Section E: Professional Ethics

Question 1

Matrix

Answer 1

1. Matrix analysis find the solutions to a set of equations in the form of a matrix.
2. would not enable the auditor to see or to identify missing steps.
3. Matrix theory users numbers and symbols, not descriptions.
4. not useful for illustrating a process
5. would not be enable to show risks and controls.

Question 2

Flowchat

Answer 2

1. represent a process using symbol.
2. useful tool for auditors who want to gain an understanding of internal control.
3. can become familiar with payments processing by following the steps in a flowchart, which enable them to identify missing steps.
4. do not show risks.
5. shows the steps in a process
6. up to the reader to identify the risks in the process.
7. not provide evidence of how effectively the procedures are actually operating
8. does bot necessary replace the auditor’s internal control questionnaire.
9. Controls beyond those depicted on the systems flowchart must also be considered by the auditor, and information obtained from the questionnaire may be used to develop the flowchart.

Question 3

Risk

Answer 3

1. risk can never be completely eliminated.

2.

Question 4

System flowchats

Answer 4

1. provide a visual representation of a series of sequential process, that is, of a flow of documents data, and operations.
2. In many instances a flowchart is preferable to a questionnaire because a picture is usually more easily comprehended.
3. is a symbolic representation of the flow of documents and procedures through a series of steps in the accounting process of the client’s organization.

Question 5

Dial back system

Answer 5

1. a primitive countermeasure that are only appropriate to old-style dialup modem connections.

Question 6

Message acknowledgement procedures

Answer 6

1. a means only for affirming that a message has been received by the intend party
2. do not provide any means of alert in case of interception by an unintended party.

Question 7

Password code

Answer 7

1. must be assigned and saved on specific systems

2. are not applicable to ongoing electronic transmission.

Question 8

rectangle

Answer 8

1. the appropriate symbol for a process or a single step in a procedure or program

Question 9

Terminal display

Answer 9

by a symbol similar to the shape of a cathode ray tube.

Question 10

A predefined process step

Answer 10

1. represented by a rectangle with double lines on either side

Question 11

A disaster recovery plan

Answer 11

1. a hot-site recovery system (a service bureau that is immediately available for purpose of disaster recovery)
2. Automatic failover (1. a backup operational mode used to make system more fault-tolerant 2. typically an integral part of mission-critical systems that must be constantly available 3. involves automatically offloading tasks to a standby system component so that the procedure is as seamless as possible to the end user )
3. focus on disaster prevention (important aspect of most disaster recovery plans )
4. data conversion operation are not part of a disaster recovery plan (1. perform the tasks of data presentation and transmission. 2.conversion of source data to magnetic disk or tape and entry of transactions from remote terminals)

Question 12

Data-flow diagram

Answer 12

1. show only the flow of data, not the total system

Question 13

System flowchart

Answer 13

1. a graphic analysis of a data processing application
2. prepared by a systems analyst
3. is general and stress flows of data, not computer program logic
4. a graphic representation of the detailed steps and logic of an individual computer program
5. should both manual and computer processing

Question 14

A Gantt chart

Answer 14

1. a bar char used to monitor the progress of large projects.

Question 15

Program flowchart

Answer 15

1. shows only the details of a single program, not the entire computer system
2. identify the specific edit tests implemented

Question 16

Master file

Answer 16

1. depicted by a parallelogram (input/output)

2. or a symbol for the type of storage device used (e.g. magnetic tape or disk)

Question 17

Computer operation

Answer 17

1. depicted by a rectangle

Question 18

IDS(intrusion detection system)

Answer 18

1. not limited to knowldge-based detection.
2. not limited to behavior-based detection.
3. works by using sensors to examine packets traveling on the network.
4. a host IDS provides maximum protection only when the software is installed on each computer.

Question 19

DS (denial-of service) attack

Answer 19

1. is an attempt to overload a system (e.g. a network or web server) with false message so that it cannot function (a system crash) .
2. a distributed DS attack comes from multiple sources.
3. e.g. the machines of innocent parties infected by Trojan horse. When activated, these program send message to the target and leave the connection open.
4. A DS may establish as many network connection as possible to exclude other user, overload primary memory, or corrupt file system.

Question 20

Man-in-the- middle attack

Answer 20

1. take advantage of network packets sniffing and routing and transport protocols to access packets flowing through a network.

Question 21

Brute-force attack

Answer 21

1. uses passwords cracking software to try large number or letter and number combination to access a network.

Question 22

Password-cracking software

Answer 22

1. is used to access a network by using a large number of letter and number combination.

Question 23

Sniffing

Answer 23

1. is use of software to eavesdrop on information sent by a user to the host computer of a website.

Question 24

Spoofing

Answer 24

1. is identity misrepresentation in the cyberspace (e.g. by using a false website to obtain information about visitors)

Question 25

Passwords, user accounts, and other information may be stolen using techniques such as

Answer 25

1. Trojan Horses,
2. IP spoofing,
3. and packets sniffers

Question 26

A hoax virus

Answer 26

1. a false notice about the existence of a computer virus

2. usually disseminated through use of distribution lists and is send by email or via internal network

Question 27

A web crawler(a spider or bot )

Answer 27

1. a computer program created to access and read information on website
2. the results are included as entries in the index of a search engine.

Question 28

A killer application

Answer 28

1. is one of that is so useful that it may justify widespread adoption of new technology

Question 29

Concurrency control

Answer 29

1. manager situations in which two or more program attempt to use a file or database at the same time

Question 30

Parallel simulation

Answer 30

1. involve the user of specially prepared application-type programs to process transactions that have also ben run in routine processing

Question 31

Mapping

Answer 31

1. involve monitoring the execution of an application program certain statistical information about a computer run.

Question 32

Firewalls

Answer 32

1. separate an internal network form an external network( such as the Internet) and prevent passage of special types of traffic.

Question 33

Rivest, Shamir, and Adelman (RSA)

Answer 33

1. is a potential standard licensed to hardware and software vendors,
2. Public-key encryption requires management of fewer keys for a given client-serve environment than does private-key encryption.
3. Compare with DES, RSA entails more complex computations and therefore has a higher processing overhead.
4. requires 2 keys, the public key for encrypting message is widely know,
5. but the private key for decrypting message is kept secret by the recipient.

Question 34

Data encryption stand(DES)

Answer 34

1. is a shared private-key method developed by the US government.
2. it encryption data into 64-bit blocks using a 54-bit key.
3. requires only a dingle key fir each pair of parties that want to send each other encrypted message.

Question 35

A cypher lock

Answer 35

1. a physical device

Question 36

Modulator-demodulator(a modem)

Answer 36

1. used for telecommunications.

Question 37

A packet filtering system

Answer 37

examines each incoming IP packet.

Question 38

Kerberos

Answer 38

1. is encryption and authentication software that user DES encryption techniques

Question 39

A proxy server

Answer 39

1. maintain copies of web pages to be accessed by specified users.
2. Outsiders are directed there, and more important information is not available from this access point.

Question 40

An authentication system

Answer 40

1. verifies a user’s identity and is often an application provided by a firewall system, but it is not a firewall itself.

Question 41

A computer program flowchart

Answer 41

a pictorial presentation of the flow instructions in a client’s internal computer system

Question 42

The organization chart

Answer 42

depicts the client’s reporting structure