Blog

A company recently purchased a sizeable amount of equipment for its manufacturing process. It needs to properly report these expenditures so the financial statements are accurate. It calls upon the services of financial auditors. While financial auditors might consider the completeness of the data, the company might also involve IT auditors to examine the underlying technology that captures, records, and calculates the financial results. What process is this company using to address its concerns?

True or False? A benefit to giving system administrators enhanced access rights is that it significantly increases security to the organization.

All of the following are true of insiders, except:

True or False? An audit record retention procedure is a LAN Domain control procedure for preserving audit records.

True or False? A system account that is noninteractive is one to which a person cannot log on.

Which of the following is a tailored, highly targeted attack usually delivered via email to high-ranking employees in organizations?

The NIST SP 800-53, “Recommended Security Controls for Federal Information Systems,” was written using a popular risk management approach. Which of the following control areas best fits this description: “This is the area in which information and information system flaws are identified, reported, and corrected in a timely manner”?

Which of the following is a popular industry standard for establishing and managing an IT security program, and which outlines 15 main areas that compose the framework?

Which of the following is not a type of control partner?

In April 2018, an attacker gained access to the NASA Jet Propulsion Laboratory by targeting an unauthorized Raspberry Pi. The Raspberry Pi attack went undetected for 10 months. The perpetrator stole approximately 500 megabytes of data. To which of the following causes was this successful attack attributed?