Certified Ethical Hacker (CEH v12) — Question 277

What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?

Answer options

• A. FISMA
• B. PCI-DSS
• C. SOX
• D. ISO/IEC 27001:2013

Correct answer: C

Explanation

The correct answer is SOX, or the Sarbanes-Oxley Act, which specifically addresses the need for accurate financial reporting and aims to prevent corporate fraud. FISMA relates to federal information security, PCI-DSS focuses on payment card security, and ISO/IEC 27001:2013 is a standard for information security management systems, none of which directly target accounting practices.