Chapter 7 MULTIPLE CHOICE 1. The AICPA and the CICA have created an evaluation service known as SysTrust. SysTrust follows four principles to determine if a system is reliable. The reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as a) availability. b) security. c) maintainability. d) integrity. 2. According to SysTrust, the reliability principle of integrity is achieved when a) the system is available for operation and use at times set forth by agreement. b) the system is protected against unauthorized physical and logical access. c) the system can be maintained as required without affecting system availability, security, and integrity. d) system processing is complete, accurate, timely, and authorized. 3. Which of the following is not one of the five basic principles that contribute to systems reliability according to the Trust Services framework. a) Confidentiality b) Processing speed c) Security d) System availability 4. Which of the following is not one of the three fundamental information security concepts? a) Information security is a technology issue that hinges on prevention. b) Security is a management issue, not a technology issue. c) The idea of defense-in-depth employs multiple layers of controls. d) The time-based model of security focuses on the relationship between preventive, detective and corrective controls. 5. The trust services framework identifies four essential criteria for successfully implementing each of the principles that contribute to systems reliability. Which of the following is not one of those four essential criteria? a) Developing and documenting policies b) Effectively communicating policies to all outsiders c) Designing and employing appropriate control procedures to implement policies d) Monitoring the system and taking corrective action to maintain compliance with policies 6. Giving users regular, periodic reminders about security policies and training in complying with them is an example of which of the following trust services criteria? a) Policy development b) Effective communication of policies c) Design/use of control procedures d) Monitoring and remedial action
7. Because planning is more effective than reacting, this is an important criteria for successfully implementing systems reliability: a) Policy development b) Effective communication of policies c) Design/use of control procedures d) Monitoring and remedial action 8. If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is a) effective b) ineffective c) overdone d) undermanaged 9. Preventive controls require two related functions, which are: a) Access and control b) Authentication and authorization c) Detection and correction d) Physical access and logical access 10. Verifying the identity of the person or device attempting to access the system is
This is the end of the preview. Sign up to
access the rest of the document.