VI - Information Technology Flashcards

1
Q

Which IT personnel roles should always be segregated?

A

Operators

Programmers

Librarians

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the duties of a systems analyst?

A

Designs or purchases IT system

Responsible for flowcharts

Liaison between Users and Programmers

Note: Think IT Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the primary duty of a Systems Administrator?

A

A Systems Administrator controls database access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the duties of a Systems Programmer?

A

Writes- Updates- Maintains- & Tests software- systems- and compilers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which duties should a Systems Programmer NOT have?

A

In order to maximize internal control- a Systems Programmer should NOT have application programming duties/abilities or be an Operator on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the duties of a Systems Operator?

A

Schedules and Monitors Jobs

Runs IT Help Desk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What duties should a System Operator NOT have?

A

For internal control purposes- they should not be a Programmer on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If it is not possible to segregate duties in an IT System- what actions should be taken to compensate for internal control purposes?

A

Include Computer Logs.

Control Group should review the logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of a Management Information System (MIS)?

A

To assist with decision making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an Accounting Information System (AIS)?

A

A type of Management Information System (MIS) that processes accounting transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the characteristics of an Executive Information System (EIS)?

A

Specialized for Company Executive needs

Assists with Strategy Only

No Decision-Making Capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the characteristics of an Expert System (ES)?

A

Computer uses reasoning

Structured

No human interpretation needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the characteristics of a Decision Support System (DSS)?

A

Computer provides data

Gives Interactive Support

Human interpretation needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the characteristics of an Ad Hoc computer report?

A

User initiates the report.

The report is created upon demand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When are Exception reports generated?

A

Exception reports are produced when Edit Tests- Check Digits- or Self-Checking Digits identify a problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a query?

A

A type of Ad Hoc report- initiated by a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is End-User Computing?

A

The User develops and executes their own application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the primary benefit of E-commerce?

A

E-commerce makes business transactions easier.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the risks of E-commerce?

A

Compromised data or theft.

Less paper trail for auditors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the benefits of Electronic Data Interchange?

A

Uses globally-accepted standards

Efficient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a File Server?

A

A file server stores shared programs and documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the purpose of a Database?

A

Located on a File Server- a Database allows users to share documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the purpose of a LAN (Local Area Network)?

A

It connects computers in close proximity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the purpose of a WAN (Wide Area Network)?

A

It connects computers that are far apart.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the characteristics of a VAN (Value-Added Network)?

A

Privately-owned Network

Serves as 3rd Party Between 2 Companies

Routes EDI Transactions

Accepts wide range of Protocols

Very Costly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the purpose of a Firewall?

A

Prevents unauthorized access to a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are the characteristics of a virus?

A

Takes over a computer

Needs a host program to run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are the characteristics of a computer worm?

A

Takes over multiple computers

Doesn’t need a host program to run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the purpose of Automated Equipment Controls?

A

They prevent and detect hardware errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is RAM?

A

Random Access Memory.

Internal memory in the computer used during immediate processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is a CPU?

A

Computer Processing Unit

It processes commands within a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is Job Control Language?

A

It schedules and allocates system resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are examples of input devices?

A

Keyboard
Mouse
Scanner
Magnetic Ink Reader
Magnetic Tape Reader
EDI
Point of Sale Scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What are examples of Output Devices?

A

Speakers

Monitors

Printers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What are the characteristics of Magnetic Tape storage?

A

Sequential Access - Sorts data in order

Slower data retrieval

Header Label prevents Operator error by loading wrong tape

External Labels prevent accidental destruction by operator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are the characteristics of Magnetic Disks?

A

Random Access - Finds data in random spots

Faster data retrieval

Uses Boundary Protection for data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is a Gateway?

A

Connects one network to another

Note: the Internet is connected by Gateways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What are Parity Checks?

A

A control that detects internal data errors.

A bit is added to each character- it checks to see if a bit was lost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is an Echo Check?

A

Transmitted data is returned to the sender for verification (it echoes back to the sender)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is a Change Control?

A

It authorizes program changes and approves program test results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is security software?

A

Software that controls access to IT systems.

Note: Don’t confuse this with anti-virus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the purpose of a Digital Signature?

A

It confirms a message has not been altered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

List the types of computers from smallest to largest

A

PDA/Smartphone/Tablet

Microcomputer - PC- Laptop (cost-effective)

Minicomputer - Like a Mainframe- but smaller

Mainframe - Large computer with terminals attached

Supercomputer - Very powerful and very big

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What are the units of computer data from smallest to largest?

A

Bit - 1 (on) and 0 (off)
Byte - 8 bits to a byte/character
Field - group of related characters/bytes (i.e. Name- Zip Code- Serial #)
Record - Group of related fields (i.e. Member name- address- phone number)
File - Group of related records (i.e. Membership directory)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is the duty of a design engineer?

A

Determine language used for a specific computer- on a computer-to-computer basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What are object programs?

A

Programs written in base computer language- not similar to English.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

How can source programs be recognized?

A

They are written in a language close to English.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is the purpose of a Compiler?

A

Takes Source language (English) and converts to Object (Computer) Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

How does Online Analytical Processing work?

A

It uses a Data Warehouse to support management decision making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is Data Mining?

A

Using artificial intelligence and pattern recognition to analyze data stores within a Data Warehouse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is the purpose of online transaction processing?

A

To process a company’s routine transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What are the characteristics of batch processing?

A

Data held- updates multiple files all at once

Leaves a better audit trail

Uses Grandfather-Father-Son backup (3 levels of backup kept in 3 locations)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What does an output control check for?

A

Checks to see if output data is valid- distributed and used in an authorized manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What does a processing control check?

A

Checks if data processing produced proper output

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is a hash total?

A

An input control number- a meaningless sum of values included in the input.

Example would be summing a list of SSNs to make sure the data is the same once entered as it was prior to input into the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is a validity check?

A

Checks to see if data in existing tables or files belongs in the set

For example- is there a # in an alpha-only field or a letter in a numeric-only field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is a limit check?

A

Checks to see if numbers surpass a certain limit- i.e. in an age field is the number greater than 110.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is a check digit?

A

An input control that adds an identification number to a set of
digits - usually at the end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What is a field check?

A

An input check that prevents invalid characters- i.e. checks for alphabetic letters in a SSN field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What is a Hot Site?

A

A disaster recovery system where if the main system goes down- a Hot Site is ready to take over immediately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What is a Cold Site?

A

If a main system goes down- a Cold Site will take time to get set up and running.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What is the most common database language?

A

SQL - Structured Query Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is a Data Definition Language?

A

Defines SQL Database

Controls SQL Tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What is a Data Manipulation Language?

A

Queries SQL Database tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is a Data Control Language?

A

Controls Access to SQL Database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What are the characteristics of a Relational Database?

A

Logical structure

Uses rows and columns similar to spreadsheet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What are the characteristics of a Hierarchical Database?

A

Has various levels

Uses trees to store data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What are the advantages of a database?

A

Data is more accessible

Reduced redundancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What are the disadvantages of a database?

A

Cost of installation

Skilled personnel required to maintain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What are the components of a database?

A

Desktop client

Application Server

Database Server

Think: Your desktop computer runs applications and saves to a database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Which of the following statements is (are) true.
I. A greater level of control is necessary in automated than manual systems.
II. The uniformity of transaction processing is higher in automated than manual systems.

A

II only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

C auto leasing is a small co. with six employees. The best action that it can take to increase its internal control effectiveness is

  • Hire temporary employees to aid in the segregation of duties.
  • Hire a bookkeeper to perform monthly “write up” work.
  • Clearly delegate responsibilities to each employee for the functions that they are assigned.
  • Engage the owner in direct participation in the activities, including financial record-keeping, of the business.
A

Engage the owner in direct participation in the activities, including financial record-keeping, of the business.
This is the best answer since engaging the owner in the activities of the business is an important compensating control in small organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

M Inc. recently switched from a manual acct system to a computerized acct system. The system supports online real-time processing in a networked environment, and six employees have been granted access to various parts of the system in order to perform their jobs. Relative to the manual system, M can expect to see

  • That functions that had previously been spread across multiple employees have been combined.
  • An increase in the incidence of clerical errors.
  • A decrease in the incidence of systemic errors.
  • A decrease in the need for access controls to the accounting records.
A

That functions that had previously been spread across multiple employees have been combined.
It is common for computerized systems to combine functions that would be considered incompatible in a manual system
This can occur because the system limits the transactions that it is possible for the employee to record, creating a compensating control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What is the COBIT framework? (3 parts)

A

Busin Reqs
IT Resources
IT Processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

In COBIT, the process of reviewing system response time logs falls within the __ control process domain.

  • Acquire and implement.
  • Deliver and support.
  • Monitor and evaluate.
  • Plan and organize.
A

Monitor and evaluate
The process of reviewing system response logs is within the “monitor the processes” (M1) activity, which falls within the “monitor and evaluate” domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

In COBIT, the process of ensuring security and continuous service falls within the __ control process domain.

  • Acquire and implement.
  • Deliver and support.
  • Monitor and evaluate.
  • Plan and organize.
A

Deliver and support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

In COBIT, the process of developing tactics to realize the strategic vision for IT falls within the __ control process domain.

  • Acquire and implement.
  • Deliver and support.
  • Monitor and evaluate.
  • Plan and organize.
A

Plan and organize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

One important purpose of COBIT is to

  • Guide managers, users, and auditors to adopt best practices related to the management of information technology.
  • Identify specific control plans that should be implemented to reduce the occurrences of fraud.
  • Specify the components of an information system that should be installed in an e-commerce environment.
  • Suggest the type of information that should be made available for management decision-making.
A

Guide managers, users, and auditors to adopt best practices related to the management of information technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

In COBIT, the process of identifying automated solutions falls within the __ control process domain.

  • Acquire and implement.
  • Deliver and support.
  • Monitor and evaluate.
  • Plan and organize.
A

Acquire and impelment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

An enterprise resource planning system (ERP) is designed to:

  • Allow nonexperts to make decisions about a particular problem.
  • Help with the decision-making process.
  • Integrate data from all aspects of an organization’s activities.
  • Present executives with the information needed to make strategic plans.
A

Integrate data from all aspects of an organization’s activities.
Goals: Integrates all data into one system
Cost Savings
Employee empowerment
Best practices
Automation

81
Q

Which of the following is true of enterprise resource planning (ERP) systems?
I. The online analytical processing system (OLAP) provides data warehouse capabilities for the ERP system.
II. The ability of an ERP system to provide an integrated view of transactions in all parts of the system is a function of the online transaction processing (OLTP) system.

A

I only
The online analytical processing system (OLAP) incorporates data warehouse and data mining capabilities within the ERP.
The online transaction processing system (OLTP) records the day-to-day operational transactions and enhances the visibility of these transactions throughout the system. It is primarily the OLAP and not the OLTP, that provides an integrated view of transactions in all parts of the system. The OLTP is primary concerned with collecting data (and not analyzing it) across the organization.

82
Q

Which of the following risks increases the LEAST with cloud-based computing compared with local server storage?

  • Data loss.
  • Vendor security failure.
  • Global visibility.
  • System hacks.
A

Global visibility

Not a cloud risk

83
Q

An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems?

  • Modifications can be made to each module without affecting other modules.
  • Increased responsiveness and flexibility while aiding in the decision-making process.
  • Increased amount of data redundancy, since more than one module contains the same information.
  • Reduction in costs of implementation and training.
A

Increased responsiveness and flexibility while aiding in the decision-making process.
This is the goal of ERPs

84
Q

CC Co. developed a management reporting software package that enables members interactively to query a data warehouse and drill down into transaction and trend information via various network set-ups. What type of management reporting system has CC Co. developed?

  • On-line analytical processing system.
  • On-line transaction-processing system.
  • On-line executive information system.
A

On-line analytical processing system
On-line analytical processing systems (OLAPs) are an increasingly important multidimensional analytical tool. An OLAP is a modification and expansion of an online transaction processing system to provide the capabilities and functionalities identified in this question.

85
Q

Which provides access to virtual hardware?
IaaS - Infrastructure as a service
PaaS - Platform
SaaS - Software

A

IaaS - Infrastructure as a service

86
Q

Which allows you to create software and programs?
IaaS - Infrastructure as a service
PaaS - Platform
SaaS - Software

A

PaaS - Platform

CREATE - key, SaaS is access

87
Q

Which provides access to software and programs?
IaaS - Infrastructure as a service
PaaS - Platform
SaaS - Software

A

SaaS - Software

ACCESS - key, Paas is create

88
Q
In DRP, the lowest priority is given to which activity, top priority?
	A. 	Accounting.
	B. 	Manufacturing.
	C. 	Mission critical.
	D. 	Task critical.
A

Task Critical has lowest priority

Mission critical, highest priority

89
Q

Which of the following tasks comes first in business continuity management (BCM)?
A. Embed the BCM in the culture.
B. Determine business continuity strategies.
C. Exercise, maintain, and review the plan.
D. Develop and implement a BCM response

A

Determine business continuity strategies is the third step in BCM but it is the earliest procedure listed for this question.

90
Q

B Inc. is a large multinational corp with various busin units. After a fire destroyed the corp HQ and largest manufacturing site, plans for which of the following would help B ensure a timely recovery?

  • Daily backup.
  • Network security.
  • Business continuity.
  • Backup power.
A

Business continuity, best for fires

91
Q

An IT director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is he most likely preparing?

  • Data restoration plan.
  • Disaster recovery plan.
  • System security policy.
  • System hardware policy.
A

Disaster recovery plan

92
Q

Which of the following terms refers to a site that has been identified and maintained by the organization as a data processing disaster recovery site, but has not been stocked with equipment?

  • Hot
  • Cold
  • Warm
A

Cold, simplist version (it doesn’t have equipment)

93
Q

The audit report of an IT dept indicated that the department lacked a disaster recovery plan. Which of the following steps should mgmt take first to correct this?

  • Designate a cold site.
  • Prepare a statement of responsibilities for the tasks included in a disaster recovery plan.
A

Prepare a statement of responsibilities for the tasks included in a disaster recovery plan.

94
Q

In an e-commerce environment that requires that the IT system be available on a continuous basis, more emphasis will be placed on which of the following aspects of the planning than in a traditional organization?

  • Maintain appropriate written source documents so the data can be re-entered if it is lost or compromised.
  • Maintain redundant systems for instant availability to assure the flow of transactions.
A

Maintain redundant systems for instant availability to assure the flow of transactions.
(Ensures continuity)

95
Q

Which of the following IT dept responsibilities should be delegated to separate individuals?

  • Network maintenance and wireless access.
  • Data entry and antivirus management.
  • Data entry and application programming.
  • Data entry and quality assurance.
A

The separation of the data entry function from the application programming function is critical. This is because if one both enters data and changes the programs into which those data are entered, one can perpetrate consequential financial frauds. This is why data entry occurs within the operations unit of an IT dept and application development occurs within the development function of an IT dept

96
Q

In a large firm, the custody of an entity’s data is maintained by which of the following personnel?

  • Data librarian.
  • Systems analyst.
  • Computer operator.
A

Data librarian

97
Q

In business information systems, the term “stakeholder” refers to:

  • The mgmt team responsible for the security of the documents and data stored on the computers or networks.
  • IT personnel responsible for creating the documents and data stored on the computers or networks.
  • Authorized users who are granted access rights to the documents and data stored on the computers or networks.
  • Anyone in the organization who has a role in creating or using the documents and data stored on the computers or networks.
A

Anyone in the organization who has a role in creating or using the documents and data stored on the computers or networks. (End users)

98
Q

The position responsible for managing the flow of documents and reports in and out of the computer operations department is the

  • Data entry clerk.
  • Computer operator.
  • Data control clerk.
  • File librarian.
A

Data control clerk.

99
Q

To maintain effective segregation of duties within IT, an application programmer should have which of the following responsibilities?

  • Modify and adapt operating system software.
  • Correct detected data entry errors for the cash disbursement system.
  • Code approved changes to a payroll program.
  • Maintain custody of the billing program code and its documentation.
A

Code approved changes to a payroll program.

100
Q

What is the role of the systems analyst in an IT environment?

  • Designing systems, prepares specifications for programmers, and serves as intermediary between users and programmers.
  • Selecting, implementing, and maintaining system software, including operating systems, network software, and the data base management system.
A

-Designing systems, prepares specifications for programmers, and serves as intermediary between users and programmers.

101
Q

Which of the following is responsible for identifying problems and proposing initial solutions?

  • IT Steering Committee.
  • Lead systems analyst.
  • Application programmers.
  • End users.
A

End Users

Have the primary responsibility of identifying problems and proposing initial solutions.

102
Q

In which of the following implementation approaches are users divided into smaller groups and trained on the new system, one group at a time?

  • Parallel.
  • Phased.
  • Pilot.
A

Pilot

103
Q

The requirements definition document is signed at this stage:

  • Planning and feasibility.
  • Analysis.
  • Design and development.
  • Implementation.
A

Analysis
Systems analysts work with end users to understand and document business processes and system requirements at this stage. All parties sign off on the requirements definition to signify their agreement with the projects goals and processes at this stage.

104
Q

At this stage, we purchase hardware:

  • Planning and feasibility.
  • Analysis.
  • Design and development.
  • Implementation.
A

-Design and development.
Technical architecture specification and a systems model occur at the design stage. During development, programmers use the design specifications to develop the program and data files.

105
Q

Which of the following is responsible for overall program logic and functionality?

  • IT Steering Committee.
  • Lead systems analyst.
  • Application programmers.
  • End users.
A

Lead systems analyst
This individual is usually responsible for all direct contact with the end user and for developing overall programming logic/functionality.

106
Q

Order these:

  • Design and development.
  • Implementation.
  • Planning and feasibility.
  • Analysis.
  • Testing
A

PADTI
Plan/Feasibility - get costs, finish date, basic sys reqs
Analysis - sign for requirements, understand purpose
Design/Development - purchase hardware, basic design
Testing - check if meets needs, continuity
Implementation - data conversion, training

107
Q

Mgmt of a company has a lack of segregation of duties within the application environment, with programmers having access to development and production. The programmers have the ability to implement application code changes into production without monitoring or a quality assurance function. This is considered a deficiency in which of these?

  • Change control.
  • Data integrity.
A

Change control

The management of changes to applications is part of the Source Program Library Management System (SPLMS).

108
Q

In a small business with only microcomputers, which documentation would be most useful to an untrained user to learn how to correct data errors in a database application?

  • Operator documentation.
  • Program documentation.
  • Systems documentation.
  • User documentation.
A

User documentation

109
Q

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?

  • Reasonableness test.
  • Field check.
  • Digit verification check.
  • Validity check.
A

Validity check
A validity check compares the value entered in a field to a list of valid data values. An error message is displayed if the value is not found on the list.

110
Q

Which of the following controls in not usually found in batch processing systems?

  • Closed loop verification.
  • Financial control totals.
  • Check digits.
  • Limit checks.
A

Closed loop verification

Closed loop verification is an input control associated with online real-time systems.

111
Q

Mark was recently hired by the R Co at a monthly salary of $1,800. When his employee information was entered, his monthly salary amount was entered correctly, but he was inadvertently classified as an hourly employee. Which of the following controls would be most likely to detect this error?

  • Range check.
  • Reasonableness check.
  • Closed loop verification.
  • Limit check.
A

Reasonableness check
Reasonableness checks look at the values in two related fields to ensure that they make sense as a unit;
for example, Mark’s $1,800 rate is reasonable and his assignment as an hourly employee could be reasonable, but the combination of the two fields ($1,800 hourly rate) is unreasonable.

112
Q

Which of the following techniques would be used to verify that a program was free of unauthorized changes?

  • Source code comparison program.
  • Echo check.
  • Tests of controls.
  • Authorization matrix.
A

Source code comparison program.

A source code comparison program is used to compare an archived version of the program to the program actually in use.

113
Q

An employee mistakenly enters April 31 in the date field, when it only has 30 days. Which of the following programmed edit checks offers the best solution for detecting this error?

  • Online prompting.
  • Mathematical accuracy.
  • Preformatted screen.
  • Reasonableness.
A

Reasonableness test because it would recognize the day problem

114
Q

Which of the following is considered an application input control?

  • Run control total.
  • Edit check.
  • Report distribution log.
  • Exception report.
A

Edit check

Other examples are: Automated capture, sequence check, field/edit check, limit test, reasonable test

115
Q

The distribution of reports is considered what type of control?

  • Input.
  • Processing.
  • Output.
  • Software.
A

Output

116
Q

What is the primary objective of data security controls?

  • To ensure that storage media are subject to authorization prior to access, change, or destruction.
  • To formalize standards, rules, and procedures to ensure that the organization’s controls are properly executed.
  • To monitor the use of system software to prevent unauthorized access to system software and computer programs.
A

To ensure that storage media are subject to authorization prior to access, change, or destruction.

117
Q

A poor quality connection caused extensive line noise, resulting in faulty data transmission. Which of the following controls is most likely to detect this condition?

  • Line check.
  • Batch control total.
  • Closed loop verification.
  • Parity check.
A

Parity check

Parity check is designed to detect errors in data transmission.

118
Q

An audit trail is considered what type of control?

  • Input.
  • Processing.
  • Output.
  • Software.
A

Processing

It is an audit trail/transaction log, can be used for backup info and recovery for transactions, hence processing

119
Q

E-business vs E-commerce

A
E-business = broader (BB)
E-commerce = selling on internet (sub category of Ebus)
120
Q

This is an example of B2G

  • Amazon.
  • Municipal audit procurement.
  • Online chemical sales.
  • RAID.
A

Municipal audit procurement.

Business to gov

121
Q

Which of the following is NOT a risk of e-commerce (pick 2)?

  • System availability.
  • Viral marketing.
  • Nonrepudiation.
  • Failure of trust in trading partners.
  • Limited growth
  • Security/confidentiality
A

1 Viral marketing
This is a tactic used by e-commerce but not a risk
2 Limited growth
Would only affect you if you didn’t open up to e-comm

122
Q

Which of the following best defines electronic data interchange (EDI) transactions?

  • Electronic business information is exchanged between two or more businesses
  • Customers’ funds-related transactions are electronically transmitted and processed.
  • Entered sales data are electronically transmitted via a centralized network to a central processor.
  • Products sold on central web servers can be accessed by users anytime.
A

Electronic business information is exchanged between two or more businesses

123
Q

Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI) system?

  • Removable drives that can be locked up at night provide adequate security when the confidentiality of data is the primary risk.
  • Message authentication in EDI systems performs the same function as segregation of duties in other information systems.
  • Encryption performed by a physically secure hardware device is more secure than encryption performed by software.
A

Encryption performed by a physically secure hardware device is more secure than encryption performed by software.
Encryption can be used to ensure the privacy and security of EDI messages both during transmission and when stored. Hardware-based encryption is inherently more secure than software-based encryption, as software can be more easily accessed and altered than hardware.

124
Q

Which of the following is the primary advantage of using a value-added network (VAN)?

  • It provides confidentiality for data transmitted over the Internet.
  • It provides increased security for data transmissions.
  • It is more cost effective for the company than transmitting data over the Internet.
A

It provides increased security for data transmissions.

Increased security is a common motivation for the use of a value-added network.

125
Q

Communications between trading partners in an electronic data interchange (EDI) environment are usually

  • Sent through the Internet.
  • Made via direct connection from one trading partner to the other.
  • Sent through a value-added network (VAN).
A

Sent through a value-added network (VAN).

Because of their security and auditing features

126
Q

Which of the following is not an example of an e-commerce system?

  • Customer relationship management (CRM).
  • Electronic data interchange (EDI).
  • Supply chain management (SCM).
  • Electronic funds transfer (EFT).
A

CRM
Customer relationship management (CRM) systems are e-business systems, but are not e-commerce systems, because they are used primarily for internal operations.

127
Q

Which of the following is not considered to be an electronic funds transfer (EFT) transaction?

  • Direct deposit of payroll payments into the employee’s bank account.
  • Cash cards.
  • Automated teller machine (ATM) transactions.
  • Credit card payment initiated from a POS terminal.
A

Cash cards

Cash cards do not involve bank clearing processes and are not considered to be EFT transactions.

128
Q

A local convenience store chain, is planning to install point-of-sale (POS) systems in all of its locations. In the first year or so of operation, they reasonably expect experience all of the following except

  • Increases in order processing efficiency.
  • Increases in order processing accuracy.
  • Decreases in total inventory carrying costs.
  • Decreases in total inventory order costs.
A

Decreases in total inventory order costs.
The reduction in inventory levels results in more frequent ordering for smaller quantities. This, in turn, leads to higher total inventory order costs.

129
Q

A manufacturing company that wants to be able to place material orders more efficiently would utilize:

  • Electronic check presentment.
  • Electronic data interchange.
  • Automated clearinghouse.
  • Electronic funds transfer.
A

Electronic data interchange (EDI) allows companies to place orders with their suppliers electronically. This reduces the costs associated with producing, distributing, and managing the paperwork associated with a traditional ordering system and dramatically reduces the amount of time required to receive and process the order.

130
Q

Which of the following is not a benefit of using an electronic data interchange (EDI) system?

  • Reduction in the number of suppliers a company must deal with.
  • Reduction in the ordering costs.
  • Faster transaction processing.
  • Reduction in the lead time between placing the order and receiving the goods.
A

Reduction in the number of suppliers a company must deal with.

131
Q

Match:
CRM VAN
EDI Personalized Mkting
EFT Banking

A

CRM - Personalized marketing (customer relations)
EDI - uses VAN (ex walmart)
EFT - banking, $ exchange without cash

132
Q
Match info systems:
Strategic mgmt (top)       TPS
tactical mgmt (mid)         DSS/ESS
operation mgmt (low)     MIS
A
Strategic mgmt (top)       DSS/ESS (ESS is higher)
tactical mgmt (mid)         MIS incl AcctIS
operation mgmt (low)     TPS (aka operational)
133
Q

The BoD is meeting to consider whether they should expand their manufacturing facilities to include a product line. External information concerning economic conditions, market projects for the new product, the cost of long-term financing alternatives, and information about potential competitors are all important. The decision would be best supported by a:
-MIS, DSS, or ESS

A

Executive support systems (ESSs) are a subset of DSS that are especially designed for forecasting and making long-range, strategic decisions, and they place greater emphasis on external data. The need to consider a large proportion of external information in the decision process makes an executive support system (ESS) the best choice listed.

134
Q

Which sys assists with nonroutine decisions, serves strategic levels of the organization, and helps answer questions regarding what a company’s competitors are doing, as well as identifies new acquisitions that would protect the company from cyclical business swings?

  • Executive support system.
  • Decision support system.
  • Transaction processing system.
  • Management information system.
A

Executive support system.

135
Q

Which of the following types of systems would you use to record the number of hours worked during the current pay period for each of your employees?

  • An office automation system (OAS).
  • Decision support system (DSS).
  • A transaction processing system (TPS).
  • A partitioned system (PS).
A

Transaction processing system TPS

Day to day activities

136
Q

The system that most resembles a managerial accounting, budgeting system is:

  • MIS.
  • DSS.
  • ESS.
A

MIS take planning information (budgets, forecasts, etc.) data and compare it to actual results in periodic management reports (summary reports, variance reports, and exception reports). Hence, MIS can be considered similar to, and may incorporate, traditional budgeting systems.

137
Q

Which is a report that would be produced by a MIS as opposed to an accounting information system (AIS)?

  • An Aged Accounts Receivable report that breaks A/R balances down into current, 30 days past due, 60 days past due, and over 60 days past due categories.
  • An exception report that lists all days when production volume was more than 10% over or under the planned level of production for the day.
  • A balance sheet.
  • A Property, Plant, and Equipment report that lists each asset, its cost basis, and, where appropriate, the accumulated depreciation for the asset.
A

An exception report that lists all days when production volume was more than 10% over or under the planned level of production for the day.
Production volume data don’t generate debits and credits and are not part of most AISs. This type of information is frequently used by mid-level managers to support daily operations and is included in most management information systems (MISs).

138
Q

This system is sometimes also called a TPS.

  • Operational system.
  • MIS.
  • DSS.
  • ESS.
A

Operational Sys

aka Transaction process sys

139
Q

Which of the following is an example of a non-financial transaction?

  • Sending a purchase order to a vendor to purchase items for re-sale.
  • Creating a cash receipt to mark receipt of a customer payment.
  • Preparing a payroll check to send to an employee in payment of the current month’s wages.
  • Approving a vendor invoice for payment.
A

Sending a purchase order to a vendor to purchase items for re-sale is an example of a non-financial transaction, as it does not require a debit/credit entry in the accounting system (there is no completed transaction, just a request for a transaction).

140
Q

I, II, both, neither?
I. The bulk of the data found in a data warehouse comprises historical operational data.
II. Pattern recognition is one of the principal functionalities offered by data mining software.

A

Both
A data warehouse is a database archive of an organization’s operational transactions (sales, purchases, production, payroll) over time; external data that might be correlated with these transactions, such as economic indicators, stock prices, and exchange rates, are also included.
Pattern recognition is a major component of data mining software: data mining is the process of performing statistical analysis and automatically searching for patterns in large volumes of data.

141
Q

I, II, both, neither?
I. An important advantage of flat file systems is that they are program independent.
II. Flat file systems contain little data redundancy.

A

Statement one is incorrect because, while flat file systems do contain program independence, this is seen as a disadvantage not an advantage. This is because the program independence of flat file systems means that multiple programs must be used to read, access and process the data. Statement II is incorrect because flat file systems contain a high degree of data redundancy.

142
Q

A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments is known as

  • A functional warehouse.
  • A data mart.
  • A data store.
  • An object-oriented database.
A

Data mart

A data mart is focused on a particular market or purpose and contains only information specific to that objective.

143
Q

Which of the following is a critical success factor in data mining a large data store?

  • Pattern recognition.
  • Effective search engines.
  • Image processing systems.
  • Accurate universal resource locater (URL).
A

Pattern recognition
Data mining is the process of sorting through data maintained in a data warehouse in an effort to identify relationships between data fields or events. These relationships are often classified as sequences (one event leads to another) or associations. The ability to recognize these patterns is critical to successful data mining.

144
Q

A data warehouse differs from a data mart because:

  • A data warehouse is more specialized than a data mart.
  • Data mining is possible in a data mart but not a data warehouse.
  • A data mart supports specific needs.
  • External data is not included in a data mart.
A

A data mart supports specific needs.
A data mart is more specialized than a data warehouse. The data mart is often constructed to support specific needs of subunits of an organization.

145
Q

Which of the following statements is true regarding small business computing?

  • General IT controls are less important in a small business computing environment.
  • Spreadsheets should be reviewed and tested by an independent third party.
  • The centralized IT department should be the primary source of control.
  • All of the above.
A

Spreadsheets should be reviewed and tested by an independent third party.
To ensure they operate efficiently

146
Q

Which of the following is less likely to occur in a small business than in a large business?

  • Databases are not subject to third-party review and testing.
  • Segregation of duties is problematic.
  • All employees wear name badges.
  • Users are automatically logged off of the system after a fixed period of inactivity.
A

All employees wear name badges.

Emphasizing that all the others are more likely to occur in a small business!!

147
Q

Which of the following is not a benefit of mobile computing?

  • Reduced usability issues.
  • Cheaper data capture.
  • Better organizational information quality .
  • Better integration with cloud-based system applications.
A

Reduced usability issues

Mobile use increases usability issues

148
Q

Which of the following critical accounting function is most likely to be absent in a small business computing environment?

  • Authorization.
  • Record keeping.
  • Custody.
  • All of these choices are equally likely to be absent
A

Authorization.
Authorization is most likely to be absent in a small business computing environment. There is a great need for third-party review and testing within the small business computing environment.

149
Q

Which of the following strategies is important to managing security over mobile systems?

  • Hot sites.
  • BCM.
  • Teleprinters.
  • View-only access.
A

View-only access

View-only access is a useful control (i.e., restriction) on the ability of mobile devices to make changes in data.

150
Q

If complete segregation of duties is impossible in a small busin, which two functions should be potentially combined?

  • Review and custody.
  • Authorization and record keeping.
  • Review and record keeping.
  • Authorization and review/auditing.
A

Combining the authorization and review/auditing functions, while not desirable, is the least risky option and is recommended, if necessary for cost reasons, in small business systems.

151
Q
Match:
Bit         2^0
Byte      2^3
GB        2^10
MB       2^20
KB        2^30
A
Bit         2^0 (0 or 1)
Byte      2^3 (8)
KB        2^10 (1024)
MB       2^20
GB        2^30
152
Q

What is the easiest way to categorize data sizes, small to large (ex bit, file, record)?

A
Go by characters in the word (file is exception)
Bit
Byte
Field
Record
File
Database
153
Q
Database management software is considered:
A. Outerwear.
B. Software.
C. Middleware
D. B and C.
A

D (B & C) Software and Middleware

154
Q

Which of the following items would be most critical to include in a systems specification document for a financial report?

  • Cost-benefit analysis.
  • Data elements needed.
  • Training requirements.
  • Communication change management considerations.
A

-Data elements needed.
Specifying the required data elements would be a critical activity in determining the attributes of a document in a financial reporting system.

155
Q

Which of the following components of a database is responsible for maintaining the referential integrity of the data in the system?

  • Database management system (DBMS)
  • Data query language (DQL).
  • Data manipulation language (DML).
  • Data definition language (DDL).
A

The database management system (DBMS) controls the storage and retrieval of the information maintained in a database and is responsible for maintaining the referential integrity of the data.

156
Q

Which of the following structures refers to the collection of data for all vendors in a relational data base?

  • Record.
  • Field.
  • File.
  • Byte.
A

A file would contain the collection of data for all vendors in a relational database. This would also be called a table in a relational database

157
Q

The following customer data is stored in the sales processing system to a regional produce distributor:
CustomerNumber, CustomerName, CustomerPhone, CustomerContact, CustomerCreditLimit
Which of the following is true?
-CustomerNumber is an example of a field.
-CustomerNumber is an example of a data value.
-CustomerNumber is an example of a record

A

Field

CustomerNumber is an example of a field (also known as an attribute).

158
Q

What is the correct ascending hierarchy of data in a system?

  • Character, record, file, field.
  • Field, character, file, record.
  • Character, field, record, file.
  • Field, record, file, character.
A

Character, field, record, file.

Small ——–> Large

159
Q

Which of the following allows a database management system to add new records, delete old records, and update existing records?

  • Data definition language (DDL).
  • Data manipulation language (DML).
  • Data query language (DQL).
  • Structured query language (SQL).
A

Data manipulation language (DML).
The data manipulation language allows the user to add new records, delete old records, and update existing records. “MANIPULATION” = change

160
Q

Which of the following devices “burns” data onto a surface?

  • Magnetic tape reader.
  • Supercomputer.
  • ROM.
  • Optical disc recorder.
A

An optical disc recorder uses a laser to burn data onto a disk surface.

161
Q

Which of the following is not considered a secondary storage device?

  • Magnetic disk.
  • Microcomputers.
  • Flash drives.
  • Optical disc.
A

Microcomputers.

162
Q

Vindaloo Corporation wants data storage for a large volume of data that is unlikely to change often. They should consider using

  • A hard disk.
  • Magnetic tape.
  • CD-ROM.
  • Memory (RAM).
A

CD-ROM
CD-ROM is the best choice of the available answers. It can handle a large volume of data and is suited to data that changes infrequently.

163
Q

The CPU includes all of the following except

  • ALU.
  • RAM.
  • Control unit.
  • All of the above are part of the CPU.
A

All of the above
This is the best answer because ALU (arithmatic logic unit), RAM, and the control unit are all considered part of the CPU.

164
Q

Which of the following is true of batch processing? (I, II, both, neither?)
I. In batch processing, data is captured in a transaction file as transactions occur.
II. Periodically (once a day, once a week, etc.), the group of transactions in the transaction file are edited, sorted, and then the transactions are used to update the master file.

A

II only
Periodically (once a day, once a week, etc.), the group of transactions in the transaction file are edited, sorted, and then the transactions are used to update the master file.

165
Q

Which of the following is not true of a computerized environment as compared to a manual environment?

  • Computerized processing frequently combines functions that are normally separated in a manual environment.
  • The potential for clerical errors is substantially reduced in a computerized environment.
  • The audit procedures may be integrated into the programs.
  • The potential for systemic errors is substantially reduced in a computerized environment.
A

The potential for systemic errors is increased in a computerized environment.

166
Q
In an accounting information system, which of the following types of computer files most likely would be a master file?
A. Inventory subsidiary.
B. Cash disbursements.
C. Cash receipts.
D. Payroll transactions.
A

The “inventory subsidiary” is an example of a “ledger.” A ledger maintains the balances of some kind of account (A/R subsidiary ledger maintains customer accounts, A/P subsidiary ledger maintains vendor accounts, inv subsidiary ledger maintains product accounts). Ledger files are called “master files” because the individual transaction amounts found in the journals (“transaction files”) are used to update the balances in the ledger files: the transaction files contain the detail; the master file contains the totals.

167
Q
Manual Processing steps: (no question)
Source Doc
Journal
Ledger (T-accts)
Trial Bal
Financial Stmts
A

Manual Processing steps

168
Q

Online Real time processing VS Batch processing?

Top benefits?

A

OLRT is more current/up to date, Batches are always at least somewhat behind
Data can be varying in OLRT, batches must follow common key and be sequential

169
Q

Centralized vs Decentralized
Higher transmission cost?
Higher hardware cost?

A

Higher transmission cost - Centralized

Higher hardware cost - Decentralized

170
Q

The multi-location system structure that is sometimes called the “Goldilocks” solution because it seeks to balance design trade offs is

  • Centralized.
  • Decentralized.
  • Distributed.
  • ROM.
A

Distributed

A compromise between centralized and decentralized computing.

171
Q

Which of the following is NOT an advantage of decentralized/distributed systems?

  • Decentralized/distributed systems are more responsive to the needs of the end user.
  • Data transmission costs are greatly reduced.
  • Input/output bottlenecks associated with high traffic periods are largely avoided.
  • Data security is enhanced.
A

Data security is enhanced.
Because data processing in decentralized/distributed systems is carried out at multiple locations instead of a single, centralized location, these systems are inherently less secure than centralized systems.

172
Q

Which of the following multi-location system structures has the fewest problems with input and output bottlenecks?

  • Centralized.
  • Decentralized.
  • Networked systems.
A

Decentralized

173
Q

I, II, neither, both
I. LANs use dedicated lines.
II. WANs use dedicated lines.

A

I only
“Local”
“Wide”

174
Q

Which of the following is a low-cost wired transmission medium?

  • Router.
  • Microwave media.
  • Fiber optic cable.
  • Twisted pair.
A

Twisted pair

175
Q

The data control protocol used to control transmissions on the Internet is

  • CSMA-CD
  • TCP/IP
  • ISP
  • HTML
A

TCP/IP

Transmission control protocol/Internet protocol

176
Q

Which of the following is NOT true?

  • Intranets are implemented using Internet protocols.
  • Training time for intranet-based applications is usually lower than training for similar programs using a traditional LAN interface.
  • Intranets are generally available to the public.
  • Intranets are often used to connect geographically separate LANs within a company.
A

Intranets are generally available to the public.

Intranets usually require a username and password in order to access the system.

177
Q

Which of the following technologies is specifically designed to exchange financial information over the World Wide Web?

  • Hypertext markup language (HTML).
  • Extensible business reporting language (XBRL).
  • Hypertext transfer protocol (HTTP).
  • Transmission control program/Internet protocol (TCP/IP).
A

Extensible business reporting language (XBRL).

XBRL is specifically designed to exchange financial information over the World Wide Web.

178
Q

_____ systems include redundancy of components.

  • Inefficient.
  • Online real-time.
  • Quicken.
  • Fault tolerant.
A

Fault tolerant

179
Q

A company has a significant e-commerce presence and self-hosts its website. To assure continuity in the event of a natural disaster, the firm should adopt which of the following strategies?

  • Back up the server database daily.
  • Store records off-site.
  • Purchase and implement RAID technology.
  • Establish off-site mirrored web server.
A

-Establish off-site mirrored web server.
Mirroring is a high-cost, high-reliability approach to backup that is common in e-commerce applications. Of the offered alternatives in this question, this is the best approach to assuring the continuous delivery of services despite a natural disaster.

180
Q

In which of the following locations should a copy of the accounting system data backup of year-end information be stored?

  • Secure off-site location.
  • Data backup server in the network room.
  • Fireproof cabinet in the data network room.
  • Locked file cabinet in the accounting department.
A

Secure off-site location
At least one copy of important backup files should be stored in an off-site location so that the data is secure in the event of a disaster at the IT site.

181
Q

Mirroring is

  • Used in flashpoint recovery systems.
  • The creation of duplicate data.
  • A disaster recovery plan.
  • Always onsite.
A

The creation of duplicate data.

This is the purpose of mirroring. The purpose of such systems is to distribute excess demand among multiple data sets.

182
Q

Rollins Corporation uses batch processing for its accounting system. During a recent monthly payroll processing run, it experienced a power failure that corrupted the payroll database.
Which of the following controls will be most useful to the company in recovering from this failure?
-Batch control totals.
-Off-site backup files.
-Checkpoint/restart controls.
-Hot site.

A

A checkpoint/restart control would be an appropriate way to reprocess only those transactions that took place after the last valid run.

183
Q

A checkpoint is used mostly in _____ systems.

  • Online real time.
  • Faulty.
  • Batch.
  • General.
A

Batch

The use of checkpoint and restart is an important backup procedure.

184
Q

A rollback and recovery is used mostly in _____ systems.

  • Online real-time.
  • Faulty.
  • Batch.
  • General.
A

Online Real-Time
Rollback and recovery procedures are common in online real-time systems. Rollback and recovery is an important backup procedure in which periodic snapshots are taken of a master file and, upon detection of a problem, the system reprocesses all transactions that have occurred since the snapshot.

185
Q

Which of the following statements about firewalls is NOT true?
A. Firewalls frequently include both a hardware component and a software component.
B. Firewalls screen data packets to determine if they are acceptable or unacceptable and block unacceptable packets from the system.
C. Application firewalls, in addition to monitoring data packets, control the execution of programs and examine the handling of data by specific applications.
D. “Network firewall” and “application firewall” are two different names for a program designed to prevent and detect unauthorized access to the system.

A

“Network firewall” and “application firewall” are two different names for a program designed to prevent and detect unauthorized access to the system.

“Application firewalls” are separate and distinct from “network firewalls”: the terms definitely do not refer to the same program. Network firewalls perform relatively low-level filtering capabilities; application firewalls have the ability to do much more sophisticated checks and provide much better control.

186
Q

Logical (as in access controls) equals….

A

Virtual

187
Q

Which of the following statements best characterizes the function of a physical access control?

  • Protects systems from the transmission of Trojan horses.
  • Provides authentication of users attempting to log in to the system.
  • Separates unauthorized individuals from computer resources.
  • Minimizes the risk of incurring a power or hardware failure.
A

Separates unauthorized individuals from computer resources.
Physical access controls restrict access to computer hardware, as well as program and data files, to authorized individuals.

188
Q

IT facility controls are

  • Detective.
  • General.
  • Corrective.
  • Preventive.
A

IT facility controls are general controls. That is, they are controls over the IT department as a whole. For example, restricting access to the IT department prevents unauthorized individuals from gaining physical access to the system.

189
Q

In an accounting system, a header can be used to

  • Help format a word processing document.
  • Identify data records.
  • Identify file folders.
  • All of the above.
A

Identify data records.

Identify records in an accounting system file

190
Q

Which of the following solutions creates an encrypted communication tunnel across the Internet for the purpose of allowing a remote user secure access to the network?

  • Packet-switched network.
  • Digital encryption.
  • Authority certificate.
  • Virtual private network.
A

A virtual private network (VPN) is a secure way to create an encrypted communication tunnel to allow remote users secure access to a network. The VPN uses authentication to identify users and encryption to prevent unauthorized users from intercepting data.

191
Q

What is a major disadvantage of using a private key to encrypt data?

  • Both the sender and receiver must have the private key before this encryption method will work.
  • The private key cannot be broken into fragments and distributed to the receiver.
  • The private key is used by the sender for encryption, but not by the receiver for decryption.
  • The private key is used by the receiver for decryption, but not by the sender for encryption.
A

Both the sender and receiver must have the private key before this encryption method will work.
In order to decrypt a message encrypted via private key encryption (single key encryption), both the sender and the receiver must have access to the key, as a single key is used both to encrypt (run the encryption algorithm “forward”) and decrypt (run the algorithm “backward”). This is a disadvantage because the transmission of the key is inherently insecure.

192
Q

Which of the following can be used to authenticate messages transmitted in a networked environment?

  • Public/private key encryption.
  • Digital signature.
  • One-time password.
  • Mathematical message digest.
A

Digital signature.
Uses public/private key encryption technology to provide a means of authenticating messages delivered in a networked environment.

193
Q

A digital signature is used primarily to determine that a message is

  • Unaltered in transmission.
  • Not intercepted en route.
  • Received by the intended recipient.
  • Sent to the correct address.
A

Unaltered in transmission
A digital signature consists of a digest of the original message that is encrypted with the sender’s private key. The use of the private key provides the sender’s authentication, and the transmission of the encrypted digest (which is later decrypted and compared to a digest of the message received) permits the detection of any alterations during transmission.

194
Q

Which of the following provides the most reliable form of electronic authentication?

  • Digital signature.
  • Symmetric encryption.
  • Asymmetric encryption.
  • Digital certificate.
A

Digital Certificate
When a digital certificate is requested, an independent background check is completed to confirm the identity of the requesting entity.
Thus, a digital certificate provides a higher level of reliability than a digital signature.

195
Q

Which of the following is true regarding public/private key encryption?
A. Both the public and private keys can be used to encrypt and decrypt messages.
B. Messages encrypted using public/private key encryption are more difficult to crack (or break) than messages encrypted using private key encryption.
C. Messages are generally encrypted with the sender’s private key so that no one else can decipher the message during transmission.
D. In public/private key encryption, to gain access to the key used to decrypt the message, the recipient must know of the key to use from the sender.

A

Both the public and private keys can be used to encrypt and decrypt messages, although the public key can only decrypt messages encrypted using the private key and vice versa.
B(No strength difference)
C(Encrypted w/ private key can be decrypt with public key)
D(recipient looks up the sender’s public key on the Certificate Authority’s sites and uses it to decrypt the message)

196
Q

Which of the following is true about denial-of-service attacks? (I, II, both, neither)
I. A denial-of-service attack takes advantage of a network communications protocol to tie up the server’s communication ports so that legitimate users cannot gain access to the server.
II. If the denial-of-service attack is successful, the attacker can gain access to unprotected resources on the server.

A

I only
A denial-of-service attack prevents legitimate users from accessing the system by flooding the server with hundreds of incomplete access requests.
The object of the attack is to prevent access to the system: the attacker does not actually gain access to information on the system.

197
Q

A company’s web server has been overwhelmed with a sudden surge of false requests that caused the server to crash. The company has most likely been the target of

  • Spoofing.
  • Piggybacking.
  • An eavesdropping attack.
  • A denial of service attack.
A

In a denial of service attack, servers are overwhelmed with incomplete access requests, causing them to hang, zombie like, in a living, though brain-dead, useless state.

198
Q

A type of malware designed to let the attacker bypass the normal user authentication process (e.g., enter username and password) and enter the user’s system is

  • A Trojan horse.
  • A virus.
  • A back door.
  • A worm.
A

Back Door
A back door is a program that allows an unauthorized user to gain access to the system by side-stepping the normal logon procedures.

199
Q

Which of the following is a computer program that appears to be legitimate, but performs an illicit activity when it is run?

  • Redundant verification.
  • Parallel count.
  • Web crawler.
  • Trojan horse.
A

A Trojan horse is an apparently legitimate program that contains an unauthorized code that performs malicious activities when the program is run. Trojan horse programs are often used to provide a “back door” to the victim’s system, enabling the hacker to gain access to the targeted system.