Management. Number one on the agenda was computer system security. "The risk of
security breach incidents has become unacceptable," he said, and turned to the Chief
Information Officer. "This is your responsibility! What do you intend to do?" Which of
the following is the best answer?
A) Evaluate and modify the system using the Trust Services framework
B) Evaluate and modify the system using the COSO Internal Control Framework.
C) Evaluate and modify the system using the CTC checklist.
D) Evaluate and modify the system using COBOL.
Answer: A
Page Ref: 221
Objective: Learning Objective 1
Difficulty : Moderate
AACSB: Analytic
43) Which of the following is the most effective method of protecting against social
engineering attacks on a computer system?
A) stateful packet filtering
B) employee awareness training
C) a firewall
D) a demilitarized zone
Answer: B
Page Ref: 226
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic
44) The most effective way to protect network resources, like email servers, that are
outside of the network and are exposed to the Internet is
A) stateful packet filtering.
B) employee training.
C) a firewall.
D) a demilitarized zone.
Answer: D
Page Ref: 230
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic
45) All employees of E.C. Hoxy are required to pass through a gate and present their
photo identification cards to the guard before they are admitted. Entry to secure areas,
such as the Information Technology Department offices, requires further procedures. This
is an example of a(an)
A) authentication control.
B) authorization control.
C) physical access control.
D) hardening procedure.
Answer: C
Page Ref: 229
Objective: Learning Objective 3
Difficulty : Easy
AACSB: Analytic
46) On February 14, 2008, students enrolled in an economics course at Swingline College
received an email stating that class would be cancelled. The email claimed to be from the
professor, but it wasn't. Computer forensic experts determined that the email was sent
from a computer in one of the campus labs at 9:14 A.M. They were then able to uniquely
identify the computer that was used by means of its network interface card's ________
address. Security cameras revealed the identity of the student responsible for spoofing the
class.
A) TCP/IP
B) MAC
C) DMZ
D) IDS
Answer: B
Page Ref: 228
Objective: Learning Objective 3
Difficulty : Difficult
AACSB: Analytic
47) There are "white hat" hackers and "black hat" hackers. Cowboy451 was one of the
"black hat" hackers. He had researched an exploit and determined that he could penetrate
the target system, download a file containing valuable data, and cover his tracks in eight
minutes. Six minutes into the attack he was locked out of the system. Using the notation
of the time-based model of security, which of the following must be true?
A) P < 6
B) D = 6
C) P = 6
D) P > 6
Answer: D
Page Ref: 224
Objective: Learning Objective 2
Difficulty : Difficult
AACSB: Analytic
48) Identify three ways users can be authenticated and give an example of each.
Answer: Users can be authenticated by verifying: 1. something they know (password). 2.
something they have (smart card or ID badge). 3. Something they are (biometric
identification of fingerprint).
Page Ref: 226
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic
to authorize access to spaces and equipment; attach and lock laptops to immobile objects;
utilize magnetic or chip cards to authorize access to spaces and equipment; limit or
prohibit windows and glass walls in sensitive areas.
Page Ref: 229-230
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic