Systems Controls MCQs

?

The Trust Services Framework reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is...






?

Which of the following is not a useful control procedure to control access to system outputs?






?

According to the Trust Services Framework, the reliability principle of integrity is achieved when the system produces data that






?

Which of the following is not one of the three fundamental information security concepts?






?

Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliabilit...






?

If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the ...






?

Verifying the identity of the person or device attempting to access the system is






?

Restricting access of users to specific portions of the system as well as specific tasks, is






?

Which of the following is an example of a preventive control?






?

Which of the following is an example of a detective control?






?

Which of the following is an example of a corrective control?






?

Which of the following is not a requirement of effective passwords?






?

Multi-factor authentication






?

An access control matrix






?

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?






?

Which of the following preventive controls are necessary to provide adequate security for social engineering threats?






?

A special purpose hardware device or software running on a general purpose computer, which filters information that is allowed to enter and leave the ...






?

This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.






?

This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.






?

This network access control determines which IP packets are allowed entry to a network and which are dropped.






?

Compatibility tests utilize a(n) ________, which is a list of authorized users, programs, and data files the users are authorized to access or manipul...






?

The process that screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header is known as






?

The process that maintains a table that lists all established connections between the organization's computers and the Internet, to determine whe...






?

The process that allows a firewall to be more effective by examining the data in the body of an IP packet, instead of just the header, is known as






?

The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as






?

This is used to identify rogue modems (or by hackers to identify targets).






?

The process of turning off unnecessary features in the system is known as






?

The most common input-related vulnerability is






?

This creates logs of network traffic that was permitted to pass the firewall.






?

The process that uses automated tools to identify whether a system possesses any well-known security problems is known as a(n)






?

This is an authorized attempt by an internal audit team or an external security consultant to attempt to break into the organization's informatio...






?

A well-known hacker started his own computer security consulting business shortly after being released from prison. Many companies pay him to attempt ...






?

The ________ disseminates information about fraud, errors, breaches and other improper system uses and their consequences.






?

In 2007, a major U.S. financial institution hired a security firm to attempt to compromise its computer network. A week later, the firm reported that ...






?

It was 9:08 A.M. when Jiao Jan, the Network Administrator for Folding Squid Technologies, was informed that the intrusion detection system had identif...






?

Which of the following is commonly true of the default settings for most commercially available wireless access points?






?

In recent years, many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.






?

Meaningful Discussions is a social networking site that boasts over a million registered users and a quarterly membership growth rate in the double di...






?

When new employees are hired by Folding Squid Technologies, they are assigned user names and appropriate permissions are entered into the information ...






?

When new employees are hired by Folding Squid Technologies, they are assigned user names and passwords and provided with laptop computers that have an...






?

Information technology managers are often in a bind when a new exploit is discovered in the wild. They can respond by updating the affected software o...






?

Murray Snitzel called a meeting of the top management at Snitzel Capital Management. Number one on the agenda was computer system security. "The risk ...






?

Which of the following is the most effective method of protecting against social engineering attacks on a computer system?






?

The most effective way to protect network resources, like email servers, that are outside of the network and are exposed to the Internet is






?

All employees of E.C. Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted. Ent...






?

On February 14, 2008, students enrolled in an economics course at Swingline College received an email stating that class would be cancelled. The email...






?

There are "white hat" hackers and "black hat" hackers. Cowboy451 was one of the "black hat" hackers. He had researched an exploit and determined that ...