CHAPTER 4: Auditing DatabaseSystems Flashcards

1
Q

The term database is used in a broad context to include two general approaches:

A

the flat-file model and the database model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Private ownership of data, which characterizes this model, is the root cause of several problems that inhibit data
integration

A

Flat-file model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

three common database models:

A

the hierarchical, the network, and the relational models

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

these are called navigational databases
because of their structure and inflexibility.

A

hierarchical and network models

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Newer accounting information systems make extensive use of this model.

A

Relational model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This flexible approach presents data in a two-dimensional format that is conceptually more pleasing to end users than complex navigational structures.

A

Relational Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

These are data files that contain records with no structured relationships to other files.

A

Flat files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This is most often associated with so-called legacy systems

A

flat-file approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The ___________ environment promotes a single-user view approach to data management whereby end users own their data files rather than share them with other users

A

flat-file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

TRUE OR FALSE
Data files are therefore structured, formatted, and arranged to suit the specific needs of the owner or primary user of the data in a database model.

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the three significant problems in the flat-file approach?

A

data storage, data updating, and currency of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A problem in the flat-file model where efficient data management is not possible. To meet the private data needs of diverse users, organizations must incur the costs of both multiple collections and multiple storage procedures. Some commonly used data may be duplicated dozens, hundreds, or even thousands of times within an organization.

A

Data Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An example of this issue in a flat-file environment is when you need to make a change to a customer’s name or address that must be reflected in the appropriate master files. When users keep separate
and exclusive files, each change must be made separately for each user. These redundant updating tasks add significantly to the cost of data management.

A

Data Updating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An issue in flat-file environment where updated information is not properly disseminated, the change will not be reflected in some users’ data, resulting in decisions based on outdated information.

A

Currency of Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This is the user’s inability to obtain additional information as his or her needs change. In other words, a user’s task is limited and decision-making ability is constrained by the data that he or she possesses and controls.

A

Task-Data Dependency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The _____________ is a special software system that is programmed to know which data elements each user is authorized to access.

A

DBMS or Database Management System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This approach centralizes the organization’s data into a common database that is shared by other users. With the enterprise’s data in a central location, all users have access to the data they need to achieve their respective objectives.

A

The Database Approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A benefit of DBMS where each data element is stored only once, thereby eliminating data redundancy and reducing data collection and storage costs.

A

Elimination of Data Storage Problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A benefit of DBMS where each data element exists in only one place, it requires only a single update procedure. This reduces the time and cost of keeping the database current.

A

Elimination of Data Update Problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A benefit of DBMS where a single change to a database attribute is automatically made available to all users of the attribute. For example, a customer address change entered by the billing clerk is immediately reflected in the marketing and product services views.

A

Elimination of Currency Problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The most striking difference between the database model and the flat-file model is the pooling of data into a common database that is shared by all organizational users. With access to the full domain of entity data, changes in user information needs can be satisfied without obtaining additional private data sets.

A

Elimination of Task-Data Dependency Problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The Database Approach eliminates:

A
  1. Data Storage Problem
  2. Data Update Problem
  3. Currency Problem
  4. Task-Data Dependency Problem
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the key elements of the Database Environment?

A
  1. The Database Management System
  2. Users
  3. The Database Administrator
  4. Physical database
  5. DBMS Models
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Typical features of DBMS:

A
  1. Program development
  2. Backup and recovery
  3. Database usage reporting
  4. Database access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

_________________ is a programming language used to define the database to the DBMS.

A

Data definition language (DDL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The physical arrangement of records in the database is
presented through the _____________. This is the lowest level of representation, which is one step removed from the physical database. This view describes the structures of data
records, the linkages between files, and the physical arrangement and sequence of records in a file. There is only one __________ for the database.

A

Internal view

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The _____________ describes the entire database. This view represents the database logically and abstractly, rather than
the way it is physically stored. There is only one ___________ for a database.

A

schema (conceptual view)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The ______________ defines the user’s section of the database—the portion that an individual user is authorized to access.
To a particular user, the _________is the database. Unlike the internal and conceptual views, there may be many distinct _________.

A

User view/External View

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

__________________ is the proprietary programming language that a particular DBMS uses to retrieve, process, and store
data.

A

Data Manipulation Language

30
Q

A _____________ is an ad hoc access methodology for extracting information from a database.

A

Query

31
Q

____________ has emerged as the standard query language for both mainframe and microcomputer DBMSs. ________________ is a fourth-generation, nonprocedural language (English-like commands) with many commands that allow users to input, retrieve, and modify data easily.

A

Structured Query Language

32
Q

The _______________ is responsible for managing the database resource. The sharing of a common database by multiple users requires organization, coordination, rules, and guidelines to protect the integrity of the database.

A

Database Administrator

33
Q

The duties of the DBA fall into the following areas:

A

database planning;
database design;
database implementation, operation, and maintenance;
and database growth and change.

34
Q

The _____________ describes every data element in the database. This enables all users (and programmers) to share a common view of the data resource, thus greatly facilitating the analysis of user needs. The ____________ may be in both paper form and online.

A

Database Dictionary

35
Q

This is the lowest level of the database and the only level that exists
in physical form.

A

physical database

36
Q

____________ are the bricks and mortar of the database. The ___________ allows records to be located, stored, and retrieved and enables the movement from one record to another. ___________ have two fundamental components: organization and access method.

A

Data structures

37
Q

The ___________ of a file refers to the way records are physically arranged on the secondary storage device. This may be either sequential or random. The records in sequential files are stored in contiguous locations that occupy a specified area of disk space.

A

Data Organization

38
Q

The ___________ is the technique used to locate records and to navigate through the database. During database processing, the ____________ program, responding to requests for data from the user’s application, locates and retrieves or stores the records. The tasks carried out by the ______________ are completely
transparent to the user’s application.

A

Data Access Methods

39
Q

A ______________ is an abstract representation of the data about entities, including resources (assets), events (transactions), and agents (personnel or customers, etc.) and their relationships in an organization.

A

data model

40
Q

A ____________ is a single item of data, such as
customer’s name, account balance, or address.

A

data attribute or field

41
Q

An __________ is a database representation of an individual resource, event, or agent about which we choose to collect data.

A

entity

42
Q

When we group together the data attributes that logically define an entity, they form a ________

A

record type

43
Q

A ____________is the set of record types that an organization needs to support its business processes

A

database

44
Q

Record types that constitute a database exist in relation to other record types. This is called an _________

A

association

45
Q

This means that for every occurrence in Record Type X, there is one (or possibly zero) occurrence in Record Type Y. For example, for every occurrence (employee) in the employee table, there is only one (or zero for new employees) occurrence in the year-to-date earnings table.

A

One-to-one association.

46
Q

For every occurrence in Record Type X, there are zero, one, or many occurrences in Record Type Y. To illustrate, for every occurrence (customer) in the customer able, there are zero, one, or many sales orders in the sales order table. This means that a particular customer may have purchased goods from the company zero, one or many times during the period under review.

A

One-to-many association.

47
Q

For each occurrence of Record Types X and Y, there are zero, one, or many occurrences of Record Types Y and X, respectively. The business relationship between an organization’s inventory and its suppliers illustrates the _________ association. Using this example, a particular supplier provides the company with zero (the supplier is in the database, but the firm does not buy from the supplier), one, or many inventory items. Similarly, the company may buy a particular inventory item from zero (e.g., the firm makes the item in-house), one, or many different suppliers.

A

Many-to-many association

48
Q

The earliest database management systems were based on the _____________________.

A

hierarchical data model

49
Q

IBM’s ______________is the most prevalent example of a hierarchical database

A

information management system (IMS)

50
Q

The _______________ is constructed of sets that describe the relationship between two linked files. Each set contains a parent and a child. Files at the same level with the same parent are called siblings. This structure is also called a tree structure. The highest level in the tree is the root segment, and the lowest file in a particular branch is called a leaf.

A

hierarchical model

51
Q

The hierarchical data model is called a ___________ because traversing the files requires following a predefined path

A

navigational database

52
Q

Limitations of the Hierarchical Model

A

A parent record may have one or more child records.
No child record can have more than one parent.

53
Q

Like the hierarchical model, the _____________is a navigational database with explicit linkages between records and files. The distinction is that the ____________ permits a child record to have multiple parents.

A

network model

54
Q

The ________________ splits the central database into segments or partitions that are distributed to their primary users. This works best for organizations that require minimal data sharing among their distributed IT units.

A

partitioned database approach

55
Q

In a distributed environment, it is possible for multiple sites to lock out each other from the database, thus preventing each from processing
its transactions. This is called ________________.

A

The Deadlock Phenomenon

56
Q

A ___________ is a permanent condition that must be resolved by special software that analyzes each deadlock condition to
determine the best solution.

A

deadlock

57
Q

______________ are effective in companies where there exists a high degree of data sharing but no primary user. Since common data are replicated at each IT unit site, the data traffic
between sites is reduced considerably.

A

Replicated databases

58
Q

A commonly used method for concurrency control is to ____________. This method involves labeling each transaction by two criteria.

A

serialize transactions

58
Q

A commonly used method for concurrency control is to ____________. This method involves labeling each transaction by two criteria.

A

serialize transactions

59
Q

The ______________ is a subset of the total database that defines the user’s data domain and provides access to the database.

A

user view or subschema

60
Q

The ___________________ contains rules that limit the actions a user can take. This technique is similar to the access control list used in the operating system. Each user is granted certain privileges that are coded in the authority table, which is used to verify the user’s action requests.

A

database authorization table

61
Q

A __________________ allows the user to create a personal security program or routine to provide more positive user identification than a single password. Thus, in addition to a password, the security procedure asks a series of personal questions (such as the user’s mother’s maiden name), which only the legitimate user should know.

A

user-defined procedure

62
Q

The ultimate in user authentication procedures is the use of _______________, which measure various personal characteristics, such as fingerprints, voice prints, retina prints, or signature characteristics. These user characteristics are digitized and stored permanently in a database security file or on an identification card that the user carries.

A

biometric devices

63
Q

Audit Procedures for Testing Database Access Controls: ]

The auditor should verify that database administration (DBA) personnel retain exclusive responsibility for creating authority tables and designing user views.

A

Responsibility for Authority Tables and Subschemas

64
Q

Audit Procedures for Testing Database Access Controls:
The auditor can select a sample of users and verify
that their access privileges stored in the authority table are consistent with their job descriptions organizational levels.

A

Appropriate Access Authority

65
Q

Audit Procedures for Testing Database Access Controls

A

Responsibility for Authority Tables and Subschemas.
Appropriate Access Authority.
Biometric Controls.
Inference Controls.
Encryption Controls.

66
Q

The backup procedure begins when the current master file (the parent) is processed against the transaction file to produce a new updated master file (the child). With the next batch of transactions,
the child becomes the current master file (the parent), and the original parent becomes the backup (grandparent) file.

A

GPC Backup Technique or grandparent–parent–child
(GPC) backup technique

67
Q

Real-time systems use timed backup. Transactions processed between backup runs will need
to be reprocessed after restoration of the master file.

A

Real-Time Processing System

68
Q

The ______________ feature provides an audit trail of
all processed transactions. It lists transactions in a _________________ file and records the resulting changes to the database in a separate database change log.

A

transaction log

69
Q

The _____________ suspends all data processing while the
system reconciles the transaction log and the database change log against the database. At this point, the system is in a quiet state.

A

checkpoint facility

70
Q

The _____________ uses the logs and backup files to restart the
system after a failure.

A

recovery module