1. (TCO 3) Which of the following preventive controls are necessary to provide adequate security for social engineering threats? (Points : 2)

Controlling remote access


Host and application hardening

Awareness training

2. (TCO 3) Multi-factor authentication (Points : 2)

Involves the use of two or more basic authentication methods.

Is a table specifying which portions of the systems users are permitted to access.

Provides weaker authentication than the use of effective passwords.

Requires the use of more than one effective password.


(TCO 3) The Trust Services Framework reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as

(Points : 2)





4. (TCO 3) Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers’ personal information? (Points : 2)


Monitoring and enforcement.



5. (TCO 3) With which stage in the auditing process are the consideration of risk factors and materiality most associated? (Points : 2)

audit planning

collection of audit evidence

communication of audit results

evaluation of audit evidence

6. (TCO 3) Identify six physical access controls. (Points : 5)

7. (TCO 3) Explain why the auditor’s role in program development and acquisition should be limited. (Points : 5)