Which of the following is a correct statement regarding the relationship between the COSO and COBIT frameworks?  Check all that apply.

Which month had the highest count of changes opened? [month]

Which month had the lowest (i.e. shortest) average number of days from the date of implementation to the date of post-implementation review? The Senior Consultant on the engagement informs you that a calculation of DATEDIFF(‘day’,[Implementation Date],[Post-Implementation Review],’sunday’) can be helpful in addressing the question. [month]

Tableau Problem #1 – Use the following information to answer questions 31 through 40. You have been asked to help perform some procedures related to a Network Vulnerability Scan engagement.  Specifically, your team has been asked to identify, assess, and report on potential security weaknesses within the client’s network infrastructure.  Your portion of the engagement is focused on analyzing network login activity logs to identify any unusual activity that may have occurred.  The data you receive from the company is broken out as follows: Network Logs worksheet with the following data fields: Network Login ID: number that uniquely identifies each network log in (100234001) Date: date the log in occurred in month/day/year format (10/1/2024) Time: time stamp the log in occurred in hour/minute/second 12-hour format (4:24:39 AM) Employee Number: number that uniquely identifies the employee who logged into the network (EE079238) Office Location:  office location name related to the Employee Number (Secondary Campus – Atlanta) Day of the Week:  day of the week of the network login (Wednesday) IP Address:  number that uniquely identifies the IP Address of the device used to log into the network (34659328) IP Address City:  name of the city that the IP Address originates from (Atlanta) IP Address County:  name of the country that the IP Address originates from (United States of America) Specifically, you are to: download and save the following data ‘Client Network Log Data.xlsx’;  look through the data in Excel – this will help you become familiar with the data connect Tableau to the data;  there are 9 fields with 29,800 rows in the data – before beginning, please double check the ‘Data Source’ tab in Tableau to ensure all data has been loaded In order to perform certain distinct counts you will need to duplicate the ‘Network Login ID’ dimension and the ‘Employee Number’ dimension and convert those duplicates into measures.  In addition, if using the ‘Employee Number’ dimension, Tableau may pop-up a warning message stating the recommended maximum number for the shelf is 1,000.  If this warning message appears, go ahead and click on ‘Add all members’.  This will ensure all available data is analyzed. using Tableau, answer the questions that follow; and delete the data file once finished.

Your firm has been hired to help map a client’s control activities to the appropriate National Institute of Standards and Technology (NIST) Control Family in the NIST 800-53 framework.  The client’s control is that the IT Department periodically scans the network for vulnerabilities.  This control best matches the description of which of the following NIST 800-53 Control Families?

Which of the following is an example of external fraud?

Which of the following is a correct statement regarding the relationship between the COSO and COBIT frameworks?  Check all that apply.

Tableau Problem #2 – Use the following information to answer questions 41 through 50. You have been asked to perform a System and Organization Control 1, Type 2 (SOC 1 Type 2) engagement for RHE Company.  As part of your engagement you have been asked to examine some of RHE’s information technology (IT) related controls.  Specifically, RHE’s IT general controls (ITGCs) regarding its software change management processes and whether changes to software were authorized, tested, and implemented in accordance with RHE policies.   As a result of interviews you have conducted, you ask RHE personnel to provide you changes initiated/opened during the 2024 calendar year which may have approval dates or implementation dates, etc. extending into the beginning of the 2025 calendar year.  The data you receive from the company is broken out as follows: Changes worksheet with the following data fields: Change ID: identifier that uniquely identifies each change (CHNG10026) Change Opened: date the change was opened in the change management system in day/month/year format (1/3/2024) Business Approver Date: date the change was approved by the business user in the change management system in day/month/year format (1/4/2024).  Note: Regular changes require business approval before they are implemented IT Manager Approver Date: date the change was approved by the IT Manager in the change management system in day/month/year format (1/5/2024). Note: Regular changes require IT approval before they are implemented Implementation Date: date the change was implemented into the production environment in day/month/year format (1/20/2024) Post-Implementation Review: date a post-implementation review was performed in day/month/year format (1/22/2024).  Note: post-implementation reviews are only necessary for Emergency changes Regular Change Closed Date: date the Regular change was closed in the change management system in day/month/year format (1/22/2024) Emergency Change Closed Date: date the Emergency change was closed in the change management system in day/month/year format (1/24/2024) Days from IT Approval to Implementation: number of days between the IT Manager Approver Date and the Implementation Date and this field only applies to Regular changes.  Note: a positive number means the change was approved before being implemented while a negative number means the change was approved after the change was implemented Application Name: name of the application associated with the change (SharePoint) Change Category: changes are either an Application change or an Infrastructure change Change Type: changes are either Regular or Emergency Risk: level of risk the change brings (changes are either High, Medium, or Low) Specifically, you are to: download and save the following data ‘Change Management.xlsx’;  look through the data in Excel – this will help you become familiar with the data connect Tableau to the data;  the data has 13 fields with 4,430 rows.  Once connected, please double check the ‘Data Source’ tab in Tableau states 13 fields with 4,430 rows to ensure all data has been loaded.   In addition, in order to perform certain distinct counts you will need to duplicate the ‘Change ID’ dimension and convert that duplicate into a measure.    Conversely, to answer certain questions you may need to convert the ‘Days from IT Approval to Implementation’ measure into a dimension. using Tableau, answer the questions that follow; and delete the data file once finished.

How many High risk firewall changes were opened?  The Senior Consultant on the engagement informs you that firewall is the name of an application.

Patricia is a salesperson for a security services company called Star Security and has just submitted a bid to the Texas Department of Licensing to provide security for the Jake Paul vs Mike Tyson ‘boxing’ match.  Patricia learns that the contract is between Star Security and another security firm.  Patricia contacts the purchasing agent at the Texas Department of Licensing and states that if Star Security is awarded the contract, Patricia will provide the purchasing agent with an all-expense-paid vacation package to some place sick like Tulsa or Little Rock (a Pitch Perfect 2 reference).   What type of fraud is Patricia performing in this situation?