing up data, protecting against viruses, keeping
passwords secret, and taking other precautions for protecting the privacy of corporate
data.Diff: 2 Type: ES Page Ref: 107
Skill: A Objective: 2