90 VOCABULARY

Question 3

Application

Answer 3

An application is a computer program for performing a specific function, such as a payroll program.

Question 4

Asset

Answer 4

Assets are information resources that support an organization’s mission.

Question 5

Authentication

Answer 5

• Providing assurance regarding the identity of a subject or object, for example, ensuring that a particular user is who he claims to be.
• Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in a system.
• The process of establishing confidence in user identities.

Question 6

Cloud

Answer 6

“The cloud” is a metaphor for a global network, first used in reference to the telephone network and now commonly used to represent the internet. Clouds can be public, private, or hybrid.

Question 7

Cloud Computing

Answer 7

Cloud computing is the delivery of computing services including servers, databases, storage, networking, software, and analytics over the internet—in other words, “the cloud”—offering flexible resources, economies of scale, and faster innovation.

Question 8

Control Environment

Answer 8

According to AU-C 315.A79, the control environment is as follows: “The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.”

Question 9

Control Objective

Answer 9

A control objective is the aim or purpose of specified controls. Control objectives address the risks that the controls are intended to mitigate.

In the context of internal control over financial reporting (ICFR), a control objective generally relates to a relevant assertion for a significant class of transactions, account balance, or disclosure and addresses the risk that the controls in a specific area will not provide reasonable assurance that a misstatement or omission in that relevant assertion is prevented, or detected and corrected, on a timely basis. (AU-C 940)

Question 10

Control Activities

Answer 10

AU-C 315.21 and .A102–.A103 state that control activities are the policies and procedures that help ensure that management directives are carried out. They help ensure that necessary actions are taken to address risks that threaten the achievement of the entity’s objectives. Control activities have various objectives and are applied at various organizational and functional levels.

Question 11

COSO

Answer 11

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of the five private-sector organizations listed below and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control, and fraud deterrence.

The Commission was sponsored by the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), the Financial Executives Institute (FEI), the Institute of Management Accountants (IMA), and the American Accounting Association (AAA). COSO also sponsored a major research study on internal control.

Question 12

Data

Answer 12

In electronic data processing (EDP), data is characters processed in computer systems and stored in computer files. Data is raw; information is developed from data. For example, the balance in your checking account is data. When it is presented in reports such as your monthly statement or tellers’ display screens, it is information.

Data is grouped into records. Records are made up of fields or elements. The fields are data. Thus, your checking account is a record with an account number (field), a balance (field), a name (field), etc.

Volumes of data are measured in bytes. One byte can equal one character of information. Large amounts of data are measured in thousands of bytes (kilobytes (KB)), millions of bytes (megabytes (MB)), and billions of bytes (gigabytes (GB)).

Question 13

Distributed Data Processing

Answer 13

Distributed data processing is a network of interdependent computers where certain functions are centralized, other functions are decentralized, and processing is shared among two or more computers. It is an alternative to both centralization and decentralization.

Distributed data processing provides infrastructure services that facilitate the rapid development, deployment, and management of distributed applications in the telecommunications arena and integrate all telecommunications management and control functions into a unified logical software architecture supported by a single distributed control platform.

Which of the following is the most difficult to implement in a distributed environment?

Security

Question 14

Effectiveness

Answer 14

Effectiveness is the degree to which objectives are achieved; producing the desired effect or result. Effectiveness is not necessarily accompanied by efficiency.

Question 15

Efficiency

Answer 15

Efficiency is the relationship of inputs to outputs. It is performing in the least wasteful manner and is not necessarily accompanied by effectiveness. Efficient performance uses the appropriate (expected, standard, budgeted) quantity and cost of inputs (e.g., man-hours) to produce the output.

Question 16

Encryption

Answer 16

In encryption, data is processed through a formula that substitutes other characters for the original characters, such as a = m, p = z, or e = k; thus, the word “ape” would be changed to “mzk.” Whenever data is encrypted, it must be decrypted to be used. Data may be encrypted so that it can be transmitted between computers to prevent interception of the data. Encryption is also used to store data so that others cannot read it.

Question 17

Hypervisor

Answer 17

A hypervisor, also known as a Virtual Machine Monitor (VMM), is a software or hardware component that creates and manages virtual machines (VMs) on a physical computer. Its primary function is to enable multiple operating systems (OS) to run concurrently on a single physical host or server, effectively virtualizing the hardware resources.

Hypervisors provide isolation and abstraction of the underlying hardware, allowing multiple VMs to operate independently, each with its own OS and application stack. There are two main types of hypervisors:

Type 1 Hypervisor (Bare-Metal Hypervisor):

Installed directly on the physical hardware of the host system.
Does not require an underlying host OS.
Provides a lightweight and efficient virtualization solution.
Examples include VMware vSphere/ESXi, Microsoft Hyper-V (when used in standalone mode), and Xen.
Type 2 Hypervisor (Hosted Hypervisor):

Runs on top of an existing host operating system.
Typically used for development, testing, or less resource-intensive virtualization scenarios.
Examples include VMware Workstation, Oracle VirtualBox, and Parallels Desktop.
Hypervisors allocate and manage the physical resources such as CPU, memory, storage, and network interfaces among the VMs, ensuring that each VM operates independently and securely. This technology is fundamental for server virtualization, cloud computing, and creating isolated development or testing environments.

Question 18

Identification

Answer 18

Identification is the process that enables recognition of an entity by a system, generally by the use of unique machine-readable user names.

Question 19

Infrastructure as a Service (IaaS)

Answer 19

Infrastructure as a service (IaaS) is a virtualized computer environment delivered as a service over the internet by a provider. Infrastructure can include servers, network equipment, and software. It is also called hardware as a service (HaaS).

IaaS provides the basic building blocks for cloud IT and typically provides access to IT assets from a cloud provider who charges on a pay-as-you-go basis.

Infrastructure as a service (IaaS) provides the basic building blocks for cloud IT. It typically provides access to IT infrastructure assets—servers and virtual machines (VMs), storage, networks, and operating systems—from a cloud provider who charges on a pay-as-you-go basis.

Question 20

Internal Control

Answer 20

Question 21

Middleware

Answer 21

Middleware is software that lies between an operating system and the applications running on it. It enables communication and data management for distributed applications, like cloud-based applications (e.g., web servers, application servers, and content management systems).

Question 22

Modem

Answer 22

A modem is an electronic device that allows a computer terminal to send its electronic signals via an audio signal over a telephone line. Using a modem, one computer can communicate with another by phone.

The word “modem” is derived from the contraction of “modulator” and “demodulator.” In the modem, the modulator converts digital pulses, characteristic of a computer’s output, to audio tones capable of being transmitted over a common telephone line. A demodulator in the modem reverses the process at the receiving end.

Question 23

Network

Answer 23

A network is a collection of computers and other hardware components interconnected by communication channels that allow sharing of resources and information.

Question 24

Operating System

Answer 24

An operating system is a software program that controls the overall operation of a computer system. Its functions include controlling the execution of computer programs, scheduling, debugging, assigning storage areas, managing data, and controlling input and output.

Question 25

Platform as a Service (PaaS)

Answer 25

Platform as a service (PaaS) is a computing platform (operating system and other services) delivered as a service over the internet by a provider. An example is an application development environment that can be subscribed to and used immediately.

Question 26

Reliability

Answer 26

• The probability of a given system performing its mission adequately for a specified period of time under the expected operating conditions. The extent to which a computer program can be expected to perform its intended function, with the required precision, on a consistent basis.
• Extent to which a program can be expected to perform its intended function, with the required precision, on a consistent basis.

Question 27

Scalability

Answer 27

The ability to move application software source code and data, without significant modification, into systems and environments that have a variety of performance characteristics and capabilities.

Question 28

Security

Answer 28

Security is the preservation of the authenticity, integrity, confidentiality, and ensured service of any sensitive or non-sensitive computer system-valued function and/or information element.

Security is a system property and much more than a set of functions and mechanisms. Information system security is a system characteristic as well as a set of mechanisms that span the system both logically and physically.

Question 29

Software

Answer 29

Software constitutes the instructions that turn hardware, circuits and chips, into a computer. Without the software, the computer is an expensive doorstop.

There are two basic categories of software: system software and application software.

In personal computers, system software includes the operating system (such as DOS, the Macintosh operating system, OS/2, and Windows) and system utilities like backup programs (such as BrightStar ARCserve Backup by CA, Inc.; Backup Exec and NetBackup by Symantec; and OpenView Storage Data Protector by Hewlett-Packard) and file management programs (such as Windows Explorer and ExplorerXP). This software runs the computer but does not perform any specific problem-solving functions. In mainframe computers, this may be MVS, AS400 OS, or other systems.

Application software provides specific problem-solving or work tasks such as word processing, spreadsheets, database management, inventory management, deposit accounting, and payroll.

Application software will not run unless system software is present to run the computer itself. The application software will call many functions from the system software (such as routines) to move the data (such as a letter) from the RAM (or working memory) to the disk (or storage device).

Question 30

Software as a Service (SaaS)

Answer 30

Software as a service (SaaS) is an application delivered over the internet by a provider (also called a hosted application). The application does not have to be purchased, installed, or run on users’ computers.

Question 31

Threat

Answer 31

A threat is any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service.

Question 32

Virtualization

Answer 32

Virtualization is the act of creating a virtual rather than a physical version of a computing environment, including computer hardware, operating system, and storage devices.