QUIZ1

Question 1

are facts collected, recorded, and stored in the system

Answer 1

data

Question 2

organize the data within a context

Answer 2

information

Question 3

is used to help decision makers more effectively filter and condense information.

Answer 3

Information Technology (IT)

Question 4

limit access to authorized parties

Answer 4

Access restricted

Question 5

accurate, correct, and free of error

Answer 5

Accurate

Question 6

available to users when needed

Answer 6

Available

Question 7

perceived as true and credible

Answer 7

Reputable

Question 8

does not omit important aspects of events or
activities

Answer 8

Complete

Question 9

clear, succinct, brief, but comprehensive

Answer 9

Concise

Question 10

presented in the same format over time

Answer 10

Consistent

Question 11

up to the present data and time

Answer 11

Current

Question 12

unbiased, unprejudiced, and impartial

Answer 12

Objective

Question 13

reduces uncertainty and improves decision

Answer 13

Relevant

Question 14

provided in time for decision maker to make
decisions

Answer 14

Timely

Question 15

easy to use for different task

Answer 15

Useable

Question 16

easily comprehended and interpreted

Answer 16

Understandable

Question 17

two independent people can produce the same information

Answer 17

Verifiable

Question 18

Data is most useful when it is in a _______ format that can be read and processed by a computer.

Answer 18

machine-readable

Question 19

is a set of related, coordinated, and structured activities and tasks performed by people, machines, or both to achieve a specific organizational goal.

Answer 19

business process

Question 20

The Components of an
Information System

Answer 20

PEOPLE/ORGANIZATION/TECHNOLOGY

Question 21

agreement between two entities to exchange goods, services, or any other event that can be measured in economic terms by an organization.

Answer 21

transactions

Question 22

Transaction data is used to create financial statements and is called

Answer 22

transaction processing.

Question 23

is a system that collects, records, stores, and processes data to produce information for decision makers.

Answer 23

AIS

Question 24

collects and stores data, transforms that data
into information, and provides adequate controls.

Answer 24

AIS

Question 25

is the use of computer systems to simulate human intelligence processes such as learning, reasoning, and self-improvement.

Answer 25

Artificial intelligence (AI)

Question 26

is the use of software and algorithms to find and solve problems and improve business performance.

Answer 26

Data analytics

Question 27

displays important data points in easily understood line ( bar charts, tables)

Answer 27

Data Dashboard

Question 28

represents individual digital records, called blocks, linked together using cryptography in a single list,
called a chain.

Answer 28

Blockchain

Question 29

is the use of a browser to remotely access software, data storage, hardware, and applications.

Answer 29

Cloud computing

Question 30

is the running of multiple systems simultaneously on one physical computer.

Answer 30

Virtualization

Question 31

refers to the embedding of sensors in a multitude of devices (lights, heating and air conditioning, appliances, etc.) so that those devices can now connect to the Internet.

Answer 31

Internet of Things (IoT)

Question 32

overall goal the organization hopes to
achieve

Answer 32

strategy

Question 33

links together the different activities within an organization that provide value to the customer.

Answer 33

value chain

Question 34

provide direct value to the customer.

Answer 34

Primary activities

Question 35

enable primary activities to be efficient and effective.

Answer 35

Support activities

Question 36

is an extended system that includes the organization’s value chain as well as its suppliers, distributors, and customers.

Answer 36

supply chain

Question 37

list of numbers assigned to general ledger; allows transaction data to be coded;
facilitiate preparation of FS

Answer 37

Chart of accounts

Question 38

well thought out to anticipate management needs are most efficient and effective

Answer 38

Coding schemas

Question 39

items numbered consecutively to account for all items (i.e., prenumbered forms)

Answer 39

Sequence codes

Question 40

blocks of numbers reserved for specific categories of data (i.e., product numbers that start with a 2 are refrigerators)

Answer 40

Block code

Question 41

two or more subgroups of digits used to code items (i.e., car VIN #’s)

Answer 41

Group codes

Question 42

letters and numbers interspersed to identify an item (i.e. Dry300W05 is low end (300), white (W) dryer (DRY) made by Sears (05))

Answer 42

Mnemonic codes

Question 43

Four types of processing

Answer 43

Creating new records (e.g., adding a customer)
Reading existing data - VIEW ONLY MODE
Updating previous record or data - MODIFY / CORRECT A DATA
Deleting data

Question 44

Integrates activities from the entire organization

Answer 44

Enterprise Resource Planning (ERP) Systems

Question 45

requires management to assess internal controls and auditors to evaluate the
assessment

Answer 45

Sarbanes-Oxley Act (SOX)

Question 46

Is a visual way to represent the activities in a business process.

Answer 46

Business Process Diagrams

Question 47

shows the flow of documents and data for a process, useful in evaluating internal controls

Answer 47

document

Question 48

depicts the data processing cycle for a process

Answer 48

system

Question 49

illustrates the sequence of logic in the system process

Answer 49

program

Question 50

are visually simple and can be used to represent the same process at a high abstract (summary) or detailed level.

Answer 50

Data Flow Diagrams (DFD)

Question 51

• Natural and political disasters
• Software errors and equipment malfunctions
• Unintentional acts
• Intentional acts

Answer 51

Threats to AIS

Question 52

Any means a person uses to gain an unfair advantage over another person

Answer 52

Fraud

Question 53

[TWO CATEGORIES OF FRAUD]

Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data)

Answer 53

Misappropriation of assets

Question 54

[TWO CATEGORIES OF FRAUD]

cooking the books” (e.g., booking fictitious revenue,
overstating assets, etc.)

Answer 54

Fraudulent financial reporting

Question 55

requires auditors to:
• Understand fraud
• Discuss the risks of material fraudulent misstatements
• Obtain information
• Identify, assess, and respond to risks
• Evaluate the results of their audit tests
• Document and communicate findings
• Incorporate a technology focus

Answer 55

SAS No. 99 (AU-C Section 240)

Question 56

three conditions must be present for fraud to occur:

Answer 56

PRESSURE
OPPORTUNITY
RATIONALIZE

Question 57

If a computer is used to commit fraud, it is called

Answer 57

Computer Fraud

Question 58

six steps that many criminals use to attack information systems:

Answer 58

– Conduct reconnaissance
– Attempt social engineering
– Scan and map the target
– Research
– Execute the attack
– Cover tracks

Question 59

Unauthorized access, modification, or use of an electronic device or some element of a computer system

Answer 59

Hacking

Question 60

Techniques or tricks on people to gain physical or
logical access to confidential information

Answer 60

Social Engineering

Question 61

Software used to do harm

Answer 61

Malware

Question 62

Gaining control of a computer to carry out illicit activities

Answer 62

Hijacking

Question 63

Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user.

Answer 63

Cross-site scripting (XSS)

Question 64

Large amount of data sent to overflow the input memory (buffer) of a program, causing it to crash and replacing it with attacker’s program instructions.

Answer 64

Buffer overflow attack

Question 65

Malicious code inserted in place of a query to get to the
database information

Answer 65

SQL injection (insertion) attack

Question 66

Hacker is placed in between a client (user) and a host
(server) to read, modify, or steal data.

Answer 66

Man in the middle (MITM)

Question 67

Taking small amounts at a time

Answer 67

Salami technique:

Question 68

Theft of information, intellectual property, and trade secrets

Answer 68

Economic espionage

Question 69

Threats to a person or business online through e-mail
or text messages unless money is paid

Answer 69

Cyber-extortion

Question 70

Assuming someone else’s identity

Answer 70

Identity theft

Question 71

Using a scenario to trick
victims to divulge information or to gain access

Answer 71

Pretexting

Question 72

Creating a fake business to
get sensitive information

Answer 72

Posing

Question 73

Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data

Answer 73

Phishing

Question 74

Redirects website to a
spoofed website

Answer 74

Pharming

Question 75

Takes advantage of typographical errors entered in for websites and user gets invalid or wrong website

Answer 75

URL hijacking

Question 76

Searching trash for confidential information

Answer 76

Scavenging

Question 77

Snooping (either close behind
the person) or using technology to snoop and get confidential information

Answer 77

Shoulder surfing

Question 78

Double swiping credit card

Answer 78

Skimming

Question 79

Secretly monitors and collects
information
– Can hijack browser, search
requests
– Adware, scareware

Answer 79

Spyware

Question 80

Threatening to harm a
company or a person if a specified amount of money is not paid

Answer 80

Cyber-extortion

Question 81

Software that records user
keystrokes

Answer 81

Keylogger

Question 82

Malicious computer instructions in an authorized and properly functioning program

Answer 82

Trojan Horse

Question 83

Set of instructions that allow the
user to bypass normal system
controls

Answer 83

Trap door

Question 84

Captures data as it travels over the Internet

Answer 84

Packet sniffer

Question 85

A section of self-replicating code
that attaches to a program or file requiring a human to do something so it can replicate itself

Answer 85

Virus

Question 86

Stand-alone self replicating
program

Answer 86

Worm

Question 87

Stealing contact lists, data, pictures on Bluetooth
compatible smartphones

Answer 87

Bluesnarfing

Question 88

Taking control of a phone to make or listen to calls, send or read text messages

Answer 88

Bluebugging

Question 89

Any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization is referred to as a _____ or an event.

Answer 89

threat

Question 90

The potential dollar loss should a particular threat become a reality is referred to as the _____ or impact of the threat.

Answer 90

exposure

Question 91

The probability that the threat will happen is the ______ associated with the threat.

Answer 91

likelihood

Question 92

Processes implemented to provide assurance that the following objectives are achieved

Answer 92

Internal Controls

Question 93

Deter problems from occurring

Answer 93

Preventive controls

Question 94

– Discover problems that are not prevented

Answer 94

Detective controls

Question 95

Identify and correct problems; correct and recover from
the problems

Answer 95

Corrective controls

Question 96

To prevent companies from bribing foreign officials to obtain
business
– Requires all publicly owned corporations to maintain a system of internal accounting controls

Answer 96

FCPA is legislation passed (1977)

Question 97

• Prevent financial statement fraud
  – Make financial reports transparent
  – Protect investors
  – Strengthen internal controls
  – Punish executives who perpetrate fraud

Answer 97

SOX is legislation passed (2002)

Question 98

Framework for IT control

Answer 98

COBIT

Question 99

Framework for enterprise internal controls (control-
based approach)

Answer 99

COSO

Question 100

Expands COSO framework taking a risk-based approach

Answer 100

COSO-ERM

Question 101

five components of the COSO Internal Control

Answer 101

– Control environment
– Risk assessment
– Control activities
– Information and communication
– Monitoring

Question 102

Probability that the event will occur

Answer 102

Likelihood

Question 103

Estimate potential loss if event occurs

Answer 103

Impact

Question 104

Risk that exists before plans are made to control it

Answer 104

Inherent

Question 105

Risk that is left over after you control it

Answer 105

Residual

Question 106

Access to the system and data is controlled and
restricted to legitimate users.

Answer 106

Security

Question 107

Sensitive organizational data is protected.

Answer 107

Confidentiality

Question 108

Personal information about trading partners, investors, and employees is protected.

Answer 108

Privacy

Question 109

Data are processed accurately, completely, in a timely
manner, and only with proper authorization.

Answer 109

Processing integrity

Question 110

System and information are available.

Answer 110

Availability

Question 111

It is the implementation of a combination of preventive, detective, and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised.

Answer 111

time-based model of information security

Question 112

examining logs to identify evidence of possible attacks

Answer 112

Log Analysis

Question 113

system that creates logs of network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions

Answer 113

Intrusion Detection Systems (IDSs)

Question 114

A decoy system used to provide early warning that an insider or outsider is attempting to search for confidential information

Answer 114

Honeypots

Question 115

employee compliance with organization’s information security policies and overall performance of business processes

Answer 115

Continuous Monitoring

Question 116

An authorized attempt to break into the organization’s information system

Answer 116

Penetration Test

Question 117

the formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability

Answer 117

Change Control and Change Management

Question 118

Procedures and policies with assigned responsibility and accountability

Answer 118

Management

Question 119

Provide notice of privacy policies and practices prior to collecting data

Answer 119

Notice

Question 120

Opt-in versus opt-out approaches

Answer 120

Choice and consent

Question 121

Only collect needed information

Answer 121

Collection

Question 122

Use information only for stated business purpose. When no longer useful, dispose in a secure manner.

Answer 122

Use, retention, and disposal

Question 123

Customer should be able to review, correct, or delete information collected on them

Answer 123

Access

Question 124

Protect from loss or unauthorized access

Answer 124

Security

Question 125

– Procedures in responding to complaints
– Compliance

Answer 125

Monitoring and enforcement

Question 126

[TYPE OF ENCRYPTION]

• Uses one key to encrypt and decrypt
• Both parties need to know the key
– Need to securely communicate the shared key
– Cannot share key with multiple parties, they get their own (different) key from the organization

Answer 126

Symmetric

Question 127

[TYPE OF ENCRYPTION]

Uses two keys
– Public—everyone has
access
– Private—used to decrypt (only known by you)
– Public key can be used by all your trading partners
• Can create digital signatures

Answer 127

Asymmetric

Question 128

Securely transmits encrypted data between sender and receiver

Answer 128

Virtual Private Network (VPN)

Question 129

is a process that takes plaintext of any length and creates a short code called a message digest

Answer 129

Hashing

Question 130

Used to create legally binding agreements (two steps to create)

Answer 130

Digital Signatures

Question 131

technology was originally developed to support the crypto-currency Bitcoin to prevent “double- spending” the same coin, but it has since been adopted for use in a variety of industries to create reliable audit trails for any business process.

Answer 131

Blockchain

Question 132

Characters in a field are
proper type

Answer 132

Fieldcheck

Question 133

Data in a field is appropriate sign (positive/negative)

Answer 133

Sign check

Question 134

Tests numerical amount
against a fixed value

Answer 134

Limit check

Question 135

Tests numerical amount against lower and upper limits

Answer 135

Range check

Question 136

Input data fits into the field

Answer 136

Size check

Question 137

Verifies that all required data is
entered

Answer 137

Completeness check

Question 138

Compares data from transaction file to that of master file to verify existence

Answer 138

Validity check

Question 139

Correctness of logical relationship between two data items

Answer 139

Reasonableness test

Question 140

Recalculating check digit to verify data entry error has not been made

Answer 140

Check digit verification

Question 141

Test of batch data in proper numerical or alphabetical sequence

Answer 141

Batchprocessing

Question 142

Summarize numeric values for a batch of input records

Answer 142

Batch totals

Question 143

System prompts you for input
(online completeness check)

Answer 143

Prompting

Question 144

Checks accuracy of input data by using it to retrieve and display other related information (e.g., customer account # retrieves the customer name)

Answer 144

Closed-loop verification

Question 145

Two or more items must be matched before an action takes place

Answer 145

Data matching

Question 146

Ensures correct and most
updated file is used

Answer 146

File labels

Question 147

Verifies accuracy by comparing two alternative ways of calculating the same total

Answer 147

Cross-footing

Question 148

For control accounts (e.g.,
payroll clearing)

Answer 148

Zero-balance tests

Question 149

Protect against overwriting or erasing data

Answer 149

Write-protection mechanisms

Question 150

Prevent error of two or more users updating the same record at the same time

Answer 150

Concurrent update controls