AIS Exam 3 Sample questions and
answers rated A+
U.S. Cyber Command - correct answer ✔✔ What agency did the United States create to use
cyber weapons and to defend against cyberattacks?
Susceptibility - correct answer ✔✔ Which of the following is not one of the components of the
fraud triangle?
A fraud perpetrator scanned a company paycheck, used desktop publishing software to erase
the payee and amount, and printed fictitious paychecks. - correct answer ✔✔ Which of the
following is an example of output fraud?
Adequate insurance coverage. - correct answer ✔✔ Which of the following will not reduce the
likelihood of an occurrence of fraud?
Hacking - correct answer ✔✔ Unauthorized access, modification, or use of an electronic device
or some element of a computer system is known as
Adware - correct answer ✔✔ Spyware that pops banner ads on a monitor, then collects
information about the user's web-surfing and spending habits is an example of
Belief System - correct answer ✔✔ A(n) ________ helps employees understand management's
vision. It communicates company core values and inspires employees to live by those values.
17 - correct answer ✔✔ How many principles are there in the 2013 updated COSO - Internal
Control Framework?
, Risk Management Philosophy - correct answer ✔✔ Melissa is a staff accountant for Quality
Paper Company suspected that management might have used "creative accounting" to improve
company performance. This situation best reflects a weakness in which aspect of the control
environment, as discussed in the COSO Framework?
$750 - correct answer ✔✔ Whitewater Rapids provides canoes to tourists eager to ride
Whitewater river's rapids. Management has determined that there is one chance in a thousand
of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of
$850,000. Insurance with a $100,000 deductible is available. It covers the costs of lawsuits,
unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most
that the business should pay for the insurance?
Vendor Analysis - correct answer ✔✔ Which of the following is not an example of something
monitored by a responsibility accounting system?
the time it takes to respond to and stop the attack. - correct answer ✔✔ In the time-based
model of information security, R represents
Social Engineering - correct answer ✔✔ The steps that criminals take to trick an unsuspecting
employee into granting them access is called
Patch Management - correct answer ✔✔ Information technology managers are often in a bind
when a new exploit is discovered in the wild. They can respond by updating the affected
software or hardware with new code provided by the manufacturer, which runs the risk that a
flaw in the update will break the system. Or they can wait until the new code has been
extensively tested, but that runs the risk that they will be compromised by the exploit during
the testing period. Dealing with these issues is referred to as
Intrusion Detection Systems. - correct answer ✔✔ A system that creates logs of all network
traffic that was permitted to pass the firewall and then analyzes those logs for signs of
attempted or successful intrusions is called
answers rated A+
U.S. Cyber Command - correct answer ✔✔ What agency did the United States create to use
cyber weapons and to defend against cyberattacks?
Susceptibility - correct answer ✔✔ Which of the following is not one of the components of the
fraud triangle?
A fraud perpetrator scanned a company paycheck, used desktop publishing software to erase
the payee and amount, and printed fictitious paychecks. - correct answer ✔✔ Which of the
following is an example of output fraud?
Adequate insurance coverage. - correct answer ✔✔ Which of the following will not reduce the
likelihood of an occurrence of fraud?
Hacking - correct answer ✔✔ Unauthorized access, modification, or use of an electronic device
or some element of a computer system is known as
Adware - correct answer ✔✔ Spyware that pops banner ads on a monitor, then collects
information about the user's web-surfing and spending habits is an example of
Belief System - correct answer ✔✔ A(n) ________ helps employees understand management's
vision. It communicates company core values and inspires employees to live by those values.
17 - correct answer ✔✔ How many principles are there in the 2013 updated COSO - Internal
Control Framework?
, Risk Management Philosophy - correct answer ✔✔ Melissa is a staff accountant for Quality
Paper Company suspected that management might have used "creative accounting" to improve
company performance. This situation best reflects a weakness in which aspect of the control
environment, as discussed in the COSO Framework?
$750 - correct answer ✔✔ Whitewater Rapids provides canoes to tourists eager to ride
Whitewater river's rapids. Management has determined that there is one chance in a thousand
of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of
$850,000. Insurance with a $100,000 deductible is available. It covers the costs of lawsuits,
unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most
that the business should pay for the insurance?
Vendor Analysis - correct answer ✔✔ Which of the following is not an example of something
monitored by a responsibility accounting system?
the time it takes to respond to and stop the attack. - correct answer ✔✔ In the time-based
model of information security, R represents
Social Engineering - correct answer ✔✔ The steps that criminals take to trick an unsuspecting
employee into granting them access is called
Patch Management - correct answer ✔✔ Information technology managers are often in a bind
when a new exploit is discovered in the wild. They can respond by updating the affected
software or hardware with new code provided by the manufacturer, which runs the risk that a
flaw in the update will break the system. Or they can wait until the new code has been
extensively tested, but that runs the risk that they will be compromised by the exploit during
the testing period. Dealing with these issues is referred to as
Intrusion Detection Systems. - correct answer ✔✔ A system that creates logs of all network
traffic that was permitted to pass the firewall and then analyzes those logs for signs of
attempted or successful intrusions is called
