ACCT 307 Chapter 12 Multiple Choice Questions

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/29

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 4:18 PM on 4/23/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

30 Terms

1
New cards

Authentication is the process by which the

system verifies the identity of the user.

2
New cards

Data processing activities may be classified in terms of three stages or processes: input, processing, and output. An activity that is not normally associated with the input stage is

reporting

3
New cards

To ensure confidentiality in an asymmetric-key encryption system, knowledge of which of the following keys is required to decrypt the received message

private key

4
New cards

To authenticate the message sender in an asymmetric-key encryption system, which of the following keys is required to decrypt the received message

Sender's public key

5
New cards

To ensure the data sent over the internet are protected, which of the following keys is required to encrypt the data (before transmission using an asymmetric-key encryption method?

Receiver's private key

6
New cards

Which of the following groups/laws was the earliest to encourage auditors to incorporate fraud examination to audit programs

SAS No.99

7
New cards

Incentive to commit fraud usually will include all of the following, except

inadequate segregation of duties.

8
New cards

An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing

Disaster recovery plan

9
New cards

A message digest is the result of hashing. Which of the following statements about the hashing process is true?

Hashing is the best approach to make sure that two files are identical.

10
New cards

Which one of the following vulnerabilities would create the most serious risk to a firm

Unauthorized access to the firm's network.

11
New cards

Which of the following statements is correct

Fault tolerance uses redundant units to provide a system with the ability to continue functioning when part of the system fails.

12
New cards

Which of the following can be considered as a good alternative to back up data and applications

Cloud computing

13
New cards

A digital certificate

Indicates that the subscriber identified has sole control and access to the private key.

14
New cards

The symmetric-key encryption method

uses the same key for both senders and receivers for encryption and decryption.

15
New cards

The fraud triangle indicates which of the following condition(s) exist for a fraud to be perpetrated

Rationalization and Pressure

16
New cards

To prevent repudiation in conducting e-business, companies must be able to authenticate their trading partners. Which of the following encryption methods can be used for authentication purposes

Asymmetric-key encryption method

17
New cards

Regarding GDRP, which of the following statements is/are correct

It is a regulation enforced by EU and it is to protect EU citizens' personal data.

18
New cards

Which organization created the Reporting on an Entity’s Cybersecurity Risk Management Program and Controls: Attestation Guide in 2017

AICPA

19
New cards

Business continuity management is a

Two of these options are correct.

20
New cards

Encryption is a

Preventive Control

21
New cards

What is fault tolerance

Using redundant units to continue functioning when a system is failing.

22
New cards

Comparing encryption with hashing

encryption results are called cypher text.

23
New cards

Disaster recovery plan is a

corrective control.

24
New cards

Select a correct statement describing encryption or hashing process

Encryption process is reversible.
Hashing results are called message digests.
Hashing process could be used to obtain a digital signature.
Symmetric-key encryption process is to maintain confidentiality.

25
New cards

Select a correct statement regarding encryption methods

Asymmetric-key encryption method is used to create digital signatures.

26
New cards

Why would a company need a SOC report

The external auditor needs to know the effectiveness of internal controls of the company's service provider(s).


The company wants to use it for marketing purposes.

It could be require by a government agency to provide a SOC report.

27
New cards

Which of the following statements regarding SOC is correct

Type 1 reports are for a specific date.

28
New cards

Which of the following frameworks could be used for SOC cybersecurity

Two of these options are correct.

29
New cards

Using an uninterruptible power supply is a

preventive control.

30
New cards

Implementing a redundant array of independent devices (RAID) is a preventive control

false