NTROL AND AUDIT OF ACCOUNTING INFORMATION SYSTEMS 4. A company's current password policy requires that passwords be alphanumeric, case- sensitive, and 10 characters long. Which one of the following changes to a company's password policy will increase password strength the most? a. Require passwords to also include special characters (such as S, &, etc.) b. Require passwords to be 15 characters long c. Both of the above changes would have the same effect on password strength 5. Which of the following set of authentication credentials provides the strongest access control? a. A password and a security question. b. A PIN and a smart card. c. Voice recognition and a fingerprint. d. All of the combinations of credentials are equally strong. 6. A firewall that uses-would be most effective in detecting and stopping an attempt to deface the organization's website by sending an HTML "PUT" command to its web server. a. static packet filtering b. stateful packet filtering c. deep packet inspection 7. In addition to encryption, organizations shouldto effectively secure wireless communications a. place all wireless access points in the DMZ b. configure all wireless clients to operate in ad hoc mode c. do both of the above d. do none of the above 8. Which of the following statements are true? a. IT developments such as virtualization, Cloud computing, and the Internet of Things weaken information security b. A large number of emergency changes is a potential red flag of other problems. c. Information security is improved when the CISO reports to the CIO d. All of the statements are true. e. None of the statements are true. 9. ABC bank wants to strengthen the security of its online bill-pay features. Therefore, it de- cides that in addition to a password, users must also correctly identify a picture that they have previously chosen to be one of their authentication credentials. This is an example of a process referred to as a. multifactor authentication b. multimodal authentication c. neither of the above