Part 3

Information Security

Back-up and Recovery

Vendor Management

Christmas

100

What is the control objective of Information security

A. Controls are in place to ensure building security
B. Controls are in place to ensure that IT resources (e.g. servers, applications, database) supporting financial reporting are appropriately secured
C. Controls are in place to ensure users cannot change data
D. Controls are in place to ensure no information is leaked to the news media

B. Controls are in place to ensure that IT resources (e.g. servers, applications, database) supporting financial reporting are appropriately secured

100

Why is it important for backups to be tested periodically?

A. To ensure that data can effectively be recovered in a timely manner.
B. To test tape reading hardware
C. To ensure a seamless transition when converting to an ERP
D. To make sure your team can make it to the super bowl

A. To ensure that data can effectively be recovered in a timely manner.

100

Why is Vendor Management important?

A. Vendor’s actions may impact the reputation of your company
B. Vendor contracts cannot be terminated
C. Vendors can always be trusted to do the right thing for your company
D. Vendors should have the same privileges as company employees

A. Vendor’s actions may impact the reputation of your company

100

How many reindeer are in the poem Twas the Night Before Christmas?

200

Information Security is the assurance of?

A. Confidentiality
B. Integrity
C. Availability
D. All of the above

D. All of the above

200

What is a recovery risk?

A. Back-up media cannot be read
B. Data back-up was done correctly, but software is unavailable
C. Application relies on data from another system that wasn’t backed up
D. All of the above

D. All of the above

200

What activities should occur when auditing Vendor mamagement?

A. Inspect contracts / service level agreements for appropriate language around vendor’s internal controls.
B. Review SSAE 16 reports
C. Inspect that vendor performance is being monitored by reviewing meeting minutes, reports, etc
D. All of the above.

D. All of the above.

200

Of all the popular Christmas songs, which is the best selling single of all time?

White Christmas

300

What is a Risk Assessment in IT?

A. Deciding the probability of a fire spreading.
B. The process of terminating an employee
C. The process of evaluating threats and vulnerabilities to IT resources
D. The process evaluating environmental controls

C. The process of evaluating threats and vulnerabilities to IT resources

300

What is a common deficiency in auditing back-up and recovery

A. Back-up tapes not recycled
B. Back-ups not current
C. Recovery test not occurring in a timely manner
D. Hardware not available for back-ups

C. Recovery test not occurring in a timely manner

300

What is a common deficiency in vendor management?

A. Change management – User acceptance testing not complete before implementation
B. Technical User Access – vendor employees no longer supporting your account have not had access deleted.
C. Information Security – password complexity not enforced
D. No provision in contract for auditing vendor site.

B. Technical User Access – vendor employees no longer supporting your account have not had access deleted.

300

In 2014 Christmas falls on what day of the week?

Thursday

400

True or False:

A Hard server is good to find?

True

400

What should the first step in developing a disaster recovery plan be?

A. Test the plan
B. Identify an off-site repository for data
C. Identify and rank the critical applications
D. Identify the hardware needed to run the software

C. Identify and rank the critical applications

400

What did Frosty the snowman have for a nose?

A button

500

The most common password is

A. 123456
B. Password
C. IWantToRetire
D. ABCDEFG

A. 123456

500

When auditing back-ups what should an auditor review?

A. How close the back-up-site is to a power plant
B. Back-up procedures and evidence of change management
C. Back-up procedures and results of user acceptance tests
D. Back-up procedures, results and actions taken for failures

D. Back-up procedures, results and actions taken for failures

500

What is the name of Tiny Tim's father in the story, "A Christmas Carol"?

Bob Cratchit