AIS Test 2

Question 1

Sabotage

Answer 1

Intentional act where the intent is to destroy a system or some of its components.

Question 2

Cookie

Answer 2

Text file created by a website and stored on a visitor’s hard drive. Cookies store information about who the user is and what the user has done on the site.

Question 3

Fraud

Answer 3

Any and all means a person uses to gain an unfair advantage over another person.

Question 4

White-Collar Criminals

Answer 4

Typically, business people who commit fraud. White-collar criminals usually resort to trickery or cunning, and their crimes usually involve a violation of trust or confidence.

Question 5

Corruption

Answer 5

Dishonest conduct by those in power which often involves actions that are illegitimate, immoral, or incompatible with ethical standards. Examples include bribery and bid rigging.

Question 6

Investment Fraud

Answer 6

Misrepresenting or leaving out facts in order to promote an investment that promises fantastic profits with little or no risk. Examples include Ponzi schemes and securities fraud.

Question 7

Misappropriation of Assets

Answer 7

Theft of company assets by employees.

Question 8

Fraudulent Financial Reporting

Answer 8

Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.

Question 9

Pressure

Answer 9

Person’s incentive or motivation for committing fraud.

Question 10

Opportunity

Answer 10

Condition or situation that allows a person or organization to commit and conceal a dishonest act and covert it to personal gain.

Question 11

Lapping

Answer 11

Concealing the theft of cash by means of a series of delays in posting collections to accounts receivable.

Question 12

Check Kiting

Answer 12

Creating cash using the lag between the time a check is deposited and the time it clears the bank.

Question 13

Rationalization

Answer 13

Excuse that fraud perpetrators use to justify their illegal behavior.

Question 14

Computer Fraud

Answer 14

Any type of fraud that requires computer technology to perpetrate.

Question 15

Time-Based Model of Security

Answer 15

Implementing a combination of preventive, detective, and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised.

Question 16

Defense-In-Depth

Answer 16

Employing multiple layers of controls to avoid a single point-of-failure.

Question 17

Social Engineering

Answer 17

Using deception to obtain unauthorized access to information resources.

Question 18

Authentication

Answer 18

Verifying the identity of the person or device attempting to access the system.

Question 19

Biometric Identifier

Answer 19

A physical or behavioral characteristic that is used as an authentication credential.

Question 20

Multifactor Authentication

Answer 20

Use of two or more types of authentication credentials in conjunction to achieve a greater level of security.

Question 21

Multimodal Authentication

Answer 21

Use of multiple authentication credentials of the same type to achieve a greater level of security.

Question 22

Authorization

Answer 22

Process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform.

Question 23

Access Control Matrix

Answer 23

Table used to implement authorization controls.

Question 24

Compatibility Test

Answer 24

Matching the user’s authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action.

Question 25

Penetration Test

Answer 25

Authorized attempt to break into the organization’s information system.

Question 26

Change Control and Change Management

Answer 26

Formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability.

Question 27

Border Router

Answer 27

Device that connects an organization’s information system to the internet.

Question 28

Firewall

Answer 28

Special purpose hardware device or software running a general purpose computer that controls both inbound and outbound communication between the system behind the firewall and other networks.

Question 29

Demilitarized Zone (DMZ)

Answer 29

Separate network located outside the organization’s internal information system that permits controlled access from the internet.

Question 30

Routers

Answer 30

Special purpose devices that are designed to read the source and destination address fields in IP packet headers to decide where to send (route) the packet next.

Question 31

Access Control List (ACL)

Answer 31

Set of IF-THEN rules used to determine what to do with arriving packets.

Question 32

Packet Filtering

Answer 32

Process that uses various fields in a packet’s IP and TCP headers to decide what to do with the packet.

Question 33

Deep Packet Inspection

Answer 33

Process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers.

Question 34

Intrusion Prevention Systems (IPS)

Answer 34

Software or hardware that monitors patterns int he traffic flow to identify and automatically block attacks.

Question 35

Endpoints

Answer 35

Collective term for the workstations, servers, printers, and other devices that comprise an organization’s network.

Question 36

Vulnerabilities

Answer 36

Flaws in programs that can be exploited to either crash the system or take control of it.

Question 37

Vulnerability Scanners

Answer 37

Automated tools designed to identify whether a given system possesses any unused and unnecessary programs that represent potential security threats.

Question 38

Exploit

Answer 38

Program designed to take advantage of a known vulnerability.

Question 39

Patch

Answer 39

Code released by software developers that fixes a particular vulnerability.

Question 40

Patch Management

Answer 40

Process of regularly applying patches and updates to software.

Question 41

Hardening

Answer 41

Process of modifying the default configuration of endpoints to eliminate unnecessary settings and services.

Question 42

Log Analysis

Answer 42

Process of examining logs to identify evidence of possible attacks.

Question 43

Intrusion Detection Systems (IDS)

Answer 43

System that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions.

Question 44

Computer Incident Response Team (CIRT)

Answer 44

Team that is responsible for dealing with major security incidents.

Question 45

Virtualization

Answer 45

Running multiple systems simultaneously on one physical computer.

Question 46

Cloud Computing

Answer 46

Using a browser to remotely access software, data storage, hardware, and applications.

Question 47

Threat/Event

Answer 47

Any potential adverse occurrence or unwanted event that could injure the AIS or the organization

Question 48

Exposure/Impact

Answer 48

Potential dollar loss should a particular threat become a reality.

Question 49

Likelihood/Risk

Answer 49

Probability that a threat will come to pass.

Question 50

Internal Controls

Answer 50

Processes and procedures implemented to provide reasonable assurance that control objectives are met.

Question 51

Preventive Controls

Answer 51

Controls that deter problems before they arise.

Question 52

Detective Controls

Answer 52

Controls designed to discover control problems that were not prevented.

Question 53

Corrective Controls

Answer 53

Controls that identify and correct problems as well as correct and recover from the resulting errors.

Question 54

General Controls

Answer 54

Controls designed to make sure an organization’s information system and control environment is stable and well managed.

Question 55

Application Controls

Answer 55

Controls that prevent, detect, and correct transaction errors and fraud in application programs.

Question 56

Belief System

Answer 56

System that describes how a company creates value, helps employees understand management’s vision, communicates company core values, and inspires employees to live by those values.

Question 57

Boundary System

Answer 57

System that helps employees act ethically be setting boandaries on employee behavior.

Question 58

Diagnostic Control System

Answer 58

System that measures, monitors, and compares actual company progress to budgets and performance goals.

Question 59

Interactive Control System

Answer 59

System that helps managers to focus subordinates’ attention on key strategic issues and to be more involved in their decisions.

Question 60

Foreign Corrupt Practices Act (FCPA)

Answer 60

Legislation passed to prevent companies from bribing foreign officials to obtain business; also requires all publicly owned corporations maintain a system of internal accounting controls.

Question 61

Sarbanes-Oxley Act (SOX)

Answer 61

Legislation intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies, and punish executives who perpetrate fraud.

Question 62

Public Company Accounting Oversight Board (PCAOB)

Answer 62

Board created by SOX that regulates the auditing profession; created as part of SOX.

Question 63

Control Objectives for Information and Related Technology (COBIT)

Answer 63

Security and control framework that allows (1) management to benchmark the security and control practices of IT environments, (2) users of IT services to be assured that adequate security and control exist, and (3) auditors to substantiate their internal control opinions and advise on IT security and control matters.

Question 64

Committee of Sponsoring Organizations (COSO)

Answer 64

Private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute.

Question 65

Internal Control- Integrated Framework (IC)

Answer 65

A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems.

Question 66

Enterprise Risk Management - Integrated Framework (ERM)

Answer 66

A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO’s Internal Control - Integrated.

Question 67

Internal Environment

Answer 67

Company culture that is the foundation for all other ERM components, as it influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk.

Question 68

Risk Appetite

Answer 68

Amount of risk a company is willing to accept to achieve its goals and objectives. To avoid undue risk, risk appetite must be in alignment with company strategy.

Question 69

Audit Committee

Answer 69

Outside, independent board of director members responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors.

Question 70

Policy and Procedures Manual

Answer 70

Document that explains proper business practices, describes needed knowledge and experience, explains document procedures, explains how to handle transactions, and lists the resources provided to carry out specific duties.

Question 71

Background Check

Answer 71

An investigation of a prospective or current employee that involves verifying their educatiional work experience, talking to references, checking for a criminal record or credit problems, and examining other publicly available information.

Question 72

Strategic Objectives

Answer 72

High-level goals that are aligned with and support the company’s mission and create shareholder value.

Question 73

Operations Objectives

Answer 73

Objectives that deal with the effectiveness and efficiency of company operations and determine how to allocate resources.

Question 74

Reporting Objectives

Answer 74

Objectives to help ensure the accuracy, completeness, and reliability of company reports; improve decision making; and monitor company activities and performance.

Question 75

Compliance Objectives

Answer 75

Objectives to help the company comply with all applicable laws and regulations.

Question 76

Event

Answer 76

Positive or negative incident or occurrence from internal or external sources that affects the implementation of strategy or the achievement of objectives.

Question 77

Inherent Risk

Answer 77

Susceptibility of a set of accounts or transactions to significant control problems in the absence of internal control.

Question 78

Residual Risk

Answer 78

Risk that remains after management implements internal controls or some other response to risk.

Question 79

Expected Loss

Answer 79

The mathematical product of the potential dollar loss that would occur should a threat become a reality (called impact or exposure) and the risk or probability that the threat will occur (called likelihood).

Question 80

Control Activities

Answer 80

Policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out.

Question 81

Authorization

Answer 81

Establishing policies for employees to follow and then empowering them to perform certain organizational functions. Authorizations are often documented by signing, initializing, or entering an authorization code on a document or record.

Question 82

Digital Signature

Answer 82

Means of electronically signing a document with data that cannot be forged.

Question 83

Specific Authorization

Answer 83

Special approval an employee needs in order to be allowed to handle a transaction.

Question 84

General Authorization

Answer 84

The Authorization given employees to handle routine transactions without special approval.

Question 85

Segregation of Accounting Duties

Answer 85

Sepaarating the accounting functions of authorization, custody, and recording to minimize an employee’s ability to commit fraud.

Question 86

Collusion

Answer 86

Cooperation between two or more people in an effort to thrwart internal controls.

Question 87

Segregation of System Duties

Answer 87

Implementing control procedures to clearly divide authority and responsiblity within the information system function.

Question 88

System Administrator

Answer 88

Person responsible for making sure a system operates smoothly and efficiently.

Question 89

Network Manager

Answer 89

Person who ensures that the organization’s networks operate properly.

Question 90

Security Management

Answer 90

People that make sure systems are secure and protected from internal and external threats.

Question 91

Change Management

Answer 91

Process of making sure changes are made smoothly and efficiently and do not negatively affect the system.

Question 92

Users

Answer 92

People who record transactions, authorize data processing, and use system output.

Question 93

Systems Analysts

Answer 93

People who help users determine their information needs and design systems to meet those needs.

Question 94

Programmers

Answer 94

People who use the analysts’ design to create and test computer programs.

Question 95

Computer Operators

Answer 95

People who operate the company’s computers.

Question 96

Information System Library

Answer 96

Corporate databases, files, and programs stored and managed by the system librarian.

Question 97

Data Control Group

Answer 97

People who ensure that source data is approved, monitor the flow of work, reconcile input and output, handle input errors, and distribute systems output.

Question 98

Steering Committee

Answer 98

An executive level committee to plan and oversee the information systems function.

Question 99

Strategic Master Plan

Answer 99

Multiple-year plan of the projects the company must complete to achieve its long-range goals.

Question 100

Project Development Plan

Answer 100

Document that shows how a project will be completed.

Question 101

Project Milestones

Answer 101

Points where progress is reviewed and actual and estimated completion times are compared.

Question 102

Data Processing Schedule

Answer 102

Schedule that shows when each data processing task should be performed.

Question 103

System Performance Measurements

Answer 103

Ways to evaluate and assess a system.

Question 104

Throughput

Answer 104

Amount of work performed by a system during a given period of time.

Question 105

Utilization

Answer 105

Percentage of time a system is used.

Question 106

Resonse time

Answer 106

How long it takes for a system to respond.

Question 107

Postimplementation Review

Answer 107

Review, performed after a new system has been operating for a brief period, to ensure that it meets its planned objectives.

Question 108

Systems Integrator

Answer 108

An outside party hired to manage a company’s systems developmetn effort.

Question 109

Analytical Review

Answer 109

Examination of the relationships between different sets of data. Abnormal or unusual relationships and trends are investigated.

Question 110

Audit Trail

Answer 110

Path that allows a transaction to be traced through a data processing system from point of origin to output or backward from output to point of origin.

Question 111

Computer Security Officer (CSO)

Answer 111

An empoyee independent of the information system function who monitors the system, disseminates information about improper system uses and their consequences, and reports to top management.

Question 112

Chief Compliance Office (CCO)

Answer 112

Employee resonsible for all the compliance tasks associated with SOX and other laws and regulatory rulings.

Question 113

Forensic Investigators

Answer 113

Individuals who specialize in fraud, most of whom have specialized training with law enforcement agencies such as the FBI or IRS or have professional certifications such as Certified Fraud Examiner (CFE).

Question 114

Computer Forensics Specialists

Answer 114

Computer experts who discover, extract, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges.

Question 115

Neural Networks

Answer 115

Computing systems that imitate the brain’s learning process by using a network of interconnected processors that perform multiple operations simultaneously and interact dynamically.

Question 116

Fraud Hotline

Answer 116

Phone number employees can call to anonymously report fraud and abuse.

Question 117

Auditing

Answer 117

Objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria.

Question 118

Internal Auditing

Answer 118

Assurance and consulting activity designed to add value, improve organizational effectiveness and efficiency, and accomplish organization objectives.

Question 119

Financial Audit

Answer 119

Examination of the reliability and integrity of financial transactions, accounting records, and financial statements.

Question 120

Information Systems (Internal Control) Audit

Answer 120

Examination of the general and application controls of an IS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets.

Question 121

Operational Audit

Answer 121

Examination of the economical and efficient use of resources and the accomplishment of established goals and objectives.

Question 122

Compliance Audit

Answer 122

Examination of organizational compliance with apllicable laws, regulations, policies, and procedures.

Question 123

Investigative Audit

Answer 123

Examination of incidents of possible fraud, misappropriation of assets, waste and abuse, or improper governmental activities.

Question 124

Inherent Risk

Answer 124

Susceptibility to significant control problems in the absence of internal control.

Question 125

Control Risk

Answer 125

Risk that a material misstatement will get through the internal control structure and into the financial statements.

Question 126

Detection Risk

Answer 126

Risk that auditors and their audit procedures will fail to detect a material error or misstatement.

Question 127

Confirmation

Answer 127

Written communication with independent third parties to confirm the accuracy of information, such as customer account balances.

Question 128

Reperformance

Answer 128

Performing calculations again to verify quantitative information.

Question 129

Vouching

Answer 129

Comparing accounting journal and ledger entries with documentary evidence to verify that a transaction is valid, accurate, properly authorized, and correctly recorded.

Question 130

Materiality

Answer 130

Amount of an error, fraud, or omission that would affect the decisiono f a prudent user of financial information.

Question 131

Reasonable Assurance

Answer 131

obtaining complete assurance that information is correct is prohibitively expensive, so auditors accept a reasonable degree of risk that the audit conclusion is incorrect.

Question 132

Systems Review

Answer 132

Internal control evaluation step that determines if necessary control procedures are actually in place.

Question 133

Tests of Controls

Answer 133

Tests to determine whether existing controls work as intended.

Question 134

Compensating Controls

Answer 134

Control procedures that compensate for the deficiency in other controls.