05 - Part 2 + Part 3

Identify the type of information below that is least likely to be considered confidential by an organization. Audited financial statements. Legal documents. Top executives' salaries. New product development plans.

Which of the following is not one of the basic actions that an organization must take to preserve the confidentiality of sensitive information?. Identification of information to be protected. Backing up the information. Controlling access to the information. Training.

Classification of confidential information is the responsibility of whom, according to COBIT?. External auditor. Information owner. IT security professionals. Management.

Encryption is a necessary part of which information security approach?. Defense in depth. Time based defense. Continuous monitoring. Synthetic based defense.

Information rights management software can do all of the following except. limiting access to specific files. limit action privileges to a specific time period. authenticate individuals accessing information. specify the actions individuals granted access to information can perform.

Identify the first step in protecting the confidentiality of intellectual property below. Identifying who has access to the intellectual property. Identifying the means necessary to protect the intellectual property. Identifying the weaknesses surrounding the creation of the intellectual property. Identifying what controls should be placed around the intellectual property.

After the information that needs to be protected has been identified, what step should be completed next?. The information needs to be placed in a secure, central area. The information needs to be encrypted. The information needs to be classified in terms of its value to the organization. The information needs to be depreciated.

Identify the last step in protecting the confidentiality of intellectual property below. Encrypt the information. Control access to the information. Train employees to properly handle the information. Identify and classify the information to be protected.

Which type of software blocks outgoing messages containing key words or phrases associated with an organization's sensitive data?. Anti-virus software. Data loss prevention software. A digital watermark. Information rights software.

Which type of software provides an additional layer of protection to sensitive information that is stored in digital format, offering the capability not only to limit access to specific files or documents but also to specify the actions that individuals who are granted access to that resource can perform?. Anti-virus software. Data loss prevention software. A digital watermark. Information rights software.

The Bear Corporation uses a tool that embeds a code into all of its digital documents. It then scours the internet, searching for codes that it has embedded into its files. When Bear finds an embedded code on the internet, it knows that confidential information has been leaked. Bear then begins identifying how the information was leaked and who was involved with the leak. Bear is using. an information rights management software. a data loss prevention software. a digital watermark. a stop leak software.

What confidentiality and security risk does using VoIP present to organizations?. Internet e-mail communications can be intercepted. Internet photographs can be intercepted. Internet video can be intercepted. Internet voice conversations can be intercepted.

Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information?. Provide free credit report monitoring for customers. Inform customers of the option to opt-out of data collection and use of their personal information. Allow customers' browsers to decline to accept cookies. Utilize controls to prevent unauthorized access to, and disclosure of, customers' information.

A client approached Paxton Uffe and said, "Paxton, I need for my customers to make payments online using credit cards, but I want to make sure that the credit card data isn't intercepted. What do you suggest?" Paxton responded, "The most effective solution is to implement. a data masking program.". a virtual private network.". a private cloud environment.". an encryption system with digital signatures.".

The first steps in protecting the privacy of personal information is to identify. what sensitive information is possessed by the organization. where sensitive information is stored. who has access to sensitive information. All of the above are first steps in protecting privacy.

Data masking is also referred to as. encryption. tokenization. captcha. cookies.

Abbie Johnson is a programmer at Healtheast network. Abbie has recently developed a new computer program for Healtheast. As part of the testing process, Abbie needs to use realistic patients' data to ensure that the system is working properly. To protect privacy, management at Healtheast uses a program that replaces private patient information with fake values before sending the data to Abbie for testing. The program that replaces patient information with fake values is called. data encrypting. data masking. data wiping. data redacting.

Identify the item below that is not a step you could take to prevent yourself from becoming a victim of identity theft. Shred all documents that contain your personal information. Only print your initial and last name on your personal checks. Monitor your credit reports regularly. Refuse to disclose your social security number to anyone or any organization.

Identify the item below which is not a piece of legislation passed to protect individuals against identity theft or to secure individuals' privacy. The Health Insurance Portability and Accountability Act (HIPAA). The Health Information Technology for Economic and Clinical Health Act (HITECH). The Gramm-Leach-Bliley Act. The Dodd-Frank Act.

If an organization asks you to disclose your social security number, yet fails to permit you to opt-out before you provide the information, the organization has likely violated which of the Generally Accepted Privacy Principles?. Management. Notice. Choice and consent. Use and retention.

If an organization asks you to disclose your social security number, but fails to establish a set of procedures and policies for protecting your privacy, the organization has likely violated which of the Generally Accepted Privacy Principles?. Management. Notice. Choice and consent. Use and retention.

If an organization asks you to disclose your social security number, but fails to tell you about its privacy policies and practices, the organization has likely violated which of the Generally Accepted Privacy Principles?. Management. Notice. Choice and consent. Use and retention.

If an organization asks you to disclose your social security number, yet fails to properly dispose of your private information once it has fulfilled its purpose, the organization has likely violated which of the Generally Accepted Privacy Principles?. Management. Notice. Choice and consent. Use and retention.

If an organization asks you to disclose your social security number, but decides to use it for a different purpose than the one stated in the organization's privacy policies, the organization has likely violated which of the Generally Accepted Privacy Principles?. Collection. Access. Security. Quality.

If an organization asks you to disclose your date of birth and your address, but refuses tolet you review or correct the information you provided, the organization has likely violated which of the Generally Accepted Privacy Principles?. Collection. Access. Security. Quality.

If an organization asks you to disclose your date of birth and your address, but fails to take any steps to protect your private information, the organization has likely violated which of the Generally Accepted Privacy Principles?. Collection. Access. Security. Quality.

If an organization asks you to disclose your date of birth and your address, but fails to establish any procedures for responding to customer complaints, the organization has likely violated which of the Generally Accepted Privacy Principles?. Collection. Access. Security. Monitoring and enforcement.

All of the following are associated with asymmetric encryption except. speed. private keys. public keys. no need for key exchange.

The system and processes used to issue and manage asymmetric keys and digital certificates are known as. asymmetric encryption. certificate authority. digital signature. public key infrastructure.

Text that was transformed into unreadable gibberish using encryption is called. plaintext. ciphertext. encryption text. private text.

Identify one weakness of encryption below. Encrypted packets cannot be examined by a firewall. Encryption provides for both authentication and non-repudiation. Encryption protects the privacy of information during transmission. Encryption protects the confidentiality of information while in storage.

Using a combination of symmetric and asymmetric key encryption, Sofia sent a report to her home office in Indiana. She received an e-mail acknowledgement that her report had been received, but a few minutes later she received a second e-mail that contained a different hash total than the one associated with her report. This most likely explanation for this result is that. the public key had been compromised. the private key had been compromised. the symmetric encryption key had been compromised. the asymmetric encryption key had been compromised.

Encryption has a remarkably long and varied history. The invention of writing was apparently soon followed by a desire to conceal messages. One of the methods, was the simple substitution of numbers for letters, for example A = 1, B = 2, etc. This is an example of. a hashing algorithm. symmetric key encryption. asymmetric key encryption. a public key.

An electronic document that certifies the identity of the owner of a particular public key is a(n). asymmetric encryption. digital certificate. digital signature. public key.

Which systems use the same key to encrypt communications and to decrypt communications?. Asymmetric encryption. Symmetric encryption. Hashing encryption. Public key encryption.

________ are used to create digital signatures. Asymmetric encryption and hashing. Hashing and packet filtering. Packet filtering and encryption. Symmetric encryption and hashing.

Information encrypted with the creator's private key that is used to authenticate the sender is called. asymmetric encryption. digital certificate. digital signature. public key.

Which of the following is not one of the three important factors determining the strength of any encryption system?. Key length. Policies for managing cryptographic keys. Encryption algorithm. Storage of digital signatures.

A process that takes plaintext of any length and transforms it into a short code is called. asymmetric encryption. encryption. hashing. symmetric encryption.

In a private key system, the sender and the receiver have ________, and in the public key system they have ________. different keys; the same key. a decrypting algorithm; an encrypting algorithm. the same key; two separate keys. an encrypting algorithm; a decrypting algorithm.

Asymmetric key encryption combined with the information provided by a certificate authority allows unique identification of. the user of encrypted data. the provider of encrypted data. both the user and the provider of encrypted data. either the user or the provider of encrypted data.

________ is a distributed ledger of hashed documents, with copies stored on multiple computers. Digital signature. Relational database. Ciphertext. Blockchain.

________ is a random number used in the mining process to validate a new block in a blockchain. Hash. Nonce. Public key. Private key.

________ is repeatedly using a hashing algorithm to generate a block-validating hash value that begins with the network's agreed-upon requisite number of leading zeroes. Encrypting. Decrypting. Mining. Hashing.

A block header contains which of the following? Select all that apply. The original untransformed document that is hashed. The root hash of the last validated block in a chain. The root hash of the new block in the chain. A nonce.

Blockchains typically have copies of all blocks distributed on multiple machines. The distribution of the ledger helps ensure which of the following?. Distribution provides a means to identify any attempts to unilaterally alter the original documents. Distribution ensures that data entered into a blockchain is correct. Distribution speeds up the process of adding blocks to a blockchain. All of the above are benefits of distribution.

The best example of an effective payroll transaction file hash total would most likely be. sum of net pay. total number of employees. sum of hours worked. total of employees' social security numbers.

The best example of an effective payroll transaction file financial total would most likely be. sum of net pay. total number of employees. sum of hours worked. total of employees' social security numbers.

The best example of an effective payroll transaction file record count would most likely be. sum of net pay. total number of employees. sum of FICA. total of employees' social security numbers.

Following is the result of batch control totals on employee Social Security numbers in a payroll processing transaction: The difference in the control totals is 720,000. Which data entry control would best prevent similar data entry errors in the future?. Batch check. Validity check. Check digit. Sequence check.

The total overtime hours is 806. Which data entry control would best prevent similar data entry errors in the future?. Sequence check. Validity check. Check digit. Reasonableness test.

A customer forgets to include her account number on her check, and the accounts receivable clerk credited her payment to a different customer with the same last name. Which control could have been used to most effectively to prevent this error?. Closed-loop verification. Duplicate values check. Reasonableness test. Reconciliation of a batch control total.

________ is a data entry input control that involves summing the first four digits of a customer number to calculate the value of the fifth digit, then comparing the calculated number to the number entered during data entry. Validity check. Duplicate data check. Closed-loop verification. Check digit verification.

________ is a data entry input control that involves checking the accuracy of input data by using it to retrieve and display other related information. Validity check. Duplicate data check. Closed-loop verification. Check digit verification.

________ is a data entry input control that requests each input data item and waits for an acceptable response, ensures that all necessary data are entered. Prompting. Duplicate data check. Closed-loop verification. Check digit verification.

All of the following controls for online entry of a sales order would be useful except. check digit verification on the dollar amount of the order. validity check on the inventory item numbers. field check on the customer ID and dollar amount of the order. concurrent update control.

The inventory tracking system shows that 12 laptops were on hand before a customer brings two laptops to the register for purchase. The cashier accidentally enters the quantity sold as 20 instead of 2. Which data entry control would most effectively prevent this error?. Limit check. Sign check. Field check. Validity check.

The data entry control that would best prevent entering an invoice received from a vendor who is not on an authorized supplier list is. a validity check. an authorization check. a check digit. closed-loop verification.

Cancellation and storage of documents is one example of a(n). output control. processing control. input control. data entry control.

Sequentially prenumbered forms are an example of a(n). data transmission control. processing control. input control. data entry control.

A validity check is an example of. data transmission control. an output control. input control. data entry control.

Checksums is an example of a(n). data transmission control. an output control. processing control. data entry control.

Reconciliation procedures is an example of. data transmission control. an output control. processing control. data entry control.

Data matching is an example of a(n). data transmission control. an input control. processing control. data entry control.

A ________ ensures input data will fit into the assigned field. limit check. size check. range check. field check.

The batch processing data entry control that sums a field that contains dollar values is called. record count. financial total. hash total. sequence check.

When the staff accountant enters a correct customer number, the data entry screen displays the customer name and address. This is an example of. prompting. preformatting. closed-loop verification. error checking.

What is the most effective way to ensure information system availability?. High bandwidth. Maintain a hot site. Maintain a cold site. Frequent backups.

Which of the following statements is true with regards to system availability?. Human error does not threaten system availability. Threats to system availability can be completely eliminated. Proper controls can maximize the risk of threats causing significant system downtime. Threats to system availability include hardware and software failures as well as natural and man-made disasters.

A facility that contains all the computing equipment the organization needs to perform its essential business activities is known as a. cold site. hot site. remote site. subsidiary location.

A facility that is pre-wired for necessary telecommunications and computer equipment, but doesn't have equipment installed, is known as a. cold site. hot site. remote site. subsidiary location.

When a computer system's files are automatically duplicated on a second data storage system as they are changed, the process is referred to as. real-time mirroring. batch updating. consistency control. double-secure storage.

________ enables a system to continue functioning in the event that a particular component fails. An incremental backup procedure. Fault tolerance. Preventive maintenance. A deduplication backup procedure.

________ is a plan that specifies how to resume not only IT operations but all business processes in the event of a major calamity. Disaster recovery plan. Business continuity plan. Real-time monitoring plan. Business contingency plan.

A copy of a database, master file, or software that will be retained indefinitely as a historical record is known as a(n). archive. cloud computing. differential backup. incremental backup.

While this type of backup process takes longer than the alternative, restoration is easier and faster. archive. cloud computing. differential backup. incremental backup.

________ involves copying only the data items that have changed since the last partial backup. archive. cloud computing. differential backup. incremental backup.

________ copies all changes made since the last full backup. archive. cloud computing. differential backup. incremental backup.

The maximum amount of time between backups is determined by a company's. recovery time objective. recovery point objective. recovery objective. maximum time recovery objective.

The maximum acceptable down time after a computer system failure is determined by a company's. recovery time objective. recovery point objective. recovery objective. maximum time recovery objective.