Question 375 of 530 from exam 400-251: CCIE Security written exam

Question 375 of 530 from exam 400-251: CCIE Security written exam


Which two statements about SOX are true? (Choose two.)



A. B. C. D. E.


SOX stands for Sarbanes-Oxley Act, which is a US federal law that was passed in 2002. It is also known as the Public Company Accounting Reform and Investor Protection Act of 2002. SOX was introduced to enhance corporate governance and accountability, and to improve the accuracy and reliability of financial disclosures.

The two statements that are true about SOX are:

B. SOX is a US law. SOX is a federal law in the United States that was passed by Congress in 2002. It applies to all publicly traded companies in the US, including foreign companies that are listed on US stock exchanges. SOX requires companies to maintain accurate and reliable financial records, to implement internal controls to prevent fraud, and to produce audited financial statements.

E. Section 404 of SOX is related to IT compliance. Section 404 of SOX requires companies to establish and maintain effective internal controls over financial reporting. This includes controls related to information technology (IT) systems, such as access controls, system security, and data backup and recovery. Companies must also test and evaluate the effectiveness of these controls on an ongoing basis and report any deficiencies to their auditors.

Therefore, option A is incorrect because SOX is not an IETF compliance procedure for computer systems security. Option C is also incorrect because SOX is not an IEEE compliance procedure for IT management to produce audit reports. Option D is incorrect because SOX is not a private organization that provides best practices for financial institution computer systems.