Final

Question 1

What are common types of cyberattacks?

Answer 1

Phishing, malware, DoS, man-in-the-middle, SQL injection, social engineering.

Question 2

What strategy is suggested to distinguish similar-sounding cyberattacks?

Answer 2

List them on a reference sheet for quick review.

Question 3

How are exam questions structured for cyberattacks?

Answer 3

Scenario-based questions requiring identification of specific attack types.

Question 4

What are the three categories of internal controls?

Answer 4

Preventive, Detective, Corrective.

Question 5

What does the Sarbanes-Oxley Act of 2002 require?

Answer 5

Internal control reporting, PCAOB creation, improved financial disclosures.

Question 6

What are the COSO ERM Framework objectives?

Answer 6

Strategic, Operations, Reporting, Compliance.

Question 7

What are the COSO ERM Framework components?

Answer 7

Internal environment, objective setting, event identification, risk assessment, risk response, control activities, info/communication, monitoring.

Question 8

What are common risk responses in COSO ERM?

Answer 8

Avoid, Reduce, Share, Accept.

Question 9

What is the COBIT Framework used for?

Answer 9

IT control and governance.

Question 10

What are key internal control activities?

Answer 10

Segregation of duties, proper authorization, system access control.

Question 11

What are the Trust Services Principles?

Answer 11

Security, Availability, Processing Integrity, Confidentiality, Privacy.

Question 12

What is the Time-Based Security Model formula?

Answer 12

P > D + C.

Question 13

What is multi-factor authentication?

Answer 13

Uses different types of credentials.

Question 14

What is multi-modal authentication?

Answer 14

Uses multiple methods of the same type.

Question 15

What is defense in depth?

Answer 15

Using layers of security to reduce breach likelihood.

Question 16

What is the difference between authentication and authorization?

Answer 16

Authentication verifies identity; authorization defines user permissions.

Question 17

What are ACL and RBAC?

Answer 17

Access Control List and Role-Based Access Control.

Question 18

What does Information Rights Management (IRM) do?

Answer 18

Restricts access and controls document/email usage.

Question 19

What does Data Loss Prevention (DLP) software do?

Answer 19

Detects and prevents unauthorized transmission of sensitive data.

Question 20

What is symmetric encryption?

Answer 20

Uses one key; fast but less secure.

Question 21

What is asymmetric encryption?

Answer 21

Uses a public/private key pair; slower but more secure.

Question 22

What is hashing used for?

Answer 22

Ensures data integrity; one-way transformation.

Question 23

What is a digital signature?

Answer 23

Confirms authenticity and integrity.

Question 24

What is a Certificate Authority (CA)?

Answer 24

Issues and verifies digital certificates.

Question 25

What is a VPN?

Answer 25

Encrypts internet traffic over public networks.

Question 26

What are input controls used for?

Answer 26

Ensure data accuracy and authorization.

Question 27

What are common input control techniques?

Answer 27

Form design, field checks, limit checks, completeness checks, batch totals.

Question 28

What are processing controls?

Answer 28

Ensure complete and accurate processing.

Question 29

What are examples of processing controls?

Answer 29

File labels, checksums, control totals, spreadsheet integrity.

Question 30

What is fault tolerance?

Answer 30

System operates despite component failure.

Question 31

What are backup types?

Answer 31

Incremental and Differential.

Question 32

What are the types of disaster recovery sites?

Answer 32

Hot Site, Cold Site, Real-Time Mirroring.

Question 33

What are RTO and RPO?

Answer 33

RTO: max downtime; RPO: max data loss.

Question 34

What are the main revenue cycle activities?

Answer 34

Sales order entry, shipping, billing, cash collection.

Question 35

What documents are used in the revenue cycle?

Answer 35

Sales order, picking ticket, packing slip, bill of lading, invoice, remittance advice.

Question 36

What controls prevent invalid orders?

Answer 36

Digital signatures, customer verification.

Question 37

What controls prevent inaccurate billing?

Answer 37

Automated pricing, invoice matching.

Question 38

What controls prevent loss of cash?

Answer 38

Segregation of duties, reconciliation of deposits.

Question 39

What is Table 14-1 useful for?

Answer 39

Summarizing activities, risks, and controls in the revenue cycle.