BEC - 4 Technology

Question 1

Access to a blockchain requires a _______ key.

Answer 1

public and private

Question 2

Data Analytics

Answer 2

rapidly examines large amounts of data to identify hidden patterns correlations, and other insights.

Question 3

Electronic data interchange

Answer 3

use of computerized communication to exchange data electronically in order to process transactions between and within computers and computer networks of various organizations.

Question 4

At what phase in the systems development process is a report generated that describes the content, processing flows, resource requirements, and procedures of a preliminary system design?

Answer 4

Conceptual systems design

• the company identifies and evaluates appropriate design alternatives:

THEN in the physical design phase, the company uses the conceptual design requirements to design and input and output documents, write computer programs…

Question 5

Role of information systems in the business process:

Answer 5

• processes performed by humans
• processes performed by machines
• processes that have one or more outcomes

Question 6

Executive support system

Answer 6

helps answer questions regarding what a company’s competitors are doing

• as well as identifies new acquisitions that would protect the company from cyclical business swings.

Question 7

Customer relationship management

Answer 7

• a cloud-based system that stores customer and prospect contact information, accounts, leads and sales opportunities in ONE CENTRAL DATABASE, available to all departments in a business, such as sales, customer service, accounting, marketing, and business development

Question 8

Fail-soft Protection

Answer 8

The capability to continue processing at all sites except a nonfunctioning one, an advantage of distributed systems.

Question 9

Strategic Information System

Answer 9

A computer system that converts the inputs into data that allows management to make unstructured decisions concerning the company’s future

Question 10

Knowledge bases

Answer 10

Taught by human experts - represent the facts and inferences it knows, which were “taught” to it by human experts.

Question 11

Which of the following is likely to be a benefit of electronic data interchange (EDI)?

Increased transmission speed of actual documents

Improved business relationships with trading partners

Answer 11

Improved business relationships with trading partners

Improved business relationships with trading partners are a benefit of EDI.

• EDI transmits document data, not the actual document
• liability issues related to protection of proprietary business data are a major legal implication of EDI
• EDI backup and contingency planning requirements are not diminished.

Question 12

Blackchain Technology uses what is know as:

Answer 12

Distributed ledger technology

Question 13

Value Added Network (VAN)

Answer 13

Telecommunication networks providing communication facilities enhancing basic telecommunication services by passing, storing, and converting messages using enhanced security techniques.

Question 14

Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (EDI) environment?

A compressed business cycle with lower year-end receivables balances

A reduced need to test computer controls related to sales and collections transactions

An increased opportunity to apply statistical sampling techniques to account balances

No need to rely on third-party service providers to ensure security

Answer 14

A compressed business cycle with lower year-end receivables balances

The EDI system can facilitate just-in-time inventory systems and also speed payment via electronic funds transfer after the transaction, resulting in lower year-end receivables balances.

Question 15

As part of the Sales Order Entry function within the revenue cycle, threats and controls to inventory availability must be assessed. Which of the following is not a control to inventory availability?

Making periodic physical inventory counts to verify record accuracy

Monitoring supplier performance

Examining excess inventory

Creating accurate systems for sales forecasting and inventory control

Answer 15

Examining excess inventory

Excess inventory is a THREAT, not a control, to inventory availability.

Question 16

In an automated payroll processing environment, a department manager substituted the time card for a terminated employee with a time card for a fictitious employee. The fictitious employee had the same pay rate and hours worked as the terminated employee. The best control technique to detect this action using employee identification numbers would be a:

Answer 16

Hash Total

A type of batch control total.

Question 17

Primary advantage of a Value-added network

Answer 17

It proved increase security for data transmissions.

Question 18

The revenue cycle includes which 3:

the expenditure cycle

the production/ conversion cycle

the payroll cycle

The financing/ treasury cycle

Answer 18

the expenditure cycle

the production conversion cycle

the payroll cycle

The revenue cycle is a recurring set of business and data processing activities associated with selling goods and services to customers in exchange for cash. The revenue cycle produces information that is used by other accounting cycles, including the expenditure, production/conversion, and payroll cycles, as well as the financial reporting cycle.

Question 19

Benefits of EDI Electronic Data Interchange

Answer 19

improved business relationships with trading partners

• EDI transmits document data, not the actual document
• liability issues related to protection of proprietary business data are a major legal implication of EDI.
• EDI backup and contingency planning requirements are not diminished.

Question 20

Corporate intranets are typically characterized by ____________ as compared to local and wide area networks.

Answer 20

Higher security risk and lower cost

Intranets are private networks that behave in much the same manner as the internet. They are subject to higher security risks but are less costly to operate than local or wide area networks.

Question 21

The concept of a management information system (MIS) continues to evolve over time. Which of the following is generally understood to be a central element of an MIS?

Answer 21

Processing of data items is based on decision models

Question 22

The 5 principles developed by the AICPA

Answer 22

1. security
2. availability
3. processing integrity
4. confidentiality
5. privacy

Question 23

Many entities use the internet as a network to transmit electronic data interchange transactions. An advantage of using the internet for electronic commerce rather than a traditional VAN is that the internet

Answer 23

permits EDI transactions to be sent to trading partners as transactions occur.

Question 24

What is an essential element of the audit trail in an electronic data interchange (EDI) system

Answer 24

Activity logs that indicate failed transactions

This would allow the auditor to identify why a transaction was not recorded and at what stage the transaction failed.

Question 25

Internally encrypted passwords

Answer 25

A control feature designed to negate the use of utility programs to read files which contain all authorized access user codes for the network

Question 26

reciprocal processing agreement

Answer 26

an agreement made by two or more companies to use each other’s resources during a disaster.

used for small systems, large batch operations, and small batch operations.

Online teleprocessing would generally not involve a reciprocal processing agreement.

Question 27

With respoect to backup procedures for master files that are magnetic tape as opposed to master files on magnetic desk:

Answer 27

a separate backup run is required for disk while the prior master on magnetic tape serves as a backup.

Disk-oriented systems - records are written over so there needs to be a backup.

Tape-oriented systems generate a new master file tape as an output from the updating run.

Question 28

Which of the following controls is least likely to be closely associated with assuring the accuracy and completeness of data in computer-processed master files?

Source data controls

File maintenance controls

Online data entry controls

Logical access controls

Answer 28

Logical Access Controls

Logical
Access Controls such as passwords and access logs serve to prevent improper access to and use of programs and flies.

They do not relate specifically to accuracy and completeness of data.

Question 29

Which of the following statements does not describe how routers control the flow of information on the internet?

Data is divided into packets and transmitted to recreate the original message or data.

Every internet protocol packet contains two parts: a header and a body.

The router reads the destination address in the IP body to determine where it is to be sent.

A border router connects the information system to the internet.

Answer 29

The router reads the destination address in the IP body to determine where it is to be sent.

The router reads the destination address in the HEADER (not the body) to determine where the information is to be sent.

Question 30

Backup computer and telecommunication facilities can be arranged by all of the following, except:

investing in nonredundant hardware, software, and data storage devices.

establishing reciprocal agreements with other companies that have compatible features.

Answer 30

Should be investing in Redundant hardware, software, and data storage devices.

Question 31

A controller is developing a disaster recovery plan for a corporation’s computer systems. In the event of a disaster that makes the company’s facilities unusable, the controller has arranged for the use of an alternate location and the delivery of duplicate computer hardware to this alternate location. Which of the following recovery plans would best describe this arrangement?

Hot site

Cold site

Answer 31

COLD SITE

Cold site - having duplicate hardware delivered to the backup location

Hot Site - the duplicate hardware and CONFIGURED SOFTWARE would already be onsite at the location.

Question 32

All the staff of a merger and acquisitions department in an investment banking firm use spreadsheet programs on personal computers (PCs) to analyze potential client matches. The data is highly confidential. An appropriate control over the department’s use of PCs is:

Answer 32

Keep the program and data diskettes in a secure location when they are not in use by departmental staff.

Question 33

All host devices (meaning those PCs and servers where programs are embedded) should be hardened. This means all except the following:

Modifying the configuration to delete unused programs

Modifying the software to turn off

Modifying the software to reduce potential security threats

Modifying the configuration that uses the programming to its optimal capabilities

Answer 33

Modifying the configuration that uses the programming to its optimal capabilities

The default configurations of host devices and operating systems often turn on many optional settings or special-purpose services that are never used or are not essential.

This creates various security weaknesses. Hardening is the process of modifying the configuration of hosts and application software and deleting, or turning off, unused and unnecessary programs that represent potential security threats.

This is the process of hardening.

Question 34

Most organizations are concerned about the potential compromise of passwords. Which of the following procedures would be the most effective in controlling against a perpetrator obtaining someone else’s password?

Allow only the users to change their passwords and encourage them to change passwords frequently

Implement the use of “see-through” authentication techniques whereby the user uses a card to generate a password and verifies both the key and the generated password to the system.

Answer 34

See-through authentication techniques, such as the one described, require the user to have two important elements:

1. something they posses (card)
2. something they know (key or password.

Question 35

A checkpoint/ restart procedure is primarily designed to recover from

Answer 35

hardware failures

Question 36

The National Cyber Security Alliance (NCSA) guidelines for conducting cyber-risk assessment focus on several key areas. Which of the following is a risk assessment area?

Identify an organization’s most valuable information requiring protection

Identify the threats and risks facing the organization’s valuable information

Identify the damage an organization would incur should its valuable data be lost or wrongfully exposed

Develop and implement a plan to mitigate cyber risk

Answer 36

Identify an organization’s most valuable information requiring protection

identify the threats and risks facing the organization’s valuable information

Identify the damage an organization would incur should its valuable data be lost or wrongfully exposed

Question 37

In one company, the application systems must be in service 24 hours a day. The company’s senior management and information systems management have worked hard to ensure that the information systems recovery plan supports the business disaster recovery plan. A crucial aspect of recovery planning for the company is ensuring that:

Answer 37

organizational and operational changes are reflected in the recovery plans

Question 38

A company employing an online computer system has CRT terminals located in all operating departments for inquiry and updating purposes. Many of the company’s employees have access to and are required to use the CRT terminals. A control the company would incorporate to prevent an employee from making an unauthorized change to computer records unrelated to that employee’s job would be to:

Answer 38

apply a compatibility test to transactions or inquiries entered by the user.

Use of a compatibility test for users would assure that an employee used a CRT only for purposes related to that employee’s job description. For example, an accounts receivable clerk would not be allowed access to inventory or fixed asset records since those records would not be compatible with the duties of an accounts receivable clerk.

Question 39

Five Classifications of controls used to make systems more secure

Answer 39

1. Segregation of duties
2. physical access controls
3. logical access controls
4. personal computers and client/ server network protection
5. internet and telecommunications controls.

Question 40

A disaster recovery alternate site configured to meet user data processing requirements, including the appropriate hardware is called a

Answer 40

hot site

A hot side is one that contains all essential hardware to restore the system in a minimal amount of time. A hot is more costly than a cold site, which includes only appropriate power, air conditioning, and support systems, but no hardware.

Question 41

Denial-of-service attack

Answer 41

an attempt to make a machine or network resource unavailable by saturating the target server with requests so it cannot respond to legitimate traffic because of server overload.

Question 42

The Trust Services criteria were designed to provide flexibility in application and use for a variety of different subject matters. Topics a practitioner may be engaged to report on using the Trust Services criteria include all of the following except:

the effectiveness of controls within an entity’s cybersecurity risk management program to achieve the entity’s cybersecurity objectives.

the suitability of design and operating effectiveness of controls included in management’s description of a service organization’s system relevant to one or more of the Trust Services criteria.

compliance with laws, regulations, rules, contracts, or grant agreements in connection with an examination of the design and operating effectiveness of an entity’s controls.

the suitability of the design of an entity’s controls over security, availability, processing integrity, confidentiality, or privacy to meet the related trust services criteria.

Answer 42

Compliance with laws, regulations, rules, contracts, or grant agreements in connection with an examination of the design and operating effectiveness of an entity’s controls.

Question 43

Access Control Matrix

Answer 43

• A list of all authorized user code numbers and passwords.

list of all files and programs maintained on the system

a record of the type of access to which each user is entitled.

Question 44

Which of the following areas of responsibility are normally assigned to a systems programmer in a computer system environment

Answer 44

Operating systems and compilers

Systems programmers use the design developed by the analysts to develop an information system and write the computer programs.

Therefore, the programmers would be concerned with the operating system and how it will handle various applications, as well as with compilers

Question 45

What is the primary objective of data security controls?

Answer 45

To ensure that storage media are subject to authorization prior to access, , change or destruction

Question 46

A type of flowchart representing areas of responsibility (such as departments) as columns is called horizontal or ___________ flowcharts

Answer 46

document

Question 47

Integrated test Facility

Answer 47

Use of a dummy unit.

computer assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process

Question 48

A compiler is:

Answer 48

a program that converts high-level programming language into machine language.

Question 49

It is important to maintain proper segregation of duties in a computer environment. Which of the following access setups is appropriate?

Users have update access for production data

Users have update access for production data and application programmers have update access for production programs

Answer 49

Users need to update data through applications programs

Application programmers should not be able to change production programs. They should submit changes to the change control unit.

Application programmers should never have update access to production data. users have no need to change production programs

Question 50

A disk storage unit is preferred over a magnetic tape drive because the disk storage unit

Answer 50

Offers random access to data files

Tape - linear fashion

Disks - possible to jump directly from one read location to another.

Question 51

Functions of a database administrator

Answer 51

Database design,

database operation,

database security

Question 52

Social Engineering

Answer 52

a tactic designed to trick an individual or entity into revealing sensitive information

Question 53

Encryption protection is least likely to be used in which of the following situations?

Answer 53

When transactions are transmitted over local area networks.

Question 54

Change control procedures

Answer 54

ensures that program changes are authorized, tested, and documented.

Question 55

Data encryption requirements

Answer 55

data is divided into blocks the same length as the key

breaking the text into a key, fixed length string of binary digits

the algorithm is a formula that combines a key and the text.

Question 56

The performance audit report of an information technology department indicated that the department lacked a disaster recovery plan. What are the steps to correct?

Answer 56

Prepare a statement of responsibilities for tasks included in a disaster recovery plan:

Then the following steps are:

• Setting recovery priorities
• providing the necessary insurances
• providing for backup computer and telecommunications facilities
• Having procedures for periodic testing and revision
• complete documentation of the process.

Question 57

What is the electronic device that separates or isolates a network segment from the main network while maintaining the connection between networks?

Answer 57

Firewall

prevents outsiders and employees from gaining unauthorized access to a system whole allowing permitted communications with other networks.