UTK INMT 341 Final Exam
(2025-2026 Full Exam Kit) Solved Q&A | Correct &
130+
Verified Answers
VERIFIED ANSWERS
Question 1
Asymmetric (public key) encryption
Correct Answer
A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
Public key—everyone has access.
Private key—used to decrypt (only known by owner).
Public key can be used by all your trading partners.
Question 2
Input Controls
Correct Answer
every transaction to be processed is entered, processed and recorded accurately and completely (and timely when
applicable). These controls should ensure that only valid and authorized information is input and these transactions are
processed only once. Includes manual & machine inputs.
Question 3
Intrusion Detection Systems (IDSs)
Correct Answer
The IDS looks deep into the network and sees what is happening from the security point of view. An IDS sits off to the
side of the network, monitoring traffic at many different points, and provide visibility into the security posture of the
network.
Question 4
Vulnerability
Correct Answer
Weakness or flaw in an information asset/system (infrastructure, networks, or applications) that potentially exposes an
entity to threats. Vulnerabilities include security flaws in a system that allow an attack to be successful. A vulnerability
might include system security procedures, internal controls, or implementation that could be exploited or triggered by a
threat source.
Trusted by thousands of students and professionals worldwide Page 1 of 21
,Question 5
Cipher
Correct Answer
An algorithm to perform encryption
Question 6
Control Objectives
Correct Answer
Controls provide reasonable assurance that the business objectives of the organization will be achieved and that risk
events will be:
Prevented - Preventative controls
Detected ‐ Detective controls
Corrected ‐ Corrective controls
Question 7
Public key infrastructure (PKI)
Correct Answer
involves a series of processes and technologies for the association of cryptographic keys with the entity to whom those
keys were issued. PKI supports the distribution and identification of public encryption keys, enabling users and
computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
Question 8
Encryption
Correct Answer
The process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption algorithm
with a key) and producing an encrypted message.
Question 9
Reasonableness check (Application Control)
Correct Answer
Input data are matched to predetermined reasonable limits or occurrence rates.
Question 10
Business continuity plan (BCP)
Correct Answer
plan used by an enterprise to respond to disruption of critical business processes. The goal is quick and complete
recovery and resumption of normal operations. Depends on the contingency plan for restoration of critical systems
Trusted by thousands of students and professionals worldwide Page 2 of 21
, Question 11
General Controls (Non-IT)
Correct Answer
Internal accounting controls, operational controls, administrative controls, organizational security policies, etc.
Each non‐IT general control can be translated into an IS‐specific control. A well‐designed information system should
have controls built in for all its sensitive or critical functions.
Question 12
Range Check (Application Control)
Correct Answer
Data should be within a predetermined range of values.
Question 13
How do you determine which specific controls are needed?
Correct Answer
Many things:
Nature of the risk
• Cost benefit of the control
• Vulnerabilities identified
• Risk appetite
• Risk strategy
• Risk tolerance
• Nature of the technology
Question 14
Continuous Monitoring
Correct Answer
A detective control that involves gathering selective evidence to monitor system reliability and employee compliance
with organization's information security policies on a continuous basis.
Question 15
Zero‐balance test
Correct Answer
requires the balance of an account to be zero after all entries to it have been made.
Question 16
Digital certificate
Correct Answer
A digital certificate is used to verify the trustworthiness of a website. It is a digital credential that provides information
about the identity of an entity as well as other supporting information such as the owner's public key, the expiration
date of the certificate, the owner's name and other information about the public key owner.
Trusted by thousands of students and professionals worldwide Page 3 of 21
(2025-2026 Full Exam Kit) Solved Q&A | Correct &
130+
Verified Answers
VERIFIED ANSWERS
Question 1
Asymmetric (public key) encryption
Correct Answer
A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
Public key—everyone has access.
Private key—used to decrypt (only known by owner).
Public key can be used by all your trading partners.
Question 2
Input Controls
Correct Answer
every transaction to be processed is entered, processed and recorded accurately and completely (and timely when
applicable). These controls should ensure that only valid and authorized information is input and these transactions are
processed only once. Includes manual & machine inputs.
Question 3
Intrusion Detection Systems (IDSs)
Correct Answer
The IDS looks deep into the network and sees what is happening from the security point of view. An IDS sits off to the
side of the network, monitoring traffic at many different points, and provide visibility into the security posture of the
network.
Question 4
Vulnerability
Correct Answer
Weakness or flaw in an information asset/system (infrastructure, networks, or applications) that potentially exposes an
entity to threats. Vulnerabilities include security flaws in a system that allow an attack to be successful. A vulnerability
might include system security procedures, internal controls, or implementation that could be exploited or triggered by a
threat source.
Trusted by thousands of students and professionals worldwide Page 1 of 21
,Question 5
Cipher
Correct Answer
An algorithm to perform encryption
Question 6
Control Objectives
Correct Answer
Controls provide reasonable assurance that the business objectives of the organization will be achieved and that risk
events will be:
Prevented - Preventative controls
Detected ‐ Detective controls
Corrected ‐ Corrective controls
Question 7
Public key infrastructure (PKI)
Correct Answer
involves a series of processes and technologies for the association of cryptographic keys with the entity to whom those
keys were issued. PKI supports the distribution and identification of public encryption keys, enabling users and
computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
Question 8
Encryption
Correct Answer
The process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption algorithm
with a key) and producing an encrypted message.
Question 9
Reasonableness check (Application Control)
Correct Answer
Input data are matched to predetermined reasonable limits or occurrence rates.
Question 10
Business continuity plan (BCP)
Correct Answer
plan used by an enterprise to respond to disruption of critical business processes. The goal is quick and complete
recovery and resumption of normal operations. Depends on the contingency plan for restoration of critical systems
Trusted by thousands of students and professionals worldwide Page 2 of 21
, Question 11
General Controls (Non-IT)
Correct Answer
Internal accounting controls, operational controls, administrative controls, organizational security policies, etc.
Each non‐IT general control can be translated into an IS‐specific control. A well‐designed information system should
have controls built in for all its sensitive or critical functions.
Question 12
Range Check (Application Control)
Correct Answer
Data should be within a predetermined range of values.
Question 13
How do you determine which specific controls are needed?
Correct Answer
Many things:
Nature of the risk
• Cost benefit of the control
• Vulnerabilities identified
• Risk appetite
• Risk strategy
• Risk tolerance
• Nature of the technology
Question 14
Continuous Monitoring
Correct Answer
A detective control that involves gathering selective evidence to monitor system reliability and employee compliance
with organization's information security policies on a continuous basis.
Question 15
Zero‐balance test
Correct Answer
requires the balance of an account to be zero after all entries to it have been made.
Question 16
Digital certificate
Correct Answer
A digital certificate is used to verify the trustworthiness of a website. It is a digital credential that provides information
about the identity of an entity as well as other supporting information such as the owner's public key, the expiration
date of the certificate, the owner's name and other information about the public key owner.
Trusted by thousands of students and professionals worldwide Page 3 of 21
