Information Systems & Communications Flashcards

Question 1

Q

Define “field”.

Answer

A

A group of characters (bytes) that identify a characteristic of an entity. A data value is a specific value found in a field. Fields can consist of a single character (Y, N) but usually consist of a group of characters. Each field is defined as a specific data type. Date, Text and Number are common data types.

Question 2

Q

Define “application software”.

Answer

A

The diverse group of end-user programs that accomplish specific user objectives. Can be general purpose (word processors, spreadsheets, databases) or custom-developed for a specific application (ex.: a marketing information system for a clothing designer). May be purchased “off the shelf” or developed internally.

Question 3

Q

Define a “bit” (binary digit).

Answer

A

An individual zero or one; the smallest piece of information that can be represented.

Question 4

Q

Define “byte”.

Answer

A

A group of (usually) eight bits that are used to represent alphabetic and numeric characters and other symbols (3, g, X, ?, etc.). Several coding systems are used to assign specific bytes to characters. ASCII and EBCIDIC are the two most commonly used coding systems. Each system defines the sequence of zeros and ones that represent each character.

Question 5

Q

Define “operating system”.

Answer

A

The interface between the user and the computer hardware.

Question 6

Q

Define “systems software”.

Answer

A

The programs that run the computer and support system management operations.

Question 7

Q

Define “record”.

Answer

A

A group of related fields (or attributes) that describe an individual instance of an entity (a specific invoice, a particular customer, an individual product).

Question 8

Q

Define “file”.

Answer

A

A collection of records for one specific entity (an Invoice File, a Customer File, a Product File). In a relational database environment, files are also known as tables.

Question 9

Q

Define “programming languages”.

Answer

A

All software is created using programming languages. They consist of sets of instructions and a syntax that determine how the instructions can be put together.

Question 10

Q

Define “supercomputers”.

Answer

A

Computers at the leading edge of processing capacity. Their definition is constantly changing as the supercomputer of today often becomes the personal computer of tomorrow. They are generally used for calculation-intensive scientific applications, for example, weather forecasting and climate research.

Question 11

Q

What are input devices?

Answer

A

These devices instruct the CPU and supply data to be processed. For example: keyboard, mouse, trackball, touch-screen technology, point of sale (POS) scanners.

Question 12

Q

What are “microcomputers” or “personal computers (PCs)”?

Answer

A

These computers comprise an extremely diverse group of devices ranging from handheld personal digital assistants (PDAs) through desktop machines that can serve as components in large, networked environments. Some of the more common classifications include fat or thin clients and workstations. In addition, servers are computers that have been configured to provide resources to the network.

Question 13

Q

What are output devices?

Answer

A

These devices transfer data from the processing unit to other formats. For example: printers, plotters, monitors, flat panel displays, CRT (Cathode Ray Tube) displays.

Question 14

Q

What is the purpose of secondary storage devices?

Answer

A

Provide permanent storage for programs and data. Depending on the way the devices are set up, they can either be online (the data on the device is available for immediate access by the CPU) or offline (the device is stored in an area where the data is not accessible to the CPU).

Question 15

Q

What are magnetic disks?

Answer

A

These are random access devices. Data can be stored on, and retrieved from, the disk in any order. This is the most efficient way to store and retrieve individual records. Magnetic disks are the most commonly used form of secondary storage.

Question 16

Q

What is a magnetic tape?

Answer

A

This is a sequential access device. Data is stored in order of the primary record key (i.e. document number, customer number, inventory number, etc.) and must also be retrieved sequentially. Although once used for transaction processing, this medium is now used mostly for archiving data.

Question 17

Q

How is read-only memory (ROM) used?

Answer

A

Used to permanently store the data needed to power on the computer; includes portions of the operating system.

Question 18

Q

What are flash drives (also known as jump drives or thumb drives)?

Answer

A

These are very small, portable devices that can store anywhere from 500 M of data to over several gigabytes of data. The term “drive” is a bit of a misnomer as there are no moving parts to the “drive.” Rather, the memory in a flash drive is similar to the RAM used as primary storage for your CPU.

Question 19

Q

Define “central processing unit (CPU)”.

Answer

A

The CPU is the control center of the computer system. It has three principal components.

Question 20

Q

What is the purpose of the Arithmetic Logic Unit (ALU)?

Answer

A

To performs arithmetic calculations.

Question 21

Q

What is the purpose of primary storage (main memory)?

Answer

A

To store programs and data until they are ready to be used by the computer’s processor. Primary storage is divided into two main parts - random access memory (RAM) and read-only memory (ROM).

Question 22

Q

Define “mainframe computers”.

Answer

A

Computers used by commercial organizations to support mission critical tasks such as sales and order processing, inventory management, and e-commerce applications. Unlike supercomputers, which tend to support processor-intensive activities (i.e., a small number of highly complex calculations), mainframe computers tend to be input/output (I/O) intensive (i.e., a very large numbers of simple transactions). Mainframes frequently support thousands of users at a single point in time.

Question 23

Q

What does a control unit do?

Answer

A

Interprets program instructions.

Question 24

Q

What does random access memory (RAM) store?

Answer

A

It stores data temporarily while it is being processed.

Question 25

Q

What is an optical disk?

Answer

A

These use laser technology to “burn” data on the disk (although some rewritable disks use magnetic technology to record data). In general, read-only and write-once optical disks are a more stable storage medium than magnetic disks. Optical disks, like magnetic disks are random access devices. There are several different types of optical disks.

Question 26

Q

Define “peripherals”.

Answer

A

Devices that transfer data to or from the CPU but do not take part in processing data. Peripherals are commonly known as input and output devices (I/O devices).

Question 27

Q

What constitutes computer hardware?

Answer

A

This includes the physical equipment in your computer and the equipment that your computer uses to connect to other computers or computer networks. Computer hardware falls into four principal classifications.

Question 28

Q

Define “batch processing”.

Answer

A

Periodic transaction processing method in which transactions are processed in groups.

Question 29

Q

What are “time lags”?

Answer

A

This is an inherent part of batch processing. There is always a time delay between the time the transaction occurs, the time that the transaction is recorded, and the time that the master file is updated.

Question 30

Q

Define “master files”.

Answer

A

Computerized data files equivalent to the ledgers found in manual accounting system.

Question 31

Q

Define “online, real-time (OLRT) processing”.

Answer

A

Continuous, immediate transaction processing method in which transactions are processed individually as they occur.

Question 32

Q

What is the Accounts Receivable (A/R) sub-ledger?

Answer

A

This ledger classifies A/R transactions (credit sales and customer payments) by Customer.

Question 33

Q

Define “general ledger”.

Answer

A

The collection of the organization’s accounts.

Question 34

Q

What are point-of-sale (POS) systems?

Answer

A

These systems are one of the most commonly encountered data capture systems in the marketplace today. POS systems combine on-line, real-time processing with automated data capture technology, resulting in a system that is highly accurate, reliable, and timely.

Question 35

Q

Define “transaction files”.

Answer

A

Computerized data files equivalent to the journals found in a manual accounting system.

Question 36

Q

What are subsidiary ledgers (sub-ledgers)?

Answer

A

These ledgers classify transactions by alternative accounts (e.g., customer accounts, vendor accounts, product accounts).

Question 37

Q

What is the inventory sub-ledger?

Answer

A

This ledger stores the costs and quantities of the each item in inventory.

Question 38

Q

What are distributed database systems?

Answer

A

These systems are so named because rather than maintaining a centralized or master database at a central location, the database is distributed across the locations according to their needs.

Question 39

Q

What are centralized systems?

Answer

A

These systems maintain all data and perform all data processing at a central location; remote users may access the centralized data files via a telecommunications channel, but all of the processing is still performed at the central location.

Question 40

Q

Define “fiber optic cable.”

Answer

A

A wired transmission medium. Extremely fast and secure. Uses light pulses instead of electrical impulses. Less electrical interference and signal degradation over long distances; more expensive to purchase and to install.

Question 41

Q

Define “server.”

Answer

A

Computer or other device on a network which only provides resources to the network and is not available (normally) to individual users; examples include print servers, file servers, and communications servers. Contrast with a workstation.

Question 42

Q

Define “microwave transmission.”

Answer

A

Wireless communications medium. Often used in a combination with satellite transmission; used primarily by WANs.

Question 43

Q

What are hierarchical operating systems?

Answer

A

A centralized control point, generally referred to as the host computer, manages communications and access to resources, and performs most data processing. Nodes connected to these systems often function as “dumb” (low capability) terminals used by WANs.

Question 44

Q

Define “Wi-Fi” or “spread-spectrum radio transmission.”

Answer

A

A wireless transmission medium. Depending on power levels, may be used for relatively large networks serving hundreds of users or for small home networks. It is found in Local Area Network (LAN) environments but frequently used to provide access to Wide Area Networks (WANs). Wi-Fi connections are generally slower than wired systems using coaxial (Ethernet) cable or fiber optic cable.

Question 45

Q

Define “file server.”

Answer

A

In a local area network, a computer that provides centralized access to program and data files.

Question 46

Q

Define “coaxial cable.”

Answer

A

A wired transmission medium. Similar to the cable used for television, coaxial cable is faster, more secure and less subject to interference than twisted pair, but has a slightly higher cost

Question 47

Q

Define” local area networks (LANs).”

Answer

A

Originally confined to very limited geographic areas (a floor of a building, a building, or possibly a couple of buildings in very close proximity to each other). Inexpensive fiber optic cable now enables local area networks to extend many miles.

Question 48

Q

Define “transmissions medium.”

Answer

A

The communication link between nodes on the network. One of several types of wired or wireless media.

Question 49

Q

Define “client/server system.”

Answer

A

A central machine (the server) mediates communication on the network and grants access to network resources. Client machines use of network resources and also perform data processing functions; used by LANs.

Question 50

Q

Describe wide area networks (WANs).

Answer

A

These networks vary dramatically in geographic coverage. Most WANs are national or international in scope.

Question 51

Q

Define “Bluetooth.”

Answer

A

Wireless transmission medium. It uses the same radio frequencies as Wi-Fi, but with lower power consumption resulting in a weaker connection. It is used to provide a direct communications link between two devices (e.g., a cell phone and ear piece, computer and a printer).

Question 52

Q

Define a “client.”

Answer

A

A node, usually a microcomputer, which is used by end users; uses but usually does not supply network resources.

Question 53

Q

Define “computer network.”

Answer

A

Two or more computing devices connected by a communication channel on which the devices exchange data.

Question 54

Q

Define “digital cellular” (“cellular digital packet data or CDPD”).

Answer

A

Wireless transmission medium. It allows transmission of data over the cell phone network; used by WANs.

Question 55

Q

Define “twisted pair.”

Answer

A

A wired transmission medium. Traditionally used for phone connections, slowest, least secure (e.g., easy to tap) and most subject to interference of all the wired media. Recent modifications have improved performance. The lowest cost media.

Question 56

Q

What are communication devices?

Answer

A

These devices link networks to other networks and to remote access. Examples include modems, multiplexers, concentrators, bridges, routers and gateways.

Question 57

Q

Define “peer-to-peer system.”

Answer

A

A network system in which all nodes share in communications management. No central controller (server) is required. These systems are relatively simple and inexpensive to implement; used by LANs.

Question 58

Q

What is a network operating system?

Answer

A

This system controls communication over the network and access to network resources.

Question 59

Q

Define a “node.”

Answer

A

Any device connected to a computer network.

Question 60

Q

Define “hypertext markup language (HTML)”.

Answer

A

Core “markup” language (a way of tagging text) for web pages. The basic building-block protocol for constructing webpages.

Question 61

Q

Define “internet”.

Answer

A

A “network of networks:” a global network of millions of interconnected computers and computer networks.

Question 62

Q

What is extensible business reporting language (XBRL)?

Answer

A

XML-based protocol for encoding and tagging business information. A means to consistently and efficiently identify the content of business and accounting information in electronic form.

Question 63

Q

What is extensible markup language (XML)?

Answer

A

Protocol for encoding (tagging) documents in machine-readable form.

Question 64

Q

What is “instant messaging (IM)”?

Answer

A

A protocol for instant messaging.

Answer 65

A

Users can create taxonomies for specific environments, for example for the purpose of taxation reporting, environmental regulation reporting, or automobile manufacturing.

Answer 66

A

A protocol used for file transfer applications.

Answer 67

A

Available only to members of the organization (business, school, association); often used to connect geographically separate LANs within a company.

Answer 68

A

Open to an organization’s associates (company suppliers, customers, business partners, etc.) to access data that is relevant to them.

Answer 69

A

The core protocol transmission of the internet.

Answer 70

A

This involves selling goods and services directly to consumers, almost always using the Internet and web-based technology. B2C e-commerce relies heavily on intermediaries or brokers to facilitate the sales transaction.

Answer 71

A

Transactions between the organization and its trading partners.

Answer 72

A

The process of planning, implementing, and controlling the operations of the supply chain: the process of transforming raw materials into a finished product and delivering that product to the consumer. Supply chain management incorporates all activities from the purchase and storage of raw materials, through the production process, into finished goods through to the point-of-consumption.

Answer 73

A

Any business process that relies on electronic dissemination of information or on automated transaction processing.

Answer 74

A

A technology for transferring money from one bank account directly to another without the use of paper money or checks. It substantially reduces the time and expense required to process checks and credit transactions.

Answer 75

A

Technologies used to manage relationships with clients. Both biographic and transaction information about existing and potential customers is collected and stored in a database. The CRM provides tools to analyze the information and develop personalized marketing plans for individual customers.

Answer 76

A

This is computer-to-computer exchange of business data (e.g., purchase orders, confirmations, invoices, etc.) in structured formats that allow direct processing of the data by the receiving system. It reduces handling costs and speeds transaction processing compared to traditional paper-based processing.

Answer 77

A

This involves electronic processing of transactions between businesses and includes electronic data interchange (EDI), supply chain management (SCM) and electronic funds transfer (EFT).

Answer 78

A

Electronic cash, smart cards (cash cards), and online payment systems (e.g., PayPal); similar to electronic fund transfer (EFT), but governed by different laws.

Answer 79

A

Software programs that allow the user to manage credit cards, user names, passwords, and address information in an easy-to-use, centralized location (e.g., Roboform).

Answer 80

A

These systems support the day-to-day activities of the business (purchasing of goods and services, manufacturing activities, sales to customers, cash collections, payroll, etc.) Also known as transaction processing systems (TPS).

Answer 81

A

Data warehousing is a database that supports organizational decision making. Data from the live databases are copied to the warehouse so that data can queried without reducing the performance (i.e., speed) or stability (i.e., reliability) of the live systems.

Answer 82

A

Data mining is searching the data warehouse to discover patterns and relationships in historical data.

Answer 83

A

These systems take the financial data from transaction processing systems and use it to produce financial statements and control reports for management (e.g. accounts receivable aging analysis, product cost reports, etc.). AIS are a subset of MISs.

Answer 84

A

A subset of decision support systems (DSS) especially designed for forecasting and making long-range, strategic decisions. As such, they have a greater emphasis on external data. Sometimes called “DSS for dummies.”

Answer 85

A

An office automation system (OAS) is similar to a knowledge work system but supports clerical-level employees. For example, an OAS system might support the clerical staff in a public accounting firm.

Answer 86

A

Systems designed to support routine management problems based primarily on data from transaction processing systems.

Answer 87

A

These systems provide information to mid- and upper-level management to assist them in managing nonroutine problems and in long-range planning. Unlike MISs, DSSs frequently include external data in addition to summarized information from the TPS and include significant analytical and statistical capabilities.

Answer 88

A

These systems process large amounts of data to find relationships and patterns.

Answer 89

A

Knowledge work systems facilitate the work activities of professional-level employees (engineers, accountants, attorneys, etc.) by providing information relevant to their day-to-day activities (e.g., how the company has handled specific types of audit exceptions) and/or by automating some of their routine functions (e.g., computer-aided systems engineering [CASE] packages used by programmers to automated some programming functions).

Answer 90

A

This system incorporates data warehouse and data mining capabilities into an ERP system.

Answer 91

A

Creating cloud-based software and programs Salesforce.com’s Force.com is an example of PaaS.

Answer 92

A

These systems provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ERPs attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions.

Answer 93

A

A cloud-based system is a virtual data pool that is created by contracting with a third-party data storage provider.

Answer 94

A

Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS.

Answer 95

A

Enterprise resource planning (ERP) modules that comprise the core business functions: sales, production, purchasing, payroll, financial reporting, etc. These functions collect the operational data for the organization and provide the fundamental motivation for the purchase of an ERP.

Answer 96

A

It is the capacity of a system to grow with an organization.

Answer 97

A

Use of the cloud to access virtual hardware, such as computers and storage. Examples include Amazon Web Services and Carbonite.

Answer 98

A

Attempts to ensure that the right information is available at the right time to the right user. A variety of practices attempt to electronically capture and disseminate information throughout the organization. Knowledge management practices seek specific outcomes, including shared intelligence, improved performance, competitive advantage, and more innovation.

Answer 99

A

A database designed to archive an organization’s operational transactions (sales, purchases, production, payroll, etc.) over a period of years. External data that might be correlated with these transactions such as economic indicators, stock prices, exchange rates, market share, political issues, weather conditions, etc. can also be incorporated into the data warehouse. Data mining techniques can then be used to identify patterns and relationships among the data elements.

Answer 100

A

A computer program that contains subject-specific knowledge derived from experts. The system consists of a set of rules that are used to analyze information provided by the user of the system. Based on the information provided, the system recommends a course of action.

Answer 101

A

A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments. Companies often support multiple data marts within their organization.

Answer 102

A

Early information technology systems used flat file technology. Flat files are characterized by independent programs and data sets, high degrees of data redundancy, and difficulty in achieving cross functional reporting.

Answer 103

A

Concept associated with data warehouses. The ability to move from summary information to more granular information (i.e. viewing an accounts receivable customer balance and drilling down to the invoices and payments which resulted in that balance).

Answer 104

A

A component of a knowledge management system. A special type of database designed for retrieval of knowledge. It provides the means to collect and organize the information and develop relationships among information components.

Answer 105

A

The ability to view a single data item in multiple dimensions; for example, the sale of VCRs might be viewed by product, by region, by time period, by company, etc.

Answer 106

A

Implementation of a new systems where the new system and the old system are run concurrently until it is clear that the new system is working properly.

Answer 107

A

Stage 5 of the systems development lifecycle (SDLC) process. The system is evaluated to determine whether it meets the specifications identified in the requirements definition.

Answer 108

A

Implementation of a new system where the system is divided into modules that are brought online one or two at a time.

Answer 109

A

Stage 1 of the systems development lifecycle (SDLC) process. When an application proposal is submitted for consideration, it is evaluated from three respects: Technical, Economic, and Operational feasibility.

Answer 110

A

The manager of the programming team: Usually responsible for all direct contact with the end user; Often responsible for developing the overall programming logic and functionality.

Answer 111

A

The team of programmers who, under direction of the lead analyst are responsible for writing and testing the program.

Answer 112

A

Stage 6 of the systems development lifecycle (SDLC) process. Before the new system is moved into production, existing data must be often be converted to the new system format and users must be trained on the new system; implementation of the new system may occur in one of four ways.

Answer 113

A

In relation to systems development, the employees who will use the program to accomplish their tasks. Responsible for identifying the problem to be addressed and approving the proposed solution to the problem.

Answer 114

A

Stage 2 of the systems development lifecycle (SDLC) process. During this phase the systems analysts work with end users to understand the business process and document the requirements of the system; the collaboration of IT personnel and end users to define the system is known as joint application development (JAD).

Answer 115

A

Stage 7 of the systems development lifecycle (SDLC) process. Monitoring the system to ensure that it is working properly and updating the programs and/or procedures to reflect changing needs and requirements.

Answer 116

A

Members of the committee are selected from functional areas across the organization, including the IT department; the committee’s principal duty is to approve and prioritize systems proposals for development.

Answer 117

A

Stage 4 of the systems development lifecycle (SDLC) process. During this phase, programmers use the systems design specifications to develop the program and data files.

Answer 118

A

Implementation of a new system where the old system is dropped and the new system put in place all at once.

Answer 119

A

Stage 3 of the systems development lifecycle (SDLC) process. In the design phase, the technical specifications of the system are established; the design specification has two primary components: Technical architecture specification, creation of a systems model.

Answer 120

A

Implementation of a new system similar to phased implementation, except rather than dividing the system into modules, the users are divided into smaller groups and are trained on the new system one group at a time.

Answer 121

A

Widely used international standard for identifying best practices in IT security and control. Provides management with an information technology (IT) governance model that helps in delivering value from IT processes and in understanding and managing the risks associated with IT.

Answer 122

A

Computer operators (and systems programmers, though their access should be limited to times when they need to update systems hardware or software).

Answer 123

A

Responsible for operating the computer: loading program and data files, running the programs, and producing output. Computer operators should not enter data into the system or reconcile control totals for the data they process. (That job belongs to Data Control.)

Answer 124

A

Files and data that are not online are usually stored in a secure environment called the File Library. The File Librarian is responsible for maintaining control over the files, checking them in and out only as necessary to support scheduled jobs. The file librarian should not have access to any of the operating equipment or data (unless it has been checked into the library).

Answer 125

A

Systems analysts and application programmers.

Answer 126

A

Database administrator, network administrator, and web administrators are responsible for management activities associated with the system they control. For example, they grant access to their system resources, usually by means of user names and passwords. System administrators, by virtue of the influence they wield, must not be permitted to participate directly in operations of these systems.

Answer 127

A

This department is responsible for the day-to-day operations of the computer system including receipt of batch input to the system, conversion of the data to electronic media, scheduling computer activities, running programs, etc.

Answer 128

A

A personnel policy. Clear procedures should guide employee departures, regardless of whether the departure is voluntary or involuntary; it is especially important to be careful and thorough when dealing with involuntary terminations of IT personnel. In involuntary terminations, the employee’s username and keycard should be disabled prior to notification of the termination in order to prevent any attempt to destroy company property. After notification of termination, the terminated employee should be accompanied at all times until escorted out of the building.

Answer 129

A

Maintain the various operating systems and related hardware. For example, they are responsible for updating the system for new software releases and installing new hardware. Because their jobs require that they be in direct contact with the production programs and data, it is imperative that they are not permitted to have access to information about application programs or data files.

Answer 130

A

They work under the direction of the systems analyst to write the actual programs that process data and produce reports.

Answer 131

A

A personnel policy. Applicants should complete detailed employment applications and formal, in-depth employment interviews prior to hiring. When appropriate, specific education and experience standards should be imposed. All applicants should undergo thorough background checks and verification of academic degrees, work experience, and professional certifications, as well as searches for any criminal records.

Answer 132

A

For systems that still use manual data entry (which is becoming rare), this function keys (enters) handwritten or printed records to convert them into electronic media. The data entry clerk should not be responsible for reconciling batch totals, and should not be able to run programs, or access system output, or having any involvement in application development and programming.

Answer 133

A

A personnel policy. Employees should be evaluated on a regular basis. The evaluation process should provide clear feedback on the employee’s overall performance as well as specific strengths and weaknesses. To the extent that there are weaknesses, it is important to provide guidance on how performance can be improved.

Answer 134

A

This IT position controls the flow of documents into and out of Computer Operations; for batch processing, schedules batches through data entry and editing, monitors processing, and ensures that batch totals are reconciled. Data control should not access the data, equipment, or programs. This position is called “quality assurance” in some organizations.

Answer 135

A

Applications Development 2. Systems Administration and Programming 3. Computer Operations

Answer 136

A

A set of techniques used by attackers to fool employees into giving them access to information resources.

Answer 137

A

This logically restricts the ability of the user to read, write, update, and/or delete records in a file.

Answer 138

A

Such systems are required in IT operations. Need to be appropriate for electrical fires (halon or a similar chemical suppressor - not water!). Should be periodically inspected.

Answer 139

A

Physically prevent the media from being overwritten.

Answer 140

A

Descriptive information stored at the beginning and end of a file that identifies the file, the number of records in the file, and provides data enabling detection of processing errors.

Answer 141

A

A tag placed on data storage media (floppy disks, magnetic tape, CDs, etc.) designed to prevent inadvertent use of the wrong file.

Answer 142

A

A technique used to maintain redundant backup copies (three “generations”) of data files; backup files are used to recover from systems failures in which data files are destroyed.

Answer 143

A

A method of backup consisting of the maintenance of an exact copy of a data set to provide multiple sources of the same information. Mirrored sites are most frequently used in e-commerce for load balancing - distributing excess demand from the primary site to the mirrored.

Answer 144

A

A service that provides users with an online system for backing up and storing computer files. Remote backup has several advantages over traditional backup methodologies: the task of creating and maintaining backup files is removed from the IT department’s responsibilities; the backups are maintained off site; some services can operate continuously, backing up each transaction as it occurs.

Answer 145

A

A method of backup that can be used to replicate data from multiple sites. Data stored on a SAN is immediately available without the need to recover it. This enables a more effective disaster recovery process.

Answer 146

A

A backup and recovery system methodology that is common to online, real-time processing. All transactions are written to a transaction log when they are processed. Periodic “snapshots” are taken of the master file. when a problem is detected, the recovery manager program starts with the snapshot of the master file and reprocesses all transactions that have occurred since the snapshot was taken.

Answer 147

A

Common to batch processing, a checkpoint is a point in data processing where the accuracy of the processing can be verified. Backups are maintained during the update process so that, if a problem is detected, it is only necessary to return to the backup at the previous checkpoint instead of returning to the beginning of transaction processing.

Answer 148

A

A physical characteristic is used to gain access instead of a password. Common choices for biometric controls include fingerprint or thumbprint, retina patterns, and voice print patterns. Biometric controls can be very reliable, but generally require special input equipment.

Answer 149

A

They verify that data was written correctly to disk by reading what was just written and comparing it to the source.

Answer 150

A

Controls built into the computer equipment to ensure that data is transmitted and processed accurately.

Answer 151

A

Includes (1) devices which provide “one-time” passwords that must be input by the user and (2) “smart cards” that contain additional user identification information and must be read by an input device.

Answer 152

A

Deceptive requests for information delivered via email.

Answer 153

A

When multiple programs and/or users are running simultaneously and sharing the same resource (usually the primary memory of a CPU), boundary protection protects program instructions and data from one program from being overwritten by program instructions and/or data from another program.

Answer 154

A

They verify that transmission between devices is accurate by “echoing back” the received transmission from the receiving device to the sending unit.

Answer 155

A

Used to strengthen the standard password by requiring access to a physical device which displays a new “one-time password” every 30-60 seconds. The “one time” password is derived from an algorithm which usually involves the date and time. The user enters this password along with the traditional user name and password. Once received, the computer independently recalculates the “password.” If the entered value and computed value are the same, the computer then recognizes the individual.

Answer 156

A

An example of a check digit. A 0 or 1 included in a byte of information which makes the sum of bits either odd or even.

Answer 157

A

Since all authentication techniques are individually subject to failure, many organizations require multi-factor authentication procedures - the use of several separate authentication procedures at one time (e.g., user name, password, one-time password and fingerprint). Redundant authentication procedures significantly enhance the authentication process.

Answer 158

A

These have identification information embedded on a magnetic strip on the card and require the use of additional hardware (a card reader) to read the data into the system. Depending on the system, the user may only need to swipe the card to log onto the system, or may need to key in other information in order to log on.

Answer 159

A

Control electronic access to data via internal and external networks.

Answer 160

A

At least eight characters long; uses both upper and lower case letters; uses at least one numeral; uses at least one special character; is subject to a policy that requires changing at least once a year.

Answer 161

A

Program utilities that check the internal operations of hardware components.

Answer 162

A

Overviews the program and data files, processing logic and interactions with other programs and systems; often includes narrative descriptions, flowcharts and data flow diagrams; used primarily by systems developers; can be useful to auditors.

Answer 163

A

In large computer systems, operator documentation provides information necessary to execute the program such as the required equipment, data files and computer supplies, execution commands, error messages, verification procedures and expected output. It is used exclusively by the computer operators.

Answer 164

A

A type of documentation that depicts logical relationships of a processing system by identifying the decision points and processing alternatives.

Answer 165

A

Library of source code computer programs.

Answer 166

A

A detailed analysis of the input data, the program logic, and the data output. It consists of program flowcharts, source code listings, record layouts, etc. It is used primarily by programmers. Program documentation is an important resource if the original programmer is not available and there are questions about the program.

Answer 167

A

System for managing process of moving programs from development to production and the reverse.

Answer 168

A

This describes the system from the point of view of the end user. It provides instructions on how and when to submit data and request reports, procedures for verifying the accuracy of the data, and correcting errors.

Answer 169

A

Totals of a field, usually an account code field, for which the total has no logical meaning, such as a total of customer account numbers in a batch of invoices.

Answer 170

A

Validate both upper and lower limits; for example, the price per gallon cannot be less than $4.00 or greater than $10.00.

Answer 171

A

Checks to see that data in two or more fields is consistent. For example, a Rate of Pay value of “$3,500” and a Pay Period value of “Hourly” may both be valid values for the fields when the fields are viewed independently. However, the combination (an hourly pay rate of $3,500) is not valid.

Answer 172

A

A control objective. All transactions have been captured; there are no missing transactions.

Answer 173

A

Count of the number of documents in a batch or the number of lines on the documents in a batch.

Answer 174

A

Pre-supplied data values for a field when that value can be reasonably predicted. For example, when entering sales data, the sales order date is usually the current date;. Fields using default values generate fewer errors than other fields.

Answer 175

A

Ensure that the transactions entered into the system meet the control objectives of validity, completeness, and accuracy.

Answer 176

A

Use of automated equipment, such as bar code scanners, to reduce the amount of manual data entry . Reducing human involvement reduces the number of errors in the system.

Answer 177

A

Verifies that all items in a numerical sequence (check numbers, invoice numbers, etc.) are present. It is the most commonly used control for processing completeness.

Answer 178

A

Totals of a currency field that result in meaningful totals, such as the dollar amounts of checks. (Note that the total of the hourly rates of pay for all employees is not a financial total because the summation is not meaningful.)

Answer 179

A

The simplest type of test available: checks only to see that something has been entered into the field.

Answer 180

A

Check to see that a numeric field does not exceed a specified value; for example, the number of hours worked per week isn’t greater than 60. There are several variations of limit tests.

Answer 181

A

Verify that numeric data has the appropriate sign (positive or negative); for example, the quantity purchased cannot be negative.

Answer 182

A

The re-keying of critical data in the transaction, followed by a comparison of the two keyings. For example, in a batch environment, one operator keys in all of the data for the transactions and a second operator re-keys all of the account codes and amounts. The computer compares the results and reports any differences. Key verification is generally found in batch systems, but can be used in online real-time environments as well. (Consider the process required to change a password: enter the old password, enter the new password, and then re-enter the new password.)

Answer 183

A

Verifies that the data entered is of an acceptable type - alphabetic, numeric, a certain number of characters, etc.

Answer 184

A

Manually calculated totals of various fields of the documents in a batch. Batch totals are compared to computer-calculated totals and are used to ensure the accuracy and completeness of data entry. Batch control totals are available, of course, only for batch processing systems.

Answer 185

A

A control objective. All transactions are appropriately authorized; no fictitious transactions are present; no duplicate transactions are included.

Answer 186

A

A control objective. All data has been correctly transcribed, all account codes are valid; all data fields are present; all data values are appropriate.

Answer 187

A

These reduce the likelihood of data entry errors by organizing input data in a logical manner. When the position and alignment of data fields on a data entry screens matches the organization of the fields on the source document, data entry is faster and there are fewer errors.

Answer 188

A

Designed to ensure that each account code entered into the system is both valid and correct. The check digit is a number that is created by applying an arithmetic algorithm to the digits of a number, for example, a customer’s account number. The algorithm yields a single digit that is appended to the end of the code. Whenever the account code (including check digit) is entered, the computer recalculates the check digit and compares the calculated check digit to the digit entered. If the digits fail to match, there is an error in the code and processing is halted.

Answer 189

A

This helps ensure that a valid and correct account code has been entered. After the code is entered, this system looks up and displays additional information about the selected code. For example, the operator enters a customer code and the system displays the customer’s name and address. This technique is only available in online real-time systems.

Answer 190

A

Checks to make sure that each account code entered into the system is a valid (existing) code. This control does not ensure that the code is correct, merely that it exists.

Answer 191

A

These controls ensure that computer reports are accurate and are distributed only as authorized.

Answer 192

A

Controls that are designed to ensure that master file updates are completed accurately and completely. They also serve to detect unauthorized transactions entered into the system and maintain data integrity.

Answer 193

A

Data control is responsible for ensuring that reports are maintained in a secure environment prior to distribution and that only authorized recipients receive the reports. A Distribution Log is generally maintained to record transfer of the reports to the recipients.

Answer 194

A

Jobs sent to a printer that cannot be printed immediately are spooled - stored temporarily on disk - while waiting to be printed. Access to this temporary storage must be controlled in order to prevent unauthorized access to the files.

Answer 195

A

Reports are sometimes damaged during the printing or bursting (separation of continuous feed paper along perforation lines) process. Since the damaged reports may contain sensitive data, they should be disposed of using secure disposal techniques.

Answer 196

A

Each transaction is written to a transaction log as it is processed. The transaction logs become an electronic audit trail that allows the transaction to be traced through each stage of processing. Electronic transaction logs constitute the principal audit trail for online, real-time systems.

Answer 197

A

These use batch figures to monitor the batch as it moves from one programmed procedure (run) to another. Totals of processed transactions are reconciled to batch totals - any difference indicates an error.

Answer 198

A

These controls supplement the Information Systems department controls by independently performing checks of processing totals and reconciling report totals to separately maintained records.

Answer 199

A

Manually calculated totals of significant data fields in the documents of a batch; counts of the number of lines and/or documents in a batch. Control totals are reconciled to computer calculated totals and are used to ensure accuracy and completeness of data entry.

Answer 200

A

Masquerading occurs when an attacker identifies an IP address (usually through packet sniffing) and then attempts to use that address to gain access to the network. If the masquerade is successful, the hacker has hijacked the session: gained access to the session under the guise of another user.

Answer 201

A

The capacity of a password to resist attempts to learn or “crack” it, typically by the use of nefarious automated password cracking software.

Answer 202

A

Programs that exploit system and user vulnerabilities to gain access to the computer. There are many types of malware.

Answer 203

A

Similar to viruses except that worms attempt to replicate themselves across multiple computer systems. They generally try to accomplish this by activating the system’s email client and sending multiple emails.

Answer 204

A

A malicious program that is hidden inside a seemingly benign file.

Answer 205

A

Once a user name has been identified, password cracking software can be used to generate a large number of potential passwords and use them to try to gain access.

Answer 206

A

An unauthorized program which is planted in the system. The logic bomb lies dormant until the occurrence of a specified event or time (e.g., a specific date, the elimination of an employee from “active employee” status, etc.).

Answer 207

A

Programs called packet sniffers capture packets of data as they move across a computer network. Packet sniffing has legitimate uses to monitor network performance or troubleshoot problems with network communications. However, it is often used by hackers to capture user names and passwords, IP addresses, and other information that can help the hacker break into the network. Packet sniffing a computer network is similar to wire tapping a phone line.

Answer 208

A

A software program that allows an unauthorized user to gain access to the system by side-stepping the normal logon procedures;. Back doors were once commonly used by programmers to facilitate access to systems under development.

Answer 209

A

A firewall consists of hardware, or software, or both, that help detect security problems and enforce security policies on a computer system. A firewall is like a door with a lock for a computer system. There are multiple types, and levels, of firewalls.

Answer 210

A

An unauthorized program, usually introduced through an email attachment, which copies itself to files in the users system. These programs may actively damage data, or they may be benign.

Answer 211

A

Some attackers threaten the system by attempting to prevent legitimate users from gaining access to the system. These attacks, called denial of service attacks, are perpetrated by flooding the server with incomplete access requests.

Answer 212

A

Sensitive data sent via the internet is usually secured by one of two encryption protocols: SSL (Secure Sockets Layer) or S-HTTP (Secure Hypertext Transport Protocol).

Answer 213

A

The process of coding data so that it cannot be understood without the correct decryption algorithm.

Answer 214

A

This method uses a single algorithm to encrypt and decrypt the text. The sender uses the encryption algorithm to create the ciphertext and sends the encrypted text to the recipient. The sender must let the recipient know which algorithm was used to encrypt the text. The recipient then uses the same algorithm (essentially running it in reverse) to decrypt the text.

Answer 215

A

This method uses public/private key pair technology to provide authentication of the sender and verification of the content of the message. The authentication process is based on the private key: because the private key is known only to the user, it can be used as a means of identifying the sender. The weakness in digital signatures is that the public/private key pair can be acquired without verifying the identity of the applicant/sender.

Answer 216

A

This protocol is used by the merchant intermediary to securely transmit the payment information and to authenticate the identities of the trading partners.

Answer 217

A

This method uses two paired encryption algorithms to encrypt and decrypt the text: if the public key is used to encrypt the text, the private key must be used to decrypt the text. Conversely, if the private key is used to encrypt the text, the public key must be used to decrypt the text.

Answer 218

A

Text that can be read and understood.

Answer 219

A

For transactions that require a high degree of assurance, a digital certificate provides legally recognized electronic identification of the sender, and verifies the integrity of message content. The certificate is based on public/private key technology just like the digital signature. The difference is that the holder of the certificate must submit identification when requesting the certificate and the certificate authority completes a background check to verify the identity before issuing the certificate.

Answer 220

A

Text that has been mathematically scrambled so that its meaning cannot be determined.

Answer 221

A

A business impact analysis (BIA) identifies the maximum tolerable interruption periods of an organization by function and activity as a part of assessing risk importance and consequences.

Answer 222

A

A location to which the business can relocate after a disaster. The location is already stocked with computer hardware similar to that of the original site, but does not contain backed up copies of data and information.

Answer 223

A

An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization.

Answer 224

A

Business (or organizational) continuity management (sometimes abbreviated BCM) is the process of planning for disasters and embedding this plan in an organization’s culture. This is sometimes also called business continuity planning.

Answer 225

A

An off-site location that is completely equipped to immediately take over the company’s data processing. All equipment plus backup copies of essential data files and programs are also usually maintained at this location. It enables the business to relocate with minimal losses to normal operations - typically within a few hours. A hot site is one of the most expensive facilities to maintain.

Answer 226

A

A carefully selected team that responds quickly and follows an established protocol for identifying, investigating, and recovering from a disaster.

Answer 227

A

DRPs enable organizations to recover from disasters in order to enable continuing operations. DRP processes include maintaining program and data files, and enabling transaction processing facilities. In addition to backup data files, DRPs must identify mission-critical tasks and ensure that processing for these tasks can continue with virtually no interruptions.

Answer 228

A

Permitting a user to view, but not change, a file.

Answer 229

A

Transportable computing devices. That is, computing devices that can be carried from place to place.

Answer 230

A

Organizational policies, password maintenance and protection, when and how to use mobile devices, procedures for lost or stolen devices.

Answer 231

A

An app that collects and transmits user data to a third party.

Brainscape's Knowledge GenomeTM

Information Systems & Communications Flashcards

Brainscape's Knowledge Genome^TM