chapter 2 | mcq Flashcards
All of the following are issues of computer security except
a. releasing incorrect data to authorized individuals
b. permitting computer operators unlimited access to the computer room
c. permitting access to data by unauthorized individuals
d. providing correct data to unauthorized individuals
b. permitting computer operators unlimited access to the computer room
Segregation of duties in the computer-based information system includes
a. separating the programmer from the computer operator
b. preventing management override
c. separating the inventory process from the billing process
d. performing independent verifications by the computer operator
a. separating the programmer from the computer operator
In a computer-based information system, which of the following duties needs to be separated? a. program coding from program operations
b. program operations from program maintenance
c. program maintenance from program coding
d. all of the above duties should be separated
d. all of the above duties should be separated
Supervision in a computerized environment is more complex than in a manual environment for all of the following reasons except
a. rapid turnover of systems professionals complicates management’s task of assessing the
competence and honesty of prospective employees
b. many systems professionals have direct and unrestricted access to the organization’s
programs and data
c. rapid changes in technology make staffing the systems environment challenging
d. systems professionals and their supervisors work at the same physical location
d. systems professionals and their supervisors work at the same physical location
Adequate backups will protect against all of the following except
a. natural disasters such as fires
b. unauthorized access
c. data corruption caused by program errors
d. system crashes
b. unauthorized access
Which is the most critical segregation of duties in the centralized computer services function?
a. systems development from data processing
b. data operations from data librarian
c. data preparation from data control
d. data control from data librarian
a. systems development from data processing
Systems development is separated from data processing activities because failure to do so
a. weakens database access security
b. allows programmers access to make unauthorized changes to applications during
execution
c. results in inadequate documentation
d. results in master files being inadvertently erased
b. allows programmers access to make unauthorized changes to applications during
execution
Which organizational structure is most likely to result in good documentation procedures?
a. separate systems development from systems maintenance
b. separate systems analysis from application programming
c. separate systems development from data processing
d. separate database administrator from data processing
a. separate systems development from systems maintenance
All of the following are control risks associated with the distributed data processing structure except
a. lack of separation of duties
b. system incompatibilities
c. system interdependency
d. lack of documentation standards
c. system interdependency
Which of the following is not an essential feature of a disaster recovery plan?
a. off-site storage of backups
b. computer services function
c. second site backup
d. critical applications identified
b. computer services function
A cold site backup approach is also known as
a. internally provided backup
b. recovery operations center
c. empty shell
d. mutual aid pact
c. empty shell
The major disadvantage of an empty shell solution as a second site backup is
a. the host site may be unwilling to disrupt its processing needs to process the critical
applications of the disaster stricken company
b. intense competition for shell resources during a widespread disaster
c. maintenance of excess hardware capacity
d. the control of the shell site is an administrative drain on the company
b. intense competition for shell resources during a widespread disaster
An advantage of a recovery operations center is that
a. this is an inexpensive solution
b. the initial recovery period is very quick
c. the company has sole control over the administration of the center
d. none of the above are advantages of the recovery operations center
b. the initial recovery period is very quick
For most companies, which of the following is the least critical application for disaster recovery purposes?
a. month-end adjustments
b. accounts receivable
c. accounts payable
d. order entry/billing
a. month-end adjustments
The least important item to store off-site in case of an emergency is
a. backups of systems software
b. backups of application software
c. documentation and blank forms
d. results of the latest test of the disaster recovery program
d. results of the latest test of the disaster recovery program