We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

AIS solutions Paper

Words: 3428, Paragraphs: 19, Pages: 12

Paper type: Essay, Subject: Solutions

Training is designed to prevent employees from falling cacti to social engineering attacks and unsafe practices such as clicking on links embedded in e-mail trot unknown sources. ) b. Log analysis (Incorrect. Log analysis involves examining a record of events to discover anomalies. Thus, it is a detective control. ) c. CIRRI (Incorrect. The purpose of a computer incident response team is to respond to and remedial problems and incidents. Thus, it is a corrective control. ) d. Fertilization (Incorrect. Fertilization involves using one physical computer to run multiple virtual machines.

It is primarily a cost-control measure, not an information security control procedure. 3. The control procedure designed to restrict vat portions of an information system an employee can access and What actions he or she can perform is called. A. Authentication (Incorrect. Authentication is the process of verifying a users identity to decide Whether or not to grant that person access. ) b. Authorization (Correct. Authorization is the process of controlling what actions-?read, write, delete, etc. -?a user is permitted to perform. ) c. Intrusion prevention (Incorrect.

Intrusion prevention systems monitor patterns in nonvoter traffic to identify and stop attacks. D. Intrusion detection (Incorrect. Intrusion detection is a detective control that identifies when an attack has occurred. ) 4. A weakness that an attacker can take advantage of to either disable or take control of a system is called a(n) a, exploit (Incorrect. An exploit is the software code used to take advantage of a weakness. ) b. Patch (Incorrect A patch is code designed to fix a weakness. ) vulnerability (Correct. A vulnerability is any weakness that can be used to disable or take control of a system. D. Attack (Incorrect. An attack is the action taken against a system. To succeed, it exploits a vulnerability. ) 5. Which of the following is a corrective control designed to fix vulnerabilities? A. Fertilization (Incorrect. Fertilization involves using one physical computer to run multiple virtual machines. It is primarily a cost-control measure, not an information security control procedure. ) b. Patch management (Correct. Patch management involves replacing flawed code that represents a vulnerability with corrected code, called a patch. ) c. Penetration testing (Incorrect.

We will write a custom essay sample on AIS solutions specifically for you
for only $16.38 $13.9/page

Order now

Penetration testing is detective control. ) d. Authorization (Incorrect. Authorization is a preventive control used to restrict what users can do. ) 6. Which of the following is a detective control? A. Endpoint hardening (Incorrect, Hardening is a preventive control that seeks to eliminate vulnerabilities by reconfiguring devices and software. ) b. Physical access controls (Incorrect, Physical access controls are a preventive control designed to restrict access to a system. ) c. Penetration testing (Correct penetration testing is a detective control designed to identify how long it takes to exploit a vulnerability. D. Patch management (Incorrect. Patch management is a restrictive control that fixes vulnerabilities,) 7 _ A firewall that implements perimeter defense by examining only information in the packet header of a single IP packet in isolation is using a technique referred to as a. Deep packet inspection (Incorrect. Deep packet inspection examines the contents of the data in the body of the IP packet, not just the information in the packet header. ) b. Static packet filtering (Correct. Static packet filtering examines the headers of individual IP packets. ) c. Statutes packet filtering (Incorrect.

Statutes packet filtering examines not only the headers Of individual IP jackets but also a state table to determine whether incoming packets are part of an already established connection. ) d. Single packet inspection (Incorrect. There is no such thing. ) 8. Which of the following techniques is the most effective way to protect the perimeter? A, deep packet inspection (Correct, Deep packet inspection examines the contents of the data in the body of the IP packet, not just the information in the packet header, This is the best way to catch malicious code. B, static packet filtering (Incorrect. Static packet filtering examines the headers to individual IP packets. It can be fooled by attacks that pretend to be sending a response to earlier outbound messages. ) c. Statutes packet filtering (Incorrect. Statutes packet filtering maintains information about “state” or connections initiated by the organization, but it examines only the information in the packet header. Therefore, it cannot detect mallard in the payload of a message) d. All of the above are equally effective (Incorrect. Choices b and c are less effective than choice a. G. Which of the following combinations of credentials is an example of multiracial authentication? A. Ice recognition and a fingerprint reader (Incorrect. This is a combination Of two bio-metric credentials and is an example Of multimode authentication. ) b. A PIN and an ATM card (Correct. The PIN is something a person knows, the ATM card is something the person has. ) c. Password and a user ID (Incorrect. These are both things a person knows and thus represent an example Of multimode authentication. ) d. All Of the above (Incorrect. Only choice b is correct. ) 10.

Modifying default configurations to turn off unnecessary programs and features to improve security is called . A. User account management Incorrect, user account management is a preventive control that limits what a user can do. ) b. Defense-in-depth (Incorrect. Defense-in-depth is the general security principle of using multiple overlapping controls to protect a system,) c. Vulnerability scanning (Incorrect. Vulnerability scanning is a detective control designed to identify weaknesses,) d. Hardening (Correct, This is the definition of hardening. ) I. Which Of the following statements is true? A.

Encryption is sufficient to protect confidentiality and privacy. (Incorrect. Encryption is not sufficient, because sensitive information cannot be encrypted t all times-?it must be decrypted during processing, when displayed on a monitor, or included in a printed report. ) b. Cookies are text files that only store information. They cannot perform any actions. (Correct. Cookies are text files, not executable programs. They can, however, store sensitive information, so they should be protected. ) c. The controls for protecting confidentiality are not effective for protecting privacy. (Incorrect.

The same set of controls-?encryption, access controls, and training-?can be used to protect both confidentiality and privacy. ) d. All of the above are true. Incorrect. Statements a and c are false. ) 2. A digital signature is a. Created by hashing a document and then encrypting the hash with the signers private key (Correct. Creating a hash provides a way to verity the integrity of a document, and encrypting it with the signers private key provides a way to prove that the sender created the document. ) b. Created by hashing a document and then encrypting the hash with the signers public key (Incorrect.

Anyone could encrypt something with the signers public key. Therefore, this process cannot be used to prove who created a document. ) c. Created by hashing document and then encrypting the hash with the signers symmetric key (Incorrect. A symmetric key is possessed by more than one party, so encrypting something with it does not provide a means to prove who created a document). D. None Of the above (Incorrect. Only choices b and c are incorrect; choice a is correct 3. Able wants to send a file to Baker over the Internet and protect the file so that only Baker can read it and can verify that it came from Able. What should Able do? . Encrypt the file using Abeles public key, and then encrypt it again using Baker’s private key. (Incorrect. Able does not know Baker’s private key. ) b. Encrypt the file using Fable’s private key, and then encrypt it again using Bakers private key. (Incorrect. Able does not know Baker’s private key. ) c. Encrypt the file using Fable’s public key, and then encrypt it again using Bakers public key. (Incorrect. Baker does not know Fable’s private key and therefore cannot decrypt the file encrypted with Fable’s public key. ) b, Encrypt the file using Fable’s private key, and then encrypt it again using Baker’s public key. Correct. Encrypting it with Baker’s public key means that only Baker can decrypt it, Then, Baker can use Fable’s public key to decrypt the file-?if the result is understandable, it had to have been created by Able and encrypted with Fable’s private key,) 4. Which of the following statements is true? A. Encryption and hashing are both reversible (can be decoded). (Incorrect. Hashing is irreversible. ) b. Encryption is reversible, but hashing is not. (Correct. Encryption can be reversed to decrypt the ciphered, but hashing cannot be reversed. ) c.

Hashing is reversible, but encryption is not. (Incorrect. Hashing is irreversible, but encryption is reversible. ) d. Neither hashing nor encryption is reversible. Incorrect. Encryption is reversible, a process called decryption. ) 5. Confidentiality focuses on protecting a. Personal information collected FM customers (Incorrect. Protecting customers’ personal information relates to the principle of privacy. ) b. A company’s annual report stored on its Web site (Incorrect. A company’s annual report is meant to be available to the public. ) c. Merger and acquisition plans (Correct.

Merger and acquisition plans are sensitive information that should not be made public until the deal is consummated. ) d. All of the above (Incorrect. Statements a and b are false. ) 6. Which of the following statements about obtaining consent to collect and use a customer’s personal information is true? A. The default policy in Europe is opt- out, but in the United States the default is opt-in, (Incorrect. The default policy in Europe is opt-in, and in the United States it is opt-out. ) b. The default policy in Europe is opt-in, but in the United States the default is opt-out. Correct) c. The default policy in both Europe and the United States is opt-in. (Incorrect. The default policy in Europe is opt-in, and in the United States it is opt-out. ) d, The default policy in both Europe and the United States is opt-out. Incorrect. The default policy in Europe is opt-in and in the IS_S. It is opt-out. ) 7. One of the ten Generally Accepted Privacy Principles concerns security. According to GAP, what is the nature of the relationship between security and privacy? A. Privacy is a necessary, but not sufficient, precondition to effective security. (Incorrect.

Security is one of the ten criteria in GAP because you need security in order to have privacy. Security alone, however, is not enough-? that is why there are nine other criteria in CAP. ) b, Privacy is both necessary and sufficient to effective security. Incorrect. Security is one of the ten criteria in GAP because you need security in order to have privacy. Security alone, however, is not enough-?that is why there are nine other criteria in GAP. ) c. Security is a necessary, but not sufficient, precondition to protect privacy, (Correct. ) d. Security is both necessary and sufficient to protect privacy. (Incorrect.

Security is one of the ten criteria in GAP because you need security in order to have privacy. Security alone, however, is not enough-?that is why there are nine Other criteria in GAP. ) 8. Which Of the following statements is true? A. Symmetric encryption is faster than asymmetric encryption and can be used to provide nonresidential Of contracts. (Incorrect. Symmetric encryption cannot be used for non-repudiation because both parties share the key, so there is no way to prove who created and encrypted a document. ) b. Symmetric encryption is faster than asymmetric encryption but cannot be used to provide nonresidential of contracts. Correct. Symmetric encryption is faster than asymmetric encryption, but it cannot be used for nonresidential; the key is shared by both parties, so there is no way to prove who created and encrypted a document. C, Asymmetric encryption is faster than symmetric encryption and can be used to provide nonresidential to contracts. (Incorrect. Symmetric encryption is faster than asymmetric encryption. ) d. Asymmetric encryption is taster than symmetric encryption but cannot be used to provide nonresidential of contracts. (Incorrect, Symmetric encryption is faster than asymmetric encryption.

Also, asymmetric encryption can be used to provide nonresidential, because encrypting a contract with the creators private key proves that the encrypted did indeed create the contract. ) 9. Which of the following statements is true? . VPN protect the confidentiality of information while it is in transit over the Internet. (Incorrect. This statement is true, but so are the others. ) b. Encryption limits firewalls’ ability to filter traffic. (Incorrect. This statement is true-? firewalls cannot apply their rules to encrypted packets-?but so are the others. ) c. A digital certificate contains that entity’s public key. Incorrect. This statement is true, but so are the others b. All of the above are true. (Correct. All three statements are true. ) 10. Which of the following can organizations use to protect the privacy of a customer’s personal information when giving programmers a realistic data set with which to test a new application? A. Digital signature (Incorrect. A digital signature is used for nonresidential. However, because it is an encrypted hash, it cannot be used to test programming logic,) b. Digital watermark (Incorrect. A digital watermark is used to identity proprietary data, but it does not protect privacy. C. Data loss prevention (Incorrect. Data loss prevention is designed to protect confidentiality by filtering outgoing messages to prevent sensitive data from leaving the company,) d. ATA masking (Correct, Masking replaces actual values with take ones, but the result is still the same type of data, which can then be used to test program logic. ) I _ Which of the following is a characteristic of auditing? A. Auditing is a systematic, step-by-step process. (Incorrect. While this is true, it is not the only correct answer. ) b. Auditing involves the collection and review of evidence. Incorrect. While this is true, it is not the only correct answer. ) c. Auditing involves the use of established criteria to evaluate evidence. (Incorrect. While this is true, it is not the only correct answer. D. All of the above are characteristics Of auditing. (Correct. Auditing is a systematic, step-by-step process that involves the collection and review of evidence and uses established criteria to evaluate evidence. ) 2. Which of the following is NOT a reason an internal auditor should participate in internal control review;. 5 during the design of new systems? A.

It is more economical to design controls during the design stage than to do so later. (Incorrect. Internal audit should participate in internal control reviews because it is far less expensive to design controls during systems design than to try and implement controls after the system has been designed,) h. It eliminates the need tort testing controls during regular audits. (Correct. Even it the auditor participates in internal control reviews, the auditor will still have to test controls to determine whether they are in place and working as intended. ) c. It minimizes the need for expensive modifications after the system is implemented. Incorrect, Internal auditors should participate in internal control reviews because it reduces the likelihood of post-system-implementation modifications,) d. It permits the design to audit trails while they are economical. Incorrect. Internal auditors should participate in internal control reviews because their participation in systems design does facilitate the design of effective audit trails. ) 3. Which type of audit involves a review of general and application controls, with a focus on determining if there is compliance with policies and adequate safeguarding of assets? A. Information systems audit (Correct. An information systems audit reviews general and application controls, with a focus on determining Whether there is compliance With policies and adequate safeguarding of assets. ) b. Financial audit (Incorrect. A financial audit examines the reliability Of accounting records. ) c. Operational audit (Incorrect. An operational audit is concerned with the efficient use of resources and the accomplishment Of entity Objectives. ) d. Compliance audit (Incorrect. A compliance audit is concerned with reviewing whether an entity is meeting prescribed policies, rules, and laws. 4. At what step in the audit process do the concepts of reasonable assurance and materiality enter into the auditors decision process? A. Planning (Incorrect, Although materiality and reasonable assurance enter into the auditor’s decision recess during planning, they are also important in other steps in the audit process. ) b. Evidence collection (Incorrect. Although materiality and reasonable assurance enter into the auditor’s decision process during evidence collection, they are also important in other steps in the audit process. ) c. Evidence evaluation (Incorrect.

Although materiality and reasonable assurance enter into the auditors decision process during evidence evaluation, they are also important in other steps in the audit process. ) d. They are important in all three steps. (Correct. Materiality and reasonable assurance are important when the auditor plans an audit and when the auditor collects and evaluates evidence. ) 5. What is the four-step approach to internal control evaluation that provides a logical framework for carrying out an audit? A. Inherent risk analysis (Incorrect. Inherent risk is the susceptibility to material risk in the absence Of controls. B. Systems review (Incorrect. Systems review involves reviewing system documentation and interviewing appropriate personnel to determine Whether the necessary procedures are in place. ) c. Tests of controls (Incorrect. Tests of controls are conducted to determine whether control policies and procedures re satisfactorily followed. ) d. Risk-based approach to auditing (Correct. The risk- based audit approach is a four-step approach to carrying out an audit. The four steps are determining threats, identifying control procedures, evaluating control procedures, and evaluating weaknesses. 6. Which of the following procedures is NOT used to detect unauthorized program changes? A. Source code comparison (Incorrect, Source code comparison is used to detect unauthorized program changes by thoroughly testing a newly developed program and keeping a copy of its source code. ) b. Parallel simulation (Incorrect. To use parallel simulation to detect unauthorized program changes, an auditor writes a version of the program, reprocesses the company’s data, compares the results to the company’s results, and investigates any differences. ) c. Processing (Incorrect. TO use reprocessing to detect unauthorized program changes, the auditor verifies the integrity of an application program, saves it, and on a surprise basis uses the program to reprocess data and compare that output with the company’s output. ) d. Reprogramming code (Correct. Reprogramming code is not used to test for unauthorized program changes. ) 7. Which of the following is a concurrent audit technique that monitors all transactions and collects data on those that meet certain characteristics specified by the auditor? , integrated test facility (Incorrect, An integrated test facility inserts a dummy company or division into a computer system to test transaction data without affecting real data. ) b, snapshot techniques (Incorrect. The snapshot technique records the content to both a transaction record and a related master file record before each processing step,) c. SCARF (Correct. System control audit review tile is a concurrent audit technique that embeds audit modules into application software to monitor continuously all transaction activity. ) d, audit hooks (Incorrect.

An audit hook is a concurrent audit technique that embeds audit routines into application software to flag certain kinds of transactions that might be indicative of fraud. ) 8. Which of the following is a computer technique that assists an auditor in understanding program logic by identifying all occurrences Of specific variables? A. Mapping program (Incorrect. Mapping programs are activated during regular processing and provide information about portions Of the application program that were not executed. B. Program tracing (Incorrect.

Program tracing is a technique used to determine application program logic in order to test program controls. ) c. Automated flowcharting (Incorrect. Automated flowcharting interprets source code and generates a flowchart of that program. ) d. Scanning routine (Correct. Scanning routine software programs search for particular variable names or specific characters. ) 9. Which of the following is a computer program written especially for audit use? A. GAS (Correct. Generalized audit software is a software program written especially for audit uses, such as testing data files.

Examples are CAL and IDEA) b. CATS (Incorrect. CATS has no meaning in information systems auditing. Computer-assisted audit techniques (CATS) is the name given to all computer- assisted techniques used to audit computers. ) c. TIFT (Incorrect. An integrated test facility places a small set of fictitious records in master files. Transactions are processed for these records, and the actual and expected results are compared. ) d. CICS (Incorrect. Continuous and intermittent simulation embeds an audit module in a DB’S that examines all transactions that update the database. )

How to cite this page

Choose cite format:

AIS solutions. (2018, May 11). Retrieved from https://paperap.com/paper-on-ais-solutions/

We will write a custom paper sample onAIS solutionsspecifically for you

for only $16.38 $13.9/page
Order now

Our customer support team is available Monday-Friday 9am-5pm EST. If you contact us after hours, we'll get back to you in 24 hours or less.

By clicking "Send Message", you agree to our terms of service and privacy policy. We'll occasionally send you account related and promo emails.
No results found for “ image
Try Our service

Hi, I am Colleen from Paperap.

Hi there, would you like to get such a paper? How about receiving a customized one? Click to learn more https://goo.gl/CYf83b