Test 2

Question 1

Threats to AIS

Answer 1

• Natural and political disasters
• Software errors and equipment malfunctions
• Unintentional acts
• Intentional Acts

Question 2

An intentional act where the intent is to destroy a system or some of its components

Answer 2

Sabotage

Question 3

Gaining an unfair advantage over another person

Answer 3

Fraud

Question 4

Legally, for an act to be fraudulent there must be:

Answer 4

1. False statement, representation, disclosure
2. Material facts
3. An intent to deceive
4. Justifiable reliance
5. Injury or loss

Question 5

Typically, business people who commit fraud. Criminals usually resort trickery or cunning, and their crimes usually involve a violation of trust or confidence

Answer 5

white-collar criminals

Question 6

Dishonest conduct by those in power and it often involves actions that are illegitimate, immoral, or incompatible with ethical standards

Answer 6

Corruption

Question 7

Misrepresenting or leaving out facts in order to promote and investment that promises fantastic profits with little or no risk

Answer 7

Investment fraud

Question 8

The theft of company assets by employees

Answer 8

Misappropriation of assets

Question 9

Fraudulent financial reporting

Answer 9

Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements

Question 10

4 actions to reduce fraudulent financial reporting

Answer 10

1. Establish an environment that contributes to integrity
2. Identify and understand factors that lead to fraudulent financial reporting
3. Assess the risk of fraudulent reporting within the company
4. Design and implement internal controls

Question 11

SAS requires auditor’s to:

Answer 11

• Understand fraud
• Discuss the risks of material fraudulent misstatements
• Obtain information
• Identify, assess, and respond to risks
• Evaluate the results of their audit tests
• Document and communicate findings
• Incorporate a technology focus

Question 12

Fraud Triangle

Answer 12

• Opportunity
• Rationalization
• Pressure

Question 13

A person’s incentive or motivation for committing fraud

Answer 13

Pressure

Question 14

The condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to a personal gain

Answer 14

Opportunity

Question 15

Concealing the theft of cash by means of a series of delays in posting collections to accounts receivable

Answer 15

Lapping

Customer A, B, C…

Question 16

Cash is created using the lag between the time a check is deposited and the time it clears the bank

Answer 16

Check kiting

Question 17

Allows perpetrators to justify their illegal behavior
- justification, attitude, lack of personal integrity

Answer 17

Rationalization

Question 18

Any type of fraud that requires computer technology to perpetrate it

Answer 18

Computer fraud

Question 19

Computer fraud classifications

Answer 19

• Input fraud
• Processor fraud
• Data fraud
• Output fraud
• Computer instructions fraud

Question 20

Input fraud

Answer 20

Simplest and most common way to commit a computer fraud is to alter or falsify computer inout

Question 21

Processor fraud

Answer 21

Includes unauthorized system use, including the theft of computer time and services

Question 22

Computer instructions fraud

Answer 22

Includes tampering with company software, copying software illegally, using software in an unauthorized manner, and developing software to carry out an unauthorized activity

Question 23

Data fraud

Answer 23

illegally using, copying, browsing, searching, or harming company data

Question 24

Output fraud

Answer 24

Output can be stolen, copied, or misused
- television like signals

Question 25

A probability distribution for the likelihood of a digit in a large set of naturally occurring numbers

Answer 25

Benford’s Law

Question 26

6 steps criminals use to attack information systems

Answer 26

1. Conduct reconnoissance
2. Attempt social engineering
3. Scan the map target
4. Research
5. Execute the attack
6. Cover tracks

Question 27

The unauthorized access, modification, or use of an electronic device or some element of a computer system

Answer 27

Hacking

Question 28

Gaining control of a computer to carry out illicit activities without the user’s knowledge

Answer 28

Hijacking

Question 29

Short for robot network, is a powerful network of hijacked computers, called zombies, that are used to attack systems or spread malware

Answer 29

Botnet

Question 30

Hijacked computers, typically part of a botnet, that are used to launch a variety of internet attacks

Answer 30

Zombies

Question 31

Installs software that responds to the hacker’s electronic instructions on unwitting PCs

Answer 31

Bot herder

Question 32

The attacker sends so many e-mail bombs or web page requests, often more randomly generated false addresses, that the internet service provider’s e-mail server or the web page server is overloaded and shuts down

Answer 32

Denial-of-service attack (DoS)

Question 33

A trial-and-error method that uses software to guess information, such as the user ID and the password, needed to gain access to a system

Answer 33

Brute force attack

(1) the computing power used and (2) enough time to generate the number of combinations needed

Question 34

Passwords stored in or transmitted by a computer system are recovered by trying every possible combination of upper- and lower-case letters, numbers, and special characters and comparing them to a cryptographic hash of the password

Answer 34

Password cracking

Question 35

Software generates user IDs and password guesses using a dictionary of possible user IDs and passwords to reduce the number of guesses required

Answer 35

Dictionary attack

Question 36

Simultaneously sending the same unsolicited message to many people at the same time, often in an attempt to sell something

Answer 36

Spamming

Question 37

Making an e-mail appear as though it originated from a different source

Answer 37

E-mail spoofing

Question 38

Making an electronic communication look as if someone else sent it to gain the trust of the recipient

Answer 38

Spoofing

Question 39

Displaying an incorrect number on a caller ID display to hide the caller’s identity

Answer 39

Caller ID spoofing

Question 40

Creating Internet protocol (IP) packets with a forged source IP address to conceal the identity of the sender or to impersonate another computer system

Answer 40

IP address spoofing

Question 41

Using the short message service (SMS) to change the name or number a text message appears to come from

Answer 41

SMS spoofing

Question 42

software program flaws that a hacker can exploit to either crash a system or take control of it

Answer 42

Vulnerabilities

Question 43

an attack between the time a new software vulnerability is discovered and the time a software developer releases a patch that fixes the problem

Answer 43

zero-day attack

Question 44

code released by software developers that fixes a particular vulnerability

Answer 44

patch

Question 45

a vulnerability in dynamic web pages that allows an attacker to bypass a browser’s security mechanisms and instruct the victim’s browser to execute code, thinking it came from a desired website

Answer 45

Cross-site scripting (XSS)

Question 46

Happens when the amount of data entered into a program is greater than the amount of memory (the input buffer) set aside to receive it

Answer 46

buffer overflow attack

Question 47

Malicious code in the form of an SQL query is inserted into input so it can be passed to and executed by an application program

Answer 47

SQL injection attack

Question 48

Places a hacker between a client and a host and intercepts network traffic between them

Answer 48

man-in-the middle attack

Question 49

Pretending to be an authorized user to access a system

Answer 49

masquerading/impersonation

Question 50

an unauthorized party gains access to some system in connection with an authorized party

Answer 50

piggybacking

Question 51

programming a computer to dial thousands of phone lines searching for dial-up modem lines

Answer 51

War dialing

Question 52

driving around looking for unprotected wireless networks

Answer 52

war driving

Question 53

attacking phone systems to obtain free phone line access; use phone lines to transmit malware; and access, steal, and destroy data

Answer 53

Phreaking

Question 54

Using a small device with storage capacity, such as an iPod or flash drive, to download unauthorized data

Answer 54

Podslurping

Question 55

Stealing tiny slices of money from many different accounts

Answer 55

Salami technique

Question 56

All interest calculations are truncated at two decimal places and the excess decimals put into an account the perpetrator controls

Answer 56

round-down fraud

Question 57

Theft of information, trade secrets, and intellectual property

Answer 57

Economic espionage

Question 58

Using an internet auction site to defraud another person

Answer 58

Internet action fraud

Question 59

Using the internet to pump up the price of a stock and then selling it

Answer 59

Internet pump-and-dump fraud

Question 60

Investors are defrauded in a variety of cryptocurrency-related fraud schemes

Answer 60

cryptocurrency fraud

Question 61

Manipulating click numbers to inflate advertising bills

Answer 61

Click fraud

Question 62

The unauthorized copying or distribution of copyrighted software

Answer 62

software piracy

Question 63

Techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network - usually to get the information needed to access system and obtain confidential information

Answer 63

Social engineering

Question 64

Assuming someone’s identity, usually for economic gain, by illegally obtaining and using confidential information, such as a social security number or a bank account or credit card number

Answer 64

Identity theft

Question 65

Using an invented scenario to increase the likelihood that a victim will divulge information or do something

Answer 65

Pretexting

Question 66

Creating a seemingly legitimate business, collecting personal info while making a sale, and never delivering the product

Answer 66

Posing

Question 67

Sending an electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification and often warning of a negative consequence if it is not provided

Answer 67

Phishing

Question 68

Voice phishing, is like phishing except the victim enters confidential data by phone

Answer 68

Vishing

Question 69

Activities performed on stolen credit cards, including making online purchases

Answer 69

Carding

Question 70

Redirecting website traffic to a spoofed website

Answer 70

Pharming

Question 71

Wireless network with the same name as a legitimate wireless access point

Answer 71

Evil twin

Question 72

setting up similarly named websites so that users making typographical errors when entering a website name are sent to an invalid site

Answer 72

Typosquatting/ URL hijacking

Question 73

Searching documents and records to gain access to confidential information

Answer 73

Scavenging/dumpster diving

Question 74

Perpetrators look over a person’s shoulders in a public place to get information such as ATM PIN numbers or user IDs and passwords

Answer 74

Shoulder surfing

Question 75

The perpetrator inserts a sleeve into an ATM that prevents the ATM from ejecting the card

Answer 75

Lebanese looping

Question 76

Double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use

Answer 76

Skimming

Question 76

Planting a small chip that records transaction data in a legitimate credit card reader

Answer 76

chipping

Question 77

Any software that is used to do harm

Answer 77

Malware

Question 78

Software secretly monitors and collects personal information about users and sends it to someone else
- gathered by logging keystrokes, monitoring websites visited, and scanning documents on the computer’s hard drive

Answer 78

Spyware

Question 79

Spyware that can pop banner ads on a monitor, collect information about the user’s web-surfing and spending habits, and forward it to the adware creator

Answer 79

Adware

Question 80

Software records computer activity, such as user’s keystrokes, e-mails sent and received, websites visited, and the chat session Participation

Answer 80

Keylogger

Question 81

Set of malicious computer instructions in an unauthorized and otherwise properly functioning program

Answer 81

Trojan horse

Question 82

Processes implemented to provide reasonable assurance

Answer 82

Internal Controls

Question 83

Deter problems before they arise. Examples include hiring qualified personnel, segregating employee duties, and controlling physical access to assets and information

Answer 83

Preventative controls

Question 84

Discover problems that are not prevented. Examples include duplicate checking of calculations and preparing bank reconciliations and monthly trial balances

Answer 84

Detective controls

Question 85

Identify and correct problems as well as correct and recover from the resulting errors. Examples include maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processing

Answer 85

Corrective controls

Question 86

Make sure an organization’s control environment is stable and well managed. Examples include security; IT infrastructure; and software acquisition, development, and maintenance controls

Answer 86

General controls

Question 87

Prevent, detect, and correct transaction errors and fraud in application programs. They are concerned with the accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported

Answer 87

Application controls

Question 88

Describes how a company creates vale, helps employees understand management’s vision, communicates company core values, and inspires employees to live by those values

Answer 88

Belief system

Question 89

Helps employees act ethically by setting boundaries on employee behavior

Answer 89

Boundary system

Question 90

Measures, monitors, and compares actual company progress to budgets and performance goals. Feedback helps management adjust and fine-tune inputs and processes so future outputs more closely match goals

Answer 90

Diagnostic control system

Question 91

Helps managers to focus subordinates’ attention to key strategic issues and to be more involved in their decisions.

Answer 91

Interactive control system

Question 92

Passed to prevent companies from bribing foreign officials to obtain business

Answer 92

Foreign Corrupt Practices Act (FCPA)

Question 93

Designed to prevent financial statement fraud, make financial reports more transparent, protect investors, strengthen internal controls, and punish executives who perpetrate fraud

Answer 93

Sarbanes-Oxley Act (SOX) of 2002

Question 94

Control the auditing profession. Sets and enforces auditing, quality control, ethics, independence. and other auditing standards
- created by SOX
- 5 people

Answer 94

Public Company Accounting Oversight Board (PCAOB)

Question 95

After SOX was passed, the SEC mandated that management must:

Answer 95

1. Base its evaluation on a recognized framework
2. Disclose all material internal control weaknesses
3. Conclude that a company does not have effective financial reporting internal controls if there are material weaknesses

Question 96

Consolidates control standards from many different sources into a single framework that allows (1) management to benchmark security and control practices of IT environments, (2) users to be assured that adequate IT security and controls exist, and (3) auditors to substantiate their internal control operations and to advise IT security and control matters

Answer 96

Control Objectives for Information and Related Technology (COBIT)
- developed by ISACA

Question 96

A private sector group consisting of the American Accounting Association, the AICPA, the institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives institute

Answer 96

Committee of Sponsoring Organizations (COSO)

Question 97

A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems; widely dated to be accepted authority on internal controls incorporated into policies, rules, and regulations
bused to control business activities.

Answer 97

Internal Control - Integrated Framework (IC)

Question 98

5 Components of COSO

Answer 98

1. Control Environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring

Question 99

AKA company culture, influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk

Answer 99

Control environment

Question 100

• Developed in 2004 by COSO
  The process the board of directors and management use to set strategy, identify events that may affect the entity, assess and manage risk, and provide reasonable assurance that the company achieves its objectives and goals.

Answer 100

Enterprise Risk Management (ERM)

Question 101

The amount of risk they are willing to accept to achieve their goals

Answer 101

Risk appetite

Question 102

Outside independent directors responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors, who report all critical accounting policies and practices to them

Answer 102

Audit Committee
- Required by SOX

Question 103

Explains proper business practices, describes needed knowledge and experience, explains document procedures, explains how to handle transactions, and lists the resources provided to carry out specific duties

Answer 103

Policy and procedures manual

Question 104

The susceptibility of a set of accounts or transactions to significant control problems in the absence of internal controls

Answer 104

Inherent Risk

Question 105

The risk that remains after management implements internal controls or some other response to risk

Answer 105

Residual Risk

Question 106

Respond to risk in one of 4 ways:

Answer 106

• Reduce
• Accept
• Share
• Avoid

Question 107

The mathematical product of impact and likelihood

Answer 107

Expected loss

Expected loss = impact X likelihood

Question 108

The benefits of an internal control procedure must___ its costs

Answer 108

exceed

Question 109

Policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out

Answer 109

Control activities

Question 110

Approving transactions and decisions

Answer 110

Authorization

Question 111

Preparing source documents; entering data into computer systems; and maintaining journals, ledgers, and files, or databases

Answer 111

Recording

Question 112

Handling cash, tools, inventory, or fixed assets; receiving informing customer checks, writing checks

Answer 112

Custody

Question 113

Implementing control procedures to clearly divide authority and responsibility within the information system function

Answer 113

Segregation of systems duties

Question 114

Help users to determine their information needs

Answer 114

Systems analysts

Question 115

People who use the analysts design to create and test computer programs

Answer 115

Programmers

Question 116

People who operate the company’s computers. They ensure that data are properly entered, processed correctly, properly stored, and that needed output is produced.

Answer 116

Computer operators

Question 117

People who record transactions, authorize data to be processed, have logical access to company data, and produce system output. Responsible for safekeeping any data they may access or distribute as system output.

Answer 117

Users

Question 118

Make sure all information system components operate smoothly and efficiently

Answer 118

System administrators

Question 119

Ensure that devices are linked to the organization’s internal and external networks and that those networks operate properly

Answer 119

Network managers

Question 120

Make sure that systems are secure and protected from internal and external threats

Answer 120

Security management

Question 121

Make sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, availability

Answer 121

Change management

Question 122

Ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of inout errors to ensure their correction and resubmission, and distributes systems output

Answer 122

Data control

Question 123

Guides and oversees systems development and acquisition

Answer 123

Steering committee

Question 124

Developed and updated yearly to align an organization’s information system with its business strategies. Shows the projects that must be completed, addresses company’s hardware, software, personnel, and infrastructure

Answer 124

Strategic master plan

Question 125

Shows the tasks to be performed, who will perform them, project costs, completion dates, and project milestones

Answer 125

Project development plans

Question 126

Significant points when progress is reviewed and actual and estimated completion times are compared

Answer 126

Project milestones

Question 127

Shows when each task should be performed

Answer 127

Data processing schedule

Question 128

Established to evaluate the system. common measurements include throughput, utilization, and response time

Answer 128

System performance measurement

Question 129

Performed after a development project is completed to determine whether the anticipated benefits were achieved

Answer 129

Post-implementation review

Question 130

Manage a systems development effort involving its own personnel, its client, and other vendors

Answer 130

Systems integrator

Question 131

Independent checks on performance

Answer 131

• top level reviews
• Analytical reviews
• reconciliation of independently maintained records
• comparison of actual qualities with recorded amounts
• double-entry accounting
• independent reviews

Question 132

In charge of system security, independent of the information system function, and reports to the chief operating officer (COO) or the CEO

Answer 132

Computer security officer

Question 133

An employee responsible for all the compliance task associated with SOX and other laws and regulatory rulings

Answer 133

Chief compliance officer

Question 134

Specialize in fraud. a fast-growing group in the accounting profession

Answer 134

Forensic investigators

Question 135

Discover, extract, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges

Answer 135

computer forensics specialists

Question 136

(Programs with learning capabilities) can accurately identify fraud

Answer 136

Neural networks

Question 137

A phone number employees can call to anonymously report fraud and abuse

Answer 137

Fraud hotline

Question 138

Employ a combination of preventative, detective, and corrective controls to protect information assets long enough for an organization to detect that an attack is occurring and to take timely steps to thwart the attack before any information is lost or compromised

Answer 138

Time-based model of information security

Question 139

Using multiple layers of controls in order to avoid having a single point of failure

Answer 139

defense-in-depth

Question 140

The process of verifying the identity of the person or device attempting to access the system

Answer 140

Authentication

Question 141

Three types of credentials can be used to verify a person’s identity

Answer 141

1) passwords or or PINS
2) something a person has, such as smart cards or ID badges
3) behavioral or physical characteristic (biometric identifier) of the person, such as fingerprints or typing patterns

Question 142

The use of two or more types of authentication credentials in conjunction to achieve a greater level of security

Answer 142

Multi-factor authentication

Question 143

The use of multiple authentication credentials of the same type to achieve a greater level if security

Answer 143

multimodal authentication

Question 144

Connects an organization’s information system to the internet

Answer 144

border router

Question 145

a special-purpose hardware device or software running on a general-purpose computer, that controls both inbound and outbound communication between the system behind the firewall and other networks

Answer 145

firewall

Question 146

A separate network located outside the organization’s internal information system that permits controlled access from the internet to selected resources, such as the organization’s e-commerce web server

Answer 146

Demilitarized zone

Question 147

special-purpose devices deigned to read the source and destination address fields in IP packet headers to decide where to send (route) the packet next

Answer 147

Routers

Question 148

A process that uses various fields in a packet’s IP and TCP headers to decide what to do with the packet

Answer 148

Packet filtering

Question 149

A process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers

Answer 149

Deep packet inspection

Question 150

software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks

Answer 150

Intrusion prevention systems (IPS)

Question 151

Used to identify unused and, therefore, unnecessary programs that represent potential security threats

Answer 151

Vulnerability scanners

Question 152

A program designed to take advantage of a known vulnerability

Answer 152

Exploit

Question 153

Is the process for regularly applying patches and updates to all software used by the organization

Answer 153

Patch management

Question 154

The process of modifying the default configuration of endpoints to eliminate unnecessary settings and services

Answer 154

Hardening

Question 155

The process of examining logs to identify evidence of possible attacks

Answer 155

Log analysis

Question 156

Systems that create logs of all network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions

Answer 156

Intrusion detection systems

Question 157

A system that looks like a legitimate part of the organization’s internal network but is just a decoy system

Answer 157

honeypot

Question 158

A team responsible for dealing with major security incidents

Answer 158

Computer incident response team (CRIT)

Question 159

CRIT incident response team 4 steps:

Answer 159

1. Recognition
2. Containment
3. Recovery
4. Follow-up

Question 160

An authorized attempt by either an internal audit team or an external security consulting firm to break into the organization’s information system

Answer 160

Penetration Testing

Question 161

Software that provides an additional layer of protection to sensitive information stored in digital format, offering the capability not only to limit access to specific files or documents but also to specify the actions that individuals granted access to that resource can perform

Answer 161

Information rights management

Question 162

software that works like antivirus programs in reverse, blocking outgoing messages that contain key words or phrases associated with the intellectual property or other sensitive data the organization wants to protect

Answer 162

Data loss prevention (DLP)

Question 163

A detective control that enables an organization to identify confidential information that has been disclosed

Answer 163

Digital watermark

Question 164

Protecting privacy by replacing sensitive personal information with fake data

Answer 164

Data masking aka tokenization

Question 164

Protecting privacy by replacing sensitive personal information with fake data

Answer 164

Data masking aka tokenization

Question 165

One of the strictest and most far-reaching privacy regulations is the

Answer 165

European Union’s General Data Privacy Regulations (GDPR)

Question 166

The processing of transforming normal content, called plaintext, into unreadable gibberish, called cipher-text

Answer 166

Encryption

Question 167

Transforming cipher-text back into plaintext

Answer 167

Decryption

Question 168

Uses the same key both to encrypt and decrypt. EX AES

Answer 168

Symmetric encryption system

Question 169

Uses two keys that are created as a matched pair

Answer 169

Asymmetric encryption systems

Question 170

key that is widely distributed and made available to everyone
- asymmetric encryption

Answer 170

Public key

Question 171

Key that is kept secret and known only to the owner of that pair keys

Answer 171

Private key

Question 172

The process of storing a copy of an encryption key in a secure location

Answer 172

Key escrow

Question 173

Using encryption and authentication to securely transfer information over the internet, thereby creating a “virtual” private network

Answer 173

Private network

Question 173

The process that takes plaintext of any length and creates a short code called a message digest, popularly referred to as a hash

Answer 173

Hashing

Question 174

Creating legally binding agreements that cannot be unilaterally repudiated by either party

Answer 174

nonrepudiation

Question 175

Protecting Confidentiality and Privacy

Answer 175

1) identify and classify the information to be protected
2) encrypt the information
3) control access to the information
4) train employees to properly handle the information

Question 176

Factors that influence encryption strength

Answer 176

1) Key length
2) encryption algorithm
3) policies for managing the cryptographic keys

Question 177

Longer keys provide ___ encryption

Answer 177

stronger

Question 178

Process of creating a digital signature

Answer 178

step 1: the document creator uses a hashing algorithm to generate a hash of the original document
step 2: The document creator uses his/her private key to encrypt the hash created in step 1
Result: The encrypted hash is a legally-binding digital signature

Question 179

An electronic document that contains an entity’s public key and certifies the identity of the owner of that particular key

Answer 179

digital certificate

Question 180

An organization that issues public and private keys and records the public key in a digital certificate

Answer 180

Certificate authority

Question 181

The system for issuing pairs of public and private keys and corresponding digital certificates is called a

Answer 181

public key infrastructure (PKI)

Question 182

A distributed ledger of hashed documents with copies stored on multiple computers

Answer 182

blockchain

Question 183

A random number; used in the process mining to validate a new block in a blockchain

Answer 183

nonce

Question 184

determines whether the characters in a field are of the proper type. Ex. only numeric or alphabetic numbers

Answer 184

field check

Question 185

Determines whether the data in a field have the appropriate arithmetic sign. Ex. the quantity ordered field should never be negative

Answer 185

Sign check

Question 186

Tests a numerical amount against a fixed value. Ex. the regular hours worked field in weekly payroll input must be less than or equal to 40 hours

Answer 186

Limit check

Question 187

Ensures that the input data will fit into the assigned field. For example, 9 digits must be in a social security number

Answer 187

Size check

Question 188

Verifies that all required data items have been entered. Ex. inputting all customer data before shipping

Answer 188

Completeness check

Question 189

Compares the ID code or account number in transaction data with similar data in the master file to verify that the accounts exists. Ex product number 65432 entered on sales order must match product 65432 in inventory database

Answer 189

Validity check

Question 190

Determines the correctness of the logical relationship between two data items

Answer 190

Reasonableness check

Question 191

ID codes can contain a ____ that is computed from the other digits. The purpose is to verify that the information on the barcode has been entered correctly.

Answer 191

check digit

Question 192

recalculating the check digit to identify data entry errors

Answer 192

Check digit verification

Question 193

Tests whether a transaction file is in the proper numerical or alphabetical sequence

Answer 193

Sequence check

Question 194

Calculate numeric values for a batch of input records. Used to ensure that all records in a batch are processed correctly

Answer 194

Batch totals

Question 195

sums a field that contains monetary values, such as the total dollar amount of all sales for a batch of sales transactions

Answer 195

Financial totals

Question 196

Sums a non-financial numeric field, such as the total of the quantity-ordered field in a batch of sales transactions. No inherent meaning

Answer 196

Hash total

Question 197

Number of records in a batch

Answer 197

Record count

Question 198

The system requests each input data item and waits for an acceptable response, ensures that all necessary data are entered

Answer 198

Prompting

Question 199

Checks the accuracy of input data by using it to retrieve and display other related information. Ex if a clerk enters na account number, the system could retrieve and display the account name so that the clerk could verify that the correct account number has been entered

Answer 199

Closed-loop verification

Question 200

Two or more items of data must be matched before an action can take place

Answer 200

Data matching

Question 201

Located at the beginning of each file and contains the file name, expiration date, and other identification data

Answer 201

Header record

Question 202

Located at the end of the file; in transaction files it contains the batch totals calculated during input

Answer 202

trailer record

Question 203

two adjacent digits were inadvertently reversed. Ex 46 instead of 64

Answer 203

Transportation error

Question 204

A processing control that verifies accuracy by comparing two alternative ways of calculating the same total

Answer 204

cross-footing balance total

Question 205

A processing control that verifies that the balance of a control equals zero after all entries to it have been made

Answer 205

zero-balance test

Question 206

Protect against overwriting or erasing of data files stored on magnetic media

Answer 206

write-protection mechanisms

Question 207

Prevent errors by locking out one user when two or more users attempt to update the same record simultaneously

Answer 207

Concurrent update controls

Question 208

A data transmission control that uses a hash of a file to verify accuracy

Answer 208

checksum

Question 209

an extra digit added to the beginning of every character that can be used to check transmission accuracy

Answer 209

Parity bit

Question 210

The capability of a system to continue to performing when there is a hardware malfunction

Answer 210

Fault tolerance

Question 211

A fault tolerance technique that records data on multiple disk drives instead of just one to reduce the risk of data loss

Answer 211

Redundant arrays of independent drives RAID

Question 212

Provides protection in the event of a prolonged power outage, using battery power to enable the system to operate long enough to back up critical data and safely shut down

Answer 212

Uninterruptible power supply (UPS)

Question 213

The maximum amount of data that the organization is willing to have to reenter or potentially lose

Answer 213

Recovery point objective (RPO)

Question 214

The maximum tolerable time to restore an information system after a disaster

Answer 214

Recovery time objective (RTO)

Question 215

Exact copy of the entire backup

Answer 215

full backup

Question 216

Copying only the data items that have changed since the last partial backup

Answer 216

Incremental backup

Question 217

Copies all changes made since the last full backup. Each new backup files contains the cumulative effects of all activity since the last full backup

Answer 217

Differential backup

Question 218

Uses hashing to identify and backup only those portions of a file or database that have been updated since that last backup

Answer 218

Deduplication

Question 218

A copy of a database, master file, or software retained indefinitely as a historical record, usually to satisfy legal and regulatory requirements

Answer 218

Archive

Question 219

Outlines the procedures to restore an organization’s IT function in the event that its data center is destroyed

Answer 219

Disaster recovery plan (DRP)

Question 220

A disaster recovery option that relies on access to an alternative facility prewired for necessary telephone and internet access, but does not contain any computing equipment

Answer 220

Cold site

Question 221

a facility not only prewired for telephone and internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities

Answer 221

hot site

Question 222

Maintaining two copies of the database at two separate data centers at all times and updating both databases in real-time at each transaction occurs

Answer 222

real-time mirroring