Which of the following is a correct statement regarding the relationship between the COSO and COBIT frameworks?  Check all that apply.

Tableau Problem #2 – Use the following information to answer questions 41 through 50. You have been asked to perform a System and Organization Control 1, Type 2 (SOC 1 Type 2) engagement for RHE Company.  As part of your engagement you have been asked to examine some of RHE’s information technology (IT) related controls.  Specifically, RHE’s IT general controls (ITGCs) regarding its software change management processes and whether changes to software were authorized, tested, and implemented in accordance with RHE policies.   As a result of interviews you have conducted, you ask RHE personnel to provide you changes initiated/opened during the 2024 calendar year which may have approval dates or implementation dates, etc. extending into the beginning of the 2025 calendar year.  The data you receive from the company is broken out as follows: Changes worksheet with the following data fields: Change ID: identifier that uniquely identifies each change (CHNG10026) Change Opened: date the change was opened in the change management system in day/month/year format (1/3/2024) Business Approver Date: date the change was approved by the business user in the change management system in day/month/year format (1/4/2024).  Note: Regular changes require business approval before they are implemented IT Manager Approver Date: date the change was approved by the IT Manager in the change management system in day/month/year format (1/5/2024). Note: Regular changes require IT approval before they are implemented Implementation Date: date the change was implemented into the production environment in day/month/year format (1/20/2024) Post-Implementation Review: date a post-implementation review was performed in day/month/year format (1/22/2024).  Note: post-implementation reviews are only necessary for Emergency changes Regular Change Closed Date: date the Regular change was closed in the change management system in day/month/year format (1/22/2024) Emergency Change Closed Date: date the Emergency change was closed in the change management system in day/month/year format (1/24/2024) Days from IT Approval to Implementation: number of days between the IT Manager Approver Date and the Implementation Date and this field only applies to Regular changes.  Note: a positive number means the change was approved before being implemented while a negative number means the change was approved after the change was implemented Application Name: name of the application associated with the change (SharePoint) Change Category: changes are either an Application change or an Infrastructure change Change Type: changes are either Regular or Emergency Risk: level of risk the change brings (changes are either High, Medium, or Low) Specifically, you are to: download and save the following data ‘Change Management.xlsx’;  look through the data in Excel – this will help you become familiar with the data connect Tableau to the data;  the data has 13 fields with 4,430 rows.  Once connected, please double check the ‘Data Source’ tab in Tableau states 13 fields with 4,430 rows to ensure all data has been loaded.   In addition, in order to perform certain distinct counts you will need to duplicate the ‘Change ID’ dimension and convert that duplicate into a measure.    Conversely, to answer certain questions you may need to convert the ‘Days from IT Approval to Implementation’ measure into a dimension. using Tableau, answer the questions that follow; and delete the data file once finished.

How many High risk firewall changes were opened?  The Senior Consultant on the engagement informs you that firewall is the name of an application.

Patricia is a salesperson for a security services company called Star Security and has just submitted a bid to the Texas Department of Licensing to provide security for the Jake Paul vs Mike Tyson ‘boxing’ match.  Patricia learns that the contract is between Star Security and another security firm.  Patricia contacts the purchasing agent at the Texas Department of Licensing and states that if Star Security is awarded the contract, Patricia will provide the purchasing agent with an all-expense-paid vacation package to some place sick like Tulsa or Little Rock (a Pitch Perfect 2 reference).   What type of fraud is Patricia performing in this situation?

Which of the following was not one of the principles used when developing the COBIT framework?

In the Clarks’ research on African American children in the 1930s from segregated and integrated schools, they found that children from the segregated schools…

A local company has approached you to help them determine their progress/maturity toward improving their overall IT security posture.  During your interviews with company personnel you learn that the company has individuals responsible for managing and protecting the IT infrastructure along with multiple departments with differing risk profiles.  This company also stores and processes sensitive data for its clients and can withstand only short interruptions in service.  Because of the sensitivity of the data it stores and processes any breach of the company’s network would be a major concern as it may lead to a loss of public confidence. The Center for Internet Security (CIS) Implementation Group (IG) that mostly closely matches your client’s environment is [implementationgroup].

Alexander and Shelton claim that many psychologists see their discipline… (select all that apply)

Which employee accessed the network the most times using a non-U.S. IP address?  (Enter the last 5 digits of the employee’s number only – that is, employee number EE076411 should be entered as 76411).

In his development of the widely adopted concept of the schema, Fredric Bartlett utilized a