Certified Ethical Hacker (CEH v13) — Question 173

What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?

Answer options

• A. FISMA
• B. PCI-DSS
• C. SOX
• D. ISO/IEC 27001:2013

Correct answer: C

Explanation

The correct answer is C, SOX (Sarbanes-Oxley Act), which specifically addresses financial practices and corporate governance to prevent accounting fraud. The other options, such as FISMA and PCI-DSS, focus on different aspects of information security and compliance, while ISO/IEC 27001:2013 is a standard for information security management systems.