IFTC Flashcards
Which of the following is not true? Relational databases
a. Are maintained on direct access devices.
b. Store data in table form.
c. Are flexible and useful for unplanned, ad hoc queries.
d. Use trees to store data in hierarchical structure.
Use trees to store data in hierarchical structure.
Graphical notations that show the flow and transformation of data within system or business area are called
Data flow diagrams.
Which of the following items would be most critical to include in systems specification document for financial report?
a. Cost-benefit analysis.
b. Training requirements.
c. Data elements needed.
d. Communication change management considerations.
Data elements needed.
What type of computerized data processing system would be most appropriate for a company that is opening new retail location?
Real-time processing.
First Federal has an on-line real-time system, with terminals installed in all of its branches. This system will not accept a customer’s cash withdrawal instructions in excess of $1,000 without the use of a “terminal audit key.” After the transaction is authorized by supervisor, the bank teller then pacesses the transaction with the audit key. This control can be strengthened by
Online recording of the transaction on an audit override sheet.
Companies now can use electronic transfers to conduct regular business transactions. Which of the following terms best describes system where an agreement is made between two or more parties to electronically transfer purchase orders, sales orders, invoices, and/or other financial documents?
a. Electronic funds transfer (EFT).
b. Electronic data processing (EDP).
c. Electronic data interchange (EDI).
d. Electronic mail (E-mail).
Electronic data interchange (EDI).
In an accounting information system, which of the following types of computer files most likely would be master file?
a. Cash receipts.
b. Cash disbursements.
c. Inventory subsidiary.
d. Payroll transactions.
Inventory subsidiary.
The primary objective of security software is to
Control access to information system resources.
A digital signature is used primarily to determine that a message is
Unaltered in transmission.
A system in which the end user is responsible for the development and execution of the computer application that he or she uses is referred to as
End-user computing.
An entity doing business on the Internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:
a. Password management.
b. Digital certificates.
c. Data encryption.
d. Batch processing.
Batch processing.
Parity checks, read-after-write checks, and duplicate circuitry are computer controls that are designed to detect
Erroneous internal handling of data.
An overall description of database, including the names of data elements, their characteristics, and their relationship to one another, would be defined by using a
Data definition language.
The use of header label in conjunction with magnetic tape is most likely to prevent errors by the
Computer operator.
A brokerage firm has changed program so as to permit higher transaction volumes. After paper testing of the change, the revised programs were authorized and copied to the production library. This practice is an example of
Change control.
Bacchus, Inc. is large multinational corporation with various business units around the world. After fire destroyed the corporate headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure timely recovery?
a. Backup power.
b. Daily backup.
c. Business continuity.
d. Network security.
Business continuity.
When designing the physical layout of a data processing center, which of the following would be least likely to be necessary control?
a. Inclusions of an adequate power supply system with surge protection.
b. Consideration of risks related to other uses of electricity in the area.
c. Design of controls to restrict access.
d. Adequate physical layout space for the operating system.
Adequate physical layout space for the operating system.
Which of the following statements best characterizes the function of physical access control?
a. Provides authentication of users attempting to log into the system.
b. Minimizes the risk of incurring power or hardware failure.
c. Protects systems from the transmission of Trojan horses.
d. Separates unauthorized individuals from computer resources.
Separates unauthorized individuals from computer resources.
A fast-growing service company is developing its information technology internally. What is the first step in the company’s systems development life cycle?
Analysis.
Which of the following most likely represents a significant deficiency in the internal control?
a. The control clerk establishes control over data received by the information systems departments and reconciles totals after processing.
b. The systems pagrammer designs systems for computerized applications and maintains output controls.
c. The accounts payable clerk prepares data for computer processing and enters the data into the computer.
d. The systems analyst reviews applications of data processing and maintains systems documentation.
The systems pagrammer designs systems for computerized applications and maintains output controls.
What is a major disadvantage to using private key to encrypt data?
Both sender and receiver must have the private key before this encryption method will work.
Which of the following statements is correct regarding the Internet as commercially viable network?
a. Organizations must use firewalls if they wish to maintain security over internal data.
b. Companies must apply to the Internet to gain permission to create homepage to engage in electronic commerce.
c. Companies that wish to engage in electronic commerce on the Internet must meet required security standards established by the coalition of Internet providers.
d. The Internet is the only feasible method to conduct business electronically.
Organizations must use firewalls if they wish to maintain security over internal data.
Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals?
a. Data entry and antivirus management.
b. Data entry and quality assurance.
c. Network maintenance and wireless access.
d. Data entry and application programming.
Data entry and application programming.
To reduce security exposure when transmitting proprietary data over communication lines, a company should use
Cryptographic devices.
Which of the following is usually benefit of using electronic funds transfer for international cash transactions?
a. Off-site storage of foreign soun:e documents.
b. Reduction in the frequency of data entry errors.
c. Improvement in the audit trail for cash transactions.
d. Creation of multilingual disaster recovery
Reduction in the frequency of data entry errors
Which of the following is not one of the five principles of COBIT S?
a. Control objectives.
b. Covering the enterprise end-to-end.
c. Separating governance from management.
d. Meeting stakeholder needs.
Control objectives.
The program flowcharting symbol representing a decision is a
Diamond.
When considering disaster recovery, what type of backup facility involves an agreement between organizations to aid each other in the event of disaster?
Reciprocal agreement.
Which of the following controls would assist in detecting an error when the data input clerk records sales invoice as $12.99 when the actual amount is $122.99?
a. Limit check.
b. Echo check.
c. Batch control totals.
d. Sign check.
Batch control totals.
A data warehouse in an example of
On-line analytical processing.
The machine language for specific computer
Is determined by the engineers who designed the computer.
The machine-language program that results when symbolic-language program is translated is called
Object program.
Which of the following internal control procedures would prevent an employee from being paid an inappropriate hourly wage?
a. Having the supervisor of the data entry clerk verify that each employee’s hours worked are correctly entered into the system.
b. Limited access to employee master files to authorized employees in the personnel department.
c. Giving payroll data entry clerks the ability to change any suspicious hourly pay rates to a reasonable rate.
d. Using real-time posting of payroll so there can be no after-the-fact data manipulation of the payroll register.
Limited access to employee master files to authorized employees in the personnel department.
Which of the following is not a characteristic of a batch processed computer system?
a. The posting of a transaction, as it occurs, to several files, without intermediate printouts.
b. The collection of like transactions which are sorted and processed sequentially against master file.
c. The production of numerous printouts.
d. Keypunching of transactions, followed by machine processing.
The posting of a transaction, as it occurs, to several files, without intermediate printouts.
One of the major problems in computer system is that incompatible functions may be performed by the same individual. One compensating control for this is use of
A computer log.
Which of the following is considered to be server in local area network (LAN)?
a. A device that stores pagram and data files for users of the LAN.
b. The cabling that physically interconnects the nodes of the LAN.
c. A device that connects the LAN to other networks.
d. A workstation that is dedicated to single user on the LAN.
A device that stores pagram and data files for users of the LAN.
The most appropriate type of network for company that needs its network to function inexpensively in widely separated geographical areas is
Wide area network (WAN).
Which of the following activities would most likely detect computer-related fraud?
a. Conducting fraud-awareness training.
b. Performing validity checks.
c. Reviewing the systems-access log.
d. Using data encryption.
Reviewing the systems-access log.
Which of the following best describes hot site?
a. Location that is considered too close to disaster area.
b. Location where company can install data processing equipment on short notice.
c. Location within the company that is most vulnerable to disaster.
d. Location that is equipped with redundant hardware and software configuration.
Location that is equipped with redundant hardware and software configuration.
With the growth of microcomputers, some organizations are allowing end-users to develop their own applications. One of the organizational risks of this policy is
Reduced control of data.
In business information systems, the term “stakeholder” refers to which of the following parties?
a. Information technology personnel responsible for creating the documents and data stored on the computers or networks.
b. The management team responsible for the security of the documents and data stored on the computers or networks.
c. Authorized users who are granted access rights to the documents and data stored on the computers or networks.
d. Anyone in the organization who has role in creating or using the documents and data stored on the computers or networks.
Anyone in the organization who has role in creating or using the documents and data stored on the computers or networks.
Employee numbers have all numeric characters. To prevent the input of alphabetic characters, what technique should be used?
a. Field (format) check.
b. Validity check.
c. Check digit.
d. Optical character recognition (OCR).
Field (format) check.
An auditor was examining a client’s network and discovered that the users did not have any password protection. Which of the following would be the best example of the type of network password the users should have?
tR34ju78
Which of the following artificial intelligence information systems cannot learn from experience?
a. Rule-based expert systems.
b. Neural networks.
c. Intelligent agents.
d. Case-based reasoning systems.
Rule-based expert systems.
Automated equipment controls in computer processing system are designed to detect errors arising from
Operation of the computer processing equipment.
A company has a significant presence and self-hosts its Web site. the following strategies?
a. Store records off-site.
b. Establish off-site mirrored Web server.
c. Purchase and implement RAID technology.
d. Backup the server database daily.
Establish off-site mirrored Web server.
More than one file may be stored on a single magnetic disc. Several programs may be in the core storage unit simultaneously. In both cases it is important to prevent the mixing of data. One way to do this is to use
Boundary protection.
A distributed processing environment would be most beneficial in which of the following situations?
a. Small volumes of data are generated centrally, fast access is required, and summaries are needed monthly at many locations.
b. Small volumes of data are generated at many locations, fast access is required and summaries of the data are needed promptly at a central site.
c. Large volumes of data are generated centrally and fast access is not required.
d. Large volumes of data are generated at many locations and fast access is required.
Large volumes of data are generated at many locations and fast access is required.
Any assessment of the operational capabilities of a computer system must consider downtime. Even in fully protected system, downtime will exist because of
Unscheduled maintenance.
In a client/server environment, the “client” is most likely to be the
Computers of various users.
Compared to batch processing, real-time processing has which of the following advantages?
a. Ease of auditing.
b. Efficiency of processing.
c. Timeliness of information.
d. Ease of implementation.
Timeliness of information.
A client that recently installed a new accounts payable system assigned employees user identification code (UIC) and separate password. Each UIC is person’s name, and the individual’s password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect limitation of the client’s computer-access control?
a. Employees can easily guess fellow employees’ passwords.
b. Employees can circumvent procedures to segregate duties.
c. Employees are not required to change passwords.
d. Employees are not required to take regular vacations.
Employees are not required to take regular vacations.
An employee mistakenly enters April 31 in the date field. Which of the following programmed edit checks offers the best solution for detecting this error?
a. Mathematical accuracy.
b. Online prompting.
c. Preformatted screen.
d. Reasonableness.
Reasonableness.
Which of the following is an advantage of using value-added network for EDI transactions?
a. Decrease in cost of EDI.
b. Ability to deal with differing data protocols.
c. Direct communication between trading partners.
d. Increase in data redundancy.
Ability to deal with differing data protocols.
Which of the following allows customers to pay for goods or services from Web site while maintaining financial privacy?
a. Site draft.
b. Credit card.
c. Electronic check.
d. E-cash.
E-cash.