Take the quiz online
Based on Volume 4, 2016—Mobiil Apps
Value— 1 Hour of CISA/CISM Continuing Professional Education (CPE) Credit
TRUE OR FALSE
1. Sixty-one percent of the US adult population
currently owns a cell phone, and of that 61
percent, 31 percent are smartphones.
2. The basic risk segments can be divided into four
main mobile app security categories, namely:
mobile devices, mobile networks, mobile app
web servers and mobile app databases.
3. By integrating mobile devices into the workplace,
employees can maximize the service they
provide to customers.
4. To prevent malicious extraction from mobile
devices, it is highly recommended that the Data
Encryption Standard (DES) is used.
5. Using data science, it is possible to identify and
extract critical information using techniques such
as data mining, machine learning, statistics and
natural language processing.
6. Traditional security solutions work perfectly with
cloud applications; the protection they afford to
on-premises systems translates seamlessly to
7. A question to ask ourselves is whether data
science can be used as a mechanism, among
other things, to prevent and remediate data
8. Cloud applications are now being used
for malicious activities including hosting
and delivering malware and establishing
communication channels for data exfiltration.
9. Correlation involves mapping large sets of data
under specific security analytics buckets to
understand the complete posture of an attack.
10. Additional security components are executed
to analyze the generated anomaly for potential
threats. An example of this is deep content
11. Examples of malware capabilities include
listening to actual phone calls as they happen.
12. One method of social engineering is “Dishing”
where an attacker masquerades as a trustworthy
13. Encryption is overkill and not needed as
wireless networks simply cannot pass sensitive
information to individuals and/or organizations.
14. The most common risk factors that apply to
using mobile devices include computer viruses,
worms or other personal computing device-specific malware, and theft of sensitive data.
15. The Australian Prudential and Regulatory
Authority (APRA) raised a concern that cloud
reporting by regulated entities mostly focused
on the benefits, while failing to provide adequate
visibility of associated risk.
16. Effective cloud risk management requires
the board of directors to request pertinent
information including cloud value proposition,
i.e., data security, privacy laws, data location,
business resilience, regulatory compliance.
17. Although cloud providers continue to invest
heavily in security capabilities, concerns about
data security and regulatory compliance remain
key barriers to cloud adoption.