IT

Question 1

According to the COBIT model, what are the seven desirable properties of info?

Answer 1

Effectiveness
efficiency
confidentiality
integrity
availability
compliance
reliability

Question 2

Accoridng to the COBIT model, what are the 4 IT domains

Answer 2

Planning and organizing
Acquisition and implementation
Delivery and support
Monitoring

Question 3

what are the 3 major components of the COBIT model

Answer 3

Domains and processes
Info Criteria
IT resources

Question 4

According to the COBIT model, what are the five physical resources that, together, comprise an IT system?

Answer 4

People
Data
Technology
Applications
Facilities

Question 5

What are enterprise resource planning systems (ERPs) ?

Answer 5

These systems provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ERPs attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions.

Question 6

Define Infrastructure as a Service (IaaS).

Answer 6

Use of the cloud to access virtual hardware, such as computers and storage. Examples include Amazon Web Services and Carbonite.

Question 7

Define Software as a Service (SaaS).

Answer 7

Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS.

Question 8

Define online transaction processing system (OLTP).

Answer 8

ERP modules that comprise the core business functions: sales, production, purchasing, payroll, financial reporting, etc. These functions collect the operational data for the organization and provide the fundamental motivation for the purchase of an ERP.

Question 9

Define Platform as a Service (PaaS).

Answer 9

Creating cloud-based software and programs Salesforce.com’s Force.com is an example of PaaS.

Question 10

What 3 functions in IT should be segregated?

Answer 10

Applications Development
Systems Admin and programming
Computer Operations

Question 11

The data control clerk is responsible for

Answer 11

managing the flow of documents and reports in and out of the Computer Operations department.

Question 12

Office automation systems include

Answer 12

the software tools of daily work, including word processing programs, spreadsheets, email, and electronic calendars.

Question 13

What are decision support systems (DSSs)?

Answer 13

These systems provide information to mid- and upper-level management to assist them in managing nonroutine problems and in long-range planning. Unlike MISs, DSSs frequently include external data in addition to summarized information from the TPS and include significant analytical and statistical capabilities.

Question 14

What is a data warehouse?

Answer 14

A database for organizational decision making. Data from the live databases are copied to the warehouse so that data can be queried without reducing the performance (i.e., speed) or stability (i.e., reliability) of the live systems.

Question 15

What is the purpose of executive support systems (ESS) and strategic support systems (SSS)?

Answer 15

A subset of decision support systems (DSS) especially designed for forecasting and making long-range, strategic decisions. As such, they have a greater emphasis on external data. Sometimes called “DSS for dummies.”

Question 16

What is data mining?

Answer 16

Searching data in a warehouse to discover patterns and relationships in historical data.

Question 17

What are operational systems?

Answer 17

These systems support the day-to-day activities of the business (purchasing of goods and services, manufacturing activities, sales to customers, cash collections, payroll, etc.) Also known as transaction processing systems (TPS).

Question 18

What is a knowledge work system?

Answer 18

facilitate the work activities of professional-level employees (engineers, accountants, attorneys, etc.) by providing information relevant to their day-to-day activities (e.g., how the company has handled specific types of audit exceptions) and/or by automating some of their routine functions (e.g., computer-aided systems engineering [CASE] packages used by programmers to automated some programming functions).

Question 19

Define management information systems.

Answer 19

Systems designed to support routine management problems based primarily on data from transaction processing systems.

Question 20

Describe the concept of knowledge management (KM).

Answer 20

Attempts to ensure that the right information is available at the right time to the right user. A variety of practices attempt to electronically capture and disseminate information throughout the organization. Knowledge management practices seek specific outcomes, including shared intelligence, improved performance, competitive advantage, and more innovation.

Question 21

Describe a flat file system.

Answer 21

Early information technology systems used flat file technology. Flat files are characterized by independent programs and data sets, high degrees of data redundancy, and difficulty in achieving cross functional reporting. This is bad.

Question 22

Define “data mart”.

Answer 22

A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments. Companies often support multiple data marts within their organization.

Question 23

Define a “bit” (binary digit).

Answer 23

An individual zero or one; the smallest piece of information that can be represented.

Question 24

Define “byte.”

Answer 24

A group of (usually) eight bits that are used to represent alphabetic and numeric characters and other symbols (3, g, X, ?, etc.). Several coding systems are used to assign specific bytes to characters. ASCII and EBCIDIC are the two most commonly used coding systems. Each system defines the sequence of zeros and ones that represent each character.

Question 25

Define “field.”

Answer 25

A group of characters (bytes) that identify a characteristic of an entity. A data value is a specific value found in a field. Fields can consist of a single character (Y, N) but usually consist of a group of characters. Each field is defined as a specific data type. Date, Text and Number are common data types.

Question 26

Define “record.”

Answer 26

A group of related fields (or attributes) that describe an individual instance of an entity (a specific invoice, a particular customer, an individual product).

Question 27

Define “file.”

Answer 27

A collection of records for one specific entity (an Invoice File, a Customer File, a Product File). In a relational database environment, files are also known as tables.

Question 28

Software that performs a variety of general technical computer-controlling operations is a(n)

Answer 28

Operating system. controls the execution of computer programs and may provide various services.

Question 29

What are magnetic disks?

Answer 29

These are random access devices. Data can be stored on, and retrieved from, the disk in any order. This is the most efficient way to store and retrieve individual records. Magnetic disks are the most commonly used form of secondary storage.

Question 30

What is a “central processing unit (CPU)”?

Answer 30

The CPU is the control center of the computer system. It has three principal components: Control Unit, Arithmetic Unit, and Logic Unit

Question 31

Define “batch processing.”

Answer 31

Periodic transaction processing method in which transactions are processed in groups.

Question 32

What are point-of-sale (POS) systems?

Answer 32

Combine on-line, real-time processing with automated data capture technology, resulting in a system that is highly accurate, reliable, and timely.

Question 33

What are “time lags” in batch processing systems?

Answer 33

This is an inherent part of batch processing. There is always a time delay between the time the transaction occurs, the time that the transaction is recorded, and the time that the master file is updated.

Question 34

What is the Internet of Things (IoT)?

Answer 34

The widespread connection of electronic devices, which monitor physical processes (e.g., humans, animals, production processes), to the Internet

Question 35

Describe four necessities of an IT policy.

Answer 35

Linked to the entity’s strategy and objectives
Has an owner who ensures operation and updating
Has a specified process for updates
Includes a title, purpose, scope and context, statement of responsibilities, and time for updating

Question 36

Describe a values and service culture IT policy.

Answer 36

Specifies expectations of IT function personnel in their interactions with clients and others.

Question 37

Describe four considerations in monitoring IT policies.

Answer 37

• monitoring for compliance and success
• monitoring by internal auditing staff
• continuous or periodic monitoring, or both, depending on policy importance and the risks of noncompliance
• monitoring of IT help calls and operational reports to provide evidence of noncompliance.

Question 38

Describe an IT Contractors, Employees, and Sourcing policy

Answer 38

This policy addresses why, when, and how an entity selects IT human resources from among employees or outside contractors (i.e., the IT sourcing and outsourcing policy).

Question 39

Describe an IT use and connection policy.

Answer 39

Policy that states the entity’s position on the use of personal devices and applications in the workplace and connection to the entity’s systems. May also specify allowable devices and uses of these devices on the entity’s systems.

Question 40

A key aspect of supply chain management is

Answer 40

the sharing of key information from the point of sale to the consumer back to the manufacturer, the manufacturer’s suppliers, and the supplier’s suppliers.

Question 41

Define “supply chain management (SCM).”

Answer 41

The process of planning, implementing, and controlling the operations of the supply chain: the process of transforming raw materials into a finished product and delivering that product to the consumer. Supply chain management incorporates all activities from the purchase and storage of raw materials, through the production process, into finished goods through to the point-of-consumption.

Question 42

Define “electronic data interchange (EDI).”

Answer 42

The system-to-system exchange of business data (e.g., purchase orders, confirmations, invoices, etc.) in structured formats that allow direct processing of the data by the receiving system.

Question 43

What are customer relationship management (CRM) systems?

Answer 43

Technologies that facilitate managing e-relationships with clients. Both biographic and transaction information about existing and potential customers is collected and stored in a database. The CRM provides tools to analyze the information and develop personalized marketing plans for individual customers.

Question 44

what is the primary advantage of using a value-added network (VAN)?

Answer 44

It provides increased security for data transmissions.

Question 45

Describe three considerations in adopting cloud-based storage.

Answer 45

The supported business processes (e.g., sales, product development)
the deployment model, i.e., public, hybrid, private
the service delivery model (i.e., SAAS, PAAS, IAAS).

Question 46

Explain why it is important to have a policy that identifies who is responsible for contracting for cloud computing services.

Answer 46

Because of the legal, privacy, and security risks of cloud computing, contracting for cloud computing must be only with approved cloud vendors, and according to an organization’s cloud computing policies. For this reason, cloud computing should have an “owner” who is responsible for all cloud computing service contracts.

Question 47

Give examples of the information that an organization is likely to require from a cloud service provider (CSP).

Answer 47

References for the CSP, information about appropriate usage, performance data, network infrastructure, data center, security, data segregation, and compliance policies

Question 48

Explain why redundancy of storage is essential in cloud computing applications.

Answer 48

Any CSP can be breached (hacked). Accordingly, it is usually necessary to contract with multiple CSPs to provide adequate data backup.

Question 49

Identify three characteristics of the small business computing environment.

Answer 49

1. Exclusive use of microcomputers and laptops (e.g., there may be no servers), 2. Outsourced IT, 3.poor segregation of duties.

Question 50

data warehouse

Answer 50

is an approach to online analytical processing that combines data into a subject-oriented, integrated collection of data used to support management decision-making processes.

Question 51

A distributed processing environment would be most beneficial in which of the following situations?

Answer 51

Large volumes of data are generated at many locations and fast access is required.

Question 52

what are advantages of decentralized/distributed systems?

Answer 52

• more responsive to the needs of the end user
• data transmission costs are greatly reduced
• input/output bottlenecks assoc with high traffic periods are largely avoided

Question 53

Local Area Networks (LANs)

Answer 53

were so named because they were originally confined to very limited geographic areas (a floor of a building, a building, or possibly several buildings in very close proximity to each other). With the advent of relatively inexpensive fiber optic cable, local area networks can extend for many miles. For example, many urban school districts have local area networks connecting all of the schools in the district.

Question 54

Wide Area Networks (WANs)

Answer 54

Although WANs can vary dramatically in geographic area, most are national or international in scope.

Question 55

Storage Area Networks (SANs)

Answer 55

A type of, or variation of, LANs that connect storage devices to servers

Question 56

Personal Area Networks (PANs)

Answer 56

Often a home network that links devices used by an individual or family to one another and to the Internet.

Question 57

What is a “server”?

Answer 57

Computer or other device on a network which only provides resources to the network and is not available (normally) to individual users; examples include print servers, file servers, and communications servers. Contrast with a workstation.

Question 58

What is a “peer-to-peer network”?

Answer 58

A network system in which all nodes share in communications management. No central controller (server) is required. These systems are relatively simple and inexpensive to implement; used by LANs.

Question 59

What is a “client/server system”?

Answer 59

A central machine (the server) mediates communication on the network and grants access to network resources. Client machines use of network resources and also perform data processing functions; used by LANs.

Question 60

Define “internal labels” (header and trailer labels).

Answer 60

Descriptive information stored at the beginning and end of a file that identifies the file, the number of records in the file, and provides data enabling detection of processing errors.

Question 61

What is a “client” on a computer network?

Answer 61

A node, usually a microcomputer, which is used by end users; uses but usually does not supply network resources.

Question 62

What is a “local area networks (LAN)” ?

Answer 62

Originally confined to very limited geographic areas (a floor of a building, a building, or possibly a couple of buildings in very close proximity to each other). Inexpensive fiber optic cable now enables local area networks to extend many miles.

Question 63

What is a “computer network”?

Answer 63

Two or more computing devices connected by a communication channel on which the devices exchange data.

Question 64

What is a wide area network (WAN)?

Answer 64

These networks vary dramatically in geographic coverage. Most WANs are national or international in scope.

Question 65

What is a “node”?

Answer 65

A device connected to a computer network.

Question 66

Extensible Markup Language (XML)

Answer 66

Protocol for encoding (tagging) documents for use on the Internet.

Question 67

Extensible Business Reporting Language (XBRL)

Answer 67

XML-based protocol for encoding and tagging business information. A means to consistently and efficiently identifying the content of business and accounting information in electronic form.

Question 68

Hypertext Markup Language (HTML)

Answer 68

Core language for web pages. The basic building-block protocol for constructing web pages.

Question 69

File Transfer Protocol (FTP)

Answer 69

Used for file transfer applications

Question 70

Extranets

Answer 70

Intranets that are opened up to permit associates (company suppliers, customers, business partners, etc.) to access data that is relevant to them.

Question 71

what is the core protocol for internet communications

Answer 71

TCP/IP

Question 72

a set of rules for exchanging data between two computers is a

Answer 72

protocol

Question 73

a webpage is most frequently created using…

Answer 73

html or xml

Question 74

The data control protocol used to control transmissions on the Internet is

Answer 74

TCP/IP

Question 75

Which of the following technologies is specifically designed to exchange financial information over the World Wide Web?

Answer 75

Extensible business reporting language (XBRL).

Question 76

data control language

Answer 76

is composed of commands used to control a database, including controlling which users have various privileges (e.g., who is able to read from and write to various portions of the database).

Question 77

Define “social engineering.”

Answer 77

A set of techniques used by attackers to fool employees into giving them access to information resources

Question 78

SSL

Answer 78

Secure socket layer - Asymmetric encryption common for internet consumer purchases

Question 79

S-HTTP

Answer 79

Secure hypertext transport protocol - Asymmetric encryption common for internet consumer purchases

Question 80

SET

Answer 80

Secure Electronic Transactions (protocol) - Asymmetric encryption common for internet consumer purchases

Question 81

what is a message called after it has been encrypted?

Answer 81

ciphertext

Question 82

what algorihm converts ciphertext to plaintext?

Answer 82

decryption

Question 83

In a ___ cipher, the same key is used by both the sender and the receiver

Answer 83

symmetric key

Question 84

In a ____cipher, a pair of keys is used

Answer 84

asymmetric - key

Question 85

in an asymmetric-key cipher, if the sender uses the private key, then the receiver uses the ___ key

Answer 85

public

Question 86

what are the two internet protocols typically used for secure internet transmission protocols

Answer 86

SSL

S-HTTP

Question 87

Define “encryption.”

Answer 87

The process of coding data so that it cannot be understood without the correct decryption algorithm

Question 88

Describe asymmetric encryption (also called public/private-key encryption and private-key encryption).

Answer 88

Uses two paired encryption algorithms to encrypt and decrypt the text: if the public key encrypts, the private key decrypts. If the private key encrypts, the public key decrypts.

Question 89

Certificate authorities

Answer 89

The CA registers the public key on its server and sends the private key to the user. Are responsible for issuing digital certificates and public/private key pairs.

Question 90

Digital Signatures

Answer 90

An electronic means of identifying a person or entity.
Use public/private key pair technology to provide authentication of the sender and verification of the content of the message.
The authentication process is based on the private key.

Question 91

Business (or organizational) continuity management

Answer 91

is the process of planning for such occurrences and embedding this plan in an organization’s culture. Hence, BCM is one element of organizational risk management. It consists of identifying events that may threaten an organization’s ability to deliver products and services, and creating a structure that ensures smooth and continuous operations in the event the identified risks occur.

Question 92

Define cold site (empty shell).

Answer 92

An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization.

Question 93

Define warm site.

Answer 93

A location to which the business can relocate after a disaster. The location is already stocked with computer hardware similar to that of the original site, but does not contain backed up copies of data and information.

Question 94

Define “hot site.”

Answer 94

An off-site location that is completely equipped to immediately take over the company’s data processing. All equipment plus backup copies of essential data files and programs are also usually maintained at this location. It enables the business to relocate with minimal losses to normal operations - typically within a few hours. A hot site is one of the most expensive facilities to maintain.

Question 95

Describe the “rollback and recovery” backup and recovery system methodology.

Answer 95

A backup and recovery system method that is common to online, real-time processing. All transactions are written to a transaction log when they are processed. Periodic “snapshots” are taken of the master file. when a problem is detected, the recovery manager program starts with the snapshot of the master file and reprocesses all transactions that have occurred since the snapshot was taken.

Question 96

Define “storage area networks (SANs).”

Answer 96

A method of backup that can be used to replicate data from multiple sites. Data stored on a SAN is immediately available without the need to recover it. This enables highly efficient disaster recovery.

Question 97

Describe the checkpoint and restart backup and recovery system methodology.

Answer 97

Common to batch processing, a checkpoint is a point in data processing where the accuracy of the processing can be verified. Backups are maintained during the update process so that, if a problem is detected, it is only necessary to return to the backup at the previous checkpoint instead of returning to the beginning of transaction processing.

Question 98

Define “mirroring.”

Answer 98

A method of backup consisting of the maintenance of an exact copy of a data set to provide multiple sources of the same information. Mirrored sites are most frequently used in e-commerce for load balancing - distributing excess demand from the primary site to the mirrored.

Question 99

Define “grandfather-father-son file security control.”

Answer 99

A technique used to maintain redundant backup copies (three “generations”) of data files; backup files are used to recover from systems failures in which data files are damaged or destroyed.

Question 100

Define “remote backup service.”

Answer 100

A service that provides users with an online system for backing up and storing computer files. Remote backup has several advantages over traditional backup methodologies: the task of creating and maintaining backup files is removed from the IT department’s responsibilities; the backups are maintained off site; some services can operate continuously, backing up each transaction as it occurs.

Question 101

Social engineering

Answer 101

is an attempt to gain access to a computer facility or system.

Question 102

Packet sniffing

Answer 102

is a technique frequently used to monitor network performance and capture data. has legitimate uses to monitor network performance or troubleshoot problems with network communications. However, it is often used by hackers to capture user names and passwords, IP addresses, and other information that can help the hacker break into the network. Packet sniffing a computer network is similar to wire tapping a phone line.

Question 103

What is a logic bomb attack on a system?

Answer 103

An unauthorized program which is planted in the system. The logic bomb lies dormant until the occurrence of a specified event or time (e.g., a specific date, the elimination of an employee from “active employee” status, etc.).

Question 104

Define “denial of service attacks.”

Answer 104

An attack that attempts to prevent legitimate users from gaining access to the system. These attacks, called denial of service attacks, are perpetrated by flooding the server with incomplete access requests.

Question 105

What is a back door attack on a system?

Answer 105

A software program that allows an unauthorized user to gain access to the system by side-stepping the normal logon procedures;. Back doors were once commonly used by programmers to facilitate access to systems under development.

Question 106

Define “worm.”

Answer 106

Similar to viruses except that worms attempt to replicate themselves across multiple computer systems. They generally try to accomplish this by activating the system’s email client and sending multiple emails.

Question 107

Define session hijacking or masquerading

Answer 107

This occurs when an attacker identifies an IP address (usually through packet sniffing) and then attempts to use it to access a network. If successful, the hacker has “hijacked” the session, i.e., gained access to the session by pretending to be another user.

Question 108

Define “Trojan horse”.

Answer 108

A malicious program that is hidden inside a seemingly benign file.

Question 109

Define “source program library management system (SPLMS).”

Answer 109

Its functions include storing, retrieving, and deleting programs, and, documenting by whom, when, where, and how programs are changed. One function of the SPLMS is to manage the migration of a program from development to production

Question 110

Entity-Relationship (E-R) Diagrams

Answer 110

Model relationships between entities and data in accounting systems.

Question 111

What is operator documentation (also called a “run manual”)?

Answer 111

In large computer systems, operator documentation provides information necessary to execute the program including the required equipment, data files and computer supplies, execution commands, error messages, verification procedures and expected output. It is used by computer operators.

Question 112

Closed loop verification

Answer 112

Helps ensure that a valid and correct account code has been entered; after the code is entered, this system looks up and displays additional information about the selected code. For example, the operator enters a customer code, and the system displays the customer’s name and address. Available only in online real-time systems.

Question 113

What is a materials requisition or materials transfer ticket?

Answer 113

it is usually automated and is a form on a screen. This document or form authorizes moving raw materials from a storeroom to production. It is useful in matching requisition tickets to physical materials received in production to ensure that goods are not lost, stolen, damaged, or over- or underused in production.