Information Technology (17%) Flashcards

Question 1

Q

Cloud Based Systems Applications

IaaS
PaaS
SaaS

Answer

A

Infrastructure as a service - use cloud to access virtual hardware such as computers and storage.
Platform as a service - creating cloud-based software and programs.
Software as a service - remote access to software. Office 365 is an example of SaaS.

Question 2

Q

An Enterprise Resource Planning (ERP) system’s main purpose is to?

Answer

A

Integrate data from all aspects of an organization’s activities. An ERP system is a comprehensive system that integrates all business processes.

Question 3

Q

Organizational Structure of a Segregated IT Department (ASC)

Answer

A

ASC functions must be strictly segregated!

Applications Development
Systems Administration and Programming
Computer Operations

Question 4

Q

Functions in these three areas should be strictly segregated. (This is a bit like the “cannibals and missionaries” problem from computer science and artificial intelligence.) In particular:

Computer operators and data entry personnel – Should never be allowed to?
Systems programmers – Should never have?
Data administrators – Should never have?
Application programmers and systems analysts – Should not?
Application programmers and systems analysts – Should not?

Answer

A

Computer operators and data entry personnel – Should never be allowed to act as programmers.
Systems programmers – Should never have access to application program documentation.
Data administrators – Should never have access to computer operations (“live” data).
Application programmers and systems analysts – Should not have access to computer operations (“live” data).
Application programmers and systems analysts – Should not control access to data, programs, or computer resources.

Question 5

Q

Data Conversion occurs at this stage:

Answer

A

Implementation - The process of moving from the old to the new system occurs at this stage.

Question 6

Q

At this stage, we purchase hardware:

Answer

A

Design and Development - Technical architecture specification and a systems model occur at the design stage. During development, programmers use the design specifications to develop the program and data files.

Question 7

Q

The requirements definition document is signed at this stage:

Answer

A

Analysis - Systems analysts work with end users to understand and document business processes and system requirements at this stage. All parties sign off on the requirements definition to signify their agreement with the projects goals and processes at this stage.

Question 8

Q

General Controls in an IT Environment

Answer

A

Personnel Policies: provides for proper SOD and use of computerized accounts that provide users with passwords, etc. to prevent unauthorized access.
File Security Policies: safeguard files from accidental or intentional errors or abuse.
- External/Internal file labels
- Backups of critical files
- Lockout procedures
- File Protection
Hardware Controls: built into computer equipment to ensure proper functioning.
- Parity Checks - verifies all bytes of data are stored as an even number of bits
- Echo Checks - data that is transmitted is then sent back to verify that it was received correctly.

Question 9

Q

The following controls are what type of controls?

Missing Data Check
Field Check
Limit Test (Range and Sign)
Valid Code Test
Check Digit
Reasonableness Check
Sequence Check
Key Verification
Closed Loop Verification
Batch Control Totals (See card)
Default Values
Automated Data Capture

Answer

A

Input Controls - control over data entry and data origination process

Question 10

Q

Input Controls - Batch Control Totals

Answer

A

Record Count - total number of entries made (i.e. total number of employees entered into a payroll program)
Financial Totals - sum of a column of numbers expressed in dollar form (such as total value of all of the checks)
Non-Financial totals - meaningful sum of a column of numbers expressed in some type of unit other than dollars.
Hash Totals - meaningless sum of a column of numbers (such as the sum of employee ID numbers)

Question 11

Q

File Types

Answer

A

Master File - updated by postings to transaction files
- Standing Data - part of Master file, consists of infrequently changing master files (fixed assets, supplier names, etc.)
Detail File - a file listing a group of transactions that can be used to update the master file.

Question 12

Q

File Controls

Answer

A

Parity Check - A zero or one included in a byte of information that makes the sum of bits either odd or even. A parity check is designed to detect errors in data transmission.
Read after write check
Echo check - verifies transmission between devices by echoing back.
Error reporting and resolution
Boundary protection - computer “traffic cop.”
Internal labels (header and trailer)
External labels
Version control
File access and updating controls

Question 13

Q

Output Controls

Answer

A

Ensure that computer reports are accurate and are distributed only as authorized.

Spooling - docs sent to printer that cannot be immediately printed are stored to a disk.
Disposal of aborted print jobs
Disruption of reports
End user (one-to-one checking)
Logging and archiving of forms
Record retention and disposal

Question 14

Q

E-Business vs. E-Commerce

Answer

A

E-Business is a generic name for any business process that relies on electronic dissemination of information or on automated transaction processing.

E-Commerce is a narrower term used to refer to transactions between the organization and its trading partners.

Question 15

Q

Types of E-Commerce

(remember that a requisite for EC is the trust between two parties conducting the transaction(s))

Answer

A

Business-to-business (B2B) - Involves electronic processing of transactions between businesses and includes electronic data interchange (EDI), supply chain management (SCM) and electronic funds transfer (EFT).

Business-to-consumer (B2C) - Involves selling goods and services directly to consumers, almost always using the Internet and web-based technology. B2C e-commerce relies heavily on intermediaries or brokers to facilitate the sales transaction.

Business-to-employee (B2E) - Involves the use of web-based technology to share information with, and interact, with an organization’s employees, e.g., through portals and intranets.

Business-to-government (B2G) - Involves the growing use of web-based technologies to provide, and support, governmental units, e.g., providing property tax data online, paying parking tickets online, online contract bidding.

Question 16

Q

E-Commerce Risks

Answer

A

Using EC Risks

System Availibility / Security / Confidentiality
Authentication
Nonrepudiation
Integrity

Not Using EC Risks

Customers find online prices are cheaper
Limited Growth
Limited markets exposure

Question 17

Q

E-Commerce Applications

Answer

A

Customer Relationship Management (CRM) - used to manage relationships with clients, store information about existing and potential customers, etc.
Electronic Data Interchange (EDI) - computer to computer exchange of business data (purchase orders, confirmations, invoices, etc.). EDI reduces handling costs and speeds transaction processing vs. traditional paper processing.
Electronic Funds Transfer (EFT)
Supply Chain Management (SCM) - Supply chain management incorporates all activities from the purchase and storage of raw materials, through the production process into finished goods through to the point-of-consumption.
Computer Networks - essencial to e-business, e-commerce and social computing.

Question 18

Q

Electronic Data Interchange (EDI)

Answer

A

EDI requires that all transactions be submitted in a specified format.
- Translation software is required to convert data between transactions and EDI formats.
- The most common specification in the United States is the American National Standards Institute format ANSI X.12; internationally, the United Nations EDI for Administration, Commerce and Transport (UN/EDIFACT) format is the dominant standard.
EDI can be implemented using direct links between the trading partners, through communication intermediaries (called “service bureaus”), through value-added networks (VANs), or over the Internet.
- The well-established audit trails, controls, and security provided for EDI transactions by VAN are the principal reasons for their continued popularity.

Question 19

Q

EDI Costs

Answer

A

Costs of Change - Costs associated with locating new business partners who support EDI processing; legal costs associated with modifying and negotiating trading contracts with new and existing business partners and with the communications provider; costs of changing internal policies and procedures to support the new processing model (process reengineering) and employee training.
Hardware costs
Costs of translation software
Costs of data transmission
Costs of security, audit and control procedures

Question 20

Q

What below is not an EFT?

Direct deposit of payroll payments into the employee’s bank account
Cash Cards
Automated teller machine (ATM) transactions
Credit card payment initiated from Point-of-Sale (POS) terminal

Answer

A

Cash Cards

Cash cards do not involve bank clearing processes and are not considered to be EFT transactions.

Question 21

Q

System Types by Activity

Answer

A

Operational Systems - supports day-to-day activities of business operations
- Transaction processing systems (TPS)
- Process financial and non-financial transactions
- Generate debit and credit entries
Management Information Systems (MIS) - see card
Decision Support Systems (DSS) - see card
Knowledge Work Systems
ERP Systems - entire lesson on this one

Question 22

Q

MIS (Internal Data)

Answer

A

Management Information Systems - systems designed to support routine management problems based primarily on data from transaction processing systems.

MISs take planning information (budgets, forecasts, etc.) data and compare it to actual results in periodic management reports (summary reports, variance reports, and exception reports).
Accounting information systems (AISs) – AISs take the financial data from transaction processing systems and use it to produce financial statements and control reports for management (e.g., accounts receivable aging analysis, product cost reports, etc.); AISs are a subset of MISs.

Question 23

Q

DSS (External Data)

Answer

A

Decision Support Systems

Unlike MISs, DSSs frequently include external data in addition to summarized information from the TPS and include significant analytical and statistical capabilities.
Data driven DSSs such as Data Warehousing and Data Mining systems are common examples of data-driven DSSs.
Model-driven DSS - used to predict outcomes for management.
Executive support systems (ESSs) or strategic support systems (SSSs) - especially designed for forecasting and LRP’s.

Question 24

Q

DSS vs. ESS

Answer

A

Executive Support Systems are:

are a subset of DSS that are especially designed for forecasting and making long-range, strategic decisions, and they place greater emphasis on external data.

Question 25

Q

A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments is known as:

Answer

A

Data Mart - focused on a particular market or purpose and contains only information specific to that objective. (TI’s Finance Data Mart)

Question 26

Q

Which of the following is true in regard to data warehouses?

I. The bulk of the data found in a data warehouse comprises historical operational data.

II. Pattern recognition is one of the principal functionalities offered by data mining software.

Answer

A

Both are TRUE

Question 27

Q

What is a useful control (i.e., restriction) on the ability of mobile devices to make changes in data?

Answer

A

View Only Access

Question 28

Q

Which of the following statements is true regarding small business computing?

A. Independent third-party review is especially important.
B. Backup procedures are important.
C. Additional supervision of computing may be necessary.
D. All of the above.

Answer

A

All of the above

Question 29

Q

Data Structure Hierarchy

Answer

A

Database is composed of many =
- Files are composed of many =
  - Records are composed of multiple =
    - Fields are composed of =
      - Characters are made of =
        Bytes (8 bits) are composed of =
        Bits = an individual 0 or 1

Question 30

Q

Programming Languages

Answer

A

All software is created using programming languages.

High level general purpose = C programming language
Object oriented language used to design software = C++
Integrated development environments = Java, templates that automatically generate code.
Tagging language typically used for the internet = HTLM (Hypertext Markup Language)
Script languages that add funtionality to web pages = PERL or Python
Low level languages = assembler or machine (computer instructions)

Question 31

Q

DBMS Languages

Answer

A

Data Definition Language (DDL) = allows the definition of tables and fields and relationships among tables. Uses meta-data.
Data Manipulation Language (DML) = allows the user to add new records, delete old records and udpate existing records.
Data Query Language (DQL) = allows user to extract information from the database:
- Structured Query Language (SQL) = most relational databases use SQBL to extract data. (text approach)
- Query-By-Example (QBE) = drag and drop fields (graphic approach)

Question 32

Q

Field (Attribute) Definition

Answer

A

A logical group of bytes. Identifies a characteristic or attribute of an entity.

Customer name
Customer address
Customer number

Question 33

Q

Record Definition

Answer

A

Group of related fields (or attributes). Describes a:

Specific invoice
particular customer
individual product

Question 34

Q

File Definition

Answer

A

Collection of related records for multiple entities.

Invoice file
Customer file
Product file

Question 35

Q

Types of Software

Answer

A

System Software or Application Software

Systems Software - programs that run computer and support system management (operating system is most important, i.e. Windows, Mac OS X)
Application Software - end-user programs

Question 36

Q

Database Management System (DBMS)

Answer

A

“Middle-ware” Program that functions between the application software and the operating system. DBMS manages the database.

Question 37

Q

Central Processing System (CPU)

Answer

A

Control center of the computer system. 3 Principal Components:

Control Unit
Arithmetic Logic Unit (ALU)
Primary Storage (memory)
1. Random Access Memory (RAM) - temporarily stores data while it is in process.
2. Read Only Memory (ROM) - semi-permanent data store for instructions that are closely linked to hardware. Hard to change.

Question 38

Q

Peripheral Devices: Input vs. Ouput

Answer

A

Input - instruct the CPU and supply data to be processed.
- keyboard, mouse, trackball
- touch-screen technology
- Point of sale (POS) scanners
Output - transfer data from processing unit to other formats
- Printers
- Plotters
- Monitors
- Flat-panel displays
- Cathode Ray Tube (CRT) displays

Question 39

Q

Manual Transaction Processing Steps

Answer

A

Enter Transaction on Source Document
Record SD chronoligically in a Journal
Copy to ledger(s) = Master Files
Prepare reports

Question 40

Q

Automated Transaction Processing Methodologies

Batch vs. OLRT

Answer

A

Batch

Groups new transactions by type and processes periodically in sequential order.
transaction and master files are sorted on a common key called sequential access files.

Disadvantages of Batch - not real time, systems is out of date, delays error detection.

Online Real Time Processing

Continuous and immediate processing
Simultaneous transaction entry and master file updating
Requires random access storage devices (i.e. magnetic disk)
Requires networked computer system

Disadvantages of OLRT - higher costs

Question 41

Q

POS Technology

Answer

A

Point of Sale

Scanners capure data from product bar codes
Computer system is integrated with electronic cash register
POS systems or terminals networked to central computer

Question 42

Q

A XXXX holds account and account balance information and is roughly equivalent to a ledger (or subsidiary ledger) in a manual system.

Answer

A

Master File

Question 43

Q

The potential for systemic errors is increased in what type of processing environment?

Answer

A

Computerized

note that clerical errors increase in a manual environment.

Question 44

Q

Node Defined

Answer

A

Any device connected to the network is a node:

Client - a node, typically a microcomputer used by end-users. The client uses network resources but does NOT supply resources to the network.
Server - a node dedicated to provided resources to the rest of the network. Servers are indirectly used by end-users.
Transmissions Media - communication link between nodes and the network. Can be wired or wireless media.

Question 45

Q

The multi-location system structure that is sometimes called the “Goldilocks” solution because it seeks to balance design trade offs is:

Answer

A

Distributed - a solution that is neither too centralized, nor too decentralized

Question 46

Q

Wired Communications Media

Answer

A

Copper or Twisted Pair

Used for phone connections
slowest, least secure and most subject to interference
least expensive

Coaxial Cable

similar to cable used for television. faster, more secure and less subject to interference than twisted pair.

Fiber Optics

Extremely fast and secure
based on light pulses instead of electrical impulses.
more expensive to purchase and install

Question 47

Q

Wireless Transmission Media

Answer

A

Microwave (Satellite) transmission - WAN’s primarily
Wi-Fi (spread spectrum radio) - both LAN’s and WAN’s
Bluetooth - same signal as Wi-Fi but consumes less power
Digital cellular - transmits data via cell network - WAN’s primarily

Question 48

Q

Types of Networks

Answer

A

Local Area Networks (LAN’s) = Smaller local area scope, i.e. schools in a school district. Uses dedicated (typically fiber optic) lines
Wide Area Networks (WAN’s) = National or International Scope, does not use dedicated lines.
Storage Area Networks (SAN’s) = variation of LAN’s that connects storage devices to servers.
Personal Area Networks (PAN’s) = home network

Question 49

Q

The Internet Defined

Answer

A

A global “network of networks.” The internet is a worldwide network that allows for virtually any computer system to link to it by way of an electronic gateway.

end-users are connected via ISP’s (internet service providers)
a markup or tagging language specifies how data will be processed
Protocols (see card)
Intranet (closed network) and Extranets (connects suppliers/customers to a business)

Question 50

Q

Internet Protocols

Answer

A

TCP/IP (Transmission Control Protocol / Internet Protocol)
- these are the two core network protocols that underlie the internet.
- HTTP (Hypertext Transfer Protocol) - a part of TCP/IP, the foundation protocol for data transmission on the internet.
- SMTP (Simple Mail Transfer Protocol) and IMAP (Internet Message Access Protocol), both of these protocols are for email services and are part of TCP/IP.

Question 51

Q

Packet-Switched Network

Answer

A

information is grouped into “packets” for transmission. TCP/IP is a packet-switched network protocol. The Internet is the world’s largest packet-switched network.

Question 52

Q

Intranet vs. Extranet

Answer

A

Intranet - available to only members of the organization and not the general public.

Extranet - an intranet that is opened up to permitted associates (typically company suppliers, customers, business partners, etc.)

For both, a user-name and password are required. These are not available to the general public.

Question 53

Q

Other Protocols

Answer

A

XML (Extensible Markup Language) - protocol for encoding documents for use on the internet.
- XBRL (Extensible Business Reporting Language) - XML based protocol for encoding and tagging business information. XBRL is specifically designed to exchange financial information over the World Wide Web.
HTML (Hypertext Markup Language) - core language for web pages.
FTP - file transfer applications
IM - instant messaging applications

Question 54

Q

Controls relating to program and data backup files and disaster recovery plans are:

Answer

A

Corrective controls: i.e., controls designed to help correct and recover from previously detected problems.

Question 55

Q

In general with regard to Backup and Restoration, are the below considered good or bad?

system backup
data redundancy

Answer

A

system backup is good; data redundancy is bad

Question 56

Q

Backup and Recovery Procedures: “Grandfather, Father, Son” System

Answer

A

A traditional term used to refer to a three-generation backup procedure: the “son” is the newest version of the file; the “father” is one generation back in time, the “grandfather” is two generations back in time;
Associated with batch processing in a magnetic tape environment where a new master file (the “son”) was created when the old master file (the “father”) was updated.

Question 57

Q

Backup and Recovery Procedures: Checkpoint and Restart

Answer

A

Common in batch processing systems, a checkpoint is a point in data processing where processing accuracy is verified; if a problem occurs, one returns to the previous checkpoint instead of returning to the beginning of transaction processing. This saves time and money.

Question 58

Q

Backup and Recovery Procedures: Rollback and Recovery

Answer

A

Common to online, real-time processing; all transactions are written to a transaction log when they are processed; periodic “snapshots” are taken of the master file; when a problem is detected the recovery manager program, starts with the snapshot of the master file and reprocesses all transactions that have occurred since the snapshot was taken.

Question 59

Q

Backup and Recovery Procedures: Network-based

Answer

A

Remote backup (online) - provided by outsourced service
RAID - redundant array of independent disks = multiple hard disks
Storage Area Networks (SANs)
Mirroring - maintaining an exact copy of a dataset
- mirroring is expensive but a highly reliable approach

Question 60

Q

What system enables a computer system to continue its intended operation, possibly at a reduced level, rather than failing completely, when some part of the system fails.

Answer

A

Fault-tolerant

Question 61

Q

Most large organizations use what to manage access control?

Answer

A

Most large organizations use logical access control software to manage access control. Functions of such systems include managing user profiles, assigning identifications and authentication procedures, logging system and user activities, establishing tables to set access privileges to match users to system resources and applications, and, log and event reporting. Hence, many of the functions and procedures described in this lesson are managed through logical access control software.

Question 62

Q

User Authorization: Security Token

Answer

A

Include devices that provide “one-time” passwords that must be input by the user and as well as “smart cards” that contain additional user identification information and must be read by an input device.

i.e. TI’s entrust app for iphones

Question 63

Q

Firewall Definition and Types

Answer

A

Electronic device that separates or isolates a network segment from the main network while maintaining the connection between networks?

Network
- Filters data packets based on header information (source and destination IP addresses and communication port)
- Network firewalls perform relatively low-level filtering capabilities
Application
- Inspects packet contents
- Can perform deep packet inspection
- application firewalls have the ability to do much more sophisticated checks and provide much better control.
Personal

Question 64

Q

Physical Location Controls

remember these are mostly General and Preventative controls

Answer

A

Climate Control
Environment threat detectors (smoke, fire, water, etc.)
Fire suppression systems
Backup power systems should be adequate

Answer 65

A

Social engineering - Methods used by attackers to fool employees into giving the attackers access to information resources. One form of social engineering concerns physical system access:

In piggybacking an unauthorized user slips into a restricted area with an authorized user, following the authorized user’s entry.

Answer 66

A

Halon, because it is an environmental hazard.

Answer 67

A

Two types: (exam will use both terms)

Single key encryption (symmetric)
Public/Private encryption (asymmetric) - public key (maintained by the CA (Certificate Authority) is available to general public , the individual user maintains the private key.
- If you want to send an encrypted message, you encrypt your message with the recipients public key. Only the intended user, the recipient, has the private key that is necessary to decrypt the information.
- Both public/private can encrypt and decrypt, but you need one of each to encrypt and decrypt each time.

Answer 68

A

The encryption algorithm is the function or formula that encrypts and decrypts (by reversal) the data.
The encryption key is the parameter or input into the encryption algorithm that makes the encryption unique. The reader must have the key to decrypt the ciphertext.
Key length is a determinant of strength. Longer keys are harder to decrypt.

Answer 69

A

Symmetric Encryption

Fast, simple, easy and less secure than asymmetric encryption.
More often used in data stores (i.e., data at rest) since only one party then needs the single algorithm and key.
Also called single-key encryption, symmetric encryption uses a single algorithm to encrypt and decrypt.

Asymmetric Encryption

Safer but more complicated than symmetric encryption.
More often used with data-in-motion.
Also called public/private-key encryption.
Uses two paired encryption algorithms to encrypt and decrypt.
If the public key is used to encrypt, the private key must be used to decrypt; conversely, if the private key is used to encrypt, the public key must be used to decrypt.
To acquire a public/private key pair, the user applies to a certificate authority (CA)

Quantum Encryption

Quantum mechanics from physics is emerging as a technology that may revolutionize computing encryption. It uses the physical properties of light (photons) to generate seemingly uncrackable codes.

Answer 70

A

High certainty regarding the identity of the trading partners and the reliability of the transaction data. Electronic identification methodologies and secure transmission technology are designed to provide such an environment.

Answer 71

A

Digital Signatures
- An electronic means of identifying a person or entity.
- Use public/private key pair technology to provide authentication of the sender and verification of the content of the message.
- Vulnerable to man-in-the-middle attacks in which the sender’s private and public key are faked.
Digital Certificates (more secure than DS’s)
- For transactions requiring a high degree of assurance, a digital certificate provides legally recognized electronic identification of the sender, and, verifies the integrity of the message content.
- Based on a public key infrastructure (PKI)

Answer 72

A

Manages and issues digital certificates and public keys. The digital certificate certifies the ownership of a public key by the named subject (user) of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the certified public key.

Answer 73

A

Secure Sockets Layer (SSL) uses a combination of encryption schemes based on a PKI;
Secure Hypertext Transfer Protocol (S-HTTP) directs messages to secure ports using SSL-like cryptography.

Answer 74

A

SET = developed by VISA and MasterCard. A protocol often used for consumer purchases made via the Internet. Uses multiple encryption schemes based on a PKI.

VPN = A secure way to connect to a private local area network (LAN) from a remote location, usually through an Internet connection. VPN creates an encrypted communication tunnel across the Internet for the purpose of allowing a remote user secure access to the network.

Answer 75

A

Unaltered in transmission. A digital signature consists of a digest of the original message that is encrypted with the sender’s private key. The use of the private key provides the sender’s authentication, and the transmission of the encrypted digest (which is later decrypted and compared to a digest of the message received) permits the detection of any alterations during transmission.

A digital signature uses public/private key encryption technology to provide a means of authenticating messages delivered in a networked environment.

Answer 76

A

Both the sender and receiver must have the private key before this encryption method will work. In order to decrypt a message encrypted via private key encryption (also known as single key encryption), both the sender and the receiver must have access to the key, as a single key is used both to encrypt (run the encryption algorithm “forward”) and decrypt (run the encryption algorithm “backward”). This is a disadvantage because the transmission of the key is inherently insecure.

Both the public and private keys can be used to encrypt and decrypt messages, although the public key can only decrypt messages encrypted using the private key and vice versa.

Answer 77

A

Application programmer writes the programs that we actually use, NOT the programs that run the system.

AP’s should never have access to any type of system software or operation of the sytem such as correcting data entry errors.

Answer 78

A

Two types: (exam will use both terms)

Single key encryption (symmetric)

sender shares private key that must be used by recipient to decrypt the message.

Public/Private encryption (asymmetric)

Remember that neither method is stronger or weaker than the other. Public/Private is more secure in that it used two keys.
If you encrypt with a private key, remember that ANYONE can decrypt the message because the decrypt key is a public key.

Answer 79

A

Boundary Protection. The primary purpose of boundary protection is to prevent the mixing of data on a magnetic memory disc and a core storage unit.

Answer 80

A

A value-added network is a system that routes data transactions between trading partners. A VAN connects customers and suppliers.

Advantages

Reduces communication and data protocol problems since VANs can deal with differing protocols (eliminating need for trading partners to agree on them).
Partners do not have to establish the numerous point-to-point connections.
Reduces scheduling problems since receiver can request delivery of transactions when it wishes.
In some cases, VAN translates application to a standard format the partner does not have to reformat.
VAN can provide increased security.

Disadvantates

Cost of VAN.
Dependence upon VAN’s systems and controls.
Possible loss of data confidentiality.

Answer 81

A

Desktop client
Application
Database

Answer 82

A

Maturity models evaluate the sophistication of IT processes rated from a maturity level of nonexistent (0) to optimized (5).

Answer 83

A

Responsible for providing a continuous review function by supervising and monitoring input, operations, and the distribution of output (i.e., a continuous internal audit function).

Answer 84

A

Which users have various privileges relating to a database.

Data definition language (DDL)—Used to define a database, including creating, altering, and deleting tables and establishing various constraints.
Data manipulation language (DML)—Commands used to maintain and query a database, including updating, inserting in, modifying, and querying (asking for data).
Data control language (DCL)—Commands used to control a database, including controlling which users have various privileges (e.g., who is able to read from and write to various portions of the database).

Answer 85

A

IT governance and management of enterprise IT (5 Principals below)

do not get this confused with COSO (Internal Audit)

Meeting stakeholder needs
Covering the enterprise end-to-end
Applying a single integrated framework
Enabling a holistic approach
Separating governance from management

Answer 86

A

Reciprocal agreement - an agreement between two or more organizations (with compatible computer facilities) to aid each other with their data processing needs in the event of a disaster. This is sometimes referred to as a mutual aid pact.

Answer 87

A

Cause-and-effect (fishbone or Ishikawa) diagrams identify the potential causes of defects. Four categories of potential causes of failure are: human factors, methods and design factors, machine-related factors, and materials and components factors. Cause-and-effect diagrams are used to systematically list the different causes that can be attributed to a problem (or an effect).
Pareto chart (or diagram) is a bar graph that ranks causes of process variations by the degree of impact on quality. The Pareto chart is a specialized version of a histogram that ranks the categories in the chart from most frequent to least frequent. A related concept, the “Pareto Principle” states that 80% of the problems come from 20% of the causes. The Pareto Principle states that: “Not all of the causes of a particular phenomenon occur with the same frequency or with the same impact.”

Answer 88

A

Framework developed to make the internet more user-friendly for accessing documents.

Hypertext Transfer Protocol (HTTP) - the language of the internet
Document - a single file accessible through the internet
Page - display that results from connection to a particular document on the internet
Uniform Resource Locator (URL) - the address of a particular page on the internet
Web browser - program that allows a computer with software to access internet and translate documents for proper display.
Server - the computer that is sending pages for display on another computer
Client - the computer receiving the pages and seeing the display
Upload - sending information from a client to a server
Download - sending information from a server to a client

Answer 89

A

A Virus is a program that requests a computer to perform an activity that is not authorized by the user.
A Worm is a program that duplicates itself over a network so as to infect many computers with viruses.

Answer 90

A

Source Program - language written by the programmer (high-level languages resemble english while assembly languages resemble machine instructions)
Object program - language in the form the machine understands (on-off, or 1-0)
Compiler - a program that converts source programs into machine language.

Answer 91

A

Planning: define system, scop
Analysis: meet with users and ITS staff, needs assessments, gap analysis
Design: technical blueprint of new system
Development - Build: platform and software
Testing: code, system, integration and user acceptance
Implementation: parallel (run old and new), plunge (stop old and use new), pilot and phased
Maintenance: monitor and support, training, help desk, process and policies for authorizing changes.

Answer 92

A

Systems Analyst - designs the IS using systems flowcharts and other tools and prepares specifications for application programmers.
Application Programmer - writes, tests and debugs programs that will be used by the system. The Programmer also develops instructions for operators to follow when using the programs.
Database Administrator - plans and administers the database to make certain only appropriate individuals have access to the information in it.

Answer 93

A

Data Entry Clerk - converts data into a computer readable form.
Computer Operator - runs the program on the computer.
Program and File Librarians - responsible for custody of the computer programs, master files, transaction files and other records.
Data Control - responsible for reviewing and testing input procedures, monitoring processing and reviewing and distributing outputs.

Answer 94

A

Telecommunications: maintains and enhances computer networks and network communications
Systems Programmer or Technical Support: updates and maintains the operating systems
Security Administration: responsible for security of hte system including control of access and user passwords

Answer 95

A

ALL OF THEM. All of the above practices are effective control measures. Periodic rotation and mandatory vacations provide other personnel with the ability to detect operator problems. Controlled access and segregation of duties allow for the separation of incompatible functions.

Answer 96

A

Helps ensure that a valid and correct account code has been entered; after the code is entered, this system looks up and displays additional information about the selected code. For example, the operator enters a customer code, and the system displays the customer’s name and address. Available only in online real-time systems.

Answer 97

A

Hierarchical—The data elements at one level “own” the data elements at the next lower level (think of an organization chart in which one manager supervises several assistants, who in turn each supervise several lower level employees).
Networked—Each data element can have several owners and can own several other elements (think of a matrix-type structure in which various relationships can be supported).
Relational—A database with the logical structure of a group of related spreadsheets. Each row represents a record, which is an accumulation of all the fields related to the same identifier or key; each column represents a field common to all of the records. Relational databases have in many situations largely replaced the earlier developed hierarchical and networked databases.
Object-oriented—Information (attributes and methods) are included in structures called object classes. This is the newest database management system technology.
Object-relational—Includes both relational and object-oriented features.
Distributed—A single database that is spread physically across computers in multiple locations that are connected by a data communications link. (The structure of the database is most frequently relational, object-oriented, or object-relational.)

Answer 98

A

Benefits

Quick response and access to information
Cost efficiency
Reduced paperwork
Accuracy and reduced errors and error-correction costs
Better communications and customer service
Necessary to remain competitive

Exposures

Total dependence upon computer system for operation
Possible loss of confidentiality of sensitive information
Increased opportunity for unauthorized transactions and fraud
Concentration of control among a few people involved in EDI
Reliance on third parties (trading partners, VAN)
Data processing, application and communications errors
Potential legal liability due to errors
Potential loss of audit trails and information needed by management due to limited retention policies
Reliance on trading partner’s system

Answer 99

A

Takes advantage of a network communications protocol to tie up the server’s communication ports so that legitimate users cannot gain access to the server. It also blocks access to anyone else = nobody can access the server, even the perpetrators!

Brainscape's Knowledge GenomeTM

Information Technology (17%) Flashcards

Brainscape's Knowledge Genome^TM