IFTC Flashcards

1
Q

Which of the following is not true? Relational databases

a. Are maintained on direct access devices.
b. Store data in table form.
c. Are flexible and useful for unplanned, ad hoc queries.
d. Use trees to store data in hierarchical structure.

A

Use trees to store data in hierarchical structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Graphical notations that show the flow and transformation of data within system or business area are called

A

Data flow diagrams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following items would be most critical to include in systems specification document for financial report?

a. Cost-benefit analysis.
b. Training requirements.
c. Data elements needed.
d. Communication change management considerations.

A

Data elements needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of computerized data processing system would be most appropriate for a company that is opening new retail location?

A

Real-time processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

First Federal has an on-line real-time system, with terminals installed in all of its branches. This system will not accept a customer’s cash withdrawal instructions in excess of $1,000 without the use of a “terminal audit key.” After the transaction is authorized by supervisor, the bank teller then pacesses the transaction with the audit key. This control can be strengthened by

A

Online recording of the transaction on an audit override sheet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Companies now can use electronic transfers to conduct regular business transactions. Which of the following terms best describes system where an agreement is made between two or more parties to electronically transfer purchase orders, sales orders, invoices, and/or other financial documents?

a. Electronic funds transfer (EFT).
b. Electronic data processing (EDP).
c. Electronic data interchange (EDI).
d. Electronic mail (E-mail).

A

Electronic data interchange (EDI).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In an accounting information system, which of the following types of computer files most likely would be master file?

a. Cash receipts.
b. Cash disbursements.
c. Inventory subsidiary.
d. Payroll transactions.

A

Inventory subsidiary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The primary objective of security software is to

A

Control access to information system resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A digital signature is used primarily to determine that a message is

A

Unaltered in transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A system in which the end user is responsible for the development and execution of the computer application that he or she uses is referred to as

A

End-user computing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An entity doing business on the Internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

a. Password management.
b. Digital certificates.
c. Data encryption.
d. Batch processing.

A

Batch processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Parity checks, read-after-write checks, and duplicate circuitry are computer controls that are designed to detect

A

Erroneous internal handling of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An overall description of database, including the names of data elements, their characteristics, and their relationship to one another, would be defined by using a

A

Data definition language.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The use of header label in conjunction with magnetic tape is most likely to prevent errors by the

A

Computer operator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A brokerage firm has changed program so as to permit higher transaction volumes. After paper testing of the change, the revised programs were authorized and copied to the production library. This practice is an example of

A

Change control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Bacchus, Inc. is large multinational corporation with various business units around the world. After fire destroyed the corporate headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure timely recovery?

a. Backup power.
b. Daily backup.
c. Business continuity.
d. Network security.

A

Business continuity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When designing the physical layout of a data processing center, which of the following would be least likely to be necessary control?

a. Inclusions of an adequate power supply system with surge protection.
b. Consideration of risks related to other uses of electricity in the area.
c. Design of controls to restrict access.
d. Adequate physical layout space for the operating system.

A

Adequate physical layout space for the operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following statements best characterizes the function of physical access control?

a. Provides authentication of users attempting to log into the system.
b. Minimizes the risk of incurring power or hardware failure.
c. Protects systems from the transmission of Trojan horses.
d. Separates unauthorized individuals from computer resources.

A

Separates unauthorized individuals from computer resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A fast-growing service company is developing its information technology internally. What is the first step in the company’s systems development life cycle?

A

Analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following most likely represents a significant deficiency in the internal control?

a. The control clerk establishes control over data received by the information systems departments and reconciles totals after processing.
b. The systems pagrammer designs systems for computerized applications and maintains output controls.
c. The accounts payable clerk prepares data for computer processing and enters the data into the computer.
d. The systems analyst reviews applications of data processing and maintains systems documentation.

A

The systems pagrammer designs systems for computerized applications and maintains output controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a major disadvantage to using private key to encrypt data?

A

Both sender and receiver must have the private key before this encryption method will work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following statements is correct regarding the Internet as commercially viable network?

a. Organizations must use firewalls if they wish to maintain security over internal data.
b. Companies must apply to the Internet to gain permission to create homepage to engage in electronic commerce.
c. Companies that wish to engage in electronic commerce on the Internet must meet required security standards established by the coalition of Internet providers.
d. The Internet is the only feasible method to conduct business electronically.

A

Organizations must use firewalls if they wish to maintain security over internal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals?

a. Data entry and antivirus management.
b. Data entry and quality assurance.
c. Network maintenance and wireless access.
d. Data entry and application programming.

A

Data entry and application programming.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

To reduce security exposure when transmitting proprietary data over communication lines, a company should use

A

Cryptographic devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is usually benefit of using electronic funds transfer for international cash transactions?

a. Off-site storage of foreign soun:e documents.
b. Reduction in the frequency of data entry errors.
c. Improvement in the audit trail for cash transactions.
d. Creation of multilingual disaster recovery

A

Reduction in the frequency of data entry errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following is not one of the five principles of COBIT S?

a. Control objectives.
b. Covering the enterprise end-to-end.
c. Separating governance from management.
d. Meeting stakeholder needs.

A

Control objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The program flowcharting symbol representing a decision is a

A

Diamond.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

When considering disaster recovery, what type of backup facility involves an agreement between organizations to aid each other in the event of disaster?

A

Reciprocal agreement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following controls would assist in detecting an error when the data input clerk records sales invoice as $12.99 when the actual amount is $122.99?

a. Limit check.
b. Echo check.
c. Batch control totals.
d. Sign check.

A

Batch control totals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A data warehouse in an example of

A

On-line analytical processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

The machine language for specific computer

A

Is determined by the engineers who designed the computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

The machine-language program that results when symbolic-language program is translated is called

A

Object program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following internal control procedures would prevent an employee from being paid an inappropriate hourly wage?

a. Having the supervisor of the data entry clerk verify that each employee’s hours worked are correctly entered into the system.
b. Limited access to employee master files to authorized employees in the personnel department.
c. Giving payroll data entry clerks the ability to change any suspicious hourly pay rates to a reasonable rate.
d. Using real-time posting of payroll so there can be no after-the-fact data manipulation of the payroll register.

A

Limited access to employee master files to authorized employees in the personnel department.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is not a characteristic of a batch processed computer system?

a. The posting of a transaction, as it occurs, to several files, without intermediate printouts.
b. The collection of like transactions which are sorted and processed sequentially against master file.
c. The production of numerous printouts.
d. Keypunching of transactions, followed by machine processing.

A

The posting of a transaction, as it occurs, to several files, without intermediate printouts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

One of the major problems in computer system is that incompatible functions may be performed by the same individual. One compensating control for this is use of

A

A computer log.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following is considered to be server in local area network (LAN)?

a. A device that stores pagram and data files for users of the LAN.
b. The cabling that physically interconnects the nodes of the LAN.
c. A device that connects the LAN to other networks.
d. A workstation that is dedicated to single user on the LAN.

A

A device that stores pagram and data files for users of the LAN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The most appropriate type of network for company that needs its network to function inexpensively in widely separated geographical areas is

A

Wide area network (WAN).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following activities would most likely detect computer-related fraud?

a. Conducting fraud-awareness training.
b. Performing validity checks.
c. Reviewing the systems-access log.
d. Using data encryption.

A

Reviewing the systems-access log.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which of the following best describes hot site?

a. Location that is considered too close to disaster area.
b. Location where company can install data processing equipment on short notice.
c. Location within the company that is most vulnerable to disaster.
d. Location that is equipped with redundant hardware and software configuration.

A

Location that is equipped with redundant hardware and software configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

With the growth of microcomputers, some organizations are allowing end-users to develop their own applications. One of the organizational risks of this policy is

A

Reduced control of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

In business information systems, the term “stakeholder” refers to which of the following parties?

a. Information technology personnel responsible for creating the documents and data stored on the computers or networks.
b. The management team responsible for the security of the documents and data stored on the computers or networks.
c. Authorized users who are granted access rights to the documents and data stored on the computers or networks.
d. Anyone in the organization who has role in creating or using the documents and data stored on the computers or networks.

A

Anyone in the organization who has role in creating or using the documents and data stored on the computers or networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Employee numbers have all numeric characters. To prevent the input of alphabetic characters, what technique should be used?

a. Field (format) check.
b. Validity check.
c. Check digit.
d. Optical character recognition (OCR).

A

Field (format) check.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

An auditor was examining a client’s network and discovered that the users did not have any password protection. Which of the following would be the best example of the type of network password the users should have?

A

tR34ju78

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which of the following artificial intelligence information systems cannot learn from experience?

a. Rule-based expert systems.
b. Neural networks.
c. Intelligent agents.
d. Case-based reasoning systems.

A

Rule-based expert systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Automated equipment controls in computer processing system are designed to detect errors arising from

A

Operation of the computer processing equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

A company has a significant presence and self-hosts its Web site. the following strategies?

a. Store records off-site.
b. Establish off-site mirrored Web server.
c. Purchase and implement RAID technology.
d. Backup the server database daily.

A

Establish off-site mirrored Web server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

More than one file may be stored on a single magnetic disc. Several programs may be in the core storage unit simultaneously. In both cases it is important to prevent the mixing of data. One way to do this is to use

A

Boundary protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

A distributed processing environment would be most beneficial in which of the following situations?

a. Small volumes of data are generated centrally, fast access is required, and summaries are needed monthly at many locations.
b. Small volumes of data are generated at many locations, fast access is required and summaries of the data are needed promptly at a central site.
c. Large volumes of data are generated centrally and fast access is not required.
d. Large volumes of data are generated at many locations and fast access is required.

A

Large volumes of data are generated at many locations and fast access is required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Any assessment of the operational capabilities of a computer system must consider downtime. Even in fully protected system, downtime will exist because of

A

Unscheduled maintenance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

In a client/server environment, the “client” is most likely to be the

A

Computers of various users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Compared to batch processing, real-time processing has which of the following advantages?

a. Ease of auditing.
b. Efficiency of processing.
c. Timeliness of information.
d. Ease of implementation.

A

Timeliness of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

A client that recently installed a new accounts payable system assigned employees user identification code (UIC) and separate password. Each UIC is person’s name, and the individual’s password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect limitation of the client’s computer-access control?

a. Employees can easily guess fellow employees’ passwords.
b. Employees can circumvent procedures to segregate duties.
c. Employees are not required to change passwords.
d. Employees are not required to take regular vacations.

A

Employees are not required to take regular vacations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

An employee mistakenly enters April 31 in the date field. Which of the following programmed edit checks offers the best solution for detecting this error?

a. Mathematical accuracy.
b. Online prompting.
c. Preformatted screen.
d. Reasonableness.

A

Reasonableness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following is an advantage of using value-added network for EDI transactions?

a. Decrease in cost of EDI.
b. Ability to deal with differing data protocols.
c. Direct communication between trading partners.
d. Increase in data redundancy.

A

Ability to deal with differing data protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which of the following allows customers to pay for goods or services from Web site while maintaining financial privacy?

a. Site draft.
b. Credit card.
c. Electronic check.
d. E-cash.

A

E-cash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which of the following is key difference in controls when changing from manual system to computer system?

a. Methodologies for implementing controls change.
b. Control objectives are more difficult to achieve.
c. Internal control objectives differ.
d. Internal control principles change.

A

Methodologies for implementing controls change.

57
Q

Which of the following transaction processing modes provides the most accurate and complete information for decision making?

a. Application.
b. Online.
c. Distributed.
d. Batch.

A

Online.

58
Q

Which of the following is an advantage of computer-based system for transaction processing over manual system? A computer-based system

a. Eliminates the need to reconcile control accounts and subsidiary ledgers.
b. Will produce a more accurate set of financial statements.
c. Will be more efficient at producing financial statements.
d. Does not require as stringent a set of internal controls.

A

Will be more efficient at producing financial statements.

59
Q

Which of the following types of control plans is particular to specific pacess or subsystem, rather than related to the timing of its occurrence?

a. Corrective.
b. Preventive.
c. Detective.
d. Application.

A

Application.

60
Q

Which of the following is computer test made to ascertain whether given characteristic belongs to the group?

a. Parity check.
b. Echo check.
c. Limit check.
d. Validity check.

A

Validity check.

61
Q

An auditor has paper memorandum that needs to be made into computer file so that text from the memorandum can be cut and pasted into an audit report. In addition to scanner, what software is needed to accomplish this task?

A

Optical character recognition (OCR).

62
Q

A customer’s order was never filled because an order entry clerk transposed the customer identification number while entering the sales transaction into the system. Which of the following controls would most likely have detected the tran»osition?

a. Limit test.
b. Completeness test.
c. Validity check.
d. Sequence test.

A

Validity check.

63
Q

During the annual audit, it was learned from an interview with the controller that the accounting system was programmed to use batch processing method and detailed type. This would mean that individual transactions were

A

Assigned to groups before posting, and each transaction had its own line entry in the appropriate ledger.

64
Q

End-user computing is an example of which of the following

a. Decentralized processing.
b. Client/server processing.
c. Expert systems.
d. A distributed system.

A

Decentralized processing.

65
Q

A bank wants to reject erroneous checking account numbers to avoid invalid input. Management of the bank was told that there is a method that involves adding another number at the end of the account numbers end subjecting the other numbers to an algorithm to compare with the extra numbers. What technique is this?

A

Check digit.

66
Q

To prevent interrupted information systems operation, which of the following controls are typically included in an organization’s disaster recovery plan?

a. Backup and downtime controls.
b. Disaster recovery and data processing controls.
c. Data input and downtime controls.
d. Backup and data transmission controls.

A

Backup and downtime controls.

67
Q

An organization relied heavily on e-commerce for its transactions. Evidence of the organization’s security awareness manual would be an example of which of the following types of controls?

A

Preventative.

68
Q

An accounts payable clerk is accused of making unauthorized changes to previous payments to vendor. Proof could be uncovered in which of the following places?

a. Validated data file.
b. Transaction logs
c. Error reports
d. Error files

A

Transaction logs.

69
Q

Which of the following configurations of elements represents the most complete disaster recovery plan?

a. Vendor contract for alternate processing site, backup procedures, names of persons on the disaster recovery team.
b. Off-site storage procedures, identification of critical applications, test of the plan.
c. Vendor contract for alternate processing site, names of persons on the disaster recover,’ team, off-site storage procedures.
d. Alternate processing site, backup and off-site storage procedures, identification of critical applications, test of the plan.

A

Alternate processing site, backup and off-site storage procedures, identification of critical applications, test of the plan.

70
Q

A controller is developing a disaster recovery plan for a corporation’s computer systems. In the event of disaster that makes the company’s facilities unusable, the controller has arranged for the use of an alternate location and the delivery of duplicate computer hardware to this alternate location. Which of the following recovery plans would best describe this arrangement?

a. Cold site.
b. Backup site procedures.
c. Hot spare site agreement.
d. Hot site.

A

Cold site.

71
Q

In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?

a. Managing remote access.
b. Developing application pagrams.
c. Reviewing security policy.
c. Installing operating system upgrades.

A

Managing remote access.

72
Q

The ability to add or update documentation items in data dictionaries should be restricted to

A

Database administrators.

73
Q

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?

a. Digit verification check.
b. Field check.
c. Reasonableness test.
d. Validity check.

A

Validity check.

74
Q

A procedural control used in the management of computer center to minimize the possibility of data or pagram file destruction through operator error includes

A

External labels.

75
Q

Which of the following would lessen internal control in a computer processing system?

a. Computer operators have access to operator instructions and detailed pagram listings.
b. The control group is solely resvonsible for the distribution of all computer output.
c. Computer programmers write and debug programs which perform routines designed by the systems analyst.
d. The computer librarian maintains custody of computer pagram instructions and detailed listings.

A

Computer operators have access to operator instructions and detailed pagram listings.

76
Q

Which of the following statements is true regarding Transmission Control Protocol and Internet Protocol (TCP/IP)?

a. Every TCP/IP-supported transmission is an exchange of funds.
b. The actual physical connections among the various networks are limited to TCP/IP ports.
c. TCP/IP networks are limited to large mainframe computers.
d. Every site connected to TCP/IP network has unique address.

A

Every site connected to TCP/IP network has unique address.

77
Q

Which of the following is an electronic device that separates or isolates network segment from the main network while maintaining the connection between networks?

a. Firewall.
b. Image browser.
c. Query program.
d. Keyword.

A

Firewall.

78
Q

Securing client/server systems is a complex task because of all of the following factors except:

a. Concurrent operation of multiple user sessions.
b. The number of access points.
c. The use of relational databases.
d. Widespread data access and update capabilities.

A

The use of relational databases.

79
Q

One of the benefits of single integrated database information system is

A

Increased data accessibility.

80
Q

A program that edits a group of source language statements for syntax errors and translates the statements into an object program is a

A

Compiler.

81
Q

When client’s accounts payable computer system was relocated, the administrator provided support through a dial-up connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?

a. User accounts are not removed upon termination of employees.
b. Management procedures for user accounts are not documented.
c. User passwords are not required to be in alphanumeric format.
d. Security logs are not periodically reviewed for violations.

A

User accounts are not removed upon termination of employees.

82
Q

An enterprise resouae planning (ERR) system has which of the following advantages over multiple independent functional systems?

a. Increased responsiveness and flexibility while aiding in the decision-making process.
b. Modifications can be made to each module without affecting other modules.
c. Increased amount of data redundancy since more than one module contains the same information.
d. Reduction in costs for implementation and training.

A

Increased responsiveness and flexibility while aiding in the decision-making process.

83
Q

Compared to online real-time processing, batch processing has which of the following disadvantages?

a. Stored data are current only after the update process.
b. A greater level of control is necessary.
c. Additional computing resources are required.
d. Additional personnel are required.

A

Stored data are current only after the update process.

84
Q

A manufacturing company that wanted to be able to place material orders more efficiently most likely would utilize which of the following?

a. Electronic data interchange.
b. Electronic check presentment.
c. Automated clearinghouse.
d. Electronic funds transfer.

A

Electronic data interchange.

85
Q

Because log-on procedures may be cumbersome and tedious, users often store log-on sequences in their personal computers and invoke them when they want to use mainframe facilities. A risk of this practice is that

A

Anyone with access to the personal computers could log on to the mainframe.

86
Q

Which of the following is usually benefit of transmitting transactions in an electronic data interchange (EDI) environment?

a. Assurance of the thoroughness of transaction data because of standardized controls.
b. Automatic protection of information that has electronically left the entity.
c. Elimination of the need to verify the receipt of goods before making payment.
d. Elimination of the need to continuously update antivirus software.

A

Assurance of the thoroughness of transaction data because of standardized controls.

87
Q

Which of the following is correct concerning electronic commerce security?

a. The successful use of firewall will help assure the security of firm’s computer systems.
b. Since they cannot use both, companies must decide whether to use an electronic data interchange approach or an approach using the Internet.
c. Companies that wish to use the Internet for electronic commerce must adhere to the Uniform Internet Service Provider Code of Conduct.
d. Use of Web site “home page” instead of encryption leads to greater security in electronic transactions.

A

The successful use of firewall will help assure the security of firm’s computer systems.

88
Q

Data control language used in relational database is most likely to include commands used to control

A

Which users have various privileges relating to database.

89
Q

A value-added network (VAN) is a privately owned network that performs which of the following functions?

a. Route data within a company’s multiple networks.
b. Provide services to send marketing data to customers..

c Provide additional accuracy for data transmissions.

d. Route data transactions between trading partners.

A

Route data transactions between trading partners.

90
Q

Which of the following is the primary advantage of using value-added network (VAN)?

a. It provides increased security for data transmissions.
b. It enables the company to obtain trend information on data transmission.
c. It is more cost effective for the company than transmitting data over the Internet.
d. It provides confidentiality for data transmitted over the Internet.

A

It provides increased security for data transmissions.

91
Q

Which of the following procedures would enhance the control of a computer operations department?

I. Periodic rotation of operators.

II. Mandatory vacations.

III. Controlled access to the facility.

IV. Segregation of personnel who are responsible for controlling input and output.

A

I, II, III, IV

92
Q

Which of the following areas of responsibility are normally assigned to systems pagrammer in computer system environment?

a. Data communication hardware and software.
b. Computer operations.
c. Systems analysis and applications programming.
d. Operating systems and compilers.

A

Operating systems and compilers.

93
Q

Which of the following would provide the most security for sensitive data stored on personal computer?

a. Using an eight-bit encoding scheme for hardware interfaces.
b. Encrypting data files on the computer.
c. Using a conventional file structure scheme.
d. Using secure screen saver program.

A

Encrypting data files on the computer.

94
Q

SQL is most directly related to

A

Relational databases.

95
Q

The performance audit report of an information technology department indicated that the department lacked disaster recovery plan. Which of the following steps should management take first to correct this condition?

a. Designate a cold site
b. Prepare a statement of reponsibilities for tasks included in disaster recovery plan.
c. Designate a hot site.
d. Bulletproof the information security architecture.

A

Prepare a statement of reponsibilities for tasks included in disaster recovery plan.

96
Q

Which of the following is computer pagram that appears to be legitimate but performs an illicit activity when it is run?

a. Redundant verification.
b. Parallel count.
c. Trojan horse.
d. Web crawler.

A

Trojan horse.

97
Q

Which of the following is primary function of database management system?

a. Financial transactions input.
b. Report customization.
c. Database access authorizations
d. Capability to create and modify the database.

A

Capability to create and modify the database.

98
Q

The Internet is made up of series of networks which include

A

Gateways to allow mainframe computers to connect to personal computers.

99
Q

Which of the following risks can be minimized by requiring all employees accessing the information system to use passwords?

a. Firewall vulnerability.
b. Data entry errors.
c. Failure of server duplicating function.
d. Collusion.

A

Firewall vulnerability.

100
Q

ABC, Inc. assessed overall risks of MIS systems projects on two standard criteria: technology used and design structure. The following systems projects have been assessed on these risk criteria. Which of the following projects holds the highest risk to ABC?

Technology    Structure

a. Current Sketchy
b. New Sketchy
c. Current Well defined
d. New Well defined

A

New Sketchy

101
Q

Which of the following terms best describes a payroll system?

a. Transaction processing system (TPS).
b. Database management system (DBMS).
c. Decision support system (DSS).
d. Enterprise resouae planning (ERR) system.

A

Transaction processing system (TPS).

102
Q

When erroneous data are detected by computer pagram controls, such data may be excluded from processing and printed on an error report. The error report should most probably be reviewed and followed up by the

A

Control group.

103
Q

Which of the following is model for evaluating the sophistication of IT processes?

a. Maturity models.
b. Performance models.
c. Control models.
d. Hierarchy models.

A

Maturity models.

104
Q

Which of the following represents the procedure managers use to identify whether the company has information that unauthorized individuals want, how these individuals could obtain the information, the value of the information, and the probability of unauthorized access occurring?

a.
Risk assessment.

b. Systems assessment.
c. Disaster recovery plan assessment.
d. Test of controls.

A

Risk assessment.

105
Q

A validation check used to determine if quantity ordered field contains only numbers is an example of an

A

Input control.

106
Q

A computer input control is designed to ensure that

A

Data received for processing are properly authorized and converted to machine readable form.

107
Q

Which of the following is considered an application input control?

a. Report distribution log.
b. Exception report.
c. Edit check.
d. Run control total.

A

Edit check.

108
Q

Which of the following constitutes weakness in the internal control of computer system?

a. Machine operators do not have access to the complete systems manual.
b. One generation of backup files is stored in an off-premises location.
c. Machine operators distribute erar messages to the control group.
d. Machine operators are supervised by the programmer.

A

Machine operators are supervised by the programmer.

109
Q

Which of the following terms refers to site that has been identified and maintained by the organization as data processing disaster recovery site but has not been stocked with equipment?

a. Warm.
b. Hot
c. Flying start.
d. Cold.

A

Cold.

110
Q

When used in an information technology context, EDI is

A

Electronic Data Interchange.

111
Q

Which of the following structures refers to the collection of data for all vendors in a relational data base?

a. Record.
b. Byte.
c. Field.
d. File

A

File

112
Q

An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?

a. Data restoration plan.
b. System hardware policy.
c. Disaster recovery plan.
d. System security policy.

A

Disaster recovery plan.

113
Q

To maintain effective segregation of duties within the information technology function, an application programmer should have which of the following responsibilities?

a. Code approved changes to a payroll program.
b. Maintain custody of the billing pagram code and its documentation.
c. Modify and adapt operating system software.
d. Correct detected data entry errors for the cash disbursement system.

A

Code approved changes to a payroll program.

114
Q

In which of the following phases of computer system development would training occur?

a. Analysis phase.
b. Design phase.
c. Planning phase.
d. Implementation phase.

A

Implementation phase.

115
Q

Most client/server applications operate on three-tiered architecture consisting of which of the following layers?

a. Desktop client, application, and database.
b. Desktop client, software, and hardware.
c. Desktop server, software, and hardware.
d. Desktop server, application, and database.

A

Desktop client, application, and database.

116
Q

In a daily computer run to update checking account balances and print out basic details on any customer’s account that was overdrawn, the overdrawn account of the computer pagrammer was never printed. Which of the following control procedures would have been most effective in detecting this fraud?

a. Periodic recompiling of programs from documented source files, and comparison with programs currently in use.
b. A program check for valid customer code.
c. Use of the test-data approach by the author in testing the client’s program and verification of the subsidiary file.
d. Use of running control total for the master file of checking account balances and comparison with the printout.

A

Periodic recompiling of programs from documented source files, and comparison with programs currently in use.

117
Q

What should be examined to determine if an information system is operating according to prescribed procedures?

A

System control.

118
Q

What is the computer process called when data processing is performed concurrently with particular activity and the results are available soon enough to influence the particular course of action being taken or the decision being made?

A

Real-time processing.

119
Q

There are several kinds of hardware and software for connecting devices within a network and for connecting different networks to each other. The kind of connection often used to connect dissimilar networks is

A

Gateway.

120
Q

Today organizations are using microcomputers for data presentation because microcomputer use, compared to mainframe use, is more

A

Cost effective.

121
Q

An organization’s computer help desk function is usually responsibility of the

A

Computer operations unit.

122
Q

Which of the following employees normally would be assigned the operating responsibility for designing computer installation, including flowcharts of data processing routines?

a. Data processing manager.
b. Computer programmer.
c. Systems analyst.
d. Internal auditor.

A

Systems analyst.

123
Q

Control Objectives for Information and Related Technology (COBIT) provides framework for

A

IT governance and management of enterprise IT.

124
Q

Which of the following is critical success factor in data mining large data store?

a. Pattern recognition.
b. Accurate universal resource locator (URL).
c. Image processing systems.
d. Effective search engines.

A

Pattern recognition.

125
Q

In updating computerized accounts receivable file, which one of the following would be used as batch control to verify the accuracy of the total credit posting?

a. The sum of the cash deposits plus the discounts less the sales returns.
b. The sum of the cash deposits plus the discounts taken by customers.
c. The sum of the cash deposits less the discounts taken by customers.
d. The sum of the cash deposits.

A

The sum of the cash deposits plus the discounts taken by customers.

126
Q

Encryption protection is least likely to be used in which of the following situations?

a. When financial data are sent over dedicated leased lines.
b. When confidential data are sent by satellite transmission.
c. When wire transfers are made between banks.
d. When transactions are transmitted over local area networks.

A

When transactions are transmitted over local area networks.

127
Q

Which of the following procedures should be included in the disaster recovery plan for an Information Technology department?

a. Replacement of personal computers for user departments.
b. Physical security of warehouse facilities.
c. Identification of critical applications.
d. Cross-training of operating personnel.

A

Identification of critical applications.

128
Q

Which of the following is least likely to be considered an advantage of a value-added network?

a. Increased security.
b. Partners do not have to establish numeaus point-to-point connections.
c. Reduced cost.
d. Reduce communication and data protocol problems.

A

Reduced cost.

129
Q

If a control total were to be computed on each of the following data items, which would best be identified as hash total for payroll application?

a. Total debits and total credits.
b. Hours worked.
c. Department numbers.
d. Net pay.

A

Department numbers.

130
Q

A control feature in an electronic data processing system requires the central processing unit (CPU) to send signals to the printer to activate the print mechanism for each character. The print mechanism, just prior to printing, sends a signal back to the CPU verifying that the proper print position has been activated. This type of hardware control is referred to as

A

Echo control.

131
Q

Which of the following best defines electronic data interchange (EDI) transactions?

a. Products sold on central Web servers can be accessed by users anytime.
b. Electronic business information is exchanged between two or more businesses.
c. Customers’ funds-related transactions are electronically transmitted and processed.
d. Entered sales data are electronically transmitted via a centralized network to central processor.

A

Electronic business information is exchanged between two or more businesses.

132
Q

Controls in the information technology area are classified into the preventive, detective, and corrective categories. Which of the following is a preventive control?

a. Contingency planning
b. Hash total
c. Access control software
d. Echo check

A

Access control software.

133
Q

Management of a financial services company is considering strategic decision concerning the expansion of its existing local area network (LAN) to enhance the firm’s customer service function. Which of the following aspects of the expanded system is the least significant strategic issue for management?

a. How the expanded system would support daily business operations.
b. How indicators can be developed to measure how well the expanded system achieves its business objectives.
c. How the expanded system can contribute to the firm’s long-range business plan.
d. How the expanded system will contribute to the reduction of operating costs.

A

How the expanded system will contribute to the reduction of operating costs.

134
Q

Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI) system?

a. Removable drives that can be locked up at night provide adequate security when the confidentiality of data is the primary risk.
b. Encryption performed by a physically secure hardware device is more secure than encryption performed by software.
c. Security at the transaction phase in EDI systems is not necessary because problems at that level will be identified by the service provider.
d. Message authentication in EDI systems performs the same function as segregation of duties in other information systems.

A

Encryption performed by a physically secure hardware device is more secure than encryption performed by software.

135
Q

End-user computing is most likely to occur on which of the following types of computers?

a. Minicomputers.
b. Mainframe.
c. Personal computers.
d. Personal digital devices.

A

Personal computers.

136
Q

An input clerk enters person’s employee number. The computer responds with a message that reads “Employee number that entered is NOT assigned to an active employee. Please reenter”. What technique is the computer using?

A

Validity check.

137
Q

In which of the following locations should copy of the accounting system data backup of year-end information be stored?

a. Data backup server in the network Tom.
b. Secure off-site location.
c. Fireproof cabinet in the data network room.
d. Locked file cabinet in the accounting department.

A

Secure off-site location.

138
Q

The computer operating system performs scheduling, resource allocation, and data retrieval functions based on a set of instructions provided by the

A

Job control language.