Chapter 7 - IT (Hard/Incorrect Questions Only) Flashcards
The computer operating system performs scheduling, resource allocation, and data retrieval functions based on a set of instructions provided by the
Job Control Language Got this correct first try
A digital signature is used primarily to determine that a message is
UNALTERED IN TRANSMISSION.
You got it incorrect - selected “Not intercepted on route”.
Remember from audit, we said Digital Signatures are on files and e-mails to prove identity of the sender and assure that the information was unaltered in in transmission.
Digital signatures do not (incorrect answers):
- prevent a message from being intercepted on route
- dont ensure the message is received by the intended recipient
- dont ensure its sent to the correct address
What is a major disadvantage to using a private keyto encrypt data?
Both sender and receiver must have privatekey before this encryption method can work
Got right, but wasn’t sure if that was an advantage for a sec
Which of the following aresof responsibility are normally assigned to the systems programmer in a computer system environment?
Maintaining and updating operating systems and compliers.
You thought it was “systems analysis and application programming”. That’s for APPLICATION programming, not system programming
Most client/server applications operate on a three-tiered architecture consisting of which of the following layers?
Desktop client, appliation, and database
got it right. It wouldn’t use the following:
- software
- desktop server
- hardware
A trojan horse is a
computer program that appears to be legitimate but performs an illicit activity when it is run
Critical success factor in data mining a large data store?
Pattern recognition.
You got wrong; had no clue.
From book:
“Data mining searches for patterns and trends in data set to obtain useful information. The recognition of patterns is central, thus a critical success factor of a data mining operation.
Google said:
“Data Mining is an analytic process designed to explore data in search of consistent patterns and/or systematic relationships between variables. Data is typically business or market related”
In whcih of the following locations should a copy of the accounting system data backup of year-end information be stired?
Secured off-site lcoation to protect itf rom theft, sabotage, and natural disasters
Got wrong
A manufacturing comoany that wanted to be able to place material rodersmore efficiantly most likely would utilize
EDI
Got wrong
In business informations processing, “stakeholder” refers to which of the following?
Anyone in the organization who has a role in creating or using documents and data stired on computers and networks.
Got right. Was close to choosing C - authorized users who are granted access rights to documents and data stored on the computers or networks
security awareness manual is what type of control?
A preventative correction error because it suggests the organization educates its employees of procedures to prevent errors or fraud
Which seperates or isolates a networks segment from the main network while maintaing the connection betweek networks?
firewall
got wrong
A company has a significant e-commerce presence and self-hosts its web site. To assure continuity in the event of a natural disaster, the firm should adopt which of the following strategies?
Establish an off-site server
An auditor most likely would test for the presence of unauthorized EDP program changes by running a
source code compariosn program
Which of the following is not considered to be a risk associated with the performance of an audit in an IT environment?
circumvention
Which of the following statements is not true of the test data approach when testing a computerized accounting system?
Test data must consist of all possible valid and invalid conditions
What should be examined to determine if an information system is operating according to prescribed procedures?
system control
Which one of the following artificial intelligence information systems cannot learn from experience?
Rule-based expert systems. think about it
.
According to COBIT 5, covering the enterprise from end-to-end means that COBIT 5
Integrates governance of enterprise IT with enterprise governance
An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?
A disaster-recovery plan. Doing these will facilitate rapid operation recovery in the event of a disaster
A company has a significant e-commerce presence and self-hosts its web site. To assure continuity in the event of a natural disaster, the firm should adopt which of the following strategies?
Establish an off-site mirrorwed web server
You said “store records offsight”. Remember, this is an e-commerce heavy website. Also, storing it off-site would tkae more time to reupload info than sttoring it somewhere else online
Which of the following statements presents an example of a general control for a computerized system?
restricting access to computer center through use of biometric devices
Mill Co. uses a batch processing method to process its sales transactions. Data on Mill’s sales transaction tape are electronically sorted by customer number and are subjected to programmed edit checks in preparing its invoices, sales journals, and updated customer account balances. One of the direct outputs of the creation of this tape most likely would be a
report showing exceptions and control totals
To obtain evidence that user identification and password controls are functioning as designed, an auditor would most likely
Examine a sample to determine whether password holders may have access to something incomaptible with their authroity
An auditor using audit software probably would be least interested in which of the following fields in a computerized perpetual inventory file?
economic order quantity
irrelevant for auditor
An auditor would least likely use computer software to
Assess EDP control risk
that requires JUDGEMENT
In an IT department in a fairly large company, which of the following would be responsible for the security of shared data stored in a database system?
Database ADMINISTRATOR
NOT:
Data librarian
Data control clerk
systems analysy
.
Duties that are considered incompatible and should be segregated in an IT environment are:
Authorization, recording, custody
(normal ARC)
Which of the following is not an input control?
parity check ; thats a hardware control
Which of the following is not considered to be a risk associated with the performance of an audit in an IT environment?
circumvention
An audit client is using a computer program to process its data that the auditor wishes to verify. There is no appropriate equivalent program available to the auditor, requiring the auditor to apply techniques involving the direct use of the client program.
A auditor can verify that a program to be tested is the one used processing actual data through controlled reprocessing
A research-based firm in the medical field could use each of the following Internet-based tools for collaboration, except
EDI
Jones, an auditor for Farmington Co., noted that the Acme employees were using computers connected to Acme’s network by wireless technology. On Jones’ next visit to Acme, Jones brought one of Farmington’s laptop computers with a wireless network card. When Jones started the laptop to begin work, Jones noticed that the laptop could view several computers on Acme’s network and Jones had access to Acme’s network files. Which of the following statements is the most likely explanation?
Acme was not using security on the network
Most client/server applications operate on a three-tiered architecture consisting of which of the following layers?
Desktop client/application database
Thought was “DESKTOP SERVER”
