is/are an example of a detective control. 7) A) Physical access controls B) Encryption C) Emergency response teanms D) Log analysis of both 8) COBIT S management practice APO01.08 stresses the importance of employee compliance with the organization's information security policies and overall performance of business processes A) continuous improvement of B) continuous reviewing C) continuous monitoring D) continuous auditing 9) Which of the following is not a requirement of effective passwords? A) Passwords should be changed at regular intervals B) Passwords should be no more than 8 characters in length C) Passwords should contain a mixture of upper and lowercase letters, numbers and characters. D) Passwords should not be words found in dictionaries. 10) Which of the following preventive controls are necessary to provide adequate security for social engineering threats? A) Controlling physical access. B) Encryption. C) Profiling. D) Awareness training. 11) A special purpose hardware device or software running on a general purpose computer, which filters information that is allowed to enter and leave the organization's information system, is known as a(n) A) demilitarized zone. B) intrusion detection system. C) intrusion prevention system. D) firewall. 12) A separate network located outside the organization's internal information system that permits controlled access from the Internet to selected resources is known as a(n) A) demilitarized zone. B) intrusion detection system. C) intrusion prevention system. D) firewall. 13) This protocol specifies the procedures for dividing files and documents into packets sent over the Internet. A) access control list 3) Internet protocol