Chapter 11 ■ Practice Test 3 273
C. A report that provides an assessment of the risk of material misstatement of financial
statement assertions affected by the service organization’s processing and that
includes a description of the service auditor’s tests of the controls and the results of
the tests and their effectiveness
D. A report that provides the auditor’s opinions of financial statements about controls at
the service organization and that includes a report on the opinion on the presentation
of the service organization’s system as well as suitability of the controls- Which of the following is not a code review process?
A. Email pass-around
B. Over the shoulder
C. Pair programming
D. IDE forcing- Which one of the following attack types depends on precise timing?
A. TOCTOU
B. SQL injection
C. Pass the hash
D. Cross-site scripting6 7. What process adds a header and a footer to data received at each layer of the OSI model?
A. Attribution
B. Encapsulation
C. TCP wrapping
D. Data hiding- Attackers who compromise websites often acquire databases of hashed passwords. What
technique can best protect these passwords against automated password cracking attacks
that use precomputed values?
A. Using the MD5 hashing algorithm
B. Using the SHA-1 hashing algorithm
C. Salting
D. Double-hashing - Jim starts a new job as a system engineer, and his boss provides him with a document enti-
tled “Forensic Response Guidelines.” Which one of the following statements is not true?
A. Jim must comply with the information in this document.
B. The document contains information about forensic examinations.
C. Jim should read the document thoroughly.
D. The document is likely based on industry best practices.