AIS Test 4
1. Which of the following is a poor policy for physical access control for a data center?: Security personnel
regularly walk the building perimeter and look through the outside windows to check for unauthorized access to the data
center.
2. How does a standardized change management process decrease risk?: All answer choices are correct.
3. Which of the following statements concerning IT governance are TRUE?: IT governance ensures effective and
efficient use of IT.
4. Which of the following is an example of a user authentication control?: User- name and password
5. Data centers should be situated in a room with no windows to prevent: All answer choices are correct.
6. Which of the following statements about user access de-provisioning is FALSE?: Removing access to
systems is not required for employee promotions.
7. Which of the following are physical security measures used to prevent unauthorized access to a data
center?: All answer choices are correct.
8. An internal auditor inspecting a data center will look at all the following components.: All answer choices
are correct.
9. Which of the following statements represents a poor design element for a data center protected from the
outside environment?: A data center located on the top floor of a building to prevent easy access
10.Unauthorized or incorrectly executed changes to a system may result in what kind of risk?: Internal fraud
11.Which of the following statements concerning user access reviews is TRUE?: User access reviews move
infrequently used accounts to a dormant status.
12.Adrian evaluated Branch Technologies user access assignment proce- dures and found them to be
inefficient. Rather than assign each user per- missions individually, Adrian recommends that Branch
Technologies define roles with pre-defined access criteria and assign users to roles. What type of authorization is
Adrian recommending?: Role-based access controls
13.Which of the following backup sites is the most expensive but has the fastest recovery speed?: Hot
backup site
14.The CEO of All-Farm Insurance asked you to verify that organization data is fully backed up each weekend
and that all new data is backed up daily. On the daily backups, the CEO requests that all new data since the full
backup is stored. What type of backup strategy should you choose?: Differential backup
15.Select each of the following examples of a logical user access control? Choose all that apply.: - Biometric
authentication
-Multi-factor authentication
-Security badge
1/
9
, AIS Test 4
16.Occupational fraud can: All of these answer choices are correct.
17.Which of the following is the top method of detecting fraud?: Tips
18.Lorenzo used journal entries to move backdated sales that occurred just after the start of the fiscal year to
the previous fiscal year. What type of fraud scheme did Lorenzo use to overstate financial performance for the
previous fiscal year?: Sales cutoff
19.Which of the following statements is incorrect?: Companies allow anony- mous tips of suspected fraud because
employees do not have legal protection from retaliation.
20.Which of the following could help a company manage fraud?: All of these answer choices are correct.
21.Which of the following statements is TRUE?: Asset misappropriation schemes occur more frequently, but each
individual case is less costly than financial statement fraud.
22.Alexander, the purchasing manager for Express Limited, recently received a luxury watch in the mail from
Matteo, a salesman from VidStar. Alexander awarded a large contract to VidStar last week. Alexander should
not accept the watch as it is a(n): illegal gratuities.
23.Juan Martin is a purchasing manager for North Industries. Juan Martin chose not to award a $1 million-
dollar contract to his brother's firm because another firm was more qualified to perform the services required.
What type of corruption scheme did Juan Martin avoid by choosing the most qualified vendor to provide
services for North Industries?: Conflicts of interest
24.Which of the following terms refers to the theft of business owned cash, inventory, information, or
intellectual property?: Asset misappropriation
25.Danielle purchased a new car with higher payments expecting a raise from her employer. When the raise
didn't occur, Danielle started pocketing a bit of cash from the drawer each week to make up for the higher car
payment since her employer didn't give her the raise that she deserved. What element of the fraud triangle is
most closely related to Danielle's issue?: Rationalization
26.The fraud triangle includes three motivational elements: perceived pres- sure, opportunity, and
rationalization.
27.Belinda misses work often for doctor's appointments for her son. The treatments for her son are very
expensive and are only partially covered by health insurance. While empathic of Belinda's situation, Elina knows
that this is a typical: financial difficulty red flag.
28.Daniil is evaluating vendor bids for office furniture for his company's new building. A vendor called Daniil
and offered season tickets to the professional basketball team's upcoming season if he were to consider awarding
the
2/
9
1. Which of the following is a poor policy for physical access control for a data center?: Security personnel
regularly walk the building perimeter and look through the outside windows to check for unauthorized access to the data
center.
2. How does a standardized change management process decrease risk?: All answer choices are correct.
3. Which of the following statements concerning IT governance are TRUE?: IT governance ensures effective and
efficient use of IT.
4. Which of the following is an example of a user authentication control?: User- name and password
5. Data centers should be situated in a room with no windows to prevent: All answer choices are correct.
6. Which of the following statements about user access de-provisioning is FALSE?: Removing access to
systems is not required for employee promotions.
7. Which of the following are physical security measures used to prevent unauthorized access to a data
center?: All answer choices are correct.
8. An internal auditor inspecting a data center will look at all the following components.: All answer choices
are correct.
9. Which of the following statements represents a poor design element for a data center protected from the
outside environment?: A data center located on the top floor of a building to prevent easy access
10.Unauthorized or incorrectly executed changes to a system may result in what kind of risk?: Internal fraud
11.Which of the following statements concerning user access reviews is TRUE?: User access reviews move
infrequently used accounts to a dormant status.
12.Adrian evaluated Branch Technologies user access assignment proce- dures and found them to be
inefficient. Rather than assign each user per- missions individually, Adrian recommends that Branch
Technologies define roles with pre-defined access criteria and assign users to roles. What type of authorization is
Adrian recommending?: Role-based access controls
13.Which of the following backup sites is the most expensive but has the fastest recovery speed?: Hot
backup site
14.The CEO of All-Farm Insurance asked you to verify that organization data is fully backed up each weekend
and that all new data is backed up daily. On the daily backups, the CEO requests that all new data since the full
backup is stored. What type of backup strategy should you choose?: Differential backup
15.Select each of the following examples of a logical user access control? Choose all that apply.: - Biometric
authentication
-Multi-factor authentication
-Security badge
1/
9
, AIS Test 4
16.Occupational fraud can: All of these answer choices are correct.
17.Which of the following is the top method of detecting fraud?: Tips
18.Lorenzo used journal entries to move backdated sales that occurred just after the start of the fiscal year to
the previous fiscal year. What type of fraud scheme did Lorenzo use to overstate financial performance for the
previous fiscal year?: Sales cutoff
19.Which of the following statements is incorrect?: Companies allow anony- mous tips of suspected fraud because
employees do not have legal protection from retaliation.
20.Which of the following could help a company manage fraud?: All of these answer choices are correct.
21.Which of the following statements is TRUE?: Asset misappropriation schemes occur more frequently, but each
individual case is less costly than financial statement fraud.
22.Alexander, the purchasing manager for Express Limited, recently received a luxury watch in the mail from
Matteo, a salesman from VidStar. Alexander awarded a large contract to VidStar last week. Alexander should
not accept the watch as it is a(n): illegal gratuities.
23.Juan Martin is a purchasing manager for North Industries. Juan Martin chose not to award a $1 million-
dollar contract to his brother's firm because another firm was more qualified to perform the services required.
What type of corruption scheme did Juan Martin avoid by choosing the most qualified vendor to provide
services for North Industries?: Conflicts of interest
24.Which of the following terms refers to the theft of business owned cash, inventory, information, or
intellectual property?: Asset misappropriation
25.Danielle purchased a new car with higher payments expecting a raise from her employer. When the raise
didn't occur, Danielle started pocketing a bit of cash from the drawer each week to make up for the higher car
payment since her employer didn't give her the raise that she deserved. What element of the fraud triangle is
most closely related to Danielle's issue?: Rationalization
26.The fraud triangle includes three motivational elements: perceived pres- sure, opportunity, and
rationalization.
27.Belinda misses work often for doctor's appointments for her son. The treatments for her son are very
expensive and are only partially covered by health insurance. While empathic of Belinda's situation, Elina knows
that this is a typical: financial difficulty red flag.
28.Daniil is evaluating vendor bids for office furniture for his company's new building. A vendor called Daniil
and offered season tickets to the professional basketball team's upcoming season if he were to consider awarding
the
2/
9
