Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cis environment > chapter 3 | mcq > Flashcards

chapter 3 | mcq Flashcards

1
Q

The operating system performs all of the following tasks except
a. translates third-generation languages into machine language
b. assigns memory to applications
c. authorizes user access
d. schedules job processing

A

c. authorizes user access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is considered an unintentional threat to the integrity of the operating system?
a. a hacker gaining access to the system because of a security flaw
b. a hardware flaw that causes the system to crash
c. a virus that formats the hard drive
d. the systems programmer accessing individual user files

A

b. a hardware flaw that causes the system to crash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A software program that replicates itself in areas of idle memory until the system fails is called a
a. Trojan horse
b. worm
c. logic bomb
d. none of the above

A

b. worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A software program that allows access to a system without going through the normal logon procedures is called a
a. logic bomb
b. Trojan horse
c. worm
d. back door

A

d. back door

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

All of the following will reduce the exposure to computer viruses except
a. install antivirus software
b. install factory-sealed application software
c. assign and control user passwords
d. install public-domain software from reputable bulletin boards

A

d. install public-domain software from reputable bulletin boards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host’s network using a technique called
a. spoofing.
b. spooling.
c. dual-homed.
d. screening.

A

a. spoofing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which is not a biometric device?
a. password
b. retina prints
c. voice prints
d. signature characteristics

A

a. password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

All of the following are objectives of operating system control except
a. protecting the OS from users
b. protesting users from each other
c. protecting users from themselves
d. protecting the environment from users

A

d. protecting the environment from users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all of the following except
a. failure to change passwords on a regular basis
b. using obscure passwords unknown to others
c. recording passwords in obvious places
d. selecting passwords that can be easily detected by computer criminals

A

b. using obscure passwords unknown to others

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Audit trails cannot be used to
a. detect unauthorized access to systems
b. facilitate reconstruction of events
c. reduce the need for other forms of security
d. promote personal accountability

A

c. reduce the need for other forms of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which control will not reduce the likelihood of data loss due to a line error?
a. echo check
b. encryption
c. vertical parity bit
d. horizontal parity bit

A

b. encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which method will render useless data captured by unauthorized receivers?
a. echo check
b. parity bit
c. public key encryption
d. message sequencing

A

c. public key encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which method is most likely to detect unauthorized access to the system?
a. message transaction log
b. data encryption standard
c. vertical parity check
d. request-response technique

A

a. message transaction log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

All of the following techniques are used to validate electronic data interchange transactions except

a. value added networks can compare passwords to a valid customer file before message transmission
b. prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm’s database
c. the recipient’s application software can validate the password prior to processing
d. the recipient’s application software can validate the password after the transaction has been processed

A

d. the recipient’s application software can validate the password after the transaction has been processed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In an electronic data interchange environment, customers routinely access
a. the vendor’s price list file
b. the vendor’s accounts payable file
c. the vendor’s open purchase order file
d. none of the above

A

a. the vendor’s price list file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except
a. verifying that only authorized software is used on company computers
b. reviewing system maintenance records
c. confirming that antivirus software is in use
d. examining the password policy including a review of the authority table

A

b. reviewing system maintenance records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Audit objectives for communications controls include all of the following except
a. detection and correction of message loss due to equipment failure
b. prevention and detection of illegal access to communication channels
c. procedures that render intercepted messages useless
d. all of the above

A

d. all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

When auditors examine and test the call-back feature, they are testing which audit objective?
a. incompatible functions have been segregated
b. application programs are protected from unauthorized access
c. physical security measures are adequate to protect the organization from natural disaster
d. illegal access to the system is prevented and detected

A

d. illegal access to the system is prevented and detected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?
a. all EDI transactions are authorized
b. unauthorized trading partners cannot gain access to database records
c. authorized trading partners have access only to approved data
d. a complete audit trail is maintained

A

c. authorized trading partners have access only to approved data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Audit objectives in the electronic data interchange (EDI) environment include all of the following except

a. all EDI transactions are authorized
b. unauthorized trading partners cannot gain access to database records
c. a complete audit trail of EDI transactions is maintained
d. backup procedures are in place and functioning properly

A

d. backup procedures are in place and functioning properly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

In determining whether a system is adequately protected from attacks by computer viruses, all of the following policies are relevant except
a. the policy on the purchase of software only from reputable vendors
b. the policy that all software upgrades are checked for viruses before they are implemented
c. the policy that current versions of antivirus software should be available to all users
d. the policy that permits users to take files home to work on them

A

d. the policy that permits users to take files home to work on them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following is not a test of access controls?
a. biometric controls
b. encryption controls
c. backup controls
d. inference controls

A

c. backup controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

In an electronic data interchange environment, customers routinely
a. access the vendor’s accounts receivable file with read/write authority
b. access the vendor’s price list file with read/write authority
c. access the vendor’s inventory file with read-only authority
d. access the vendor’s open purchase order file with read-only authority

A

c. access the vendor’s inventory file with read-only authority

24
Q

In an electronic data interchange environment, the audit trail
a. is a printout of all incoming and outgoing transactions
b. is an electronic log of all transactions received, translated, and processed by the system
c. is a computer resource authority table
d. consists of pointers and indexes within the database

A

b. is an electronic log of all transactions received, translated, and processed by the system

25
Q

All of the following are designed to control exposures from subversive threats except
a. firewalls
b. one-time passwords
c. field interrogation
d. data encryption

A

c. field interrogation

26
Q

Many techniques exist to reduce the likelihood and effects of data communication hardware failure. One of these is
a. hardware access procedures
b. antivirus software
c. parity checks
d. data encryption

A

c. parity checks

27
Q

Which of the following deal with transaction legitimacy?
a. transaction authorization and validation
b. access controls
c. EDI audit trail
d. all of the above

A

d. all of the above

28
Q

Firewalls are
a. special materials used to insulate computer facilities
b. a system that enforces access control between two networks
c. special software used to screen Internet access
d. none of the above

A

b. a system that enforces access control between two networks

29
Q

An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an)
a. operating system.
b. database management system.
c. utility system
d. facility system.
e. object system.

A

a. operating system.

30
Q

Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, is
a. a smurf attack.
b. IP Spoofing.
c. an ACK echo attack
d. a ping attack.
e. none of the above

A

e. none of the above

31
Q

Which of the following is true?
a. Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate the contents of message packets.
b. An Intrusion prevention system works in parallel with a firewall at the perimeter of the
network to act as a filer that removes malicious packets from the flow before they can
affect servers and networks.
c. A distributed denial of service attack is so named because it is capable of attacking many
victims simultaneously who are distributed across the internet.
d. None of the above are true statements

A

a. Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate the contents of message packets.

32
Q

Advance encryption standard (AES) is
a. a 64 -bit private key encryption technique
b. a 128-bit private key encryption technique
c. a 128-bit public key encryption technique
d. a 256-bit public encryption technique that has become a U.S. government standard

A

b. a 128-bit private key encryption technique

33
Q

What do you call a system of computers that connects the internal users of an organization that is distributed over a wide geographic area?
a. LAN
b. decentralized network
c. multidrop network
d. Intranet

A

d. Intranet

34
Q

Network protocols fulfill all of the following objectives except
a. facilitate physical connection between network devices
b. provide a basis for error checking and measuring network performance
c. promote compatibility among network devices
d. result in inflexible standards

A

d. result in inflexible standards

35
Q

To physically connect a workstation to a LAN requires a
a. file server
b. network interface card
c. multiplexer
d. bridge

A

b. network interface card

36
Q

Packet switching
a. combines the messages of multiple users into one packet for transmission. At the receiving
end, the packet is disassembled into the individual messages and distributed to the intended
users.
b. is a method for partitioning a database into packets for easy access where no identifiable
primary user exists in the organization.
c. is used to establish temporary connections between network devices for the duration of a
communication session.
d. is a denial of service technique that disassembles various incoming messages to targeted
users into small packages and then reassembles them in random order to create a useless garbled message.

A

c. is used to establish temporary connections between network devices for the duration of a
communication session.

37
Q

One advantage of network technology is
a. bridges and gateways connect one workstation with another workstation
b. the network interface card permits different networks to share data
c. file servers permit software and data to be shared with other network users
d. a universal topology facilitates the transfer of data among networks

A

c. file servers permit software and data to be shared with other network users

38
Q

A virtual private network:
a. is a password-controlled network for private users rather than the general public.
b. is a private network within a public network.
c. is an Internet facility that links user sites locally and around the world.
d. defines the path to a facility or file on the web.
e. none of the above is true.

A

b. is a private network within a public network.

39
Q

Which topology has a large central computer with direct connections to a periphery of smaller computers? Also in this topology, the central computer manages and controls data communications among the network nodes.
a. star topology
b. bus topology
c. ring topology
d. client/server topology

A

a. star topology

40
Q

A ping signal is used to initiate
a. URL masquerading
b. digital signature forging
c. Internet protocol spoofing
d. a smurf attack
e. none of the above is true

A

d. a smurf attack

41
Q

In a star topology, when the central site fails
a. individual workstations can communicate with each other
b. individual workstations can function locally but cannot communicate with other worksta-
tions
c. individual workstations cannot function locally and cannot communicate with other
workstations
d. the functions of the central site are taken over by a designated workstation

A

b. individual workstations can function locally but cannot communicate with other worksta-
tions

42
Q

Which of the following statements is correct? The client-server model
a. is best suited to the token-ring topology because the random-access method used by this
model detects data collisions.
b. distributes both data and processing tasks to the server’s node.
c. is most effective used with a bus topology.
d. is more efficient than the bus or ring topologies.

A

b. distributes both data and processing tasks to the server’s node.

43
Q

A star topology is appropriate
a. for a wide area network with a mainframe for a central computer
b. for centralized databases only
c. for environments where network nodes routinely communicate with each other
d. when the central database does not have to be concurrent with the nodes

A

a. for a wide area network with a mainframe for a central computer

44
Q

In a ring topology
a. the network consists of a central computer which manages all communications between
nodes
b. has a host computer connected to several levels of subordinate computers
c. all nodes are of equal status; responsibility for managing communications is distributed among the nodes
d. information processing units rarely communicate with each other

A

c. all nodes are of equal status; responsibility for managing communications is distributed among the nodes

45
Q

A distributed denial of service (DDoS) attack
a. is more intensive that a Dos attack because it emanates from single source
b. may take the form of either a SYN flood or smurf attack
c. is so named because it effects many victims simultaneously, which are distributed across
the internet
d. turns the target victim’s computers into zombies that are unable to access the Internet
e. none of the above is correct

A

b. may take the form of either a SYN flood or smurf attack

46
Q

Which of the following statements is correct? TCP/IP
a. is the basic protocol that permits communication between Internet sites.
b. controls Web browsers that access the WWW.
c. is the file format used to produce Web pages.
d. is a low-level encryption scheme used to secure transmissions in HTTP format.

A

a. is the basic protocol that permits communication between Internet sites.

47
Q

FTP
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.

A

d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.

48
Q

IP spoofing
a. combines the messages of multiple users into a “spoofing packet” where the IP addresses
are interchanged and the messages are then distributes randomly among the targeted users.
b. is a form of masquerading to gain unauthorized access to a web server.
c. is used to establish temporary connections between network devices with different IP
addresses for the duration of a communication session.
d. is a temporary phenomenon that disrupts transaction processing. It will resolve itself when
the primary computer completes processing its transaction and releases the IP address needed by other users.

A

b. is a form of masquerading to gain unauthorized access to a web server.

49
Q

HTML

a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet.
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.

A

a. is the document format used to produce Web pages.

50
Q

Which one of the following statements is correct?
a. Cookies always contain encrypted data.
b. Cookies are text files and never contain encrypted data.
c. Cookies contain the URLs of sites visited by the user.
d. Web browsers cannot function without cookies.

A

c. Cookies contain the URLs of sites visited by the user.

51
Q

A message that is made to look as though it is coming from a trusted source but is not is called
a. a denial of service attack
b. digital signature forging
c. Internet protocol spoofing
d. URL masquerading

A

c. Internet protocol spoofing

52
Q

An IP Address:
a. defines the path to a facility or file on the web.
b. is the unique address that every computer node and host attached to the Internet must have.
c. is represented by a 64-bit data packet.
d. is the address of the protocol rules and standards that governing the design of internet
hardware and software.
e. none of the above is true.

A

b. is the unique address that every computer node and host attached to the Internet must have.

53
Q

A digital signature is
a. the encrypted mathematical value of the message sender’s name
b. derived from the digest of a document that has been encrypted with the sender’s private key
c. the computed digest of the sender’s digital certificate
d. allows digital messages to be sent over analog telephone lines

A

b. derived from the digest of a document that has been encrypted with the sender’s private key

54
Q

HTTP
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.

A

b. controls Web browsers that access the Web.

55
Q

Which of the following statements is correct?

a. Packet switching combines the messages of multiple users into a “packet” for transmission. At the receiving end, the packet is disassembled into the individual messages and distribut- ed to the intended users.
b. The decision to partition a database assumes that no identifiable primary user exists in the organization.
c. Packet switching is used to establish temporary connections between network devices for the duration of a communication session.
d. A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users.

A

c. Packet switching is used to establish temporary connections between network devices for the duration of a communication session.

cis environment (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions