BEC-IT

Question 1

Web crawlers

Answer 1

Search engines (like google) use Web crawlers programs to go on the web, visit web sites and collect information that is used to create entries for the search engine’s index.

Question 2

Worm

Answer 2

A type of malware (similar to virus) whose primary function is to self-replicate and infect other computers while remaining active on infected systems.
Worms generally try to accomplish this by activating the system’s email client and sending multiple emails.
Worms can modify and delete files, and they can even inject additional malicious software onto a computer.
Worms generally exist inside of other files; unlike viruses, they are not stand-alone programs.

Question 3

Denial of service (DoS) attack

Answer 3

Prevents legitimate users from accessing the system.
Perpetrators conduct these attacks, using one or many computers, to flood a server with access requests that cannot be completed. These include ransom and blackmail DoS attacks in which the criminal threatens to deny service unless the user pays a ransom or engages in a specific act (e.g., grants access to their system).

Question 4

Trojan horse

Answer 4

A malicious program hidden inside a seemingly normal file. Frequently used to insert back doors into a system

Question 5

Social engineering or spoofing

Answer 5

Using deceit or deception to gain logical access to the system. The deception is to persuade employees to provide usernames and passwords to the system. These deceptive requests may be delivered verbally or through email, text messaging, or social networking sites. Fraudsters may spoof by faking an identity (e.g., a company or friend) or an email (e.g., pretending to be your bank or a friend of yours) or by creating a website that mimics a real website.

Question 6

Packet sniffing

Answer 6

Programs called packet sniffers capture packets of data as they move across a computer network. While administrators use packet sniffing to monitor network performance or troubleshoot problems with network communications, hackers also use these tools to capture usernames and passwords, IP addresses, and other information that can help them break into the network. Packet sniffing on a computer network is similar to wiretapping a phone line. This is one form of a man-in-the-middle attack.

Question 7

Closed-loop verification

Answer 7

Closed-loop verification helps ensure that a valid and correct customer account has been entered; after the code is entered, this system looks up and displays additional information about the selected code. For example, the operator enters a customer code, and the system displays the customer’s name and address.

Question 8

Hash total

Answer 8

Hash total is a control over whether the total quantity of items entered by the clerks matches the total quantity of items in the orders placed. This is a control over only one field on the purchase orders (i.e., over the quantity of items ordered)

Question 9

Parity check

Answer 9

Parity check is designed to detect errors in data transmission.
It does this by adding an extra data bit to each data unit.

Question 10

boundary protection

Answer 10

Boundary Protection to prevent and detect malicious and other unauthorized communications, through the use of boundary protection devices (e.g. gateways, routers, firewalls, guards, encrypted tunnels).

Question 11

Picking ticket

Answer 11

Picking Ticket identifies the items to be pulled for a sales order.

P

Question 12

OLAP

Answer 12

Part of an ERP System
Online Analytical Processing (OLAP) system
Incorporates data warehouse and data mining capabilities within the ERP
A server that collects data and can extract and transform them.

Question 13

XBRL

Answer 13

eXtensible Business Reporting Language is a tagging language for financial data.
It tags financial elements like General Ledger accounts and “tags” the data for reporting and regulatory purposes.
XBRL is also used in filings with the Securities and Exchange Commission that are made available on EDGAR, the SEC’s Electronic Data Gathering and Retrieval database.

Question 14

Extranets

Answer 14

Private Portals/Platforms network that allows access granted users (company suppliers, customers, business partners, etc.) to access data that is relevant to them ( think of Ariba suppliers) Most secure and private.

Question 15

Intranets

Answer 15

Intranet is internal to the business (available only to members of the organization (business, school, association) allowing users access to internal data.
Often used to connect geographically separate LANs within a company.
Private (e.g., limited access) networks built using Internet protocols

Question 16

RSS (Really Simple Syndication)/ATOM Feeds

Answer 16

An easy way to get news and information. Updates and notifications are gathered on a regular basis real time and put on a dashboard.

XML (extensible Markup Language) application that facilitates the sharing and syndication of website content by subscription.

Question 17

Internet service providers (ISPs)

Answer 17

End-user access to the Internet is provided by Internet service providers (ISPs) that either provide direct connections to the Internet backbone (a collection of extremely high-speed, high-capacity communications lines joined together at network access points) or connect to larger ISPs that ultimately provide that connection.

Question 18

Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP)

Answer 18

Protocols for e-mail services. Part of the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol.

A framework that defines how devices should transmit data between eachother and enables communication over networks and large distances.

Question 19

Extensible Markup Language (XML)

Answer 19

Protocol that provides rules to define any data for use on the Internet and file format for storing, transmitting, and reconstructing arbitrary data.
It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

Question 20

Systems Development Life Cycle (PADDTIM)

Answer 20

P-Planning
A-Analysis
D-Design
D-Development
T-Testing
I-Implementation
M-Maintenance

Question 21

Central Processing Unit

Answer 21

Part of Hardware
The CPU is the control center of the computer system.
The CPU has three principal components:
Control unit—Interprets program instructions.
Arithmetic logic unit (ALU)—Performs arithmetic calculations.
Primary storage (main memory)—Stores programs and data while they are in use. It is divided into two main parts:
Random access memory (RAM)—Stores data temporarily while it is in process.
Read-only memory (ROM)—A semi-permanent data store for instructions that are closely linked to hardware (e.g., “firmware”). Includes portions of the operating system. Hard to change.

Question 22

Primary storage (main memory)

Answer 22

Stores programs and data while they are in use. It is divided into two main parts:
Random access memory (RAM)—Stores data temporarily while it is in process.
Read-only memory (ROM)—A semi-permanent data store for instructions that are closely linked to hardware (e.g., “firmware”). Includes portions of the operating system. Hard to change.

Question 23

Cybersecurity Framework

Answer 23

The framework consists of three parts:
1. the core
2. the profile
3. the implementation tiers
The core includes cybersecurity activities, outcomes, and references (i.e., standards and guidelines).
The profiles help align organizational cybersecurity activities with business requirements, risk tolerances, and resources.
The implementation tiers are a way to view and understand alternative approaches to managing cybersecurity risk.

Question 24

Cybersecurity Framework:
Core

Answer 24

The framework core is a matrix of 4 by 5 of elements and functions that lists activities (with examples) to achieve specific cybersecurity outcomes.
The 4 core elements:
1. functions
2. categories
3. subcategories
4. references
The 5 functions or activities:
1. identify
2. protect
3. detect
4. respond
5. recover

Question 25

Cybersecurity Framework: Implementation Tiers

Answer 25

Tier 1: Partial - Informal, ad hoc & reactive. Ltmd awareness
Tier 2: Risk Informed- not part of a org wide policy.
Tier 3: Repeatable- formal and policy. regularly updated
Tier 4: Adaptive- adapts based on experience & predictive indicatord

Question 26

Data Elements By Size

Answer 26

Files are composed of
Records composed of
Fields composed of
Data composed of
Bytes composed of
Bits

Question 27

Cybersecurity Framework: Profile

Answer 27

The framework profile aligns and integrates the functions, categories, and subcategories with the organization’s requirements, risk tolerance, and resources.
It considers legal and regulatory requirements, industry best practices, and risk appetite.

Question 28

Control Objectives for Information and Related Technology
(COBIT)
Framework

Answer 28

COBIT is a widely used international standard for identifying best practices in IT security and control.
The Framework is made of 3 major components-
1. Domains and processes
2. Information Criteria
3. IT Resources

Question 29

Cloud Service Delivery Models:

Infrastructure as a service (IaaS)

Answer 29

Use of the cloud to access a virtual data center of resources, including a network, computers, and storage.
Example: Amazon Web Services and Carbonite.

Question 30

Cloud Service Delivery Models:

Platform as a service (PaaS)

Answer 30

A development environment for creating cloud-based software and programs using cloud-based services.
Example: Salesforce.com’s

Question 31

Cloud Service Delivery Models:

Software as a service (SaaS)

Answer 31

Remote access to software.
Example: Office 365, a suite of office productivity programs, is an example of SaaS.

Question 32

Role of:
Supervisor of Computer Operations

Answer 32

Supervisor of computer operations has responsibility for the overall operation of the information systems department and should not provide an internal audit function.

Question 33

Role of:
Systems analyst

Answer 33

Systems analyst is responsible for designing the system

Question 34

Role of:
The Control Group

Answer 34

The control group is responsible for providing a continuous review function by supervising and monitoring input, operations, and the distribution of output (i.e., a continuous internal audit function).

Question 35

Role of:
Computer Programmer

Answer 35

The computer programmer is charged with designing program flowcharts and writing computer programs based on the work of the systems analyst

Question 36

Bill of Materials

Answer 36

A bill of materials lists the components used in making a product.

Question 37

Operations list

Answer 37

This document lists the steps (or operations) needed to make a product.

Question 38

Service Organization Controls (SOC) Report Types

Answer 38

The AICPA has issued 3 service organizations’ control reports:
SOC 1: RESTRICTED use reports on controls at a service organization relevant to a user entity’s internal control over financial reporting.
SOC 2: RESTRICTED use reports on controls at a service organization related to security, availability, processing integrity, confidentiality, and/or privacy.
SOC 3: General use SysTrust reports related to security, availability, processing integrity, confidentiality, and/or privacy.

Question 39

Online transaction processing (OLTP) system

Answer 39

Part of an ERP System
Online transaction processing (OLTP) system—
These are modules that contain the core business functions:
- sales
- production
- purchasing
- payroll
- financial reporting, etc.
These functions collect the operational data for the organization and provide the fundamental motivation for the purchase of an ERP.

Question 40

Value-Added Network (VAN)

Answer 40

A private, hosted service that provides companies with a secure way to send and share data with its counterparties.
Ex: Route data transactions btw trading partners

Question 41

Batch Processing Method

Answer 41

Batch processing is a periodic transaction processing method in which transactions are processed in groups:
Input documents are collected and grouped by type of transaction. These groups are called “batches.”
Batches are processed periodically (i.e., daily, weekly, monthly, etc.).
Batch processing is accomplished in four steps:
Step 1: Data entry: The transactions data is manually keyed (usually) and recorded in a transactions file.
Step 2: Preliminary edits: The transaction file data is run through an edit program that checks the data for completeness and accuracy; invalid transactions are corrected and re-entered.
Step 3: Sorting: The edited transaction file records are sorted into the same order as the master file.
Step 4: Master file update: The individual debits and credits are used to update the related account balance in the general ledger master file and, if appropriate, in the subsidiary ledger master file.

Question 42

Online, Real-Time (OLRT) Processing

Answer 42

OLRT is a continuous, immediate transaction processing method in which transactions are processed individually as they occur.
Under OLRT processing:
- The accounting records are always current.
- Detection of transaction errors is immediate.