Cash Flow Problems test questions and answers | Get Access To Cash Flow Problems Flashcards and exam tests

Home Page Social Science Sociology Management Cash Flow Problems

We've found 5 Cash Flow Problems tests

Business Law Cash Flow Problems Civil Law Employer Identification Number Family And Medical Leave Act Material Safety Data Sheet State And Local Laws

Flashcards and Answers – Contractors Law Exam CA Practice Test 1 100 terms

Lewis Gardner

100 terms

Preview

Flashcards and Answers – Contractors Law Exam CA Practice Test 1

question

When is an employee allowed to view their own personnel file? a. never b. when they have a court order c. whenever they wish d. during employee evaluations

answer

c. when ever they wish

question

As required by the immigration reform act, all employees hired on or after November 7, 1986 must complete Form ______ to verify their employment eligibility status. a. I-9 b. W-4 c. US- 99 d.N-14

answer

a. I-9

question

By law, a "hard laborer" may not be younger than _____ years old. a. 14 b. 15 c. 16 d. 17

answer

c. 16 years of age

question

Ms. Gomez applies for a job. Of the following, the only reason an employer may lawfully deny her employment is: a. she is over 50 years of age b. she is Hispanic and everyone else is African-American or Caucasian. c. lifing is involved and she is a woman d. she has no work experience or Social Security number

answer

d. she has no work experience or Social Security number

question

A contractor has had a problem with employees stealing tools and equipment from job sites. When conducting job interviews, may the contractor ask prospective employees about their arrest records? a. It is legal to ask prospective employees about arrests not leading to convictions. b. It is not legal to ask prospective employees about arrests not leading to convictions. c. It is legal for a private employer to ask about arrests not leading to convictions, but it would not be legal for city or county agencies to ask about such arrests. d. It is legal for a private employer to ask about arrests leading to convictions, but it would not be legal for a federal, state, or local public agency to do so.

answer

b. It is not legal to ask prospective employees about arrests not leading to convictions.

question

Who must sign a joint control addendum to a home improvement contract? a. contractor only b. owner and contractor c. owner, contractor and Notary Public d. owner, contractor, and joint control officer

answer

d. owner, contractor, and joint control officer

question

A contractor entered into a home improvement contract for more than $500 with Mrs. Swenson to remodel her kitchen and bathroom. The contract calls for a down payment before work is to begin. According to the Business and Professions Code, how much may the contractor accept from Mrs. Swenson as down payment for the work? a. The contractor may accept as much as Mrs. Swenson agrees to pay. b. The down payment is limited to $1,000 or 10% of the total price, whichever is less. c. The contractor may require enough of a down payment to cover the total cost of materials, but not labor costs. d. Nothing. The contractor must wait until the work is completed to accept any payment.

answer

b. The down payment is limited to $1,000 or 10% of the total price, whichever is less.

question

When should you let an attorney see a construction contract? a. Before you let your client see the contract. b. After the contract is prepared, but before you sign it. c. After the building permit is obtained. d. After the contract is signed by you and your client.

answer

b. After the contract is prepared, but before you sign it.

question

If a sales presentation is made in Spanish, the home solicitation contract: a. must be in Spanish b. may be in English if the writing is plain and simple c. must be co-signed by an English-speaking person if the contract is in English d. must be translated into English and notarized

answer

a. must be in Spanish

question

A contractor and a homeowner sign a home solicitation contract. If the owner lawfully cancels the contract, how long does the contractor have to pick up unused materials that were delivered to the owner's property? a. within 24 hours after cancellation b. within 10 days after cancellation c. within 20 days after cancellation d. It's too late. If the materials are delivered to the property before a notice of cancellation is received, the materials become the property of the owner.

answer

c. within 20 days after cancellation

question

Of the following, which is best for determining the number of hours required for different phases of a project and for making sure the job is on schedule? a. bar graph and chart b. cash analysis chart c. review plans d. critical path method

answer

d. critical path method

question

Who is responsible for checking the site before the building inspector arrives? a. contractor b. owner c. foreperson d. architect

answer

a. contractor

question

Who would be held responsible if a contractor completes a project according to plans and later discovers that there is a building code violation? a. contractor b. architect c. both the contractor and the architect d. owner

answer

c. both the contractor and the architect

question

After a job is completed, the owner decides to have additional work done. How should the contractor proceed? a. Write a new contract and ask the owner to sign it. b. Make an oral agreement with the owner. c. Do the additional work for free. d. Get the owner to sign a change order.

answer

a. Write a new contract and ask the owner to sign it.

question

You have been awarded a job. It requires two days for site preparation and one day for clean-up. The contract involves two seaparate tasks - one lasting seven days and the other 10 days. If the two tasks can be done simultaneously, for how many days do you schedule the job? a. 7 days b. 13 days c. 15 days d. 20 days.

answer

b. 13 days

question

For which of the following would you not obtain a short-term loan? a. wages b. bid bond c. job materials d. office rent

answer

d. office rent

question

As part of the safety training process, contractors' supervisors are required to conduct "toolbox" or "tailgate" safety meetings. How often must these meetings be held? a. daily b. at least once every ten working days c. at least once a month d. at least once a quarter

answer

b. at least once every ten working days

question

DOSH must investigate a complaint charging a serious violation of health or safety standards within: a. one working day b. two working days c. three working days d. five calendar days

answer

c. three working days

question

Every employer of ______ or more full- or part-time employees must keep written health and safety records for _____ years. a. 1 ..... 3 b. 7 ..... 4 c. 10 .... 3 d. 11 .... 5

answer

d. 11 .... 5

question

If required safety devices are missing from tools, what should an employee do? a. Notify the contractor, who is responsible for safety. b. Notify the property owner, who is responsible for safety. c. Safety devices are the employee's responsiblility. d. Call Cal/OSHA

answer

a. notify the contractor, who is responsible for safety.

question

Which would not have to be reported to DOSH immediately or withing 24 hours? a. death from a three-story fall b. drunken crane operator its a high-voltage power line c. car accident in which an employee steps onto a public road, gets hit by a car, and suffers a concussion d. employee falls off forklift and suffers a severe back injury

answer

c. car accident in which an employee steps onto a public road, gets hit by a car, and suffers a concussion

question

When purchasing insurance, what is the best way to choose among different companies? a. referral b. cost and converage c. location of the company d. word-of-mouth

answer

b. cost and coverage

question

Insured employers must report every work-related illness or injury to their workers' compensation carrier within ____ of the incident. a. 24 hours b. 2 days c. 5 days d. 10 days

answer

c. 5 days

question

Your employee sets a cabinet wrong. The cabinet falls from the wall and damages the client's counter top. What should you do? a. Claim the damage on your general liability insurance policy. b. Require the employee to pay for the damage to the counter top. c. Tell the client to claim the damaged counter top on his or her homeowner's insurance policy. d. No action is required. The client must assume the risk of damage.

answer

a. Claim the damage on your general liability insurance policy.

question

A contractor is looking for an insurance policy to cover a high degree of exposure to risk. Of the following, which policy would be best for this purpose? a. property b. general liability c. builder's risk d. umbrella

answer

d. umbrella

question

John Meyers, a general contractor, had a contract with Mr. and Mrs. Barnes to construct a gazebo and deck in their back yard. John was behind schedule and hired his 18-year-old son, Bart, to help on a part-time basis. After working on the project for a month, Bart slipped on a plank that John had laid across the deck but did not nail securely. As a result of the fall, Bart broke his leg. John is insured for workers' compensation, but Bart wants to sue his father for negligence in a civil action. Which of the following statements is CORRECT? a. John is not liable for damages in a civil action because the employee is his son. b. John is liable for damages in a civil action and must prove that the injury did not result from his negligence. c. In a civil action, John may use the defense that the injury was the result of the contributory negligence of his son. d. A civil action is not a possibility when the dispute involves a job-related injury, unless the employer is not insured for workers' compensaiton. The case would be handled by the Department of Industrial Relations.

answer

d. A civil action is not a possiblity when the dispute involves a job-related injury, unless the employer is not insured for workers' compensation.

question

A prime contractor entered into a construction contract with a subcontractor. An employee of the subcontractor was injured, bu unfortunately, the subcontractor had not secured workers' compensation coverage. Which of the following statements best describes the situation, except in cased of fraud? a. The subcontractor is guilty, but the prime contactor is not responsible. b. The prime contractor is guilty, but the subcontractor is not responsible. c. Neither the prime contractor nor the subcontractor are responsible. d. The subcontractor is guilty, but the prime contractor must take responsibility for the injuries.

answer

d. The subcontractor is guilty, but the prime contractor must take responsibility for the injuries.

question

Your accountant advises you to set up a cost management system. What does this system do? a. It gives a cost history to analyze labor and material costs. b. It shows where profits and losses are. c. It shows costs of materials only. d. It compares what others are charging for subcontracted work.

answer

a. It gives a cost history to analyze labor and material costs.

question

An employee workd 60 hours in one week. If the hourly wage rate is $12, what are the gross wages? a. $600 b. $840 c. $960 d. $1,080

answer

b. $840 Gross wages = Regular Time + Overtime Regular Time = 40 hrs x $12/hr = $480 Overtime = 20 hrs x 1.5 x $12/hr = $360 Gross Wages = $480 + $360 = $840

question

A(n) _____ represents a company's financial position on a specified date. a. balance sheet b. income statement c. cash flow statement d. profit plan

answer

a. balance sheet

question

A(n) _____ summarizes revenues, costs of sales, and operating expenses over a period of time. a. profit plan b. balance sheet c. cash flow statement d. income statement

answer

d. income statement

question

An employer must furnish an employee with a completed IRS Form W-2 (Wage and Tax Statement) by: a. January 1 b. January 31 c. April 15 d. the final day of employment

answer

b. January 31

question

Which of the following financial ratios is the strictest measure of liquidity? a. quick ratio b. current ratio c. profitability ratio d. leverage ratio

answer

a. quick ratio

question

The Federal Employer Identification Number (EIN) is issued by the: a. Franchise Tax Board b. Board of Equalization c. Internal Revenue Services d. Employment Development Department

answer

c. Internal Revenue Service

question

An employer remits State income tax and State disability taxes withheld from an employee's wages to what agency? a. Internal Revenue Service b. Employment Development Department c. Franchise Tax Board d. Board of Equalization

answer

b. Employment Development Department

question

Who pays FICA? a. employer b. employee c. 50% employer and 50% employee d. 90% employer and 10% employee

answer

c. 50% employer and 50% employee

question

How often are FICA taxes reported and paid? a. weekly b. monthly c. quarterly d. yearly

answer

c. quarterly

question

Who pays FUTA? a. employer b. employee c. 50% employer and 50% employee d. 90% employer and 10% employee

answer

a. employer

question

What happens after an employee's taxable wages exceed $7,000? a. After $7,000, the FUTA rate increases. b. After $7,000, the FUTA rate decreases by 50%. c. After $7,000, the employer does not pay FUTA. d. Nothing. FUTA is not subject to a wage limit.

answer

c. After $7,000, the employer does not pay FUTA.

question

Which of the following may not be deducted from an employee's paycheck? a. SDI b. FICA c. Medicare tax d. workers' compensation insurance premiums

answer

d. workers' compensation insurance premiums

question

To whom do you report and pay sales tax? a. County Tac Collector b. Internal Revenue Service c. Board of Equalization d. Franchise Tax Board

answer

d. Board of Equalization

question

How often are you required to pay sales tax? a. monthly b. quarterly c. annually d. It depends on the expected amount of sales tax.

answer

b. quarterly

question

When balancing the accounts receivable, which of the following would have no effect? a. Posting to the wrong accounts-receivable account. b. Crediting instead of debiting the accounts-receivable account. c. Debiting instead of crediting the accounts-receivable account. d. Posting a receivable to an accounts-payable account.

answer

a. posting to the wrong accounts-receivable account.

question

What kind of discount do lumber yards and other suppliers offer to contractors who pay their bills promptly? a. 1/2% - 1% b. 1% - 2% c. 4% - 8% d. 10% - 12%

answer

b. 1% - 2%

question

If a newly hired employee does not have an SSN, what should be done? a. The employee must apply for an SSN. b. The employer must apply on behalf of the employee for an SSN. c. If a W-2 is provided, an SSN is not needed. d. Call the police.

answer

a. The employee must apply for an SSN.

question

Once a budget is finalized, the: a. contractor should stick to the budget no matter what happens b. contractor should do the best possible job of staying within the budget c. budget should be revised each month d. budget should be referred to only if the business has cash flow problems

answer

b. contractor should do the best possible job of staying within the budget

question

Which of the following procedures BEST ensures error-free bids? a. working with an attorney b. having another person draft the bid c. discussing details of the bid with the supplier d. rechecking the bid before submitting it to the client

answer

d. rechecking the bid before submitting it to the client

question

Direct costs are $37,000, overhead is 12%, and profit is 5%. What is the selling price? a. $39,272.47 b. $41,373.45 c. $43,383.37 d. $44,578.31

answer

d. Sum of overhead and profit percentages = 12% + 5% = 17% Percent of selling price that is direct costs = 100% - 17% = 83% = .83 Selling price = $37,000 / .83 = $44,578.31 Direct costs = 44,578.31 x .83 = $37,000.00 Overhead = 44,578.31 x .12 = $ 5,349.40 Profit = 44,578.31 x .05 = $ 2,228.92 Total = $44,578.32

question

What is the most likely reason to lose a bid? a. 10% added to profit b. vague specifications c. prices from subs were not exact d. costs of materials were not obtained

answer

b. vague specifications

question

You are bidding a job with plans drawn by the owner. You notice a code violation and bring it to the attention of the owner. The owner declines to remedy the code violation and tells you not to worry. What should you do? a. Bid on the job as though it were to code. b. Bid on the job as though it were to code, but ask the owner to sign a release of your responsibility. c. Bid on the job with the corrections in mind, and perform the corrections yourself to bring the work up to code. d. Decline to bid on the work.

answer

d. Decline to bid on the work.

question

After you have read the plans and specifications, what is the next important step in writing a bid? a. Talk to and select subs. b. Walk the job. c. Call about materials, price and availability. d. Talk to the crew leader about labor.

answer

b. Walk the job.

question

On a time and materials job, you should: a. not charge for profit and overhead b. add profit and overhead to labor only c. add profit and overhead to materials only d. add profit and overhead to labor and materials

answer

d. add profit and overhead to labor and materials

question

All of the following are causes for disciplinary action EXCEPT: a. allowing your license to be used by an unlicensed contractor b. entering into a contract with another contractor who is not licensed c. during bankruptcy, settling obligations incurred as a contractor for less than the full amount d. willful or deliberate failure to pay money when due for materials or service

answer

c. during bankruptcy, settling obligations incurred as a contractor for less than the full amount is not cause for disciplinary action

question

The qualifying RME for a construction firm must work at least: a. 32 hrs per wk or 80% of the work week b. 30 hrs per wk or 70% of the work week c. 24 hrs per wk or 65% of the work week d. 12 hrs per wk or 51% of the work week

answer

a. 32 hrs per wk or 80% of the work week

question

If a contractor forgets to renew his or her license on time, the expire license may be renewed any time within _____ after its expiration without reapplying for a license and fulfilling the exam or waiver requirements. a. one year b. two years c. four years d. five years

answer

d. five years

question

Business records must be kept and made available for inspection by the Registrar of Contractors for a period of ____ after completion of a construction project or operation. a. one year b. two years c. three years d. five years

answer

d. five years

question

Construction or alteration of any building, highway, excavation, or other structure in the State of California requires a contractor's license if the total cost of one or more contracts on the project is: a. $150 or more in labor only b. $200 or more in materials only c. $500 or more in labor and materials d. $500 or more in labor only

answer

c. $500 or more in labor and materials

question

When should a contractor renew the contractor's license bond? a. the day it expires b. 10 days before it expires c. 30 days before it expires d. within 30 days after it expires

answer

c. 30 days before it expires

question

Harry and Linda have done business as a licensed partnership. If Linda is a general partner, but not the qualifier, what must she do to get an individual license? a. If Linda was listed as a partner on the liscense and was actively engaged in the business for at least five of the past seven years, she may apply for a license with a waiver of the exam. b. If Linda applies for an individual license, the partnership license must be inactivated. c. Linda is not entitled to apply for an individual license. d. General partners may automatically receive an individual license if the are listed on the partnership license.

answer

a. If Linda was listed as a partner on the license and was actively engaged in the business for at least five of the past seven years, she may apply for a license with a waiver of the exam.

question

A subcontractor who does not serve a preliminary notice: a. may not sever a stop notice but may file a mechanic's lien b. may not file a mechanic's lien but may serve a stop notice c. loses both stop notice and mechanic's lien rights d. loses nothing because subcontractors are not required to file preliminary notices

answer

c. loses both stop notice and mechanic's lien rights

question

When an owner signs a receipt for a stop notice, it usually means the owner: a. owes money to the contractor for labor and materials b. recognizes that work will stop in 30 days c. owes the sub money d. recognizes that a lien could be placed on funds

answer

d. recognizes that a lien could be placed on funds

question

What possible reason would an owner for requiring an unconditional lien release from a subcontractor? a. The lien release protects the prime contractor. b. A lien release informs the owner of progress on the job. c. A lien release provides for rights of cancellation. d. The owner's property covered by the release may not be liened.

answer

d. The owner's property covered by the release may not be liened.

question

The CSLB has established a mandatory arbitration program of verified complaints in which the damages are: a. $1,000 or less b. $7,500 or less c. $7,500 or more d. $5,000 to $20,000

answer

b. $7,500 or less

question

A contractor usually will not be held liable for a suppllier going on strike, but if your supplier did go on strike what would you do? a. Contact the owner immediately. b. Contact the architect immediately. c. Contact the general building contractor immediately. d. Continue work as usual.

answer

a. Contact the owner immediately.

question

If, during an excavation, you unearth human remains or burial artifacts at a construction site, what should you do? a. Notify the owner of the property. b. Stop work and place a warning ribbon three fee from the remains around the perimeter of the site. c. Stop work immediately at that site. d. Stop work immediately at that site and any other nearby area that may have remains.

answer

D. Stop work immediately at that site and any other nearby area that may have remains.

question

If you are planning to dig, drill, and bore at a job site, you should notify ______ before starting work. a. DOSH b. Environmental Protection Agency c. the County Engineer d. the regional Underground Service Alert Notification Center

answer

d. the regional Underground Service Alert Notification Center

question

Before beginning work, an employer or contractor must inquire whether asbestos is present in any building constructed prior to: a. 1975 b. 1978 c. 1985 d. 1990

answer

b. 1978

question

The supplier of a potentially hazardous product must be able to provide a(n) ____ with that product. a. Material Safety Data Sheet b. Certificate for Use c. Injury Illness and Prevention Program d. Hazard Evaluation System Information Services bulletin

answer

a. Material Safety Data Sheet

question

Is it legal for a contractor to require employees to take lie detector tests? a. It is not legal for the contractor to require lie detector tests, but it would be legal for a federal, state, or local public agency to require lie detector tests of their employees. b. It is not legal for any employer to require lie detector tests. c. It is only legal for the contractor to require lie detector tests of employees who have criminal records. d. It is legal for the contractor to require lie detector tests, but it would not be legal for a federal, state, or local public agency to do so.

answer

a. It is not legal for the contractor to require lie detector tests, but it would be legal for a federal, state, or local public agency to require lie detector tests of their employees.

question

Sometimes contracts can prove to be too vague to interpret without disagreement between owner and contractor. Which of the following steps would best prevent such problems? a. Walk the job site with the owner. b. Review the plans and specifications with the owner. c. Show the owner the critical path schedule. d. Include a payment schedule in the contract and review other details of the contract with the owner.

answer

b. Review the plans and specifications with the owner.

question

Funds withheld to guarantee completion of a project and correction of defects are called a(n): a. remainder b. umbrage c. retention d. stipulation

answer

c. retention

question

Which of the following statements about home improvement laws is NOT correct? a. A subcontractor may give a salesperson a bonus. b. A general contractor may give a sales person a bonus. c. A subcontractor may not give the general contractor a bonus. d. The homeowner may give the salesperson a bonus.

answer

d. The homeowner may give the salesperson a bonus.

question

When you get an approved set of plans, what should you do first? a. Calculate the square footage. b. Call a material supplier. c. Schedule the job. d. Read any notes from the building department.

answer

d. Read any notes from the building department.

question

You are bidding as a prime contractor on a public works project. The work will not involve construction, improvement, or repair of streets, highways, or bridges. You will use subcontractors for part of the work. If you do not name a subcontractor for any part of the work; a. the contract is canceled b. you will do that part of the work yourself c. you may simply submit a name later d. the awarding authority will choose a subcontractor for you

answer

b. you will do that part of the work yourself

question

A contractor meets Mr. Jones at his home to discuss remodeling. The contractor and Mr. Jones sign a contrat that includes a three-day cancellation form. After the contractor leaves, Mr. Jones decides not to have the work done. Instead of using the cancellation form, Mr. Jones sends the contractor a letter by first-class mail stating that he is canceling the contract. Is Mr. Jones' cancellation effective? a. No. Mr. Jones did not return the contract with the letter. b. No. Mr. Jones did not sign and return the cancellation form. c. Yes. Mr. Jones' letter does cancel the contract because it indicates his intention not to be bound by the contract. d. No. However, the letter would have cancelled the contract had it been sent by certified or registered mail.

answer

c. Yes. Mr. Jones' letter does cancel the contract because it indicates his intention not to be bound by the contract.

question

A general contractor has obtained bids from several subcontractors for a private project. He notices that one bid is substantially lower than the rest. Is it ethical and a good business practice for this contractor to inform the subcontractor that the bid is substantially lower than the bids of the other subcontractors? a. No. It would be unethical for the contractor to inform any subcontractor that their bid is substantially lower than the other bids, even if the contractor believes that the subcontractor has made an error. b. Yes. If the contractor believes that the subcontractor has made an error in compiling his bid, the contractor should disclose the amounts of the other subcontractors' bids to the subcontractor, so the subcontractor can determine the extent of his error. c. Yes. If the contractor has reason to believe that the subcontractor has made an error in preparing his bid, the contractor should notify the subcontractor of the apparent error, but the contractor may not disclose the amounts of the other bids. d. None of the above.

answer

c. Yes. If the contractor has reason to believe that the subcontractor has made an error in preparing his bid, the contractor should notify the subcontractor of the apparent error, but the contractor may not disclose the amounts of the other bids.

question

A contractor, on his own initiative, changed the design of a building and carried out the change. The owner rejected the change and stated that the building has lost market value. If the owner takes the contractor to court and obtains a favorable judgement, the owner is: a. due the cost of repairs or the loss of market value b. due any loss of profits c. entitled to a new building d. due only the loss of market value

answer

a. due the cost of repairs or the loss of market value

question

Of the following, which document is usually delivered first in a transaction involving a home improvement contract? a. three-day notice of right to cancel b. the contract c. "Notice to Owner" d. 20-day preliminary notice

answer

c. "Notice to Owner"

question

The applicant for a contractor's license receives a notice from the Contractor's State Licensing Board, dated October 1, that the applicant passed the written exam. To receive an active license, the applicant must file a license bond and fee no later than: a. October 31 b. October 29 c. December 30 d. January 1

answer

c. December 30

question

How many days does a contractor have to notify the Registrar after being issued a workers' compensation insurance policy? a. 5 days b. 10 days c. 30 days d. 90 days

answer

d. 90 days

question

How many times may you take the contractor's license exam before your original application is voided? a. as many times as necessary within 18 months b. three times if you conform to scheduling c. five times an unlimited number of times

answer

a. as many times as necessary within 18 months

question

You are the qualifier for an active contractor's license. How do you inactivate the license? a. Write to the CSLB, requesting that the license be made inactive. b. Wait to receive the license renewal application and then do not pay the renewal fee. c. Cancel the contractor's license bond. d. Nothing. The license will automatically become inactive when the license term expires.

answer

a. Write to the CSLB, requesting that the license be made inactive.

question

The purpose of a 20-day preliminary notice for private work is to: a. notify the owner that a lien has been placed on the property b. notify the owner that the person or firm who sent the notice has improved the property c. make the owner aware of the provisions of the mechanic's lien laws d. waive the contractor's or subcontractor's lien rights

answer

b. notify the owner that the person or firm who sent the notice has improved the property

question

A notice of completion must be recorded within: a. 10 days after work is completed b. 10 days after work has ceased c. 30 days after work is completed d. 60 days after work has ceased

answer

a. 10 days after work is completed

question

A mechanic's lien is a written document that must be signed and verified by the claimant. The first and third steps a contractor should take in filing a lien are listed below: Step 1): Obtain the exact legal description of the property; Step 2): _________; Step 3: Find out if the person requesting the work of improvement is the owner. What is Step 2: a. Determine the amount of the lien claim. b. Find out the name of the legal owner of the property as well as the percent of ownership. c. List the attorney representing the contractor. d. List the attorney representing the owner.

answer

b. Find out the name of the legal owner of the property as well as the percent of ownership.

question

When a notice of completion has been filed, the original contractor has ______ days to record a lien. a. 20 b. 30 c. 60 d. 90

answer

c. 60 days

question

A subcontractor or material supplier has ____ days to file a lien once a notice of completion has been recorded. a. 10 b. 30 c. 60 d. 90

answer

b. 30 days

question

What does it mean when a subcontractor signs a waiver and release form on a public works project? a. The subcontractor gives up the right to lien the real property. b. the subcontractor gives up the right to lien the construction funds. c. The subcontractor waives the right to lien the real property or the construction funds. d. The subcontractor is no longer responsible for correcting defective work.

answer

b. the subcontractor gives up the right to lien the construction funds.

question

Is it legal for a contractor to hire professional strikebreakers to replace striking employees? a. Yes. It is legal to hire professional strikebreakers. b. No. The contractor is subject to a maximum fine of $500 and/or maximum jail sentence of 30 days. c. No. The contractor is subject to a maximum fine of $1,000 and/or a maximum jail sentence of 90 days. d. The contractor has not committed a crime but may be subject to legal action.

answer

c. No. The contractor is subject to a maximum fine of $1,000 and/or a maximum jail sentence of 90 days.

question

Is it legal for a contractor to pay employees in cash? a. Yes, if the contractor provides each employee with a wage deduction statement semimonthly or at the time of each wage payment. b. Yes, if the contractor provides each employee with Form W-2 at the end of the year. c.No, because an employee's wages must be paid by a check with a wage deduction statement attached. d. No, unless the contractor obtains a receipt from each employee showing the amount of gross wages received.

answer

a. Yes, if the contractor provides each employee with a wage deduction statement semimonthly or at the time of each wage payment.

question

A contractor hires a subcontractor to demolish a concrete wall. Who is responsbile for supplying safety goggles? a. Cal/OSHA b. subcontractor c. property owner d. contractor

answer

b. subcontractor

question

Some counties have an additional sales tax added to the base rate. Which of the following is a correct statement regarding this additional tax? a. This additional tax does not apply to contractors. b. You do not have to pay this additional tax if your home office is in another county. c. You may pay the additional tax charged in your county if the rate is lower than the county where the materials were purchased. d. You must pay the additional tax in the county where the materials were purchased.

answer

d. You must pay the additional tax in the county where the materials were purchased.

question

Where is the "Notice of RIght to Cancel" found on a home improvement contract? a. at the top of the page b. near the client signature c. in the middle of the page d. on the back

answer

b. near the client signature

question

How long does a client have to cancel a contract for repairs that are the result of an event for which a State of Emergency was declared? a. 5 business days b. 5 calendar days c. 7 business days d. 7 calendar days

answer

c. 7 business days

question

Which of the following is considered a direct cost? a. telephone use by employees b. personal vehicle c. insurance d. payroll tax

answer

d. payroll tax

question

Which act establishes the rights of workers to organize into unions and negotiate contracts? a. Civil Rights Act of 1964 b. Civil Rights Act of 1972 c. Civil Rights Act of 1984 d. National Labor Relations Act of 1935

answer

d. National Labor Relations Act of 1935

question

When is the last day a customer can cancel a contract that was signed on Friday, December 21st? a. the following Friday b. the following Tuesday c. the following Wednesday d. the following Thursday

answer

c. the following Wednesday; customer has 3 business days to cancel a contract.

question

What is the maximum allowed travel distance from any point of a work area to a fire extinguisher? a. 25 feet b. 50 feet c. 75 feet d. 150 feet

answer

c. 75 feet

question

Why would a contractor have a case in Superor Court? a. if it is transferred from a Small Claims Court b. if it is transferred from a Municipal Court c. if it is a dispute of more than $25,000 d. if two or more parties are involved in the case

answer

c. if it is a dispute of more than $25,000

question

When a subcontractor does work on a public works contract, the public agency considers the subcontractor to be: a. an employee of the agency b. a subcontractor of the agency c. an employee of the prime contractor d. a subcontractor of the prime contractor

answer

c. an employee of the prime contractor

STUDY

Business Business Management Cash Flow Problems Contractionary Fiscal Policy Foreign Direct Investment Foreign Exchange Rates Monetary Economics Non Profit Organizations Short Term Effect

#1 – #10 edited Combo – CIS 525 – CyberSecurity – McMurtrey – Study for Final Exam – Flashcards 942 terms

William Jordan

942 terms

Preview

#1 – #10 edited Combo – CIS 525 – CyberSecurity – McMurtrey – Study for Final Exam – Flashcards

question

the likelyhood that something bad happens to an asset is

answer

Risk

question

This defines how a business gets back on its feet after a major disaster like a hurricane

answer

Disaster Recovery Pla (DRP)

question

Gives priorities to the functions an organization needs to keep going

answer

Businees Continuity Plan

question

Connecting your computers or devices to the ---- immediately exposes them to attack

answer

internet

question

Software vendors must protect themselves from liabilities of their own vulnerabilities with a

answer

End-User License Agreement (

question

This represents the fourth layer of defense for a typical IT infrastructure

answer

LAN - to - WAN Domain

question

The goal and objective of a --- is to provide a consistent definition for how an organization should handle and secure different types of data

answer

data classification standard

question

The requirement to keep information private or secret is the definition of

answer

...

question

The tunnel can be created between a remote workstation using the public internet and VPN router and a --- web site

answer

(SSL - VPN)

question

A --- is a weakness that allows a threat to be realized

answer

vulnerability

question

The weakest link in the security of an IT infrastructure is the user

answer

True

question

This appliance examines IP data streams for common attack and malicious intent patterns

answer

(IDS)

question

What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens private data and have proper security controls in place?

answer

Federal Information Security Management Act

question

What name is given to an exterior network that acts as a buffer zone between the public internet and the organizations IT?

answer

demilitarized zone

question

What term is used to describe guarding information from everyone except those who have rights to it?

answer

confidentiality

question

Which of the following describes the Family Educational Rights and Private ACT?

answer

a law that protects the private data of students

question

A _____ is any action that could damage an asset that can be natural and or human induced

answer

threat

question

_______ means only authorized users can change information and deals with the validity and accuracy of data.

answer

integrety

question

E-commerce changed how businesses sell, and the --- change how they market

answer

...

question

Medical practices and hospitals realized early on that ________ provide(s) the ability toprovide access to the necessary information without having to invest in many computersand network infrastructure

answer

mobile devices

question

Network devices can implement ___________ to better support VoIP and SIP IP packets and reduce dropped calls and delays.

answer

traffic prioritization

question

Security controls do not need to be implemented to secure VoIP and SIP on LANs andWANs.

answer

false

question

The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.

answer

true

question

The total number of errors divided by the total number of bits transmitted is the definition of

answer

bit error rate

question

Voice an unified communications are --- applications that use 64 byte IP packets

answer

Session Initiation Protocol (SIP)

question

What is ment by application convergence?

answer

The integration of applications to enhance productivity

question

The software in a phone system that performs the call switching from an inboundtrunk to a phone extension

answer

call control

question

What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video , or data communications?

answer

asynchronous transfer mode (ATM)

question

What name is given to a software-based application like WebEx that supports audio conferencing and sharing of documents (text, spreadsheets, presentations, etc.) for real-time discussions with team members or colleagues?

answer

collaboration

question

What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system?

answer

Denial of Service (DoS)

question

What term is used to describe a packet- based WAN service capable of supporting one-to-many and many-to-many WAN connections?

answer

frame relay

question

What term is used to describe a strategy that uses a device to provide electrical power for IP phones from the RJ-45 8-pin jacks directly to the workstation outlet?

answer

power over Ethernet (Poe)

question

What term is used to describe communication that doesn't happen in real time but rather consists of messages that are stored on a server and downloaded to endpoint devices?

answer

store-and-forward communications

question

What term is used to describe streamlining processes with automation or simplified steps?

answer

business process engineering

question

--- is the basis for unified communication and is the protocol used by real-time applications such as IM chat, conferencing and collaboration

answer

Session Initiation Protocol (SIP)

question

A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.

answer

true

question

A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.

answer

cracker

question

A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system,or recovery of passwords stored in a computer system.

answer

password cracker

question

A --- is a tool used to scan IP host devices for open ports that have been enabled

answer

port scanner

question

A protocol analyzer or --- is a software program that enables a computer to monitor and capture network traffic

answer

packet sniffer

question

In a ________, the attacker sends a large number of packets requesting connections to the victim computer

answer

SYN flood

question

Malicious software can be hidden in a

answer

...

question

spoofing means a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

answer

true

question

A program or dedicated hardware device that inspects network traffic passing though it

answer

firewall

question

An attack that seeks to obtain personal or private financial information through domain spoofing

answer

pharming

question

The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.

answer

promiscuous mode

question

A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compormised

answer

rootkit

question

What term is used to describe an attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination?

answer

man-in-the-middle attack

question

When an attacker discovers a __________, he or she can use it to bypass existing security controls such as passwords, encryption, and so on.

answer

backdoor

question

A network utility program that reads from and writes to network connections.

answer

netcat

question

Wiretapping is an application incorporating known software vulnerabilities, data, and scripted commands to exploit a weakness in a computer system or IP host device.

answer

false

question

______ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.

answer

Brute-force password atack

question

____ is type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.

answer

Hijacking

question

A ___________ is a formal analysis of an organization's functions and activities that classifies them as critical or noncritical.

answer

business impact analysis (BIA)

question

Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.

answer

false

question

Risks apply to specific assets. If you multiply the risk __________ by the cost of the asset, the result is the exposure to a specific risk.

answer

probability

question

Singe loss expectancy(SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE = Resource Value x EF

answer

true

question

The first step in risk analysis is to determine what and where the organizations --- are located

answer

assets

question

The formal process of monitoring and controlling risk focuses on --- new risks.

answer

analyzing

question

The goal of --- is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high impact risks and develop plans based on risks

answer

quantitative risk analysis

question

The recover point objective (RPO) identifies the amount of ---- that is acceptable

answer

data loss

question

The term risk management describes the process of identifying, assessing, prioritizing and addressing risks

answer

true

question

What is meant by annual rate of occurrence (ARO)?

answer

The annual probability that a stated threat will be realized.

question

What is meant by risk register?

answer

A list of identified risks that results from the risk-identification process

question

What is the project Management Body of Knowledge ?

answer

A collection of the knowledge and best practices of the project management profession

question

What is the difference between a BCP and a DRP?

answer

...

question

What name is given to any risk that exists but has a defined response?

answer

residual risk

question

When you accept a --- you take no further steps to resolve

answer

negative risk

question

A risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them.

answer

...

question

________ is the difference between the security controls you have in place and the controls you'd to have in place in order to address all vulnerabilities.

answer

security gap

question

--- is rapidly becoming an increasingly important aspect of enterprisecomputing

answer

disaster recovery

question

A communication protocol that is connectionless and is popular for exchanging small amounts of data or messages is called ---

answer

User Datagram Protocol (UDP)

question

A method of restricting resource access to specific periods of time is called ---

answer

temporal isolation

question

An organization's facilities manager is often responsible for ---

answer

Physical Access Control

question

Biometrics is another --- method for identifying subjects

answer

access control

question

A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system.

answer

decentralized access control

question

Mandatory access control (MAC) isa means of restricting access to an object based on the object's classification and the user's security clearance.

answer

true

question

The Bell-La Padula access control model focuses primarily on ---

answer

confidentiality of data and control of access to classified information

question

The --- is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems

answer

security kernel

question

What is ment by constrained user interface?

answer

Software that allows users to enter only specific information.

question

What name is given to an access control method that bases access control approvals on the jobs the user is assigned?

answer

role-based access control

question

What term is used to describe a device used as a log on authenticator for remote users of a network?

answer

synchronous token

question

An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.

answer

asynchronous token?

question

Which of the following is an accurate description of cloud computing?

answer

The practice of using computing services that are delivered over a network.

question

Which of the following is not a type of authentication?

answer

...

question

The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.

answer

Which of the following is the definition of access control?

question

a ---- is an authentication credential that is generally longer and more complex than a password

answer

passphrase

question

---- is an authorization method in which access to resources is decided by the user's formal status.

answer

Authority - level policy

question

---- is the process of dividing up tasks into a series of unique activities

answer

Separation of duties

question

A compliance liaison works with each department to ensure that it understands, implements, and monitors compliance in accordance with the organization's policies.

answer

True

question

A security awareness program includes

answer

...

question

A way to protect your organization from personnel - related security violations is to use job rotation.

answer

true

question

An organization must comply with rules on two levels. regulatory compliance and organizational compliance.

answer

true

question

Because personnel are so important to solid security, one of the best security controls you can develop is a strong security --- and awareness program

answer

training

question

Enacting changes in response to reported problems is called

answer

reactive change managment

question

For all the technical solutions you can devise to secure your systems, the --- remains your greatest challenge.

answer

human element

question

Initiating changes to avoid expected problems is the definition of proactive change managment

answer

true

question

one of the most popular types of attacks on computer systems involves--- . These attack deceive or use people to get around security controls.

answer

Social engineering

question

The--- team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event.

answer

security administration

question

The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ...

answer

emergency operations group

question

The term remediation refers to fixing something before it is broken, defective, of vulnerable.

answer

true

question

The technical evaluation of a system to provide assurance that you have implemented the system correctly

answer

certification

question

A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization

answer

standard

question

What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?

answer

agile development

question

What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?

answer

baseline

question

What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?

answer

procedure

question

When an information security breach occurs in your organization, a --- helps determine what happened to the system and when.

answer

Security event log

question

Which of the following is the definition of guideline?

answer

A recommendation to purchase or how to used a product or system

question

Which of the following is the definition of system owner?

answer

The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.

question

A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.

answer

Layer 3 switch

question

Today, people working in cyberspace must deal with new and constantlyevolving ________.

answer

threats

question

The world needs people who understand computer-systems ________ and who can protect computers and networksfrom criminals and terrorists.

answer

security

question

A ___________ gives priorities to the functions an organization needs to keep going.

answer

business continuity plan (BCP)

question

____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.

answer

Recovery time objective (RTO)

question

____________ is the practice of hiding data and keeping it away from unauthorized users.

answer

Cryptography

question

A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.

answer

disaster recovery plan (DRP)

question

What is meant by call control?

answer

The software in a phone system that performs the call switching from an inboundtrunk to a phone extension.

question

________ is the basis for unified communications and is the protocol used by real-timeapplications such as IM chat, conferencing, and collaboration.

answer

Session Initiation Protocal (SIP)

question

A common DSL service is ________,where the bandwidth is different for downstream and upstream traffic.

answer

asymmetric digital subscriber line (ADSL)

question

The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.

answer

bit error rate

question

What is meant by application convergence?

answer

The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integratesrecorded voice messages into e-mail so that voice messages are retrievable via e-mail.

question

The total number of errors divided by the total number of bits transmitted is the definition of __________.

answer

bit error rate

question

As users upgrade LANs to GigE or 10GigE, switches must support ________and data IP traffic.

answer

voice

question

In a ________, the attacker sends a large number of packets requesting connections to the victim computer.

answer

SYNflood

question

Loss of financial assets due to ________ is a worst-case scenario for all organizations.

answer

malicious attacks

question

A __________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.

answer

black-hat hacker

question

A ___________ is a software program that performs one of two functions: brute-forcepassword attack to gain unauthorized access to a system,or recovery of passwords stored in a computer system.

answer

password cracker

question

A protocol analyzer or ____________ is a software program that enablesa computer to monitor and capture network traffic.

answer

packet sniffer

question

A(n) ___________ fingerprint scanner is a software program that allows an attackerto send logon packets to an IP host device.

answer

operating system (OS)

question

_______ is the proportion of value of a particular asset likely to be destroyed by a given risk,expressed as a percentage.

answer

Exposure factor (EF)

question

Risks apply to specific assets. If you multiply the risk __________ by the cost of the asset, the result is the exposure to a specific risk.

answer

probability

question

What is the Project Management Body of Knowledge (PMBOK)?

answer

A collection of the knowledge and best practices of the project management profession.

question

What is meant by annual rate of occurrence (ARO)?

answer

The annual probability that a stated threat will be realized.

question

Which of the following best describes quantitative risk analysis?

answer

A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.

question

What is meant by risk register?

answer

A list of identified risks that results from the risk-identification process.

question

Information security activities directly support several common businessdrivers, including ________ and efforts to protect intellectual property.

answer

compliance

question

Which of the following describes an asynchronous token?

answer

question

________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification.

answer

Need-to-know

question

Which of the following is the definition of access control?

answer

The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.

question

Which of the following is an accurate description of cloud computing?

answer

The practice of using computing services that are delivered over a network.

question

Which of the following adequately defines continuous authentication?

answer

An authentication method in which a user is authenticated at multiple times or event intervals.

question

A mechanism that limits access to computer systems and network resources is ________,

answer

logical access control

question

The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________.

answer

emergency operations group

question

What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?

answer

agile development

question

What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?

answer

procedure

question

What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?

answer

baseline

question

What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?

answer

certifier

question

________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.

answer

Clean desk/clear screen policy

question

What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules? A. baseline B. waterfall model C. agile development D. sprint

answer

question

What is meant by authorizing official (AO)? A. An individual to enact changes in response to reported problems. B. The process of managing changes to computer/device configuration or application software. C. A senior manager who reviews a certification report and makes the decision to approve the system for implementation. D. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization

answer

question

What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products? A. configuration control B. functional policy C. baseline D. authorizing official (AO)

answer

question

What is meant by certification? A. The formal acceptance by the authorizing official of the risk of implementing the system. B. A strategy to minimize risk by rotating employees between various systems or duties. C. The technical evaluation of a system to provide assurance that you have implemented the system correctly. D. A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies.

answer

question

What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system? A. remediation B. certifier C. compliance liaison D. system owners

answer

question

________ is the process of managing changes to computer/device configuration or application software. A. Sprint B. Procedure control C. Change control D. Proactive change management

answer

question

________ states that users must never leave sensitive information in plain view on an unattended desk or workstation. A. Procedure management B. Emergency operations policy C. Clean desk/clear screen policy D. Security administration policy

answer

question

The process of managing the baseline settings of a system device is called ________. A. guideline B. baseline C. configuration control D. sprint

answer

question

The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________. A. emergency operations group B. security event team C. guideline control D. security administration

answer

question

Which of the following is the definition of guideline? A. A method of developing software that is based on small project iterations, or sprints, instead of long project schedules. B. Recorded information from system events that describes security-related activity. C. A recommendation to purchase or how to use a product or system. D. A senior manager who reviews a certification report and makes the decision to approve the system for implementation.

answer

question

Which of the following is the definition of anomaly-based IDS? A. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. B. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. C. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. D. Using tools to determine the layout and services running on an organization's systems and networks.

answer

question

Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________. A. controls B. management C. standards D. plan

answer

question

As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today. A. configuration B. controls C. monitoring D. settings

answer

question

One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle. A. audit B. security C. benchmark D. monitoring

answer

...

question

It's essential to match your organization's required __________ with its security structure. A. monitoring B. permission level C. operating system D. recommendations

answer

question

Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures. A. applications B. mitigation activities C. configurations D. recommendations

answer

question

________ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization. A. Penetration testing B. Real-time monitoring C. An audit D. Vulnerability testing

answer

question

Audits are necessary because of ________. A. potential liability B. negligence C. mandatory regulatory compliance D. all of the above

answer

question

_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies. A. Real-time monitoring B. Gray-box testing C. SAS 70 D. White-box testing

answer

...

question

The ___________ framework defines the scope and contents of three levels of audit reports. A. Service Organization Control (SOC) B. permission-level C. real-time monitoring D. zone transfer

answer

question

How your organization responds to risk reflects the value it puts on its ___________. A. environment B. assets C. technology D. vulnerability

answer

question

A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost. A. risk B. control C. event D. response

answer

question

It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________. A. critical business function B. disaster plan C. business continuity plan D. risk management plan

answer

question

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization. A. Backup B. Incident C. Risk D. Preventive control

answer

question

A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. A. threat B. impact C. risk D. vulnerability

answer

question

___________ refers to the amount of harm a threat can cause by exploiting a vulnerability. A. Impact B. Threat C. Risk D. Incident

answer

question

An attacker or event that might exploit a vulnerability is a(n) ____________. A. incident B. threat source C. cost D. Hacker

answer

question

A(n) ________ is an intent and method to exploit a vulnerability. A. impact B. incident C. threat source D. safeguard

answer

...

question

A threat source can be a situation or method that might accidentally trigger a(n) ____________. A. event B. incident C. vulnerability D. control

answer

question

A(n) ________ is a measurable occurrence that has an impact on the business. A. corrective control B. event C. cost D. critical business function

answer

question

Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. A. security B. privacy C. nonrepudiation D. reliability

answer

question

What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely? A. hash B. key distribution C. asymmetric key cryptography D. symmetric key cryptography

answer

...

question

The number of possible keys to a cipher is a ___________. A. checksum B. cryptosystem C. keyspace D. key directory

answer

...

question

Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________. A. decryption B. breaking codes C. brute-force attack D. cryptanalysis

answer

...

question

The most scrutinized cipher in history is the ________. A. Data Encryption Standard (DES) B. keyword mixed alphabet cipher C. transposition cipher D. Vigenère cipher

answer

...

question

________ is a one-way calculation of information that yields a result usually much smaller than the original message. A. Caesar cipher B. Checksum C. Hash D. Symmetric key

answer

...

question

A ________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A. A. Caesar cipher B. Vigenère cipher C. transposition cipher D. product cipher

answer

...

question

_______________ enables you to prevent a party from denying a previous statement or action. A. Authentication B. Integrity C. Nonrepudiation D. Confidentiality

answer

...

question

Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information. A. Ownership B. Timestamping C. Revocation D. Message authentication

answer

...

question

Which OSI Reference Model layer includes all programs on a computer that interact with the network? A. Presentation Layer B. Session Layer C. Network Layer D. Application Layer

answer

...

question

Which OSI Reference Model layer is responsible for the coding of data? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer

answer

...

question

Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer

answer

...

question

Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer

answer

...

question

Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address. A. Data Link Layer B. Presentation Layer C. Transport Layer D. Session Layer

answer

...

question

Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium? A. Data Link Layer B. Transport Layer C. Session Layer D. Physical Layer

answer

...

question

Which of the following is the definition of hub? A. A device that connects two or more networks and selectively interchanges packets of data between them. B. A network device that connects network segments, echoing all received traffic to all other ports. C. A firewall device that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet. D. A suite of protocols designed to connect sites securely using IP networks.

answer

...

question

________ is a suite of protocols designed to connect sites securely using IP networks. A. Dynamic Host Configuration Protocol (DHCP) B. Network access control (NAC) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Protocol Security (IPSec)

answer

...

question

________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job. A. Internet Protocol Security (IPSec) B. Dynamic Host Configuration Protocol (DHCP) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Control Message Protocol (ICMP)

answer

...

question

Network ________ is gathering information about a network for use in a future attack. A. reconnaissance B. eavesdropping C. denial of service D. surveying

answer

...

question

answer

question

answer

question

answer

question

answer

question

answer

question

________ is the process of managing changes to computer/device configuration or application software. A. Sprint B. Procedure control C. Change control D. Proactive change management

answer

question

answer

question

The process of managing the baseline settings of a system device is called ________. A. guideline B. baseline C. configuration control D. sprint

answer

question

answer

question

answer

question

answer

question

Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________. A. controls B. management C. standards D. plan

answer

question

As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today. A. configuration B. controls C. monitoring D. settings

answer

question

One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle. A. audit B. security C. benchmark D. monitoring

answer

...

question

It's essential to match your organization's required __________ with its security structure. A. monitoring B. permission level C. operating system D. recommendations

answer

question

answer

question

answer

question

Audits are necessary because of ________. A. potential liability B. negligence C. mandatory regulatory compliance D. all of the above

answer

question

answer

...

question

The ___________ framework defines the scope and contents of three levels of audit reports. A. Service Organization Control (SOC) B. permission-level C. real-time monitoring D. zone transfer

answer

question

How your organization responds to risk reflects the value it puts on its ___________. A. environment B. assets C. technology D. vulnerability

answer

question

A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost. A. risk B. control C. event D. response

answer

question

answer

question

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization. A. Backup B. Incident C. Risk D. Preventive control

answer

question

A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. A. threat B. impact C. risk D. vulnerability

answer

question

___________ refers to the amount of harm a threat can cause by exploiting a vulnerability. A. Impact B. Threat C. Risk D. Incident

answer

question

An attacker or event that might exploit a vulnerability is a(n) ____________. A. incident B. threat source C. cost D. Hacker

answer

question

A(n) ________ is an intent and method to exploit a vulnerability. A. impact B. incident C. threat source D. safeguard

answer

...

question

A threat source can be a situation or method that might accidentally trigger a(n) ____________. A. event B. incident C. vulnerability D. control

answer

question

A(n) ________ is a measurable occurrence that has an impact on the business. A. corrective control B. event C. cost D. critical business function

answer

question

Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. A. security B. privacy C. nonrepudiation D. reliability

answer

question

answer

...

question

The number of possible keys to a cipher is a ___________. A. checksum B. cryptosystem C. keyspace D. key directory

answer

...

question

answer

...

question

The most scrutinized cipher in history is the ________. A. Data Encryption Standard (DES) B. keyword mixed alphabet cipher C. transposition cipher D. Vigenère cipher

answer

...

question

________ is a one-way calculation of information that yields a result usually much smaller than the original message. A. Caesar cipher B. Checksum C. Hash D. Symmetric key

answer

...

question

answer

...

question

_______________ enables you to prevent a party from denying a previous statement or action. A. Authentication B. Integrity C. Nonrepudiation D. Confidentiality

answer

...

question

answer

...

question

Which OSI Reference Model layer includes all programs on a computer that interact with the network? A. Presentation Layer B. Session Layer C. Network Layer D. Application Layer

answer

...

question

Which OSI Reference Model layer is responsible for the coding of data? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer

answer

...

question

answer

...

question

answer

...

question

answer

...

question

answer

...

question

answer

...

question

answer

...

question

answer

...

question

Network ________ is gathering information about a network for use in a future attack. A. reconnaissance B. eavesdropping C. denial of service D. surveying

answer

...

question

A method of security testing that isn't based directly on knowledge of a programs architecture is the definition of ...

answer

black-box testing

question

An auditing bechmark is the standard by which asystem is compared to determine whether it is securely configured

answer

true

question

AnSOC 1 report is commonly implemented for organizations that must complywith Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

answer

true

question

As your organization evolves and as threats mature, it is important to make sure your ... stil meets the risks you face today

answer

controls

question

What is necessary because of potential liability, negligence, mandatory regulatory complicance?

answer

Audits

question

If knowing about an audit changes user behavior, an audit will

answer

not be accurate

question

its essential to match your organizations required ... with its security structure

answer

permission level

question

The --- framework defines the scope and content of threelevels of audit reports.

answer

Service Organizaiton Control (SOC)

question

The following are al methods of collecting data: questionnaires, interviews, observation, and checklists.

answer

true

question

The primary differnece between SOC 2 and SOC 3 reports is thier...

answer

audience

question

What is security testing that is based on limited knowledge of an application's design?

answer

gray-box testing

question

a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?

answer

operating system fingerprinting

question

What is the process of using tools to determine the layout and services running on an organization's systems and networks?

answer

network mapping

question

What is the technique of matching network traffic with rules or signatures based on the apprearance of the traffic and its relationship to other packets?

answer

stateful matching

question

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

answer

anomaly-based IDS?

question

Incorrectly identifying abnormal activity as normal

answer

false negative

question

The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

answer

hardend configuration

question

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

answer

pattern-based IDS

question

Security testing that is based on knowledge of the application's design and source code.

answer

white box testing

question

________ provides information on what is happening as it happens.

answer

Real-time monitoring

question

A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.

answer

risk avoidance

question

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.

answer

administrative control

question

A control that is carried out or managed by a computer system is the definition of ________.

answer

technical control

question

A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.

answer

risk

question

A measure installed to counter or address a specific threat is the definition of ________.

answer

countermeasure

question

A threate source can be a situation or a method that might accidentally trigger a

answer

vulnerability

question

A --- is an intent and method to exploit a vulnerability

answer

threat source

question

Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data.

answer

hot site

question

An organization seeks a balance between an acceptable level of a risk and the cost of reducing it.

answer

true

question

Anorganization knows that arisk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.

answer

risk acceptance

question

Forensics and incident response are examples of ___________ controls.

answer

corrective

question

How your organization responds to risk reflects the value it puts on its ___________.

answer

assests

question

It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.

answer

buisness continuity plan

question

Residual risk is the risk that remains after you have installed countermeasures and controls.

answer

true

question

The goal of risk amangement is to eliminate risk.

answer

false

question

The term detective control refers to a control that determines that a threat has landed in your system.

answer

true

question

________ allows anorganization to transfer risk to another entity. Insurance is a common way to reduce risk.

answer

risk assignment

question

________ is arisk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls.

answer

risk assessment

question

________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.

answer

risk mitigation

question

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.

answer

risk

question

A ________ is oneof the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.

answer

Vigenere cipher

question

A process that creates the first secure communications session between a client and a server is the definition of ________.

answer

SSL handshake

question

Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information.

answer

Timestamping

question

In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.

answer

Chosen-plaintext attack

question

In a --- , the cryptanalyst possesses certain pieces of information before and after encryption

answer

Known plaintext attack

question

In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies.

answer

false

question

Symmetric key cryptography is a type of cryptography that cannot secure correspondence until after the two parties exchange keys.

answer

true

question

The number of possible keys to a cipher is a

answer

keyspace

question

The term certificate authority refers to a trusted repository of all public keys.

answer

false

question

The output of a one-way algorithm; a mathematically derived numerical representation of some input.

answer

check-sum

question

The process of issuing keys to valid users of a cryptosystem so they can communicate.

answer

key distribution

question

What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?

answer

Data encryption standard

question

What name is given to an encryption cipher that rearranges characters or bits of data?

answer

transposition cipher

question

What name is given to an encryption cipher that uniquely maps any letter to any other letter?

answer

simple substitution cipher

question

What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity

answer

digital signature

question

What name is given to random characters that you can combine with an actual input key to create the encryption key?

answer

salt key

question

Which of the following is the definition of Vigenerecipher?

answer

An encryption cipher that uses multiple encrytpion cschemes in succession.

question

Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.

answer

brute-force attack

question

_______________ enables you to prevent a party from denying a previous statement or action.

answer

non-repudiation

question

_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.

answer

blowfish

question

A _____________ contains rules that define the types of traffic that can come and go through a network.

answer

firewall

question

A method to restrict access to a network based on identity or other rules is the definition of ________.

answer

network access control

question

A stateful inspection firewall compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall.

answer

flase

question

Border firewalls simply seperate the protected network from the internet

answer

true

question

internet control message protocol is a method of IP address assignment that uses an alternate, public IP address to hide a systems real IP address

answer

fasle

question

One of the OSI Reference Model layers, the Network Layer, is responsible for the logical implementation of the network.

answer

true

question

One of the OSI Reference Model layers,the Transport Layer, is responsible for maintaining communication sessions between computers.

answer

false

question

Telephony denial of service (TDoS) is a variation of a denial of service (DoS) attack, but is launched against traditional and packet-based telephone systems. A TDoS attack disrupts an organization's use of its telephone system through a variety of methods.

answer

true

question

The traceroute command displays the path that a particular packet follows so you can identify the source of potential network problems.

answer

true

question

What name is given to a protocol to implement a VPN connection between two computers?

answer

Point to Point tunneling protocol

question

What term is used to describe the current encryption standard for wireless networks?

answer

Wi- Fi protected access

question

Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?

answer

Session Layer

question

Which OSI Reference Model layer includes all programs on a computer that interact with the network?

answer

Application Layer

question

Which OSI Reference Model layer is responsible for the coding of data?

answer

Presentation layer

question

Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?

answer

Physical Layer

question

Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.

answer

DataLink Layer

question

Which of the following is the definition of network address translation ?

answer

A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

question

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.

answer

packet-filtering firewall

question

answer

DHCP

question

________ is asuite of protocols designed to connect sites securely using IP networks.

answer

Internet Protocol Security (IPSec)

question

A ________ enables the virus to take control and execute before the computer can load most protective measures.

answer

System infector

question

A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).

answer

file infector

question

A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.

answer

phishing attack

question

Anomaly detection involves developing a network baseline profile of normal or acceptable activity, such as services or traffic patterns, and then measuring actual network traffic againstthis baseline.

answer

true

question

Defense in depth combines the capabilities of people, operations, and security technologies to establish multiple layers of protection, eliminating single lines of defense and effectively raising the cost of an attack.

answer

true

question

In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.

answer

SYN Flood attack

question

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

answer

availability

question

Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.

answer

integrety

question

The primary characteristic of a virus is that it replicates and generally involves user action of some type

answer

true

question

Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.

answer

worm

question

Unlike viruses, worms do not require a host program in order to survive and replicate.

answer

true

question

Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.

answer

trojan

question

A type of virus that infects other files and spreads in multiple ways.

answer

What is meant by multiparite virus

question

What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?

answer

stealth virus

question

What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?

answer

polymorphic virus

question

Whether software or hardwarebased, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker.

answer

keystroke logger

question

A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.

answer

a botnet

question

A program that executes a malicious function of some kind when it detects certain conditions.

answer

logic bomb

question

________ attack countermeasures such as antivirus signature files or integrity databases.

answer

retro virus

question

_____________ are the main source of distributed denial of service (DDoS) attacks and spam.

answer

botnets

question

ISO 17799 is an international security standard.

answer

true

question

Ininformation technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.

answer

true

question

The ANSI produces standards that affect nearly all aspects of IT.

answer

true

question

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.

answer

false

question

The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards.

answer

true

question

The ________ is aU.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

answer

American National Standards Institute

question

The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.

answer

W3C

question

The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.

answer

Internation Telecommunication Union

question

The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.

answer

International Electrotechnical Commission

question

The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.

answer

true

question

Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.

answer

ISO

question

What do the letters of the C - I - A triad stand for?

answer

confidential , integrety, availabilty

question

A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."

answer

NIST

question

A U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

answer

ANSI

question

A standards organization that develops and promotes Internet standards.

answer

Internet Engineering Task Force

question

________ is a document produced by the IETF thatcontains standards as well as other specifications or descriptive contents.

answer

A request for comments (RFC)

question

The Internet Architecture Board (IAB) is a subcommittee of the IETF composed of independent researchers and professionals who have a technical interest the overall well-being of the Internet.

answer

true

question

A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor.

answer

true

question

A professional certification states that you have taken the course and completed the tasks and assignments.

answer

false

question

An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.

answer

continuing education

question

Certifications that require additional education generally specity the number of credits each certificate requires

answer

true

question

In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration.

answer

false

question

Most certifications require certification holders to pursue additional education each year to keep their certifications current.

answer

True

question

Most educational institutions offer accelerated programs to complete PhD degree requirements in less than one year.

answer

False

question

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.

answer

NSA

question

The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the NIST guidelines.

answer

true

question

The current term for online study is distance learning

answer

true

question

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.

answer

profesisonal development

question

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.

answer

true

question

The most difficult and slowest option for IT security training is studying materials yourself.

answer

false

question

The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.

answer

continueing education

question

The standard bachelor's designation is a four-year diploma program.

answer

false

question

What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?

answer

Certificate of completion

question

What name is given to educational institueitons that meet specifif federal information assurance educational guidelines

answer

continuing education centers

question

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.

answer

true

question

Which of the following is the definition of continuing professional education (CPE)?

answer

A standard unit of credit that equals 50 minutes of instruction.

question

________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.

answer

accredited

question

An information security safeguard is also called in informaiton security control

answer

true

question

GLBA distinguishes between customers and consumers for its notice requirements. A customer is any person who gets a consumer financial product or service from a financial institution.

answer

false

question

Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.

answer

Personally identifiable information

question

Information regulated under the GRamm Leach Bliey Act is

answer

consumer financial information

question

Information regulated under the sarbanes oxley act is

answer

corporate financial information

question

Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise.

answer

true

question

One of the most important parts of a FISMA information security program is that agencies test and evaluate it.

answer

true

question

SOX doesn't apply to publicly traded companies

answer

false

question

Social Security numbers, financial account numbers, credit card numbers, and date of birthare examples of __________ as stipulated under GLBA.

answer

NPI

question

Students who have had their FERPA rights violated are allowed to sue a school for that violation.

answer

False

question

The FTC Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. It also must describe the controls used to protect that data.

answer

true

question

The Family Educational Rights and Privacy Act (FERPA) is the main federal law protecting the privacy of student information.

answer

true

question

The ________ is aregulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.

answer

minimum necessary rule

question

The regulating agency for the Family Educational Rights and Privacy Act is the ________.

answer

U.S. department of eduacation

question

The regulating agency for the Gramm Leach Bliley act is the

answer

FTC

question

The regulating agency for the Sarbanes-Oxley Act is the ________.

answer

Securities and Exchange Commission

question

Under CIPA, a technology protection measure is any technology that can block or filter the objectionable content.

answer

true

question

What name is given to patient health information that is computerbased?

answer

electronic protected health information

question

Which regulating agency has oversight for the Children's Internet Protection ACt?

answer

FCC

question

____________ is a person's right to control the use and disclosure of his or her own personal information.

answer

privacy

question

A method of security testing that isn't based directly on knowledge of a programs architecture is the definition of ...

answer

black-box testing

question

An auditing bechmark is the standard by which asystem is compared to determine whether it is securely configured

answer

true

question

AnSOC 1 report is commonly implemented for organizations that must complywith Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

answer

true

question

As your organization evolves and as threats mature, it is important to make sure your ... stil meets the risks you face today

answer

controls

question

What is necessary because of potential liability, negligence, mandatory regulatory complicance?

answer

Audits

question

If knowing about an audit changes user behavior, an audit will

answer

not be accurate

question

its essential to match your organizations required ... with its security structure

answer

permission level

question

The --- framework defines the scope and content of threelevels of audit reports.

answer

Service Organizaiton Control (SOC)

question

The following are al methods of collecting data: questionnaires, interviews, observation, and checklists.

answer

true

question

The primary differnece between SOC 2 and SOC 3 reports is thier...

answer

audience

question

What is security testing that is based on limited knowledge of an application's design?

answer

gray-box testing

question

a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?

answer

operating system fingerprinting

question

What is the process of using tools to determine the layout and services running on an organization's systems and networks?

answer

network mapping

question

What is the technique of matching network traffic with rules or signatures based on the apprearance of the traffic and its relationship to other packets?

answer

stateful matching

question

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

answer

anomaly-based IDS?

question

Incorrectly identifying abnormal activity as normal

answer

false negative

question

The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

answer

hardend configuration

question

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

answer

pattern-based IDS

question

Security testing that is based on knowledge of the application's design and source code.

answer

white box testing

question

________ provides information on what is happening as it happens.

answer

Real-time monitoring

question

A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.

answer

risk avoidance

question

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.

answer

administrative control

question

A control that is carried out or managed by a computer system is the definition of ________.

answer

technical control

question

A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.

answer

risk

question

A measure installed to counter or address a specific threat is the definition of ________.

answer

countermeasure

question

A threate source can be a situation or a method that might accidentally trigger a

answer

vulnerability

question

A --- is an intent and method to exploit a vulnerability

answer

threat source

question

answer

hot site

question

An organization seeks a balance between an acceptable level of a risk and the cost of reducing it.

answer

true

question

answer

risk acceptance

question

Forensics and incident response are examples of ___________ controls.

answer

corrective

question

How your organization responds to risk reflects the value it puts on its ___________.

answer

assests

question

It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.

answer

buisness continuity plan

question

Residual risk is the risk that remains after you have installed countermeasures and controls.

answer

true

question

The goal of risk amangement is to eliminate risk.

answer

false

question

The term detective control refers to a control that determines that a threat has landed in your system.

answer

true

question

________ allows anorganization to transfer risk to another entity. Insurance is a common way to reduce risk.

answer

risk assignment

question

________ is arisk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls.

answer

risk assessment

question

________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.

answer

risk mitigation

question

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.

answer

risk

question

A ________ is oneof the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.

answer

Vigenere cipher

question

A process that creates the first secure communications session between a client and a server is the definition of ________.

answer

SSL handshake

question

Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information.

answer

Timestamping

question

In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.

answer

Chosen-plaintext attack

question

In a --- , the cryptanalyst possesses certain pieces of information before and after encryption

answer

Known plaintext attack

question

In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies.

answer

false

question

Symmetric key cryptography is a type of cryptography that cannot secure correspondence until after the two parties exchange keys.

answer

true

question

The number of possible keys to a cipher is a

answer

keyspace

question

The term certificate authority refers to a trusted repository of all public keys.

answer

false

question

The output of a one-way algorithm; a mathematically derived numerical representation of some input.

answer

check-sum

question

The process of issuing keys to valid users of a cryptosystem so they can communicate.

answer

key distribution

question

What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?

answer

Data encryption standard

question

What name is given to an encryption cipher that rearranges characters or bits of data?

answer

transposition cipher

question

What name is given to an encryption cipher that uniquely maps any letter to any other letter?

answer

simple substitution cipher

question

What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity

answer

digital signature

question

What name is given to random characters that you can combine with an actual input key to create the encryption key?

answer

salt key

question

Which of the following is the definition of Vigenerecipher?

answer

An encryption cipher that uses multiple encrytpion cschemes in succession.

question

Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.

answer

brute-force attack

question

_______________ enables you to prevent a party from denying a previous statement or action.

answer

non-repudiation

question

answer

blowfish

question

A _____________ contains rules that define the types of traffic that can come and go through a network.

answer

firewall

question

A method to restrict access to a network based on identity or other rules is the definition of ________.

answer

network access control

question

A stateful inspection firewall compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall.

answer

flase

question

Border firewalls simply seperate the protected network from the internet

answer

true

question

internet control message protocol is a method of IP address assignment that uses an alternate, public IP address to hide a systems real IP address

answer

fasle

question

One of the OSI Reference Model layers, the Network Layer, is responsible for the logical implementation of the network.

answer

true

question

One of the OSI Reference Model layers,the Transport Layer, is responsible for maintaining communication sessions between computers.

answer

false

question

answer

true

question

The traceroute command displays the path that a particular packet follows so you can identify the source of potential network problems.

answer

true

question

What name is given to a protocol to implement a VPN connection between two computers?

answer

Point to Point tunneling protocol

question

What term is used to describe the current encryption standard for wireless networks?

answer

Wi- Fi protected access

question

Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?

answer

Session Layer

question

Which OSI Reference Model layer includes all programs on a computer that interact with the network?

answer

Application Layer

question

Which OSI Reference Model layer is responsible for the coding of data?

answer

Presentation layer

question

Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?

answer

Physical Layer

question

Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.

answer

DataLink Layer

question

Which of the following is the definition of network address translation ?

answer

A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

question

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.

answer

packet-filtering firewall

question

answer

DHCP

question

________ is asuite of protocols designed to connect sites securely using IP networks.

answer

Internet Protocol Security (IPSec)

question

A ________ enables the virus to take control and execute before the computer can load most protective measures.

answer

System infector

question

A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).

answer

file infector

question

A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.

answer

phishing attack

question

answer

true

question

answer

true

question

answer

SYN Flood attack

question

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

answer

availability

question

Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.

answer

integrety

question

The primary characteristic of a virus is that it replicates and generally involves user action of some type

answer

true

question

answer

worm

question

Unlike viruses, worms do not require a host program in order to survive and replicate.

answer

true

question

answer

trojan

question

A type of virus that infects other files and spreads in multiple ways.

answer

What is meant by multiparite virus

question

What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?

answer

stealth virus

question

What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?

answer

polymorphic virus

question

Whether software or hardwarebased, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker.

answer

keystroke logger

question

A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.

answer

a botnet

question

A program that executes a malicious function of some kind when it detects certain conditions.

answer

logic bomb

question

________ attack countermeasures such as antivirus signature files or integrity databases.

answer

retro virus

question

_____________ are the main source of distributed denial of service (DDoS) attacks and spam.

answer

botnets

question

ISO 17799 is an international security standard.

answer

true

question

answer

true

question

The ANSI produces standards that affect nearly all aspects of IT.

answer

true

question

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.

answer

false

question

The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards.

answer

true

question

answer

American National Standards Institute

question

The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.

answer

W3C

question

The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.

answer

Internation Telecommunication Union

question

The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.

answer

International Electrotechnical Commission

question

The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.

answer

true

question

answer

ISO

question

What do the letters of the C - I - A triad stand for?

answer

confidential , integrety, availabilty

question

answer

NIST

question

answer

ANSI

question

A standards organization that develops and promotes Internet standards.

answer

Internet Engineering Task Force

question

________ is a document produced by the IETF thatcontains standards as well as other specifications or descriptive contents.

answer

A request for comments (RFC)

question

The Internet Architecture Board (IAB) is a subcommittee of the IETF composed of independent researchers and professionals who have a technical interest the overall well-being of the Internet.

answer

true

question

A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor.

answer

true

question

A professional certification states that you have taken the course and completed the tasks and assignments.

answer

false

question

An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.

answer

continuing education

question

Certifications that require additional education generally specity the number of credits each certificate requires

answer

true

question

In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration.

answer

false

question

Most certifications require certification holders to pursue additional education each year to keep their certifications current.

answer

True

question

Most educational institutions offer accelerated programs to complete PhD degree requirements in less than one year.

answer

False

question

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.

answer

NSA

question

The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the NIST guidelines.

answer

true

question

The current term for online study is distance learning

answer

true

question

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.

answer

profesisonal development

question

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.

answer

true

question

The most difficult and slowest option for IT security training is studying materials yourself.

answer

false

question

The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.

answer

continueing education

question

The standard bachelor's designation is a four-year diploma program.

answer

false

question

What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?

answer

Certificate of completion

question

What name is given to educational institueitons that meet specifif federal information assurance educational guidelines

answer

continuing education centers

question

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.

answer

true

question

Which of the following is the definition of continuing professional education (CPE)?

answer

A standard unit of credit that equals 50 minutes of instruction.

question

________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.

answer

accredited

question

An information security safeguard is also called in informaiton security control

answer

true

question

GLBA distinguishes between customers and consumers for its notice requirements. A customer is any person who gets a consumer financial product or service from a financial institution.

answer

false

question

Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.

answer

Personally identifiable information

question

Information regulated under the GRamm Leach Bliey Act is

answer

consumer financial information

question

Information regulated under the sarbanes oxley act is

answer

corporate financial information

question

Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise.

answer

true

question

One of the most important parts of a FISMA information security program is that agencies test and evaluate it.

answer

true

question

SOX doesn't apply to publicly traded companies

answer

false

question

Social Security numbers, financial account numbers, credit card numbers, and date of birthare examples of __________ as stipulated under GLBA.

answer

NPI

question

Students who have had their FERPA rights violated are allowed to sue a school for that violation.

answer

False

question

answer

true

question

The Family Educational Rights and Privacy Act (FERPA) is the main federal law protecting the privacy of student information.

answer

true

question

The ________ is aregulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.

answer

minimum necessary rule

question

The regulating agency for the Family Educational Rights and Privacy Act is the ________.

answer

U.S. department of eduacation

question

The regulating agency for the Gramm Leach Bliley act is the

answer

FTC

question

The regulating agency for the Sarbanes-Oxley Act is the ________.

answer

Securities and Exchange Commission

question

Under CIPA, a technology protection measure is any technology that can block or filter the objectionable content.

answer

true

question

What name is given to patient health information that is computerbased?

answer

electronic protected health information

question

Which regulating agency has oversight for the Children's Internet Protection ACt?

answer

FCC

question

____________ is a person's right to control the use and disclosure of his or her own personal information.

answer

privacy

question

Which of the following is the definition of anomaly-based IDS?

answer

An intrusion detection system that compares current activity with stored profilesof normal (expected) activity.

question

As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.

answer

controls

question

Which of the following is the definition of false negative?

answer

Incorrectly identifying abnormal activity as normal.

question

It's essential to match your organization's required __________ withits security structure.

answer

permission level

question

_________ was developed for organizations such as insurance and medicalclaims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.

answer

SAS 70

question

SOC 2 and SOC 3 reports both address primarily ________-related controls.

answer

security

question

If knowing about an audit changes user behavior, anaudit will ____________.

answer

not be accurate

question

________gives you the opportunity to review your risk-management program and toconfirm that the program has correctly identified and reduced (or otherwise addressed)the risks to your organization.

answer

An audit

question

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.

answer

administrative control

question

________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk.

answer

Quantitative risk analysis

question

An attacker or event that mightexploit a vulnerability is a(n) ____________.

answer

threat source

question

A threat source can be a situation or method that might accidentally trigger a(n) ____________.

answer

vulnerability

question

How your organization responds to risk reflects the value it puts on its ___________.

answer

assets

question

________represents the percentage of the asset value that will be lost if an incident were to occur.

answer

Exposure factor (EF)

question

It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.

answer

business continuity plan

question

A _____________ is a flaw or weakness in asystem's security procedures, design, implementation, or internal controls.

answer

vulnerability

question

_______________ enables you to prevent a party from denying a previous statement or action.

answer

Nonrepudiation

question

Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________.

answer

nonrepudiation

question

answer

asymmetric key cryptography

question

There are four basic forms of a cryptographic attack. In a ________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data mightbe.

answer

Ciphertext-only attack (COA)

question

In a ________, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.

answer

Chosen-ciphertext attack

question

What is meant by checksum?

answer

The output of a one-way algorithm; a mathematically derived numerical representation of some input.

question

Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.

answer

brute-force attack

question

________ is the act of unscrambling ciphertext into plaintext.

answer

Decryption

question

________is a one-way calculation of information that yields a result usually much smaller than the original message.

answer

Checksum

question

answer

Dynamic Host Configuration Protocol (DHCP)

question

A method to restrict access to a network based on identity or other rules is the definition of ________.

answer

network access control (NAC)

question

Which OSI Reference Model layer includes all programs on a computer that interact with the network?

answer

Application Layer

question

Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.

answer

Data Link Layer

question

Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)?

answer

Data Link Layer

question

A method to restrict access to a network based on identity or other rules is the definition of ________.

answer

network access control (NAC)

question

Which of the following is the definition of hub?

answer

A network device that connects network segments, echoing all received traffic to all other ports.

question

Which of the following is the definition of botnet?

answer

A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.

question

Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.

answer

integrity

question

Malware developers often use _____________ to write boot record infectors.

answer

assembly language

question

________ attack countermeasures such as antivirus signature files or integrity databases.

answer

Retro viruses

question

answer

worm

question

________are viruses that target computer hardware and software startup functions.

answer

System infectors

question

A ________ enables the virus to take control and execute before the computer can load most protective measures.

answer

system infector

question

A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.

answer

logic bomb

question

____________ is the practice of hiding data and keeping it away from unauthorized users.

answer

Cryptography

question

___________ is the process of transforming data from cleartext into ciphertext.

answer

Encryption

question

Software vendors must protect themselves from the liabilities of their own vulnerabilities with a(n) ____________.

answer

End-User License Agreement (EULA)

question

A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.

answer

disaster recovery plan (DRP)

question

SIP is a ___________ protocol used to support real-time communications.

answer

signaling

question

A ___________ gives priorities to the functions an organization needs to keep going.

answer

business continuity plan (BCP)

question

___________ is the duty of every government that wants to ensure its national security.

answer

Cybersecurity

question

The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists.

answer

security

question

Connecting your computers or devices to the ________ immediately exposes them to attack.

answer

Internet

question

Today, people working in cyberspace must deal with new and constantly evolving ________.

answer

threats

question

As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.

answer

voice

question

During the late 1980s into the early 1990s, service providers converted the core switches at their central offices from ______________ to digital central office (CO) switches.

answer

analog

question

The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.

answer

bit error rate

question

Voice and unified communications are ________ applications that use 64-byte IP packets.

answer

Session Initiation Protocol (SIP)

question

________ is the basis for unified communications and is the protocol used by real-time applications such as IM chat, conferencing, and collaboration.

answer

Session Initiation Protocol (SIP)

question

E-commerce systems and applications demand strict C-I-A ________.

answer

security controls

question

. A common DSL service is ________, where the bandwidth is different for downstream and upstream traffic.

answer

asymmetric digital subscriber line (ADSL)

question

Audio conferencing is a software-based, real-time audio conference solution for ________ callers.

answer

VoIP

question

What is meant by application convergence?

answer

The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.

question

What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?

answer

asynchronous transfer mode (ATM)

question

Confidentiality

answer

Only authorized users can view information.

question

Integrity

answer

Only authorized users can change information.

question

Availability

answer

Information is accessible to authorized users any time they request that information.

question

Information Security Procedure

answer

Protect, Detect, and React (Only a problem for integrity)

question

Information Security

answer

Collection of activities that protect information systems and the data stored in it.

question

Threat Model

answer

1. Asset 2. Vulnerability 3. Threat 4. Risk

question

Asset

answer

Something that needs to be protected.

question

Vulnerability

answer

A weakness in the system that can be exploited to cause harm.

question

Threat

answer

Something or someone that can cause harm.

question

Risk

answer

The probability of damage to an asset. (Risk = Vulnerability * Threat)

question

What assets do we need to protect?

answer

1. IT infrastructure 2. Intellectual property 3. Financial information 4. Service availability and productivity 5. Reputation

question

Policy

answer

Written formal statements that outline the rules (do/don't s) to secure a system.

question

Procedure

answer

Mechanisms that implement the policy (One for each policy).

question

Industry Data Classifications

answer

1. Private Data 2. Confidential Data 3. Internal Data 4. Public Data

question

U.S. Dept. of Defense Data Classifications

answer

1. Top Secret 2. Secret 3. Confidential 4. Unclassified

question

Cryptography

answer

The practice of hiding the data and keeping it away from unauthorized users.

question

Encryption

answer

The process of transforming data from clear-text into ciphertext.

question

Black-hat Hacker

answer

An individual who tries to break IT security and gain access to systems without authorization.

question

White-hat Hacker

answer

An authorized professional who identify vulnerabilities and perform penetration testing.

question

Grey-hat Hacker

answer

An intermediate-skilled hacker who could become a black-hat hacker or white-hat hacker.

question

Security Breach

answer

Any event that results in a violation of any of the C-I-A security tenants.

question

Denial of Service (DoS) Attack

answer

A coordinated attempt to deny service by causing a computer to perform an unproductive task.

question

Distributed Denial of Service (DDoS) Attack

answer

Attackers hijack Internet computers to plant automated attack agents to bombard a site with forged messages by each computer.

question

SYN Flood

answer

The attacker sends a large number of packets requesting connections to the victim computer, filling up their connections table and denying service to legitimate users.

question

Wire Tapping: Passive

answer

An unauthorized user listening to communication without changing the data.

question

Wire Tapping: Active ~ Between-The-Lines

answer

An unauthorized user that does not alter the original messages but inserting additional messages in between lines.

question

Wire Tapping: Active ~ Piggyback-Entry

answer

Actual communication is changed and routed through a different server.

question

Protocol Analyzer

answer

A software program that enables a computer to monitor and capture network traffic.

question

Port Scanner

answer

A tool that scans IP host devices for open ports that are enabled.

question

OS Fingerprint Scanner

answer

A software program that allows an attacker to send logon packets to a IP host device.

question

Vulnerability Scanner

answer

A software program that identifies and detects what operating system and software is installed on an IP host device.

question

Exploit Software

answer

An application that incorporates known software vulnerabilities to "exploit" a weakness of an IP host device or computer system.

question

Password Cracker

answer

The process of recovering a password that can be performed by a brute-force attack or dictionary attack.

question

Keystroke Logger

answer

Hardware or software that can record every keystroke a user makes on a keyboard into a log file.

question

Backdoor

answer

A direct and easy access to a system.

question

Downtime -> Unintentional ->

answer

1. Human Error 2. System Failure 3. Attack (DoS)

question

If VoIP traffic needs to traverse through a WAN with congestion, you need

answer

quality of service (QoS)

question

T/F The up-to-date Common Vulnerabilities & Exposure list is maintained and managed by the U.S. Department of Finance.

answer

False

question

T/F The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is =SLE × ARO.

answer

False

question

What is meant by multi-tenancy?

answer

A database feature that allows different groups of users to access the database without being able to access each other's data.

question

Which of the following is the definition of system owner?

answer

The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.

question

A security awareness program includes

answer

All: teaching employees about security objectives motivating users to comply with security policies informing users about trends and threats in society

question

T/F System owners are in control of data classification.

answer

False

question

Voice and unified communications are ________ applications that use 64-byte IP packets.

answer

real-time

question

T/F A way to protect your organization from personnel-related security violationsis to use job rotation. This minimizes risk by rotating employees among various systems or duties, which prevents collusion.

answer

True

question

What term is used to describe communication that doesn't happen in real time but rather consists of messages (voice or e-mail) that are stored on a server and downloaded to endpoint devices?

answer

store-and-forward communications

question

What is meant by promiscuous mode?

answer

The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.

question

The act of transforming clear text data into undecipherable cipher text is the definition of __________.

answer

encryption

question

________ is the difference between the security controls you have in place and the controls youneed to have in place in order to address all vulnerabilities.

answer

Security gap

question

The recovery point objective (RPO) identifies the amount of _________ that is acceptable.

answer

data loss

question

T/F The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.

answer

True

question

T/F Until the mid-1980s, personal and business communications involved three primary tools: telephone, answering machines and voicemail, and the Internet.

answer

False

question

SIP is a ___________ protocol used to support real-time communications.

answer

signaling

question

A ________ is a collection of computers connected to one another or to a common connection medium.

answer

local area network (LAN)

question

T/F A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.

answer

True

question

________ is the basis for unified communications and is the protocol used by real-timeapplications such as IM chat, conferencing, and collaboration.

answer

Session Initiation Protocol (SIP)

question

T/F Authority-level policy is adatabase feature that allows different groups of users to access the database without being able to access each other's data.

answer

False

question

Which of the following adequately defines continuous authentication?

answer

An authentication method in which a user is authenticated at multiple times or event intervals.

question

What is meant by call control?

answer

The software in a phone system that performs the call switching from an inboundtrunk to a phone extension.

question

What is meant by digital subscriber line (DSL)?

answer

A high-speed digital broadband service that uses copper cabling for Internet access.

question

What is the Project Management Body of Knowledge (PMBOK)?

answer

A collection of the knowledge and best practices of the project management profession.

question

T/F The network security group is responsible for the Internet-to-WAN Domain.

answer

False

question

What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?

answer

dense wavelength division multiplexing (DWDM)

question

What is meant by risk register?

answer

A list of identified risks that results from the risk-identification process.

question

A method of restricting resource access to specific periods of time is called ________.

answer

temporal isolation

question

________ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.

answer

Brute-force password attack

question

T/F A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences.

answer

True

question

________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.

answer

Clean desk/clear screen policy

question

T/F Many jurisdictions require audits by law.

answer

True

question

T/F The difference between black-hat hackers and white-hat hackers is that black-hat hackers are mainly concerned with finding weaknesses for the purpose of fixing them, and white-hat hackers want to find weaknesses just for the fun of it or to exploit them.

answer

False

question

What is meant by rootkit?

answer

A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.

question

T/F AnSOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

answer

True

question

T/F Having too many risks in the risk register is much better than overlooking any severe risk that does occur.

answer

True

question

The physical part of the LAN Domain includes a __________, which is an interface between the computer and the LAN physical media.

answer

network interface card (NIC)

question

Which of the following is the definition of business drivers?

answer

The collection of components, including people, information, and conditions, that support business objectives.

question

What is a Security Information and Event Management (SIEM) system?

answer

Software and devices that assist in collecting, storing, and analyzing the contents of log files.

question

T/F An attacker will use exploit software when performing vulnerability assessments and intrusive penetration testing.

answer

True

question

The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.

answer

quantitative risk analysis

question

Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.

answer

training

question

As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.

answer

voice

question

T/F Successfully connecting to a computer using a modem makes it impossible to access the rest of the organization's network.

answer

False

question

E-commerce changed how businesses sell, and the ________ changed how they market.

answer

Internet

question

The ___________ framework defines the scope and contents of three levels of audit reports.

answer

Service Organization Control (SOC)

question

T/F Voice and data traffic should be segmented on different backbone links to optimize performance, segment voice, and data traffic on separate GigE or 10GigEfiber-optic trunks.

answer

True

question

T/F The International Information Systems Security Certification Consortium (ISC)2, has two certifications: Systems Security Certified Practitioner (SSCP®) and Certified Information Systems Security Professional (CISSP®). CISSP candidates must pass a difficult and comprehensive exam and have at least 5 years of professional information security experience.

answer

True

question

________ is an authorization method in which access to resources is decided by the user's formal status.

answer

Authority-level policy

question

T/F Resources are protected objects in a computing system, such as files, computers, or printers.

answer

True

question

An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________.

answer

smart card

question

T/F The weakest link in the security of an IT infrastructure is the server.

answer

False

question

You can use quantitative risk analysis for all risks on the risk register;however, the amount of effort required may be overkill for _____________ risks.

answer

low probability low impact

question

T/F The audit itself sets new policies.

answer

False

question

What is meant by application convergence?

answer

The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.

question

The ____________ represents the fourth layer of defense for a typical IT infrastructure.

answer

LAN-to-WANDomain

question

Which of the following defines network mapping?

answer

Using tools to determine the layout and services running on an organization's systems and networks.

question

Malicious software can be hidden in a ________.

answer

URL link PDF file ZIP file all of the above

question

________ is the process of managing changes to computer/device configuration or application software.

answer

Change conrol

question

This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.

answer

USBtoken

question

T/F The process of managing the baseline settings of a system device is the definition of configuration control.

answer

True

question

As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.

answer

controls

question

What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place?

answer

Federal Information Security Management Act (FISMA) Encryption

question

A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.

answer

Layer 3 switch

question

Which of the following is the definition of net cat?

answer

A network utility program that reads from and writes to network connections.

question

The total number of errors divided by the total number of bits transmitted is the definition of __________.

answer

bit error rate

question

The ________ in analog communications is one error for every 1,000 bits sent.

answer

bit error rate

question

In digital communications, the __________ is one error for every 1,000,000 bits sent.

answer

bit error rate

question

A common DSL service is ________, where the bandwidth is different for downstream and upstream traffic.

answer

asymmetric digital subscriber line (ADSL)

question

What fills security gaps and software weaknesses?

answer

Testing and quality assurance

question

T/F A physically constrained user interface is a user interface that does not provide a physical means of entering unauthorized information.

answer

True

question

T/F Even though 3G networks provided mobile devices with connection capabilities similar to those of wired networks, they still did not use true IP network addressing.

answer

True

question

T/F A time-based synchronization system is a mechanism that limits access to computer systems and network resources.

answer

False

question

T/F Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.

answer

True

question

Which of the following is the definition of pattern-based IDS?

answer

An intrusion detection system that uses pattern matching and state full matching to compare current traffic with activity patterns (signatures) of known network intruders.

question

answer

SAS 70

question

What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections?

answer

frame relay

question

When you accept a __________, you take no further steps to resolve.

answer

negative risk

question

Which of the following is the definition of cipher text?

answer

The opposite of clear text. Data sent as cipher text is not visible and not decipherable.

question

T/F In 2011, the United States ranked second globally as a source of network attacks and highest as a source of attacks in North America, even if they originate outside the United States.

answer

True

question

T/F Sprint means one of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software.

answer

True

question

Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.

answer

configurations

question

T/F Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.

answer

False

question

________ is an authentication credential that is generally longer and more complex than a password.

answer

Passphrase

question

T/F Role-based access control (RBAC) means limiting users' access to database views, as opposed to allowing users to access data in database tables directly.

answer

False

question

A parallel test evaluates the effectiveness of the ________ by enabling full processing capability at an alternate data center without interrupting the primary data center.

answer

DRP

question

T/F An organization can choose to plan for any interruption time frame, but in many BIAs, restoration plans assume that access to primary resources will not be possible for at least 60 days.

answer

False

question

Audio conferencing is a software-based, real-time audio conference solution for ________ callers.

answer

VoIP

question

The primary difference between SOC 2 and SOC 3 reports is ________.

answer

Their audience

question

T/F Initiating changes to avoid expected problems is the definition of proactive change management.

answer

True

question

Which of the following is an accurate description of cloud computing?

answer

The practice of using computing services that are delivered over a network.

question

T/F Synchronous token means a device used as a logon authenticator for remote users of a network.

answer

True

question

_____________ is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.

answer

separation of duties

question

T/F The term security kernel database describes a database made up of rules that determine individual users' access rights.

answer

True

question

In a ________, the attacker sends a large number of packets requesting connections to the victim computer.

answer

SYNflood

question

The process of managing risks starts by identifying __________.

answer

risks

question

During the late 1980s into the early 1990s, service providers converted the core switches at their central offices from ______________ to digital central office (CO) switches.

answer

analog

question

T/F Mandatory access control (MAC) isa means of restricting access to an object based on the object's classification and the user's security clearance.

answer

True

question

The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and ________ Web site.

answer

Secure Sockets Layer virtual private network (SSL-VPN)

question

A(n) ___________ fingerprint scanner is a software program that allows an attackerto send logon packets to an IP host device.

answer

operating system (OS)

question

A___________ primarily addresses the processes, resources, equipment,and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.

answer

business continuity plan (BCP)

question

What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version arerunning on a computer?

answer

operating system fingerprinting

question

T/F SOC 3 reports are intended for public consumption.

answer

True

question

Which of the following is the definition of access control?

answer

The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.

question

What is meant by certification?

answer

The technical evaluation of a system to provide assurance that you have implemented the system correctly.

question

The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.

answer

data classification standard

question

T/F The term clipping level refers to a value used in security monitoring that tells controls to ignore activity that falls below a stated value.

answer

True

question

A ___________ is a tool used to scan IP host devices for open ports that have been enabled.

answer

port scanner

question

__________ tests interrupt the primary data center and transfer processing capability to an alternate site.

answer

Full-interruption

question

War dialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP).

answer

false

question

An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________.

answer

secure shell (SSH)

question

T/F A physically constrained user interface isa user interface that does not provide a physical means of entering unauthorized information.

answer

True

question

The cryptanalyst can encrypt any information and observe the output.

answer

Chosen-plaintext attack

question

_____ is a special case, It is relevant in asymmetric key system and has functions.

answer

Chosen-ciphertext attack

question

In a _____, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system

answer

Chosen-ciphertext attack

question

The cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data may be.

answer

Ciphertext-only attack (COA)

question

The cryptanalyst processes certain pieces of information before and after encryption.

answer

Known-plaintext attack (KPA)

question

packet-filtering firewall

answer

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________.

question

network access control (NAC)

answer

A method to restrict access to a network based on identity or other rules is the definition of ________.

question

firewall

answer

A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.

question

firewall

answer

A _____________ contains rules that define the types of traffic that can come and go through a network.

question

reconnaissance

answer

Network ________ is gathering information about a network for use in a future attack.

question

Point-to-Point Tunneling Protocol (PPTP)

answer

What name is given to a protocol to implement a VPN connection between two computers?

question

Network address translation (NAT)

answer

What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address?

question

Wi-Fi Protected Access (WPA)

answer

What term is used to describe the current encryption standard for wireless networks?

question

A network device that connects network segments, echoing all received traffic to all other ports.

answer

Which of the following is the definition of hub?

question

system infector

answer

A ________ enables the virus to take control and execute before the computer can load most protective measures.

question

file infector

answer

A ________ is a type of virus that primarily infects executable programs.

question

file infector

answer

A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).

question

logic bomb

answer

A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.

question

phishing attack

answer

A ____________ tricks users into providing log-on information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.

question

attacks against productivity and performance

answer

Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like,consuming computing resources and reducing user productivity. These are known as ________.

question

7 billion

answer

As of 2013, Cisco estimated that there were more than________ devices connected to the Internet.

question

smurf attack

answer

In a _________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.

question

SYN flood attack

answer

question

availability

answer

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

question

IAB

answer

The ________ provides oversight for architecture for Internet protocols and procedures, processes used to create standards, editorial and publication procedures for RFCs, and confirmation of IETF chair and technical area directors. It also provides much of the high-level management and validation of the processes of conducting IETF business.

question

True

answer

The ANSI produces standards that affect nearly all aspects of IT.

question

Hollings Manufacturing Extension Partnership

answer

The ____________ is a network of centers around the United States that offers technical and business assistance to small- and medium-sized manufacturers.

question

False

answer

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.

question

True

answer

The Gauss is a measurement of a magnetic field.

question

True

answer

Information technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.

question

American National Standards Institute (ANSI)

answer

The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

question

True

answer

The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.

question

ANSI

answer

question

World Wide Web Consortium (W3C)

answer

The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.

question

procrastination

answer

"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned."This is a disadvantage to choosing the self-study option that can be labeled ________.

question

A standard unit of credit that equals 50 minutes of instruction.

answer

Which of the following is the definition of continuing professional education (CPE)?

question

NSA

answer

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.

question

True

answer

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.

question

four-year

answer

The standard bachelor's degree is a __________ program.

question

True

answer

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.

question

two

answer

A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree.

question

no standard time frame

answer

With university doctoral programs, completing the degree requirements takes ________.

question

National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)

answer

What name is given to educational institutions that meet specific federal information assurance educational guidelines?

question

professional development

answer

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.

question

True

answer

Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance.

question

Certified Authorization Professional

answer

The best fits for (ISC)2's_____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements.

question

Systems Security Certified Practitioner

answer

(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security.

question

Certified Secure Software Lifecycle Professional

answer

(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.

question

CISSP-ISSMP®

answer

The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.

question

CISSP-ISSEP®

answer

The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.

question

Architect

answer

Which is Cisco's highest level of certification?

question

True

answer

The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.

question

entry-level information security certification of choice for IT professionals

answer

Comp TIA's Security+ certification provides ________.

question

True

answer

The Info tech Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure.

question

If VoIP traffic needs to traverse through a WAN with congestion, you need

answer

quality of service (QoS)

question

T/F The up-to-date Common Vulnerabilities & Exposure list is maintained and managed by the U.S. Department of Finance.

answer

False

question

T/F The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is =SLE × ARO.

answer

False

question

What is meant by multi-tenancy?

answer

A database feature that allows different groups of users to access the database without being able to access each other's data.

question

Which of the following is the definition of system owner?

answer

The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.

question

A security awareness program includes

answer

All: teaching employees about security objectives motivating users to comply with security policies informing users about trends and threats in society

question

T/F System owners are in control of data classification.

answer

False

question

Voice and unified communications are ________ applications that use 64-byte IP packets.

answer

real-time

question

answer

True

question

What term is used to describe communication that doesn't happen in real time but rather consists of messages (voice or e-mail) that are stored on a server and downloaded to endpoint devices?

answer

store-and-forward communications

question

What is meant by promiscuous mode?

answer

The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.

question

The act of transforming clear text data into undecipherable cipher text is the definition of __________.

answer

encryption

question

________ is the difference between the security controls you have in place and the controls youneed to have in place in order to address all vulnerabilities.

answer

Security gap

question

The recovery point objective (RPO) identifies the amount of _________ that is acceptable.

answer

data loss

question

answer

True

question

T/F Until the mid-1980s, personal and business communications involved three primary tools: telephone, answering machines and voicemail, and the Internet.

answer

False

question

SIP is a ___________ protocol used to support real-time communications.

answer

signaling

question

A ________ is a collection of computers connected to one another or to a common connection medium.

answer

local area network (LAN)

question

T/F A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.

answer

True

question

________ is the basis for unified communications and is the protocol used by real-timeapplications such as IM chat, conferencing, and collaboration.

answer

Session Initiation Protocol (SIP)

question

T/F Authority-level policy is adatabase feature that allows different groups of users to access the database without being able to access each other's data.

answer

False

question

Which of the following adequately defines continuous authentication?

answer

An authentication method in which a user is authenticated at multiple times or event intervals.

question

What is meant by call control?

answer

The software in a phone system that performs the call switching from an inboundtrunk to a phone extension.

question

What is meant by digital subscriber line (DSL)?

answer

A high-speed digital broadband service that uses copper cabling for Internet access.

question

What is the Project Management Body of Knowledge (PMBOK)?

answer

A collection of the knowledge and best practices of the project management profession.

question

T/F The network security group is responsible for the Internet-to-WAN Domain.

answer

False

question

What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?

answer

dense wavelength division multiplexing (DWDM)

question

What is meant by risk register?

answer

A list of identified risks that results from the risk-identification process.

question

A method of restricting resource access to specific periods of time is called ________.

answer

temporal isolation

question

answer

Brute-force password attack

question

answer

True

question

________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.

answer

Clean desk/clear screen policy

question

T/F Many jurisdictions require audits by law.

answer

True

question

answer

False

question

What is meant by rootkit?

answer

A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.

question

T/F AnSOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

answer

True

question

T/F Having too many risks in the risk register is much better than overlooking any severe risk that does occur.

answer

True

question

The physical part of the LAN Domain includes a __________, which is an interface between the computer and the LAN physical media.

answer

network interface card (NIC)

question

Which of the following is the definition of business drivers?

answer

The collection of components, including people, information, and conditions, that support business objectives.

question

What is a Security Information and Event Management (SIEM) system?

answer

Software and devices that assist in collecting, storing, and analyzing the contents of log files.

question

T/F An attacker will use exploit software when performing vulnerability assessments and intrusive penetration testing.

answer

True

question

The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.

answer

quantitative risk analysis

question

Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.

answer

training

question

As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.

answer

voice

question

T/F Successfully connecting to a computer using a modem makes it impossible to access the rest of the organization's network.

answer

False

question

E-commerce changed how businesses sell, and the ________ changed how they market.

answer

Internet

question

The ___________ framework defines the scope and contents of three levels of audit reports.

answer

Service Organization Control (SOC)

question

T/F Voice and data traffic should be segmented on different backbone links to optimize performance, segment voice, and data traffic on separate GigE or 10GigEfiber-optic trunks.

answer

True

question

answer

True

question

________ is an authorization method in which access to resources is decided by the user's formal status.

answer

Authority-level policy

question

T/F Resources are protected objects in a computing system, such as files, computers, or printers.

answer

True

question

An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________.

answer

smart card

question

T/F The weakest link in the security of an IT infrastructure is the server.

answer

False

question

You can use quantitative risk analysis for all risks on the risk register;however, the amount of effort required may be overkill for _____________ risks.

answer

low probability low impact

question

T/F The audit itself sets new policies.

answer

False

question

What is meant by application convergence?

answer

The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.

question

The ____________ represents the fourth layer of defense for a typical IT infrastructure.

answer

LAN-to-WANDomain

question

Which of the following defines network mapping?

answer

Using tools to determine the layout and services running on an organization's systems and networks.

question

Malicious software can be hidden in a ________.

answer

URL link PDF file ZIP file all of the above

question

________ is the process of managing changes to computer/device configuration or application software.

answer

Change conrol

question

This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.

answer

USBtoken

question

T/F The process of managing the baseline settings of a system device is the definition of configuration control.

answer

True

question

As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.

answer

controls

question

What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place?

answer

Federal Information Security Management Act (FISMA) Encryption

question

A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.

answer

Layer 3 switch

question

Which of the following is the definition of net cat?

answer

A network utility program that reads from and writes to network connections.

question

____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.

answer

Recovery time objective (RTO)

question

The total number of errors divided by the total number of bits transmitted is the definition of __________.

answer

bit error rate

question

The ________ in analog communications is one error for every 1,000 bits sent.

answer

bit error rate

question

In digital communications, the __________ is one error for every 1,000,000 bits sent.

answer

bit error rate

question

A common DSL service is ________, where the bandwidth is different for downstream and upstream traffic.

answer

asymmetric digital subscriber line (ADSL)

question

What fills security gaps and software weaknesses?

answer

Testing and quality assurance

question

T/F A physically constrained user interface is a user interface that does not provide a physical means of entering unauthorized information.

answer

True

question

For all the technical solutions you can devise to secure your systems, the __________ remains your greatest challenge.

answer

human element

question

RTO identifies the maximum allowable ________ to recover the function.

answer

time

question

T/F Even though 3G networks provided mobile devices with connection capabilities similar to those of wired networks, they still did not use true IP network addressing.

answer

True

question

T/F A time-based synchronization system is a mechanism that limits access to computer systems and network resources.

answer

False

question

T/F Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.

answer

True

question

Which of the following is the definition of pattern-based IDS?

answer

An intrusion detection system that uses pattern matching and state full matching to compare current traffic with activity patterns (signatures) of known network intruders.

question

answer

SAS 70

question

What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections?

answer

frame relay

question

When you accept a __________, you take no further steps to resolve.

answer

negative risk

question

Which of the following is the definition of cipher text?

answer

The opposite of clear text. Data sent as cipher text is not visible and not decipherable.

question

T/F In 2011, the United States ranked second globally as a source of network attacks and highest as a source of attacks in North America, even if they originate outside the United States.

answer

True

question

T/F Sprint means one of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software.

answer

True

question

Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.

answer

configurations

question

T/F Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.

answer

False

question

________ is an authentication credential that is generally longer and more complex than a password.

answer

Passphrase

question

T/F Role-based access control (RBAC) means limiting users' access to database views, as opposed to allowing users to access data in database tables directly.

answer

False

question

A parallel test evaluates the effectiveness of the ________ by enabling full processing capability at an alternate data center without interrupting the primary data center.

answer

DRP

question

T/F An organization can choose to plan for any interruption time frame, but in many BIAs, restoration plans assume that access to primary resources will not be possible for at least 60 days.

answer

False

question

Audio conferencing is a software-based, real-time audio conference solution for ________ callers.

answer

VoIP

question

The primary difference between SOC 2 and SOC 3 reports is ________.

answer

Their audience

question

T/F Initiating changes to avoid expected problems is the definition of proactive change management.

answer

True

question

Which of the following is an accurate description of cloud computing?

answer

The practice of using computing services that are delivered over a network.

question

T/F Synchronous token means a device used as a logon authenticator for remote users of a network.

answer

True

question

_____________ is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.

answer

separation of duties

question

T/F The term security kernel database describes a database made up of rules that determine individual users' access rights.

answer

True

question

In a ________, the attacker sends a large number of packets requesting connections to the victim computer.

answer

SYNflood

question

The process of managing risks starts by identifying __________.

answer

risks

question

During the late 1980s into the early 1990s, service providers converted the core switches at their central offices from ______________ to digital central office (CO) switches.

answer

analog

question

T/F Mandatory access control (MAC) isa means of restricting access to an object based on the object's classification and the user's security clearance.

answer

True

question

The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and ________ Web site.

answer

Secure Sockets Layer virtual private network (SSL-VPN)

question

A(n) ___________ fingerprint scanner is a software program that allows an attackerto send logon packets to an IP host device.

answer

operating system (OS)

question

What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version arerunning on a computer?

answer

operating system fingerprinting

question

T/F SOC 3 reports are intended for public consumption.

answer

True

question

Which of the following is the definition of access control?

answer

The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.

question

What is meant by certification?

answer

The technical evaluation of a system to provide assurance that you have implemented the system correctly.

question

The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.

answer

data classification standard

question

T/F The term clipping level refers to a value used in security monitoring that tells controls to ignore activity that falls below a stated value.

answer

True

question

A ___________ is a tool used to scan IP host devices for open ports that have been enabled.

answer

port scanner

question

__________ tests interrupt the primary data center and transfer processing capability to an alternate site.

answer

Full-interruption

question

War dialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP).

answer

false

question

T/F A physically constrained user interface isa user interface that does not provide a physical means of entering unauthorized information.

answer

True

question

The cryptanalyst can encrypt any information and observe the output.

answer

Chosen-plaintext attack

question

_____ is a special case, It is relevant in asymmetric key system and has functions.

answer

Chosen-ciphertext attack

question

answer

chosen-ciphertext attack

question

The cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data may be.

answer

Ciphertext-only attack (COA)

question

The cryptanalyst processes certain pieces of information before and after encryption.

answer

Known-plaintext attack (KPA)

STUDY

Accounting Cash Flow Problems Financial Accounting Intermediate Accounting 1 Social Security Tax Rate

ACC II Study Guide Part I – Flashcards 50 terms

Ashlynn Thompson

50 terms

Preview

ACC II Study Guide Part I – Flashcards

question

Assume that social security taxes are payable at a 6% rate on the first $100,000 of earnings and Medicare taxes are payable at a 1.5% rate with no maximum earnings, and that federal and state unemployment compensation taxes total 4.6% on the first $7,000 of earnings. If an employee, George Jones, earns $2,500 for the current week and Jones' year-to-date earnings before this week were $6,800, what is the total payroll taxes related to the current week?

answer

$196.70

question

The cost of a product warranty should be included as an expense in the

answer

period of the sale of the product

question

Assuming a 360-day year, when a $30,000, 90-day, 5% interest-bearing note payable matures, total payment will amount to:

answer

$30,375

question

Use the following information to answer the following questions. The following totals for the month of April were taken from the payroll register of Magnum Company. Salaries $12,000 FICA taxes withheld 550 Income taxes withheld 2,500 Medical insurance deductions 450 Federal Unemployment Taxes 32 State Unemployment Taxes 216

answer

debit to Payroll Tax Expense for $798

question

The journal entry a company uses to record pension rights that have not been funded for its salaried employees, at the end of the year is

answer

debit Pension Expense; credit Unfunded Pension Liability

question

Xavier and Yolanda have original investments of $50,000 and $100,000 respectively in a partnership. The articles of partnership include the following provisions regarding the division of net income: interest on original investment at 10%, salary allowances of $38,000 and $28,000 respectively, and the remainder equally. How much of the net income of $75,000 is allocated to Xavier?

answer

$40,000

question

If there is no written agreement as to the way income will be divided among partners

answer

they will share income and losses equally

question

The characteristic of a partnership that gives the authority to any partner to legally bind the partnership and all other partners to business contracts is called

answer

mutual agency

question

Franco and Jason share income and losses in a 2:1 ratio after allowing for salaries to Franco of $15,000 and $30,000 to Jason. If the partnership suffers a $15,000 loss, by how much would Jason's capital account increase?

answer

$10,000

question

The capital accounts of Harrison and Marti have balances of $180,000 and $130,000, respectively, on January 1, 2010, the beginning of the current fiscal year. On April 10, Harrison invested an additional $20,000. During the year, Harrison and Marti withdrew $96,000 and $78,000, respectively, and net income for the year was $248,000. The articles of partnership make no reference to the division of net income. Based on this information, the statement of partners' equity for 2010 would show what amount as total capital for the partnership on December 31, 2010?

answer

$404,000

question

The entry to record the issuance of common stock at a price above par includes a debit to

answer

Cash

question

Retained earnings

answer

changes are summarized in the retained earnings statement

question

When a corporation completes a 3-for-1 stock split

answer

the market price per share of the stock is decreased the par value per share is decreased b and c

question

A restriction/appropriation of retained earnings

answer

has no effect on total retained earnings

question

When Bayou Corporation was formed on January 1, 20xx, the corporate charter provided for 100,000 share of $10 par value common stock. The following transaction was among those engaged in by the corporation during its first month of operation: The corporation issued 9,000 shares of stock at a price of $23 per share. The entry to record the above transaction would include a

answer

credit to Paid in Capital in Excess of Par for $117,000

question

The journal entry a company records for the issuance of bonds when the contract rate is less than the market rate would be

answer

debit Cash and Discount on Bonds Payable, credit Bonds Payable

question

On January 1, 2011, $1,000,000, 5-year, 10% bonds, were issued for $960,000. Interest is paid semiannually on January 1 and July 1. If the issuing corporation uses the straight-line method to amortize discount on bonds payable, the semiannual amortization amount is

answer

$4,000

question

Bonds Payable has a balance of $900,000 and Premium on Bonds Payable has a balance of $10,000. If the issuing corporation redeems the bonds at 103, what is the amount of gain or loss on redemption?

answer

$17,000 loss

question

A bond indenture is

answer

a contract between the corporation issuing the bonds and the bond trustee, who is acting on behalf of the bondholders.

question

On the first day of the fiscal year, Hawthorne Company obtained a $ 88,000, seven-year, 5% installment note from Sea Side Bank. The note requires annual payments of $15,208, with the first payment occurring on the last day of the fiscal year. The first payment consists of interest of $4,400 and principal repayment of $10,808. The journal entry Hawthorne would record to make the first annual payment due on the note would include:

answer

a debit to Interest Expense for $4,400

question

Jacks Corporation purchases $200,000 bonds plus accrued interest for 2 months of $2,000 from Kennedy Company on March 1. The bonds have an annual interest rate of 6% payable on June 30 and December 31. The entry to record the purchase of the bonds would include:

answer

Interest Receivable debit $2,000

question

Investment is certificates of deposit and other securities that do not change in value are reported in the balance sheet as:

answer

cash and cash equivalents

question

Edison Corporation paid a dividend of $10 per share on its $100 par preferred stock and $2 per share on its $10 par common stock. The market value of the common stock is $80 per share. Edison's dividend yield is:

answer

2.5%

question

Which of the following stock investments should be accounted for using the cost method?

answer

investments of less than 20%

question

A company that has 25,000 shares of $5.00 par value common stock issued and outstanding paid a dividend of $.75 per share. The market value of the stock is $20.00 per share. The company's dividend yield is:

answer

3.75%

question

Which of the following is a noncash investing and financing activity?

answer

issuance of common stock to acquire land

question

The following selected account balances appeared on the financial statements of the Washington Company: Accounts Receivable, Jan. 1 $13,000 Accounts Receivable, Dec. 31 9,000 Accounts Payable, Jan 1 4,000 Accounts payable Dec. 31 7,000 Merchandise Inventory, Jan 1 10,000 Merchandise Inventory, Dec 31 15,000 Sales 56,000 Cost of Goods Sold 31,000 The Washington Company uses the direct method to calculate net cash flow from operating activities. Cash paid to suppliers is

answer

$33,000

question

On the statement of cash flows prepared by the indirect method, the cash flows from operating activities section would include

answer

amortization of premium on bonds payable

question

Accounts receivable from sales transactions were $44,000 at the beginning of the year and $53,000 at the end of the year. Net income reported on the income statement for the year was $105,000. Exclusive of the effect of other adjustments, the cash flows from operating activities to be reported on the statement of cash flows prepared by the indirect method is

answer

$96,000

question

On the statement of cash flows, the cash flows from financing activities section would include all of the following except

answer

payments of interest on bonds payable

question

Which of the following are basic phases of the management process?

answer

Planning and controlling

question

Which of the following is not a prime cost?

answer

Supervisor's wages

question

Cost of goods sold for a manufacturer equals cost of goods manufactured plus:

answer

beginning finished goods inventory less ending finished goods inventory

question

Costs other than direct materials cost and direct labor cost incurred in the manufacturing process are classified as:

answer

factory overhead cost

question

Each account in the cost ledger is called a:

answer

job cost sheet

question

Which of the following is the correct flow of manufacturing costs?

answer

Raw materials, work in process, finished goods, cost of goods sold

question

Selected accounts with some debits and credits omitted are presented as follows: Work in Process Aug. 1 Balance 275,000 Aug. 31 Goods finished 1,030,000 31 Direct materials X 31 Direct labor 450,000 31 Factory overhead X Factory Overhead Aug. 1-31 Costs incurred 145,000 Aug. 1 Balance 15,000 31 Applied (30% of direct labor cost) X If the balance of Work in Process at August 31 is $220,000, what was the amount debited to Work in Process for direct materials in August?

answer

$390,000

question

Materials purchased on account during the month amounted to $195,000. Materials requisitioned and placed in production totaled $168,000. From the following, select the entry to record the transaction on the day the materials were bought.

answer

Materials 195,000 Accounts Payable 195,000

question

When a job is completed in a service organization, the job costs are transferred to the

answer

cost of services account.

question

The debits to Work in Process--Assembly Department for April, together with data concerning production, are as follows: April 1, work in process: Materials cost, 3,000 units $ 8,000 Conversion costs, 3,000 units, 66.7% completed 6,000 Materials added during April, 10,000 units 30,000 Conversion costs during April 31,000 Goods finished during April, 11,500 units --- April 30 work in process, 1,500 units, 50% completed --- All direct materials are placed in process at the beginning of the process and the first-in, first-out method is used to cost inventories. The materials cost per equivalent unit for April is:

answer

$3.00

question

Mocha Company manufactures a single product by a continuous process, involving three production departments. The records indicate that direct materials, direct labor, and applied factory overhead for Department 1 were $100,000, $125,000, and $150,000, respectively. The records further indicate that direct materials, direct labor, and applied factory overhead for Department 2 were $50,000, $60,000, and $70,000, respectively. In addition, work in process at the beginning of the period for Department 1 totaled $75,000, and work in process at the end of the period totaled $60,000. The journal entry to record the flow of costs into Department 2 during the period for applied overhead is:

answer

Work in Process--Department 2 70,000 Factory Overhead--Department 2 70,000

question

The debits to Work in Process--Assembly Department for April, together with data concerning production, are as follows: April 1, work in process: Materials cost, 3,000 units $ 7,200 Conversion costs, 3,000 units, 40% completed 6,000 Materials added during April, 10,000 units 25,000 Conversion costs during April 30,800 Goods finished during April, 12,000 units --- April 30 work in process, 1,000 units, 40% completed --- All direct materials are placed in process at the beginning of the process and the first-in, first-out method is used to cost inventories. The conversion cost per equivalent unit for April is:

answer

$2.75

question

A form prepared periodically for each processing department summarizing (1) the units for which the department is accountable and the units to be assigned costs and (2) the costs charged to the department and the allocation of these costs is termed a:

answer

cost of production report

question

Which of the following measures would not help managers to control and improve operations?

answer

Commissions paid per time period

question

Land acquired so it can be resold in the future is listed in the balance sheet as a(n)

answer

investment

question

The exclusive right to use a certain name or symbol is called a

answer

trademark

question

All leases are classified as either

answer

capital leases or operating leases

question

A machine with a cost of $80,000 has an estimated residual value of $5,000 and an estimated life of 5 years or 15,000 hours. It is to be depreciated by the units-of-production method. What is the amount of depreciation for the second full year, during which the machine was used 5,000 hours?

answer

$25,000

question

Equipment with a cost of $160,000, an estimated residual value of $40,000, and an estimated life of 15 years was depreciated by the straight-line method for 4 years. Due to obsolescence, it was determined that the useful life should be shortened by 3 years and the residual value changed to zero. The depreciation expense for the current and future years is

answer

$16,000

question

Accounting designed to meet the needs of decision-makers inside the business is referred to as:

answer

managerial accounting

STUDY

Accounting Activity Ratios Measure Buying Goods And Services Cash Flow Problems Cost Accounting Double Entry Bookkeeping Federal Reserve Bank Finance Owners Equity

Unit 3: Accounting – Flashcards 140 terms

Killian Parsons

140 terms

Preview

Unit 3: Accounting – Flashcards

question

1.Accounting involves both the recording and the interpreting of financial events

answer

True

question

Assign the following functions of accounting to the type of accountant that performs them 2.Budget preparation 3.Information for investors outside the firm 4.Measurement of production costs 5.Reports for stakeholders a.Financial accountants b.Managerial accountants

answer

2. (b) managerial accountants 3. (a) financial accountants 4. (b) managerial accounts 5. (a) financial accounts

question

As a Certified Public Accountant (CPA), you would be working primarily in the area of a. Audits b. Financial accounting c. Managerial accounting d.Tax accounting e.All of the above

answer

b. Financial accounting

question

How does the purpose of managerial accounting differ from the purpose of financial accounting?

answer

It assists with the internal management decisions for the firm

question

The accounting equation states that

answer

Assets = Liabilities + Owners Equity

question

The balance sheet, the statement of cash flows, and the ___________ are three key financial statements prepared by accountants.

answer

income statement

question

The ____________ is an accounting statement that reports the financial condition of a firm at a specific point in time.

answer

balance sheet

question

The "bottom line" of an income statement is the net worth of the firm

answer

False

question

The balance sheet is composed of the following types of accounts:

answer

a. assets, liabilities, and owner's equity

question

13. Assets = Liabilities + Owner's Equity 14. Refers to how fast an asset could be converted into cash 15. Reports the financial condition of a firm in a specific point in time 16. Reports the profit or loss for the firm over a specified time period 17. Represents what the company owns and owes as of a specific date a.Liquidity b.Balance sheet c.Income statement

answer

13. (b) balance sheet 14. (a) liquidity 15. (b) balance sheet 16. (c) income sheet 17. (b) balance sheet

question

The income statement fundamentally compares

answer

Revenue and expenses

question

What is an example of current assets?

answer

a. cash

question

Debts that are due in one year or less are classified on the balance sheet as:

answer

current liabilities

question

Which of the following items is found on an income statement? a. Current assets b. Cost of goods sold c. Cash flow from investments d. Owner's equity e. Return on investment

answer

b. cost of goods sold

question

Revenue - minus cost of goods sold =

answer

Gross profit

question

Company resources that are purchased with the intention that they will convert to cash within one year are:

answer

current assets

question

Rent, depreciation, and salaries are examples of

answer

operating expenses

question

_________ is the systematic write-off of the value of a tangible asset over its useful life.

answer

depreciation

question

Depreciation is a systematic write-off of the cost of a tangible asset that affects taxes on ____________.

answer

the income statement

question

FIFO and LIFO are two common methods used to compute the depreciation of tangible assets

answer

False

question

Which of the following is INCORRECT? a. Gross Profit - Interest Expenses = Net Profit before Interest and Taxes b. Liabilities + Stockholder's Equity = Assets c. Net Profit Before Interest and Taxes - Interest - Taxes = Net Profit after Taxes d. Sales - Cost of Goods Sold = Gross Profit

answer

a. gross profit-interest expenses = net profit before interest and taxes

question

Which of the following is NOT a current asset? a.Accounts payable b.Accounts receivable c. Cash d. Inventories

answer

a. accounts payable

question

Accounting is an exact science

answer

b. false

question

a. Financial ratios that measure a firm's ability to pay its short-term debts. b. Financial ratios that measure a firm's effective use of resources. c. Financial ratios that measure a firm's ability to use its assets to their highest potential. d. Financial ratios that reflect the degree to which a firm relies on borrowed funds.

answer

a. liquidity b. profitability c. efficiency d. leverage

question

_________ measures the speed of inventory moving through the firm and becoming sales.

answer

c. inventory turnover ratio

question

Match each of the following ratios with kind of financial ratio it represents 6.Current 7.Debt/equity ratio 8.Inventory turnover ratio 9.Quick ratio 10. Return on equity ratio 11. Return on sales ratio

answer

6. liquidity 7. leverage 8. efficiency 9. liquidity 10. profitability 11. profitability

question

A company's current ratio is a better indicator of its ability to pay off short-term debt obligations than its acid-test ratio

answer

False

question

The acid-test ratio is the best method to determine a firm's long term ability to pay off its debts a. True

answer

False

question

Which of the following financial ratios is better the lower it is?

answer

b. debt/equity

question

If a firm has a debt to owners' equity ratio of .54 (or 54%) we can conclude that:

answer

b. Its total liabilities are less than its owners equity (ratio = liabilities/equity)

question

The top managers of Highbrow Bookstores want to indicate to the firm's shareholders how effectively they have managed the company in their behalf. Perhaps the most meaningful way to do this would be by reporting strong:

answer

b. profitability ratios

question

Bob Stewart plans to visit his financial planner today to discuss investment strategy. As a young, "20 something" accountant, he knows he can afford to invest in a few riskier investments. Which of the following ratios will be an important measure of profitability for Bob?

answer

d. return on equity

question

Match the following financial ratios with the arguments you'd expect stakeholders (including shareholders) to level against high levels of each. 44. Debt-equity ratio 45. Inventory turnover ratio 46. Quick ratio 47. Return on equity 48. Return on sales a. Not enough reinvestment onto the business; b. Over-leveraged financial structure; c. The firm may be foregoing potential new customers; d. There is an excessive chance of stock outs, disruptions, and unsatisfied customers; e.Too much liquidity belongs to the shareholders, not to the firm.

answer

44. b 45. d 46. e 47. a 48. c

question

When return on sales increases, return on equity must

answer

d. dont know

question

Other things equal, when return on sales decreases we can expect return on equity to

answer

a. decrease

question

__________ refers to the process that identifies variances by comparing actual revenues and expenses to projected revenues and expenses.

answer

b. Financial control

question

Financial management is more important for a large firm than for a small firm

answer

False

question

Financial managers spend the majority of their time a.Managing the short-term financial needs of the firm. b.Obtaining long-term financing to fund the firm's capital expenditures.

answer

question

The duties and responsibilities of a financial manager are virtually identical to the duties and responsibilities of an accountant

answer

False

question

Which of the following is not a responsibility of financial management? a.Advising top management; b.Buying merchandise on credit and collecting overdue payment from customers; c. Cash flow control; d. Production scheduling; e.Tax management and budgeting.

answer

d. production scheduling

question

The purpose of liquidity ratios is to indicate the degree to which a firm relies on borrowed funds in its operations

answer

False

question

If a company applies for bankruptcy protection, it is likely that it confronted ___________ problems

answer

a. liquidity

question

The first step in financial planning is to develop a budget to better control costs

answer

False

question

In order to assist in revenue realization, a(n) ________ allocates resources throughout the firm.

answer

c. budget

question

Match the budgets with their definitions 10. Allocation of funds required to operate a business at a projected level of revenue; 11. Borrowing, debt repayment, operation expenses, and short-term investment opportunity schedule; 12. Firm's spending plans for long-lasting assets such as property, buildings, and equipment. a. Capital budget b. Cash budget c. Operating (master) budget

answer

10. operating (master) budget 11. cash budget 12. capital budget

question

Match the following situations with the appropriate financial tool. 13. Akiko realizes the importance of developing a ________ for her interior design business. Akiko understands the importance of appropriately allocating resources in order to achieve the goals of her firm. 14. As a finance manager at AllSports Communication, Charlie worries about the firm's borrowing requirements for the upcoming year. He knows the benefit of estimating AllSports' expenses and short-term investment expectations. Facing these concerns, a(n) ________ would provide Charlie with valuable information by providing a good estimation of whether the firm will need to do short-term borrowing. 15. As a management consultant, Lamont knows that regardless of how good his firm's product might be, the business has little chance of success without a(n) __________ . 16. Carolina Financial Services is considering the purchase and installation of an expensive computer network. This is the type of expenditure that would be included in a(n) _________ . a. Budget b. Capital budget c. Cash budget d. Financial plan e. Master budget

answer

13. a. budget 14. c. cash budget 15. d. financial plan 16. b. capital budget

question

The most widely used source of short term funding is

answer

trade credit

question

The rationale behind offering customers credit is:

answer

e. permitting customers to pay with credit cards or on credit makes it easier for them to buy, and it also attracts new customers

question

Financial managers generally oppose credit sales because of the impact on cash flows

answer

False

question

Rapidly growing companies often buy increasing amounts of merchandise from suppliers on credit, and then sell the goods to their customers on credit. These companies sometimes have difficulty repaying their suppliers when customers who buy on credit don't pay on time. Firms that experience this difficulty need to do a better job of:

answer

e. managing cash flows

question

Which of the following presents an effective technique to improve cash management? a. Slow down both the payment and collections of cash b. Speed up both collections and payments of cash c. Speed up cash collections and slow down cash payments d. Speed up cash payments and slow down cash collections

answer

c. speed up cash collections and slow down on cash payments

question

The best way for a firm to avoid serious cash flow problems is to sustain a rapid growth in sale

answer

False

question

The costs to a retailer of accepting credit cards are generally greater than the benefits provided

answer

False

question

Lancer Wholesale Company wants to improve cash flow. Which of the following strategies would be most likely to help Lancer achieve this objective? a. Accepting IOUs from customers who buy in large quantities b. Offering cash discounts to buyers who pay their accounts promptly c. Offering extended payment plans to qualified buyers d. Relaxing its credit policy for new customers e. All of the above.

answer

b. offering cash discounts to buyers who pay their accounts promptly

question

Maryland Nursery offers customers credit terms of 3/15 net 30. This gives customers a:

answer

three percent discount if they pay in 15 days

question

The owner of a Mountain Cycle Shop worries that cash flows may be insufficient to pay his current operating expenses. While he anticipates a surplus of cash inflows as warm weather approaches, he needs to borrow funds now to meet his immediate obligations. He can best resolve his cash flow concerns by obtaining short term financing.

answer

True

question

Some suppliers hesitate to offer trade credit to firms with a poor credit history. In these cases, the supplier may insist that the customer sign a(n):

answer

promissory note

question

Selling accounts receivable to obtain short-term funds is called:

answer

c. factoring

question

_________ offers financially stable corporations a technique to raise short-term funds by issuing unsecured promissory notes to the general public with the promise of repayment within 270 days.

answer

commercial paper

question

Commercial paper is a common source of short-term financing for small and medium sized businesses

answer

False

question

Organizations can avoid financial difficulties by marketing products that generate a significant rate of growth in sales revenue

answer

false

question

As we saw in class, WalMart sports an inventory turnover ratio of about nine. This means that WalMart turns its inventory

answer

a. every forty days

question

Match the following inventory management problems with their expected inventory turnover ratio: 34. Obsolete merchandise resulting in unsold goods 35. Poor buying practices resulting in unsold goods 36. Potential for lost sales because of lack of inventory

answer

34. low inventory turnover 35. low inventory turnover 36. higher turnover ratio

question

We would expect the inventory turnover ratio for a ski shop to be _______ than the turnover for a convenience store.

answer

lower

question

An extremely high inventory turnover ratio may represent lost sales due to holding inadequate stocks of merchandise

answer

True

question

Assuming equal levels of sales for all three retailers, you'd expect Amazon.com inventory turnover to be ________ that of Borders or Barnes & Noble.

answer

e. Much higher than

question

Assuming equal levels of sales for all three retailers, you'd expect Amazon.com acid ratio to be ______ that of Borders or Barnes & Noble.

answer

c. about equal to

question

Scott Drilling Contractors recently issues a corporate bond on which it expects to pay interest for the next twenty years. Scott would record this as a __________ on its balance sheet.

answer

b. Long-term liability

question

Kunpeng Airlines is a recent start-up commuter airline that flies between eight regional cities on the coastal region of China. Although it has attracted numerous investors who see value in the company's service, it does not pay dividends. Last year, the firm claimed profits of $4,800,000, which will be used to purchase an additional commuter plane. The Balance Sheet accounts that will show this affect are: a. Accounts payable and accounts receivable accounts; b. Long-term liabilities and fixed asset accounts; c. Retained earnings and accounts receivable accounts; d. Retained earnings and fixed assets accounts; e. None of the above.

answer

d. Retained earnings and fixed assest accounts

question

The need for operating funds:

answer

b. increases when a firm introduces new products or enters a new market

question

The concept "time value of money" indicates:

answer

a. A dollar received today is worth more than a dollar received a year from today

question

Acquiring funds through borrowing represents:

answer

a. debt financing

question

Ifa firm sells shares of stock, it is financing with ________.

answer

equity

question

Allison O'Toole sells high end accessories at her resort boutique in Destin, FL. During the past ten years, Allison's business has performed quite well. Even when she made the decision to expand her store by purchasing the building next door, she financed this event by reinvesting her profits. Up until now, Allison has: a. burned through a sizable quantity of capital. b. leveraged her financing. c. successfully found equity financing through the sale of stock. d. utilized a significant amount of debt financing. e. utilized equity to finance large capital expenditures.

answer

e. utilize equity to finance large capital expenditures

question

______________ refers to the strategy of using borrowed funds to increase the rate of return for stockholders.

answer

c. leverage

question

Retained earnings represent a source of equity financing

answer

a. True

question

The interest paid for debt financing is a tax-deductible expense for the firm

answer

True

question

Analysts worry about Starbuck's Notes Payable/Short Term Debt. In the short term (less than a year) do you believe that there is reason to worry? a. Yes b. No c. There is insufficient data to answer this question

answer

c. There is insufficient data to answer this question

question

On the basis of your estimate of Starbucks debt/equity ratio, is it likely that Starbucks will be able to borrow money to finance its Notes Payable/Short Term Debt item? (For comparison, the ratio for McDonald's is 1.12)

answer

a. yes

question

A firm that takes too much debt could experience problems repaying its lenders or meeting promises made to stockholders

answer

True

question

Equity financing represents money acquired from the operations of the firm or through the sale of ownership in the company

answer

True

question

Companies raising funds must choose either debt or equity sources, but not both

answer

False

question

Which of the following represents a capital expenditure? a. Paying for media advertising b. Paying salaries to employees c. Purchasing a building to be used for office space d. Purchasing raw materials to be used in the production of a firm's product e. Purchasing utilities such as electricity and water.

answer

c. purchasing a building to be used for office space

question

To maximize the benefits of using financial leverage, a firm should a. Avoid securing funds through long-term debt financing b. Limit their investments to projects with minimum risk levels c. Strive to minimize their cost of capital d. b. and c. e. All of the above

answer

c. strive to minimize their cost of capital

question

Stockholders of a company in a risky market environment would expect lower return on equity ratio than stockholders in a less risky market

answer

False

question

Generally, a high _________ ratio could lead investors and creditors to view the company as being very risky

answer

Debt to owner's equity

question

A firm must pay dividends to its shareholders when it is profitable

answer

False

question

Effective managers strive to minimize their firm's cost of capital

answer

True

question

When given a choice, businesses prefer to obtain long-term financing through retained earnings or by borrowing from a lending institution

answer

True

question

The relationship between debt and equity is called:

answer

Leverage

question

Which of the following best characterizes the dilemma of financial management? a. Assets need to be kept at the same level as liabilities and owner's equity b. Pursuing profitable growth opportunities may jeopardize the survival of a business c. Survival, growth and profits are supported by the exact same strategies d. The overriding goal of a business is to make profits e. The overriding goal of a financial manager is to maintain a conservative financial and cash flow strategy

answer

b. Pursuing profitable growth opportunities may jeopardize the survival of a business

question

Generally, a high ___________ ratio could lead investors and creditors to view the company as being very risky.

answer

b. debt to owner's equity

question

he primary purpose of retained earnings is to a. pay off federal taxes b. pay out to shareholders later as dividends c. reinvest into the company and its operations d. save in the company's bank account

answer

c. reinvest into the company and its operations

question

On an article in "The Economist" (February 26th, 2011), the CEO of IKEA, Mikael Ohlsson, is quoted as follows: "IKEA is more competitive as a privately owned company. Instead of sweating to meet the quarterly targets the stockmarket demand, it can concentrate on long term growth." On the basis of the above, you'd expect IKEA's return on equity to be ______ that of a similar, publicly traded corporation.

answer

b. lower than

question

Refer to the previous question. IKEA is likely to prefer _____ as their sources of long term financing.

answer

c. Retained earnings

question

The overall objective of financial planning is to

answer

d. optimize the firms profitability

question

The fundamental challenge of effective financial management is to have sufficient _____ on hand without compromising the firm's ______ potential.

answer

c. cash, investment

question

Which of the following represents a capital expenditure?

answer

b. purchasing a building to be used for office space

question

Businesses ought to match their long-term capital needs to: a. the firm's debt to equity ratio. b. the ratio of long-term vs. short-term capital available. c. the relative cost of their financing options. d. their long-term goals and objectives. e. trade credit discounts.

answer

d. their long-term goals and objectives

question

The CFO of a well known satellite radio company was trying to work his magic today as he solicited another telecommunications/entertainment company to invest in his company in order to prevent bankruptcy. Having refinanced the company less than a year ago, the satellite radio finance manager had a $75 million note coming due today. The current financing arrangement represents:

answer

d. short term debt financing (within a year)

question

While _________ provide a buyer with collateral, _________ are backed only by the reputation issuer. a. Debentures, retained earnings b. Debentures, secured bonds c. Equity shares, debentures d. Secured bonds, debentures e. Secured bonds, equity shares

answer

d. Secured bonds, debentures

question

Which of the following will determine the broad rate of interest a firm will have to offer on its bonds? a. The general level of market interest rates b. The intensity of competition the firm faces with new products c. The relative strength of the dollar versus other currencies d. All of the above e. None of the above.

answer

a. The general level of market interest rates

question

Lottadoe and Bigbux are two companies that are identical in every respect except that Lottadoe uses only equity financing while Bigbux relies heavily on debt financing. Over the past year, the firms had identical net incomes before interest and taxes were taken into account. If this net income was very high, a. Bigbux would report a higher return on equity than Lottadoe. b. Bigbux would report a lower return on equity than Lottadoe. c. Bigbux would report higher dividends than Lottadoe. d. Lottadoe would pay less in taxes than Bigbux. e. Lottadoe would report a lower net income after taxes than Bigbux.

answer

a. Bigbux would report a higher return on equity than Lottadoe

question

Lottadoe and Bigbux are two companies that are identical in every respect except that Lottadoe uses only equity financing while Bigbux relies heavily on debt financing. Over the past year, the firms had identical net incomes before interest and taxes were taken into account. If the firms faced a rough year with a very low earnings, a. Bigbux would be able to skip its interest payments if paying them would cause its net income to be negative. b. Bigbux would report a higher net taxable income than Lottadoe. c. Bigbux would, of necessity, go bankrupt. d. Lottadoe would be required to pay a higher dividend than Bigbux, thus reducing retained earnings. e. Lottadoe would report a higher return on equity than Bigbux.

answer

e.Lottadoe would report a higher return on equity than Bigbux.

question

Match the following definitions with their concepts. 1. Certificate issued to an investor that has loaned money to a corporation or government. 2. Form of company ownership that gives priority claim in the payment of dividends, as well as assets, if the business is liquidated. However, these investors do not have voting rights. 3. The most basic form of company ownership that includes voting rights and dividends, if and,when the firm elects to pay dividends.

answer

1. Bond 2. Preferred stock 3. Common Stock

question

Match the following bond-related terms with their meaning a. Date in which principal is due b. Interest c. Principal

answer

a. Maturity b. Coupon c. Face Value

question

Bondholders are considered creditors of a firm

answer

True

question

Bonds, like stocks, trade daily on major security exchanges

answer

True

question

U.S. Government bonds are considered safe investments

answer

True

question

With everything else held constant, secured bonds likely pay investors a _________ interest rate than debenture bonds a. Higher and more volatile b. Higher but less volatile c. Lower and less volatile d. Lower but more volatile

answer

c. Lower and less volatile

question

A convertible bond allows the bondholder to exchange the bond for a. Preferred stock b. Common stock c. Collateral d. All of the above e. None of the above

answer

b. common stock

question

As creditors of a firm, bond holders enjoy voting privileges for the board of directors' elections

answer

False

question

Unlike stocks, bond market prices remain stable over the life of the bond

answer

False

question

As interest rates fall, bond prices

answer

Increase

question

Bonds perceived as high risk typically pay __________ interest rates.

answer

a. Higher

question

Which of the following securities provides the owner the right to vote for the corporate board of directors? a. Bonds b. Callable bonds c. Commercial paper d. Common stock e. Preferred stock

answer

d. common stock

question

Which of the following sources of long-term financing has liquidity consequences? a. Bonds b. Retained earnings c. Stock d. Venture capital e. All of the above

answer

a. bonds

question

Dividends on preferred stock are: a. always greater than dividends on common stock. b. guaranteed, except in the event of bankruptcy. c. normally fixed, if and when dividends are paid. d. not subject to double taxation. e. paid after common stockholders receive their dividends.

answer

c. normally fixed, if and when dividends are paid

question

The proceeds from a secondary market sale of securities go to the corporation whose security is being traded

answer

False

question

A share of preferred stock currently sells for $120. It offers the investor a dividend of 8%, with a par value of $100. If dividends are paid, preferred stockholders would receive a dividend of $9.60

answer

b. False

question

If the stock price of a publicly traded company declines, it is likely that it is confronting ____________ problems

answer

b. profitability

question

A firm must pay dividends to its shareholders when it is profitable

answer

False

question

Like bonds, equity financing must be repaid

answer

False

question

When is it easiest to raise equity capital? a. Excellent performance, bull market b. Excellent performance, bear market c. Poor performance, bull market d. Poor performance, bear market

answer

a. excellent performance, bull market

question

When is a company most likely to need to raise capital? a. Excellent performance, bull market b. Excellent performance, bear market c. Poor performance, bull market d. Poor performance, bear market

answer

d. poor performance, bear market

question

Private investors benefit from securities markets primarily by: a. analyzing information about publicly traded companies. b. having a place to buy and sell stocks and bonds. c. obtaining the capital they need to finance their operations. d. participating in the primary markets of investment bankers. e. securing memberships on various stock exchanges.

answer

b. having a place to buy and sell stocks and bonds

question

An organization whose members can buy and sell securities for companies and investors is known as a:

answer

d. stock exchange

question

A company's stock does not have to be listed on one of the major stock exchanges in order to trade. It can be traded on _____________.

answer

Over-the-counter markets

question

Which of the following would be classified as an institutional investor? a. Commodity brokers b. Federal Reserve banks c. OTC markets d. Pension funds e . Stock exchanges

answer

d. pension funds

question

Before a corporation's stock can be sold on a major stock exchange, the firm must provide detailed financial information to the Securities and Exchange Commission

answer

True

question

When a shareholder of a publicly traded corporation sells her stock, the corporation receives the proceeds of the sale

answer

False

question

The stock of companies that fail to meet a stock exchange's minimum requirements can be delisted

answer

True

question

Molly Manufacturing plans to issue $75 million of common stock. The firm will likely rely on the advice and assistance of a(n): a. Commercial bank. b. Federal Reserve Bank. c. Investment banker. d. Mutual fund. e. Universal bank.

answer

c. Investment banker

question

How do investment bankers generate revenue for their firms?

answer

a. They buy, at a discount, the entire issue of a new security and then sell the issue toinvestors at full price.

question

The higher the risk of a particular investment, the greater the expected rate of return required by investors

answer

True

question

Which of the following is the most important measure for equity investment valuation? a. Growth b. Returns c. Risk d. All of the above e. None of the above

answer

d. all of the above

question

The more diversified a stock portfolio, the __________ risky it is.

answer

b. less

question

Which of the following is NOT a reasonable investment strategy? a. Buy stocks with high P/E ratios b. Buy for the long term c. Diversify d. Be a contrarian e. Consider the tradeoffs between returns, growth and risk

answer

a. Buy stocks with a high P/E ratio

question

Put the following investments in order from riskiest to least risky. Which of following lists begin with the least risky investment and ends with the most risky? Least risky = 1; most risky = 5

answer

1) Bonds 2) Mutual Funds 3) ETFs 4) Preferred Stock 5) Common Stock

question

Which of the following statements is FALSE? a. Corporations receive money each time their securities are traded b. Securities markets benefit businesses and private investors c. Securities markets help companies raise long term debt and equity financing d. Securities markets serve as a place to buy and sell stocks, bonds, and mutual funds e. Securities markets represent the financial marketplaces for stocks and bonds

answer

a. Corporations receive money each time their securities are traded

STUDY

Cash Flow Problems Equal Pay For Equal Work Graphs And Charts Highly Skilled Workers Low Skilled Workers Management Operations Management Repair And Maintenance

Operations Management Exam #1 – Flashcards 118 terms

Jonathan Walsh

118 terms

Preview

Operations Management Exam #1 – Flashcards

question

Organizations Have 3 Basic Functions

answer

Marketing Operations Finance

question

What is Operations?

answer

The part of a business organization that is responsible for producing goods or services Influences all of the rest of the organization The actual doing part of the business process

question

What is Operations Management?

answer

The management of systems or processes that create goods and/or provide services

question

Operations Management affects:

answer

Companies' ability to compete

question

Why study OM?

answer

Every aspect of business affects or is affected by operations There is a significant amount of interaction and collaboration amongst the functional areas

question

The Operations Function

answer

The creation of goods and services through the transformation of inputs into outputs

question

Feedback

answer

measurements taken at various points in the transformation process

question

Control

answer

The comparison of feedback against previously established standards to determine if corrective action is needed.

question

Value Added

answer

value/price of output - cost of input

question

Processes (Managing to Meet Demand)

answer

Operations & Supply Chains vs Sales and marketing Supply ? Demand is wastefully costly Supply < Demand causes Opportunity Loss/Customer Dissatisfaction Supply = Demand is Ideal

question

Processes (Variation)

answer

Variations can be disruptive to operations and processes. They may result in additional costs, delays and shortages, poor quality, and inefficient work systems.

question

Manufacturing

answer

goods-oriented (tangible things) physical items that include raw materials, parts, subassemblies, and final products. Automobile Computer Oven Shampoo

question

Service

answer

act-oriented activities that provide some combination of time, location, form or psychological value. Air travel Education Haircut Legal counsel

question

Goods-service Continuum

answer

Products are typically neither purely service- or purely goods-based.

question

Products Package

answer

combinations of goods and services

question

Key Differences

answer

question

Scope of Operations Management

answer

The operations function includes many interrelated activities such as: Forecasting (we won't cover, but important) Capacity planning Facilities and layout Scheduling Managing inventories Assuring quality Motivating employees Deciding where to locate facilities And more . . .

question

Role of the Operations Manager

answer

The Operations Function consists of all activities directly related to producing goods or providing services. A primary role of the operations manager is to guide the system by decision making. -System Design Decisions -System Operation Decisions

question

System Design Decisions

answer

-Capacity -Facility location -Facility layout -Product and service planning These are typically strategic decisions -usually require long-term commitment of resources -determine parameters of system operation

question

System Operation Decisions

answer

These are generally tactical decisions -Management of personnel -Inventory management and control -Scheduling -Project management -Quality assurance

question

Decision Making

answer

Most operations decisions involve many alternatives that may have different impacts on costs or profits Typical operations decisions include: What: What resources are needed, and in what amounts? When: When will each resource be needed? When should the work be scheduled? When should materials and other supplies be ordered? Where: Where will the work be done? How: How will he product or service be designed? How will the work be done? How will resources be allocated? Who: Who will do the work?

question

Modeling is a key tool used by decision makers

answer

question

Model

answer

an abstraction of reality; a simplified representation of something

question

Types of Models

answer

Physical Models -Look like their real-life counterparts Schematic Models -Graphs, Charts, Blueprints, Drawings, etc. Mathematical Models

question

Common Features of Models

answer

simplifications of real-life phenomena Focus on the most important aspects of the real-life system & omit unimportant details

question

Benefits of Models

answer

Models are generally easier to use and less expensive than dealing with the real system Serve as a consistent tool for evaluation and provide a standardized format for analyzing a problem Require users to organize and sometimes quantify information Increase understanding of the problem Enable managers to analyze "What if?" questions

question

Limitations of Models

answer

Important variables may be missed Quantitative information may be emphasized over qualitative Models may be incorrectly applied and results misinterpreted Nonqualified users may use the model incorrectly

question

Quantitative Methods

answer

A decision making approach that seeks to obtain a mathematically optimal solution -Linear programming -Queuing techniques -Inventory models -Project models -Forecasting techniques -Statistical models

question

Historical Evolution of OM

answer

Industrial Revolution Scientific Management Decision Models and Management Science Influence of Japanese Manufacturers

question

Pre-Industrial Revolution

answer

Craft production - highly skilled workers use simple, flexible tools to produce small quantities of customized goods

question

Industrial Revolution

answer

The Industrial Revolution (late 18th century) -Began in England in the 1770s -Division of labor - Adam Smith, 1776 -Application of the steam engine, 1780s -Cotton Gin and Interchangeable parts - Eli Whitney, 1792 Substituting machine power for human power. Management theory and practice did not advance appreciably during this period

question

Scientific Management (Early 20th century)

answer

"Science of Management" based on observation, measurement, analysis and improvement of work methods, and economic incentives Management is responsible for: -planning, carefully selecting and training workers -finding the best way to perform each job Emphasis was on maximizing output -Ford Model-T, 1908-1927 -Modern-Times, 1936

question

Decision Models & Management Science (Mid 20th century)

answer

OR applications in warfare - Operations Research (OR) Groups Mathematical model for inventory management (F.W. Harris, 1915) Statistical procedures for sampling and quality control (Dodge, Romig & Shewart , 1930s) Statistical sampling theory (Tippett, 1935) Linear programming (George Dantzig , 1947)

question

Influence of Japanese Manufacturers

answer

Late 20th century Refined and developed management practices that increased productivity -Credited for the "quality revolution" -continual improvement -employee empowerment -Lean Operations / Just-in-Time production

question

Key Issues for Operations Managers Today

answer

Economic conditions Innovating Quality problems Management technology The Internet, e-commerce, e-business Supply chain management Risk management Revenue management Competing in a global economy Globalization, Outsourcing Environmental concerns Ethical behavior

question

Customization

answer

requires more resources and effort than more standardized products and services

question

Theory X

answer

Workers do not like work and must be induced to do it

question

Theory Y

answer

Workers enjoy work and are committed to doing it

question

Components of the Supply Chain

answer

Forecasting, purchasing, inventory management, information management, quality assurance, scheduling, production, distribution, delivery, and customer service Doesn't include marketing or finance because those are the two other functions of an organization next to operations

question

Ethics

answer

a standard behavior that guides how we should act in various situations

question

Business Sustainability

answer

refers to economic, environmental, and social sustainability

question

Division of Labor

answer

allows employers to employ less-skilled workers than would have been needed in craft production

question

Which of the following are reasons organizations fail?

answer

Not investing enough in necessary capital or human resources Underestimating the importance of internal communication and cooperation between functional areas Putting too much emphasis on short term financial performance Not focusing enough on process design and improvement Failure to correctly focus on customer wants and needs

question

Three separate, but related concepts that are vitally important to business organizations:

answer

Competitiveness Productivity Strategy

question

Competitiveness

answer

How effectively an organization meets the wants and needs of customers relative to others that offer similar goods or services Organizations compete over: -Price (Cost) -Quality -Response-time -Variety (Flexibility)

question

Operations' Influence on Competitiveness

answer

question

Quality Based Strategies

answer

may be apart of another strategy

question

3 Basic Business Strategies

answer

Low cost, responsiveness, differentiation

question

Planning and Decision Making

answer

Start at the top with a mission (vision)

question

Order Qualifiers

answer

Characteristics that customers perceive as minimum standards of acceptability for a product or service to be considered as a potential for purchase

question

Order Winners

answer

Characteristics of an organization's goods or services that cause it to be perceived as better than the competition

question

Price, delivery reliability, delivery speed and quality can be qualifiers or order winners

answer

and may change over time.

question

Mission

answer

The reason for an organization's existence that serves as the basis for organizational goals Mission statement -States the purpose of the organization -Answer the question: "What business are we in?"

question

Supply Chain Strategy

answer

should align with overall business strategy

question

Example Strategies an Organization Might Choose From

answer

Low Price Specialization -narrow product lines or limited services Variety -e.g., customization Newness -innovation to create new products or services Service -various aspects of service (e.g., helpful, reliable, etc.) Sustainability -environmentally friendly and energy efficient operations Quality Responsiveness (time-based strategies) -reduction of time needed to complete products or perform services

question

Goals

answer

Provide detail and the scope of the mission Goals can be viewed as organizational destinations The basis for organizational strategies

question

Strategy

answer

A plan for achieving organizational goals Serves as a roadmap for reaching the organizational destinations

question

Strategy Formulation

answer

1. Core Competencies 2. Environmental Scanning (SWOT) 3. Order Qualifiers & Order Winners

question

Core Competencies

answer

The special attributes or abilities that give an organization a competitive edge To be effective core competencies and strategies need to be aligned

question

Environmental Scanning - SWOT

answer

Environmental Scanning is necessary to identify: Internal Factors (Strengths and Weaknesses) External Factors (Opportunities and Threats)

question

Key Internal Factors

answer

Human Resources Skills of workforce, expertise, experience, loyalty to the organization Facilities and equipment Capacities, locations, age, maintenance costs Financial resources Cash flow, access to additional funding, debt, cost of capital Customers Loyalty, wants and needs Products and services Existing, potential for new ones Technology Existing, ability to integrate new and its impact on current and future operations Suppliers Relationships, dependency, quality, flexibility, service Other Labor relations, company image, distribution channels etc.

question

Key External Factors

answer

Economic conditions Health and directions of the economy, inflation, deflation, interest rates, taxes, tariffs. Political conditions Attitude towards business, political stability, wars Legal environment Antitrust laws, regulations, trade restrictions, minimum wages laws, liability laws, labor laws, patents Technology Innovations rate, future process technology, design technology Competition Number and strength of competitors, basis of competitions (price, quality etc.) Markets Size, location, brand loyalty, ease of entry, growth potential, long term stability, demographics.

question

Organizational Strategies

answer

Overall strategies that relate to the entire organization and support the achievement of organizational goals and mission

question

Functional level strategies

answer

Strategies that relate to each of the functional areas and that support achievement of the organizational strategy

question

Operations Strategy

answer

The approach, consistent with organization strategy, that is used to guide the operations function. But... Organization Strategy should take into account the realities of operations strengths and weaknesses

question

Tactics

answer

The methods, actions, or implementations taken to accomplish strategies, which ultimately achieve goals The "how to" part of the process

question

Mission, Organizational strategy, Operations strategy

answer

question

Productivity

answer

A measure of the effective use of resources usually expressed as the ratio of output to input Productivity measures are useful for: -Tracking an operating unit's performance over time -Planning workforce requirements -Scheduling equipment -Financial analysis

question

Why does Productivity Matter?

answer

Higher productivity relative to the competition leads to competitive advantage in the marketplace. High productivity is linked to higher standards of living -> Have more, work less. Manufacturing multiplier (1.6-16): manufacturing has beneficial side effect -> service jobs. Manufacturing incorporates R -> competitive edge.

question

Measures of Productivity

answer

Partial measures: output/(single input) Multi-factor measures: output/(multiple inputs) Total measure: output/(total inputs)

question

Examples of Partial Productivity Measures

answer

question

Productivity Calculation Example Units produced: 5,000 Standard price: $30/unit Labor input: 500 hours Cost of labor: $25/hour Cost of materials: $5,000 Cost of overhead: 2x labor cost

answer

larger than 1, but is it good enough? The higher the better

question

Productivity Growth

answer

question

Productivity Growth Example

answer

Labor productivity on the ABC assembly line was 25 units per hour in 2009. In 2010, labor productivity was 23 units per hour. What was the productivity growth from 2009 to 2010?

question

Service Sector Productivity

answer

difficult to measure and manage involves intellectual activities has a high degree of variability

question

Factors Affecting Productivity

answer

Methods Quality Capital Technology -INCREASE: Calculators, Computers, Faxes, copiers, Internet search engines, Voice mail, cell phones, email -REDUCE: inflexibility, high costs, mismatched operations, non-work activities Management

question

Improving Productivity

answer

1. Develop productivity measures for all operations 2. Determine critical (bottleneck) operations 3. Develop methods for productivity improvements 4. Establish (reasonable) goals 5. Make it clear that management supports and encourages productivity improvement 6. Measure and publicize improvements 7. Don't confuse productivity with efficiency

question

Efficiency = getting the most out of a fixed set of resources

answer

Productivity = effective use of overall resources (e.g., upgrading equipment)

question

OM Incorporates

answer

suppliers employees distributers retailers

question

What is the first step in creating a new operation

answer

design of product and process to produce it

question

What might cause a business to change?

answer

changes in the market

question

Start of Chapter 4 Notes: Product and Service Design

answer

The essence of an organization is the goods and services it offers Every aspect of the organization is structured around them Product and Service design (or redesign) should be closely tied to an organization's strategy

question

Reasons for Design or Re-Design

answer

Market Opportunities or Threats drive product and service design (or redesign): Economic -Low demand, need to reduce costs, quality problems Social and Demographic -Aging populations, population shifts Political, Liability, or Legal -Regulations, safety issues Competitive -New or changed products and services Cost or Availability -Raw materials, components, labor, energy Technological -Product components, processes

question

Idea Generation Supply-Chain Based

answer

Ideas can come from anywhere in the supply-chain: -Customers -Suppliers -Distributors -Employees

question

Idea Generation Competitor-Based

answer

Studying how a competitor operates and its products and services

question

Reverse engineering

answer

Dismantling and inspecting a competitor's product to discover product improvements

question

Idea Generation Research Based

answer

Research and Development (R&D) -Organized efforts to increase (scientific) knowledge or product innovation Basic research -Objective: advancing the state of knowledge about a subject without any near-term expectation of commercial applications Applied research -Objective: achieving commercial applications Development -Converts the results of applied research into useful commercial applications.

question

Quality Function Deployment

answer

An approach that integrates the "voice of the customer" into product and service development The purpose is to ensure that customer requirements are factored into every aspect of the process

question

Key Questions for the Organization

answer

question

Phases in Products Design & Development

answer

1. Feasibility analysis -Demand, development and production cost, potential profit, technical analysis, capacity req., skills needed, fit with mission. 2. Product specifications -What's needed to meet customer wants 3. Process specifications -Weigh alternative processes in terms of cost, resources, profit, quality 4. Prototype development -Few units are made to find problems with the product or process 5. Design review -Changes are made or project is abandoned 6. Market test -Determine customer acceptance. If unsuccessful return to Design-review. 7. Product introduction -promotion 8. Follow-up evaluation -Based on feedback changes may be made.

question

Product/Service Life-Stages

answer

question

Standardization

answer

Extent to which there is an absence of variety in a product, service, or process Products are made in large quantities of identical items Every unit [customer] processed goes through the same process [receives essentially the same service]

question

Standardization Advantages

answer

Fewer parts to deal with in inventory and in manufacturing Reduced training costs and time More routine purchasing, handling, and inspection procedures Orders fillable from inventory Opportunities for long production runs and automation

question

Standardization Disadvantages

answer

High cost of design changes increases resistance to improvements: designs may be frozen with too many imperfections remaining Decreased variety results in less consumer appeal

question

Mass Customization

answer

A strategy of producing basically standardized goods or services, but incorporating some degree of customization in the final product or service Techniques: -Delayed differentiation -Modular design

question

Delayed Differentiation

answer

The process of producing, but not quite completing, a product until customer preferences are known e.g., Produce a piece of furniture, but do not stain it; the customer will choose the stain or personalized M

question

Modular Design

answer

A form of standardization in which components are grouped into modules that are easily replaced or interchanged e.g., PC Advantages -simplification of manufacturing and assembly -relatively low training costs -easier diagnosis and remedy of failures -easier repair and replacement Disadvantages -Limited number of possible product configurations -Limited ability to repair a faulty module; the entire module must often be scrapped

question

Different phases of a products life cycle require different strategies

answer

in all cases, accurate forecasts of demand and cash flow are critical

question

Designing (products) for Production

answer

1. Concurrent engineering 2. Computer-Assisted Design (CAD) 3. Production requirements 4. Component commonality

question

Concurrent Engineering

answer

Bringing design and manufacturing engineers together early in the design phase -manufacturing personnel, marketing and purchasing personnel in loosely integrated cross-functional teams -Views of suppliers and customers may also be sought The purpose: -achieve product designs that reflect customer wants as well as manufacturing capabilities

question

Computer Aided Design (CAD)

answer

Increases designers' productivity. Directly provides information to manufacturing (dimensions, material - BOM). Perform analysis: engineering ,cost. Shortens time-to-market SolidWorks, AutoCad

question

Production Requirements

answer

Designers must take into account production capabilities -Equipment -Skills -Types of materials -Schedules -Technologies -Special abilities When Opportunities and Capabilities do not match management must consider expanding or changing capabilities. Related concepts: a. Design For Manufacturing (DFM) b. Manufacturability c. Design For Assembly (DFA)

question

DFM and DFA

answer

Design for Manufacturing (DFM) -designing products that are compatible with an organization's abilities Manufacturability -Ease of fabrication and/or assembly -Has important implications for cost, productivity and quality Design for Assembly (DFA) -reducing the number of parts in a product and on assembly methods and sequence.

question

Component Commonality

answer

When products have a high degree of similarity in features and components, a part can be used in multiple products Benefits: -Savings in design time -Standard training for assembly and installation -Opportunities to buy in bulk from suppliers -Commonality of parts for repair -Fewer inventory items must be handled

question

Service Design

answer

Begins with a choice of service strategy, which determines the nature and focus of the service, and the target market Key issues in service design -Degree of variation in service requirements -Degree of customer contact and involvement

question

Differences between Service & Product Design

answer

1. Services are created and delivered at the same time. Less opportunity to correct errors. Training, process design more important. 2. Services cannot be inventoried -> capacity issues. 3. Services are highly visible to consumers. Importance of process design. 4. Service systems range from those with little or no customer contact (similar to product design) to those that have a very high degree of customer contact 5. Location is often important to service design, with convenience as a major factor. 6. Demand variability - time & requirements - alternately creates waiting lines or idle service resources. Cost and efficiency perspective vs. customer perspective. -Standardizing at the risk of eliminating features that customers value - reduce customer choices (e.g., cable channels bundle) -Increase flexibility by employing temporary workers

question

Challenges to Service Design

answer

Variability Timing. Services cannot be stored. Balancing supply and demand: possible (e.g., doctor's appointments) impossible (e.g., emergency room). Disney's FastPass Difficult to predict customer requirements especially when there is direct contact with the customer.

question

Service Blueprint

answer

a method to design and analyze a service. Steps: 1. Establish boundaries and decide the level of detail needed. 2. Identify and determine the sequence of customer and service actions and interactions. Picture the service from the customer's perspective. 3. Develop time estimates for each phase of the process, as well as time variability. 4. Identify potential failure points and develop a plan to prevent or minimize them, as well as a response plan.

question

Reliability

answer

The ability of a product, part, or system to perform its intended function under a prescribed set of conditions Reliability is expressed as a probability: -The probability that the product or system will function when activated -The probability that the product or system will function for a given length of time

question

The central feature of Taguchi's approach is parameter design.

answer

It focuses on a much smaller subset of possible production environments of standard design of experiments. This can lead to a near optimal solution.

question

Reliability- When Activated

answer

Finding the probability under the assumption that the system consists of a number of independent components Requires the use of probabilities for independent events Independent event Events whose occurrence or non-occurrence do not influence one another

question

Reliability Rule 1

answer

If two or more events are independent and success is defined as the probability that all of the events occur, then the probability of success is equal to the product of the probabilities of the events (#1 works AND #2 works) Overall reliability is less than the least reliable component. Though individual system components may have high reliabilities, the system's reliability may be considerably lower because all components that are in series must function

question

Redundency

answer

One way to enhance reliability is to utilize redundancy, the use of backup components to increase reliability

question

Rule 2

answer

If two events are independent and success is defined as the probability that at least one of the events will occur, the probability of success is equal to the probability that (either) one occurs (it works) plus (OR) 1.00 minus that probability (it fails...) multiplied by the probability the other occurs

question

Rule 3

answer

If two or more events are involved and success is defined as the probability that at least one of them occurs, the probability of success is 1 - P(all fail). 1 - (#1 fails AND #2 fails AND #3 fails) Can also be calculated by using Rule 2 multiple times.

question

What is this system's reliability?

answer

question

Reliability Over Time

answer

Reliabilities are determined relative to a specified length of time.

question

Improving Reliability

answer

Component design Redundancy/backups System design Production/assembly techniques Testing Preventive maintenance procedures User education

STUDY

Cash Flow Problems Flashcards, test questions and answers

We've found 5 Cash Flow Problems tests

Haven't found what you were looking for?

Search for samples, answers to your questions and flashcards