Chapter 10 ■ Practice Test 2 239
- Harry is concerned that accountants within his organization will use data diddling attacks
to cover up fraudulent activity in accounts that they normally access. Which one of the fol-
lowing controls would best defend against this type of attack?
A. Encryption
B. Access controls
C. Integrity verification
D. Firewalls - What class of fire extinguisher is capable of fighting electrical fires?
A. Class A
B. Class B
C. Class C
D. Class D
- What important factor differentiates Frame Relay from X.25?
A. Frame Relay supports multiple PVCs over a single WAN carrier connection.
B. Frame Relay is a cell switching technology instead of a packet switching technology
like X.25.
C. Frame Relay does not provide a Committed Information Rate (CIR).
D. Frame Relay only requires a DTE on the provider side.
Using the following table and your knowledge of the auditing process, answer questions
38–40.
Report Content
Internal controls for financial
reporting
Users and auditors
Auditors, regulators,
management, partners, and
others under NDA
Publicly available, often
used for a website seal
Confidentiality, integrity,
availability, security, and privacy
controls
Confidentiality, integrity,
availability, security, and privacy
controls
SOC 1
SOC 2
SOC 3
Audience
- As they prepare to migrate their data center to an infrastructure as a service (IaaS) provider,
Susan’s company wants to understand the effectiveness of their new provider’s security,
integrity, and availability controls. What SOC report would provide them with the most
detail, including input from the auditor on the effectiveness of controls at the IaaS provider?
A. SOC 1.
B. SOC 2.
C. SOC 3.
D. None of the SOC reports are suited to this, and they should request another form of
report.