1.
Which of these choices is the best answer regarding who is primarily responsible for
providing internal controls to detect, correct, and prevent irregularities or illegal acts?
- A.Board of directors
- B.Information technology
- C.Legal, aka general council
- D.Human resources
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
The board of directors has oversight control and responsibility to task executive management with the duties of providing internal controls. This function is to be specifically authorized in writing; given sufficient priority; and given resources of personnel, time and money for proper implementation. |
2.
Which of the following functions should be separated from the others if segregation of
duties cannot be achieved in an automated system?
- A.Origination
- B.Authorization
- C.Reprocessing
- D.Transaction logging
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
Authorization should be separate from all other activities. A second person should review changes before implementation. Authorization will be granted if the change is warranted and the level of risk is acceptable. |
3.
What is the purpose of the audit committee?
- A.To provide daily coordination of all audit activities
- B.To challenge and review assurances
- C.To assist the managers with training in auditing skills
- D.To govern, control, and manage the organization
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
The purpose of the audit committee is to review and challenge assurances made and to maintain a positive working relationship with management and the auditors. |
4.
What are the qualifications of the incident commander when responding to a crisis?
- A.Trained crisis manager
- B.First person on scene
- C.Member of management
- D.First responder
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
The first person on the scene is the incident commander, regardless of rank or position. The incident commander may be relieved by a person with more experience or less experience, according to the situation. The incident commander will change throughout the crisis. |
5.
Which of the following options is not true in regard to configuring routers, servers,
workstations, printers, and networked databases set up using default settings?
- A.Designed to reduce technical support during installation for novice users
- B.Sufficient controls to provide a minimum level of safety for production use
- C.Predictable to facilitate successful intrusion attacks using well-known filenames, access paths, and missing or incomplete security parameters
- D.Remote scanning and automated penetration tools that prey upon systems running on default settings
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
Option B is not true. Vendors automate the installation to be as easy as possible so the majority of buyers will keep the product past the return deadline. Systems running on default settings are highly susceptible to attack because the layout and security profile is well known and easily available for anyone via a simple web search. All operating systems and databases require postinstallation tasks to lock default accounts, complete missing security parameters, set missing passwords, set access restrictions, and remove the installation utility and online examples, which the hacker will use against you. |