VI - Information Technology

Question 1

Which IT personnel roles should always be segregated?

Answer 1

Operators

Programmers

Librarians

Question 2

What are the duties of a systems analyst?

Answer 2

Designs or purchases IT system

Responsible for flowcharts

Liaison between Users and Programmers

Note: Think IT Manager

Question 3

What is the primary duty of a Systems Administrator?

Answer 3

A Systems Administrator controls database access.

Question 4

What are the duties of a Systems Programmer?

Answer 4

Writes- Updates- Maintains- & Tests software- systems- and compilers

Question 5

Which duties should a Systems Programmer NOT have?

Answer 5

In order to maximize internal control- a Systems Programmer should NOT have application programming duties/abilities or be an Operator on the system.

Question 6

What are the duties of a Systems Operator?

Answer 6

Schedules and Monitors Jobs

Runs IT Help Desk

Question 7

What duties should a System Operator NOT have?

Answer 7

For internal control purposes- they should not be a Programmer on the system.

Question 8

If it is not possible to segregate duties in an IT System- what actions should be taken to compensate for internal control purposes?

Answer 8

Include Computer Logs.

Control Group should review the logs.

Question 9

What is the purpose of a Management Information System (MIS)?

Answer 9

To assist with decision making.

Question 10

What is an Accounting Information System (AIS)?

Answer 10

A type of Management Information System (MIS) that processes accounting transactions.

Question 11

What are the characteristics of an Executive Information System (EIS)?

Answer 11

Specialized for Company Executive needs

Assists with Strategy Only

No Decision-Making Capabilities

Question 12

What are the characteristics of an Expert System (ES)?

Answer 12

Computer uses reasoning

Structured

No human interpretation needed

Question 13

What are the characteristics of a Decision Support System (DSS)?

Answer 13

Computer provides data

Gives Interactive Support

Human interpretation needed

Question 14

What are the characteristics of an Ad Hoc computer report?

Answer 14

User initiates the report.

The report is created upon demand.

Question 15

When are Exception reports generated?

Answer 15

Exception reports are produced when Edit Tests- Check Digits- or Self-Checking Digits identify a problem

Question 16

What is a query?

Answer 16

A type of Ad Hoc report- initiated by a user.

Question 17

What is End-User Computing?

Answer 17

The User develops and executes their own application.

Question 18

What is the primary benefit of E-commerce?

Answer 18

E-commerce makes business transactions easier.

Question 19

What are the risks of E-commerce?

Answer 19

Compromised data or theft.

Less paper trail for auditors.

Question 20

What are the benefits of Electronic Data Interchange?

Answer 20

Uses globally-accepted standards

Efficient

Question 21

What is a File Server?

Answer 21

A file server stores shared programs and documents.

Question 22

What is the purpose of a Database?

Answer 22

Located on a File Server- a Database allows users to share documents.

Question 23

What is the purpose of a LAN (Local Area Network)?

Answer 23

It connects computers in close proximity.

Question 24

What is the purpose of a WAN (Wide Area Network)?

Answer 24

It connects computers that are far apart.

Question 25

What are the characteristics of a VAN (Value-Added Network)?

Answer 25

Privately-owned Network

Serves as 3rd Party Between 2 Companies

Routes EDI Transactions

Accepts wide range of Protocols

Very Costly

Question 26

What is the purpose of a Firewall?

Answer 26

Prevents unauthorized access to a network.

Question 27

What are the characteristics of a virus?

Answer 27

Takes over a computer

Needs a host program to run

Question 28

What are the characteristics of a computer worm?

Answer 28

Takes over multiple computers

Doesn’t need a host program to run

Question 29

What is the purpose of Automated Equipment Controls?

Answer 29

They prevent and detect hardware errors.

Question 30

What is RAM?

Answer 30

Random Access Memory.

Internal memory in the computer used during immediate processing.

Question 31

What is a CPU?

Answer 31

Computer Processing Unit

It processes commands within a computer.

Question 32

What is Job Control Language?

Answer 32

It schedules and allocates system resources.

Question 33

What are examples of input devices?

Answer 33

Keyboard
Mouse
Scanner
Magnetic Ink Reader
Magnetic Tape Reader
EDI
Point of Sale Scanner

Question 34

What are examples of Output Devices?

Answer 34

Speakers

Monitors

Printers

Question 35

What are the characteristics of Magnetic Tape storage?

Answer 35

Sequential Access - Sorts data in order

Slower data retrieval

Header Label prevents Operator error by loading wrong tape

External Labels prevent accidental destruction by operator

Question 36

What are the characteristics of Magnetic Disks?

Answer 36

Random Access - Finds data in random spots

Faster data retrieval

Uses Boundary Protection for data

Question 37

What is a Gateway?

Answer 37

Connects one network to another

Note: the Internet is connected by Gateways

Question 38

What are Parity Checks?

Answer 38

A control that detects internal data errors.

A bit is added to each character- it checks to see if a bit was lost.

Question 39

What is an Echo Check?

Answer 39

Transmitted data is returned to the sender for verification (it echoes back to the sender)

Question 40

What is a Change Control?

Answer 40

It authorizes program changes and approves program test results.

Question 41

What is security software?

Answer 41

Software that controls access to IT systems.

Note: Don’t confuse this with anti-virus software

Question 42

What is the purpose of a Digital Signature?

Answer 42

It confirms a message has not been altered.

Question 43

List the types of computers from smallest to largest

Answer 43

PDA/Smartphone/Tablet

Microcomputer - PC- Laptop (cost-effective)

Minicomputer - Like a Mainframe- but smaller

Mainframe - Large computer with terminals attached

Supercomputer - Very powerful and very big

Question 44

What are the units of computer data from smallest to largest?

Answer 44

Bit - 1 (on) and 0 (off)
Byte - 8 bits to a byte/character
Field - group of related characters/bytes (i.e. Name- Zip Code- Serial #)
Record - Group of related fields (i.e. Member name- address- phone number)
File - Group of related records (i.e. Membership directory)

Question 45

What is the duty of a design engineer?

Answer 45

Determine language used for a specific computer- on a computer-to-computer basis

Question 46

What are object programs?

Answer 46

Programs written in base computer language- not similar to English.

Question 47

How can source programs be recognized?

Answer 47

They are written in a language close to English.

Question 48

What is the purpose of a Compiler?

Answer 48

Takes Source language (English) and converts to Object (Computer) Language

Question 49

How does Online Analytical Processing work?

Answer 49

It uses a Data Warehouse to support management decision making.

Question 50

What is Data Mining?

Answer 50

Using artificial intelligence and pattern recognition to analyze data stores within a Data Warehouse.

Question 51

What is the purpose of online transaction processing?

Answer 51

To process a company’s routine transactions.

Question 52

What are the characteristics of batch processing?

Answer 52

Data held- updates multiple files all at once

Leaves a better audit trail

Uses Grandfather-Father-Son backup (3 levels of backup kept in 3 locations)

Question 53

What does an output control check for?

Answer 53

Checks to see if output data is valid- distributed and used in an authorized manner.

Question 54

What does a processing control check?

Answer 54

Checks if data processing produced proper output

Question 55

What is a hash total?

Answer 55

An input control number- a meaningless sum of values included in the input.

Example would be summing a list of SSNs to make sure the data is the same once entered as it was prior to input into the system.

Question 56

What is a validity check?

Answer 56

Checks to see if data in existing tables or files belongs in the set

For example- is there a # in an alpha-only field or a letter in a numeric-only field

Question 57

What is a limit check?

Answer 57

Checks to see if numbers surpass a certain limit- i.e. in an age field is the number greater than 110.

Question 58

What is a check digit?

Answer 58

An input control that adds an identification number to a set of
digits - usually at the end

Question 59

What is a field check?

Answer 59

An input check that prevents invalid characters- i.e. checks for alphabetic letters in a SSN field

Question 60

What is a Hot Site?

Answer 60

A disaster recovery system where if the main system goes down- a Hot Site is ready to take over immediately.

Question 61

What is a Cold Site?

Answer 61

If a main system goes down- a Cold Site will take time to get set up and running.

Question 62

What is the most common database language?

Answer 62

SQL - Structured Query Language

Question 63

What is a Data Definition Language?

Answer 63

Defines SQL Database

Controls SQL Tables

Question 64

What is a Data Manipulation Language?

Answer 64

Queries SQL Database tables

Question 65

What is a Data Control Language?

Answer 65

Controls Access to SQL Database

Question 66

What are the characteristics of a Relational Database?

Answer 66

Logical structure

Uses rows and columns similar to spreadsheet

Question 67

What are the characteristics of a Hierarchical Database?

Answer 67

Has various levels

Uses trees to store data

Question 68

What are the advantages of a database?

Answer 68

Data is more accessible

Reduced redundancy

Question 69

What are the disadvantages of a database?

Answer 69

Cost of installation

Skilled personnel required to maintain

Question 70

What are the components of a database?

Answer 70

Desktop client

Application Server

Database Server

Think: Your desktop computer runs applications and saves to a database

Question 71

Which of the following statements is (are) true.
I. A greater level of control is necessary in automated than manual systems.
II. The uniformity of transaction processing is higher in automated than manual systems.

Answer 71

II only

Question 72

C auto leasing is a small co. with six employees. The best action that it can take to increase its internal control effectiveness is

• Hire temporary employees to aid in the segregation of duties.
• Hire a bookkeeper to perform monthly “write up” work.
• Clearly delegate responsibilities to each employee for the functions that they are assigned.
• Engage the owner in direct participation in the activities, including financial record-keeping, of the business.

Answer 72

Engage the owner in direct participation in the activities, including financial record-keeping, of the business.
This is the best answer since engaging the owner in the activities of the business is an important compensating control in small organizations.

Question 73

M Inc. recently switched from a manual acct system to a computerized acct system. The system supports online real-time processing in a networked environment, and six employees have been granted access to various parts of the system in order to perform their jobs. Relative to the manual system, M can expect to see

• That functions that had previously been spread across multiple employees have been combined.
• An increase in the incidence of clerical errors.
• A decrease in the incidence of systemic errors.
• A decrease in the need for access controls to the accounting records.

Answer 73

That functions that had previously been spread across multiple employees have been combined.
It is common for computerized systems to combine functions that would be considered incompatible in a manual system
This can occur because the system limits the transactions that it is possible for the employee to record, creating a compensating control.

Question 74

What is the COBIT framework? (3 parts)

Answer 74

Busin Reqs
IT Resources
IT Processes

Question 75

In COBIT, the process of reviewing system response time logs falls within the __ control process domain.

• Acquire and implement.
• Deliver and support.
• Monitor and evaluate.
• Plan and organize.

Answer 75

Monitor and evaluate
The process of reviewing system response logs is within the “monitor the processes” (M1) activity, which falls within the “monitor and evaluate” domain

Question 76

In COBIT, the process of ensuring security and continuous service falls within the __ control process domain.

• Acquire and implement.
• Deliver and support.
• Monitor and evaluate.
• Plan and organize.

Answer 76

Deliver and support

Question 77

In COBIT, the process of developing tactics to realize the strategic vision for IT falls within the __ control process domain.

• Acquire and implement.
• Deliver and support.
• Monitor and evaluate.
• Plan and organize.

Answer 77

Plan and organize

Question 78

One important purpose of COBIT is to

• Guide managers, users, and auditors to adopt best practices related to the management of information technology.
• Identify specific control plans that should be implemented to reduce the occurrences of fraud.
• Specify the components of an information system that should be installed in an e-commerce environment.
• Suggest the type of information that should be made available for management decision-making.

Answer 78

Guide managers, users, and auditors to adopt best practices related to the management of information technology.

Question 79

In COBIT, the process of identifying automated solutions falls within the __ control process domain.

• Acquire and implement.
• Deliver and support.
• Monitor and evaluate.
• Plan and organize.

Answer 79

Acquire and impelment

Question 80

An enterprise resource planning system (ERP) is designed to:

• Allow nonexperts to make decisions about a particular problem.
• Help with the decision-making process.
• Integrate data from all aspects of an organization’s activities.
• Present executives with the information needed to make strategic plans.

Answer 80

Integrate data from all aspects of an organization’s activities.
Goals: Integrates all data into one system
Cost Savings
Employee empowerment
Best practices
Automation

Question 81

Which of the following is true of enterprise resource planning (ERP) systems?
I. The online analytical processing system (OLAP) provides data warehouse capabilities for the ERP system.
II. The ability of an ERP system to provide an integrated view of transactions in all parts of the system is a function of the online transaction processing (OLTP) system.

Answer 81

I only
The online analytical processing system (OLAP) incorporates data warehouse and data mining capabilities within the ERP.
The online transaction processing system (OLTP) records the day-to-day operational transactions and enhances the visibility of these transactions throughout the system. It is primarily the OLAP and not the OLTP, that provides an integrated view of transactions in all parts of the system. The OLTP is primary concerned with collecting data (and not analyzing it) across the organization.

Question 82

Which of the following risks increases the LEAST with cloud-based computing compared with local server storage?

• Data loss.
• Vendor security failure.
• Global visibility.
• System hacks.

Answer 82

Global visibility

Not a cloud risk

Question 83

An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems?

• Modifications can be made to each module without affecting other modules.
• Increased responsiveness and flexibility while aiding in the decision-making process.
• Increased amount of data redundancy, since more than one module contains the same information.
• Reduction in costs of implementation and training.

Answer 83

Increased responsiveness and flexibility while aiding in the decision-making process.
This is the goal of ERPs

Question 84

CC Co. developed a management reporting software package that enables members interactively to query a data warehouse and drill down into transaction and trend information via various network set-ups. What type of management reporting system has CC Co. developed?

• On-line analytical processing system.
• On-line transaction-processing system.
• On-line executive information system.

Answer 84

On-line analytical processing system
On-line analytical processing systems (OLAPs) are an increasingly important multidimensional analytical tool. An OLAP is a modification and expansion of an online transaction processing system to provide the capabilities and functionalities identified in this question.

Question 85

Which provides access to virtual hardware?
IaaS - Infrastructure as a service
PaaS - Platform
SaaS - Software

Answer 85

IaaS - Infrastructure as a service

Question 86

Which allows you to create software and programs?
IaaS - Infrastructure as a service
PaaS - Platform
SaaS - Software

Answer 86

PaaS - Platform

CREATE - key, SaaS is access

Question 87

Which provides access to software and programs?
IaaS - Infrastructure as a service
PaaS - Platform
SaaS - Software

Answer 87

SaaS - Software

ACCESS - key, Paas is create

Question 88

In DRP, the lowest priority is given to which activity, top priority?
	A. 	Accounting.
	B. 	Manufacturing.
	C. 	Mission critical.
	D. 	Task critical.

Answer 88

Task Critical has lowest priority

Mission critical, highest priority

Question 89

Which of the following tasks comes first in business continuity management (BCM)?
A. Embed the BCM in the culture.
B. Determine business continuity strategies.
C. Exercise, maintain, and review the plan.
D. Develop and implement a BCM response

Answer 89

Determine business continuity strategies is the third step in BCM but it is the earliest procedure listed for this question.

Question 90

B Inc. is a large multinational corp with various busin units. After a fire destroyed the corp HQ and largest manufacturing site, plans for which of the following would help B ensure a timely recovery?

• Daily backup.
• Network security.
• Business continuity.
• Backup power.

Answer 90

Business continuity, best for fires

Question 91

An IT director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is he most likely preparing?

• Data restoration plan.
• Disaster recovery plan.
• System security policy.
• System hardware policy.

Answer 91

Disaster recovery plan

Question 92

Which of the following terms refers to a site that has been identified and maintained by the organization as a data processing disaster recovery site, but has not been stocked with equipment?

• Hot
• Cold
• Warm

Answer 92

Cold, simplist version (it doesn’t have equipment)

Question 93

The audit report of an IT dept indicated that the department lacked a disaster recovery plan. Which of the following steps should mgmt take first to correct this?

• Designate a cold site.
• Prepare a statement of responsibilities for the tasks included in a disaster recovery plan.

Answer 93

Prepare a statement of responsibilities for the tasks included in a disaster recovery plan.

Question 94

In an e-commerce environment that requires that the IT system be available on a continuous basis, more emphasis will be placed on which of the following aspects of the planning than in a traditional organization?

• Maintain appropriate written source documents so the data can be re-entered if it is lost or compromised.
• Maintain redundant systems for instant availability to assure the flow of transactions.

Answer 94

Maintain redundant systems for instant availability to assure the flow of transactions.
(Ensures continuity)

Question 95

Which of the following IT dept responsibilities should be delegated to separate individuals?

• Network maintenance and wireless access.
• Data entry and antivirus management.
• Data entry and application programming.
• Data entry and quality assurance.

Answer 95

The separation of the data entry function from the application programming function is critical. This is because if one both enters data and changes the programs into which those data are entered, one can perpetrate consequential financial frauds. This is why data entry occurs within the operations unit of an IT dept and application development occurs within the development function of an IT dept

Question 96

In a large firm, the custody of an entity’s data is maintained by which of the following personnel?

• Data librarian.
• Systems analyst.
• Computer operator.

Answer 96

Data librarian

Question 97

In business information systems, the term “stakeholder” refers to:

• The mgmt team responsible for the security of the documents and data stored on the computers or networks.
• IT personnel responsible for creating the documents and data stored on the computers or networks.
• Authorized users who are granted access rights to the documents and data stored on the computers or networks.
• Anyone in the organization who has a role in creating or using the documents and data stored on the computers or networks.

Answer 97

Anyone in the organization who has a role in creating or using the documents and data stored on the computers or networks. (End users)

Question 98

The position responsible for managing the flow of documents and reports in and out of the computer operations department is the

• Data entry clerk.
• Computer operator.
• Data control clerk.
• File librarian.

Answer 98

Data control clerk.

Question 99

To maintain effective segregation of duties within IT, an application programmer should have which of the following responsibilities?

• Modify and adapt operating system software.
• Correct detected data entry errors for the cash disbursement system.
• Code approved changes to a payroll program.
• Maintain custody of the billing program code and its documentation.

Answer 99

Code approved changes to a payroll program.

Question 100

What is the role of the systems analyst in an IT environment?

• Designing systems, prepares specifications for programmers, and serves as intermediary between users and programmers.
• Selecting, implementing, and maintaining system software, including operating systems, network software, and the data base management system.

Answer 100

-Designing systems, prepares specifications for programmers, and serves as intermediary between users and programmers.

Question 101

Which of the following is responsible for identifying problems and proposing initial solutions?

• IT Steering Committee.
• Lead systems analyst.
• Application programmers.
• End users.

Answer 101

End Users

Have the primary responsibility of identifying problems and proposing initial solutions.

Question 102

In which of the following implementation approaches are users divided into smaller groups and trained on the new system, one group at a time?

• Parallel.
• Phased.
• Pilot.

Answer 102

Pilot

Question 103

The requirements definition document is signed at this stage:

• Planning and feasibility.
• Analysis.
• Design and development.
• Implementation.

Answer 103

Analysis
Systems analysts work with end users to understand and document business processes and system requirements at this stage. All parties sign off on the requirements definition to signify their agreement with the projects goals and processes at this stage.

Question 104

At this stage, we purchase hardware:

• Planning and feasibility.
• Analysis.
• Design and development.
• Implementation.

Answer 104

-Design and development.
Technical architecture specification and a systems model occur at the design stage. During development, programmers use the design specifications to develop the program and data files.

Question 105

Which of the following is responsible for overall program logic and functionality?

• IT Steering Committee.
• Lead systems analyst.
• Application programmers.
• End users.

Answer 105

Lead systems analyst
This individual is usually responsible for all direct contact with the end user and for developing overall programming logic/functionality.

Question 106

Order these:

• Design and development.
• Implementation.
• Planning and feasibility.
• Analysis.
• Testing

Answer 106

PADTI
Plan/Feasibility - get costs, finish date, basic sys reqs
Analysis - sign for requirements, understand purpose
Design/Development - purchase hardware, basic design
Testing - check if meets needs, continuity
Implementation - data conversion, training

Question 107

Mgmt of a company has a lack of segregation of duties within the application environment, with programmers having access to development and production. The programmers have the ability to implement application code changes into production without monitoring or a quality assurance function. This is considered a deficiency in which of these?

• Change control.
• Data integrity.

Answer 107

Change control

The management of changes to applications is part of the Source Program Library Management System (SPLMS).

Question 108

In a small business with only microcomputers, which documentation would be most useful to an untrained user to learn how to correct data errors in a database application?

• Operator documentation.
• Program documentation.
• Systems documentation.
• User documentation.

Answer 108

User documentation

Question 109

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?

• Reasonableness test.
• Field check.
• Digit verification check.
• Validity check.

Answer 109

Validity check
A validity check compares the value entered in a field to a list of valid data values. An error message is displayed if the value is not found on the list.

Question 110

Which of the following controls in not usually found in batch processing systems?

• Closed loop verification.
• Financial control totals.
• Check digits.
• Limit checks.

Answer 110

Closed loop verification

Closed loop verification is an input control associated with online real-time systems.

Question 111

Mark was recently hired by the R Co at a monthly salary of $1,800. When his employee information was entered, his monthly salary amount was entered correctly, but he was inadvertently classified as an hourly employee. Which of the following controls would be most likely to detect this error?

• Range check.
• Reasonableness check.
• Closed loop verification.
• Limit check.

Answer 111

Reasonableness check
Reasonableness checks look at the values in two related fields to ensure that they make sense as a unit;
for example, Mark’s $1,800 rate is reasonable and his assignment as an hourly employee could be reasonable, but the combination of the two fields ($1,800 hourly rate) is unreasonable.

Question 112

Which of the following techniques would be used to verify that a program was free of unauthorized changes?

• Source code comparison program.
• Echo check.
• Tests of controls.
• Authorization matrix.

Answer 112

Source code comparison program.

A source code comparison program is used to compare an archived version of the program to the program actually in use.

Question 113

An employee mistakenly enters April 31 in the date field, when it only has 30 days. Which of the following programmed edit checks offers the best solution for detecting this error?

• Online prompting.
• Mathematical accuracy.
• Preformatted screen.
• Reasonableness.

Answer 113

Reasonableness test because it would recognize the day problem

Question 114

Which of the following is considered an application input control?

• Run control total.
• Edit check.
• Report distribution log.
• Exception report.

Answer 114

Edit check

Other examples are: Automated capture, sequence check, field/edit check, limit test, reasonable test

Question 115

The distribution of reports is considered what type of control?

• Input.
• Processing.
• Output.
• Software.

Answer 115

Output

Question 116

What is the primary objective of data security controls?

• To ensure that storage media are subject to authorization prior to access, change, or destruction.
• To formalize standards, rules, and procedures to ensure that the organization’s controls are properly executed.
• To monitor the use of system software to prevent unauthorized access to system software and computer programs.

Answer 116

To ensure that storage media are subject to authorization prior to access, change, or destruction.

Question 117

A poor quality connection caused extensive line noise, resulting in faulty data transmission. Which of the following controls is most likely to detect this condition?

• Line check.
• Batch control total.
• Closed loop verification.
• Parity check.

Answer 117

Parity check

Parity check is designed to detect errors in data transmission.

Question 118

An audit trail is considered what type of control?

• Input.
• Processing.
• Output.
• Software.

Answer 118

Processing

It is an audit trail/transaction log, can be used for backup info and recovery for transactions, hence processing

Question 119

E-business vs E-commerce

Answer 119

E-business = broader (BB)
E-commerce = selling on internet (sub category of Ebus)

Question 120

This is an example of B2G

• Amazon.
• Municipal audit procurement.
• Online chemical sales.
• RAID.

Answer 120

Municipal audit procurement.

Business to gov

Question 121

Which of the following is NOT a risk of e-commerce (pick 2)?

• System availability.
• Viral marketing.
• Nonrepudiation.
• Failure of trust in trading partners.
• Limited growth
• Security/confidentiality

Answer 121

1 Viral marketing
This is a tactic used by e-commerce but not a risk
2 Limited growth
Would only affect you if you didn’t open up to e-comm

Question 122

Which of the following best defines electronic data interchange (EDI) transactions?

• Electronic business information is exchanged between two or more businesses
• Customers’ funds-related transactions are electronically transmitted and processed.
• Entered sales data are electronically transmitted via a centralized network to a central processor.
• Products sold on central web servers can be accessed by users anytime.

Answer 122

Electronic business information is exchanged between two or more businesses

Question 123

Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI) system?

• Removable drives that can be locked up at night provide adequate security when the confidentiality of data is the primary risk.
• Message authentication in EDI systems performs the same function as segregation of duties in other information systems.
• Encryption performed by a physically secure hardware device is more secure than encryption performed by software.

Answer 123

Encryption performed by a physically secure hardware device is more secure than encryption performed by software.
Encryption can be used to ensure the privacy and security of EDI messages both during transmission and when stored. Hardware-based encryption is inherently more secure than software-based encryption, as software can be more easily accessed and altered than hardware.

Question 124

Which of the following is the primary advantage of using a value-added network (VAN)?

• It provides confidentiality for data transmitted over the Internet.
• It provides increased security for data transmissions.
• It is more cost effective for the company than transmitting data over the Internet.

Answer 124

It provides increased security for data transmissions.

Increased security is a common motivation for the use of a value-added network.

Question 125

Communications between trading partners in an electronic data interchange (EDI) environment are usually

• Sent through the Internet.
• Made via direct connection from one trading partner to the other.
• Sent through a value-added network (VAN).

Answer 125

Sent through a value-added network (VAN).

Because of their security and auditing features

Question 126

Which of the following is not an example of an e-commerce system?

• Customer relationship management (CRM).
• Electronic data interchange (EDI).
• Supply chain management (SCM).
• Electronic funds transfer (EFT).

Answer 126

CRM
Customer relationship management (CRM) systems are e-business systems, but are not e-commerce systems, because they are used primarily for internal operations.

Question 127

Which of the following is not considered to be an electronic funds transfer (EFT) transaction?

• Direct deposit of payroll payments into the employee’s bank account.
• Cash cards.
• Automated teller machine (ATM) transactions.
• Credit card payment initiated from a POS terminal.

Answer 127

Cash cards

Cash cards do not involve bank clearing processes and are not considered to be EFT transactions.

Question 128

A local convenience store chain, is planning to install point-of-sale (POS) systems in all of its locations. In the first year or so of operation, they reasonably expect experience all of the following except

• Increases in order processing efficiency.
• Increases in order processing accuracy.
• Decreases in total inventory carrying costs.
• Decreases in total inventory order costs.

Answer 128

Decreases in total inventory order costs.
The reduction in inventory levels results in more frequent ordering for smaller quantities. This, in turn, leads to higher total inventory order costs.

Question 129

A manufacturing company that wants to be able to place material orders more efficiently would utilize:

• Electronic check presentment.
• Electronic data interchange.
• Automated clearinghouse.
• Electronic funds transfer.

Answer 129

Electronic data interchange (EDI) allows companies to place orders with their suppliers electronically. This reduces the costs associated with producing, distributing, and managing the paperwork associated with a traditional ordering system and dramatically reduces the amount of time required to receive and process the order.

Question 130

Which of the following is not a benefit of using an electronic data interchange (EDI) system?

• Reduction in the number of suppliers a company must deal with.
• Reduction in the ordering costs.
• Faster transaction processing.
• Reduction in the lead time between placing the order and receiving the goods.

Answer 130

Reduction in the number of suppliers a company must deal with.

Question 131

Match:
CRM VAN
EDI Personalized Mkting
EFT Banking

Answer 131

CRM - Personalized marketing (customer relations)
EDI - uses VAN (ex walmart)
EFT - banking, $ exchange without cash

Question 132

Match info systems:
Strategic mgmt (top)       TPS
tactical mgmt (mid)         DSS/ESS
operation mgmt (low)     MIS

Answer 132

Strategic mgmt (top)       DSS/ESS (ESS is higher)
tactical mgmt (mid)         MIS incl AcctIS
operation mgmt (low)     TPS (aka operational)

Question 133

The BoD is meeting to consider whether they should expand their manufacturing facilities to include a product line. External information concerning economic conditions, market projects for the new product, the cost of long-term financing alternatives, and information about potential competitors are all important. The decision would be best supported by a:
-MIS, DSS, or ESS

Answer 133

Executive support systems (ESSs) are a subset of DSS that are especially designed for forecasting and making long-range, strategic decisions, and they place greater emphasis on external data. The need to consider a large proportion of external information in the decision process makes an executive support system (ESS) the best choice listed.

Question 134

Which sys assists with nonroutine decisions, serves strategic levels of the organization, and helps answer questions regarding what a company’s competitors are doing, as well as identifies new acquisitions that would protect the company from cyclical business swings?

• Executive support system.
• Decision support system.
• Transaction processing system.
• Management information system.

Answer 134

Executive support system.

Question 135

Which of the following types of systems would you use to record the number of hours worked during the current pay period for each of your employees?

• An office automation system (OAS).
• Decision support system (DSS).
• A transaction processing system (TPS).
• A partitioned system (PS).

Answer 135

Transaction processing system TPS

Day to day activities

Question 136

The system that most resembles a managerial accounting, budgeting system is:

• MIS.
• DSS.
• ESS.

Answer 136

MIS take planning information (budgets, forecasts, etc.) data and compare it to actual results in periodic management reports (summary reports, variance reports, and exception reports). Hence, MIS can be considered similar to, and may incorporate, traditional budgeting systems.

Question 137

Which is a report that would be produced by a MIS as opposed to an accounting information system (AIS)?

• An Aged Accounts Receivable report that breaks A/R balances down into current, 30 days past due, 60 days past due, and over 60 days past due categories.
• An exception report that lists all days when production volume was more than 10% over or under the planned level of production for the day.
• A balance sheet.
• A Property, Plant, and Equipment report that lists each asset, its cost basis, and, where appropriate, the accumulated depreciation for the asset.

Answer 137

An exception report that lists all days when production volume was more than 10% over or under the planned level of production for the day.
Production volume data don’t generate debits and credits and are not part of most AISs. This type of information is frequently used by mid-level managers to support daily operations and is included in most management information systems (MISs).

Question 138

This system is sometimes also called a TPS.

• Operational system.
• MIS.
• DSS.
• ESS.

Answer 138

Operational Sys

aka Transaction process sys

Question 139

Which of the following is an example of a non-financial transaction?

• Sending a purchase order to a vendor to purchase items for re-sale.
• Creating a cash receipt to mark receipt of a customer payment.
• Preparing a payroll check to send to an employee in payment of the current month’s wages.
• Approving a vendor invoice for payment.

Answer 139

Sending a purchase order to a vendor to purchase items for re-sale is an example of a non-financial transaction, as it does not require a debit/credit entry in the accounting system (there is no completed transaction, just a request for a transaction).

Question 140

I, II, both, neither?
I. The bulk of the data found in a data warehouse comprises historical operational data.
II. Pattern recognition is one of the principal functionalities offered by data mining software.

Answer 140

Both
A data warehouse is a database archive of an organization’s operational transactions (sales, purchases, production, payroll) over time; external data that might be correlated with these transactions, such as economic indicators, stock prices, and exchange rates, are also included.
Pattern recognition is a major component of data mining software: data mining is the process of performing statistical analysis and automatically searching for patterns in large volumes of data.

Question 141

I, II, both, neither?
I. An important advantage of flat file systems is that they are program independent.
II. Flat file systems contain little data redundancy.

Answer 141

Statement one is incorrect because, while flat file systems do contain program independence, this is seen as a disadvantage not an advantage. This is because the program independence of flat file systems means that multiple programs must be used to read, access and process the data. Statement II is incorrect because flat file systems contain a high degree of data redundancy.

Question 142

A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments is known as

• A functional warehouse.
• A data mart.
• A data store.
• An object-oriented database.

Answer 142

Data mart

A data mart is focused on a particular market or purpose and contains only information specific to that objective.

Question 143

Which of the following is a critical success factor in data mining a large data store?

• Pattern recognition.
• Effective search engines.
• Image processing systems.
• Accurate universal resource locater (URL).

Answer 143

Pattern recognition
Data mining is the process of sorting through data maintained in a data warehouse in an effort to identify relationships between data fields or events. These relationships are often classified as sequences (one event leads to another) or associations. The ability to recognize these patterns is critical to successful data mining.

Question 144

A data warehouse differs from a data mart because:

• A data warehouse is more specialized than a data mart.
• Data mining is possible in a data mart but not a data warehouse.
• A data mart supports specific needs.
• External data is not included in a data mart.

Answer 144

A data mart supports specific needs.
A data mart is more specialized than a data warehouse. The data mart is often constructed to support specific needs of subunits of an organization.

Question 145

Which of the following statements is true regarding small business computing?

• General IT controls are less important in a small business computing environment.
• Spreadsheets should be reviewed and tested by an independent third party.
• The centralized IT department should be the primary source of control.
• All of the above.

Answer 145

Spreadsheets should be reviewed and tested by an independent third party.
To ensure they operate efficiently

Question 146

Which of the following is less likely to occur in a small business than in a large business?

• Databases are not subject to third-party review and testing.
• Segregation of duties is problematic.
• All employees wear name badges.
• Users are automatically logged off of the system after a fixed period of inactivity.

Answer 146

All employees wear name badges.

Emphasizing that all the others are more likely to occur in a small business!!

Question 147

Which of the following is not a benefit of mobile computing?

• Reduced usability issues.
• Cheaper data capture.
• Better organizational information quality .
• Better integration with cloud-based system applications.

Answer 147

Reduced usability issues

Mobile use increases usability issues

Question 148

Which of the following critical accounting function is most likely to be absent in a small business computing environment?

• Authorization.
• Record keeping.
• Custody.
• All of these choices are equally likely to be absent

Answer 148

Authorization.
Authorization is most likely to be absent in a small business computing environment. There is a great need for third-party review and testing within the small business computing environment.

Question 149

Which of the following strategies is important to managing security over mobile systems?

• Hot sites.
• BCM.
• Teleprinters.
• View-only access.

Answer 149

View-only access

View-only access is a useful control (i.e., restriction) on the ability of mobile devices to make changes in data.

Question 150

If complete segregation of duties is impossible in a small busin, which two functions should be potentially combined?

• Review and custody.
• Authorization and record keeping.
• Review and record keeping.
• Authorization and review/auditing.

Answer 150

Combining the authorization and review/auditing functions, while not desirable, is the least risky option and is recommended, if necessary for cost reasons, in small business systems.

Question 151

Match:
Bit         2^0
Byte      2^3
GB        2^10
MB       2^20
KB        2^30

Answer 151

Bit         2^0 (0 or 1)
Byte      2^3 (8)
KB        2^10 (1024)
MB       2^20
GB        2^30

Question 152

What is the easiest way to categorize data sizes, small to large (ex bit, file, record)?

Answer 152

Go by characters in the word (file is exception)
Bit
Byte
Field
Record
File
Database

Question 153

Database management software is considered:
A. Outerwear.
B. Software.
C. Middleware
D. B and C.

Answer 153

D (B & C) Software and Middleware

Question 154

Which of the following items would be most critical to include in a systems specification document for a financial report?

• Cost-benefit analysis.
• Data elements needed.
• Training requirements.
• Communication change management considerations.

Answer 154

-Data elements needed.
Specifying the required data elements would be a critical activity in determining the attributes of a document in a financial reporting system.

Question 155

Which of the following components of a database is responsible for maintaining the referential integrity of the data in the system?

• Database management system (DBMS)
• Data query language (DQL).
• Data manipulation language (DML).
• Data definition language (DDL).

Answer 155

The database management system (DBMS) controls the storage and retrieval of the information maintained in a database and is responsible for maintaining the referential integrity of the data.

Question 156

Which of the following structures refers to the collection of data for all vendors in a relational data base?

• Record.
• Field.
• File.
• Byte.

Answer 156

A file would contain the collection of data for all vendors in a relational database. This would also be called a table in a relational database

Question 157

The following customer data is stored in the sales processing system to a regional produce distributor:
CustomerNumber, CustomerName, CustomerPhone, CustomerContact, CustomerCreditLimit
Which of the following is true?
-CustomerNumber is an example of a field.
-CustomerNumber is an example of a data value.
-CustomerNumber is an example of a record

Answer 157

Field

CustomerNumber is an example of a field (also known as an attribute).

Question 158

What is the correct ascending hierarchy of data in a system?

• Character, record, file, field.
• Field, character, file, record.
• Character, field, record, file.
• Field, record, file, character.

Answer 158

Character, field, record, file.

Small ——–> Large

Question 159

Which of the following allows a database management system to add new records, delete old records, and update existing records?

• Data definition language (DDL).
• Data manipulation language (DML).
• Data query language (DQL).
• Structured query language (SQL).

Answer 159

Data manipulation language (DML).
The data manipulation language allows the user to add new records, delete old records, and update existing records. “MANIPULATION” = change

Question 160

Which of the following devices “burns” data onto a surface?

• Magnetic tape reader.
• Supercomputer.
• ROM.
• Optical disc recorder.

Answer 160

An optical disc recorder uses a laser to burn data onto a disk surface.

Question 161

Which of the following is not considered a secondary storage device?

• Magnetic disk.
• Microcomputers.
• Flash drives.
• Optical disc.

Answer 161

Microcomputers.

Question 162

Vindaloo Corporation wants data storage for a large volume of data that is unlikely to change often. They should consider using

• A hard disk.
• Magnetic tape.
• CD-ROM.
• Memory (RAM).

Answer 162

CD-ROM
CD-ROM is the best choice of the available answers. It can handle a large volume of data and is suited to data that changes infrequently.

Question 163

The CPU includes all of the following except

• ALU.
• RAM.
• Control unit.
• All of the above are part of the CPU.

Answer 163

All of the above
This is the best answer because ALU (arithmatic logic unit), RAM, and the control unit are all considered part of the CPU.

Question 164

Which of the following is true of batch processing? (I, II, both, neither?)
I. In batch processing, data is captured in a transaction file as transactions occur.
II. Periodically (once a day, once a week, etc.), the group of transactions in the transaction file are edited, sorted, and then the transactions are used to update the master file.

Answer 164

II only
Periodically (once a day, once a week, etc.), the group of transactions in the transaction file are edited, sorted, and then the transactions are used to update the master file.

Question 165

Which of the following is not true of a computerized environment as compared to a manual environment?

• Computerized processing frequently combines functions that are normally separated in a manual environment.
• The potential for clerical errors is substantially reduced in a computerized environment.
• The audit procedures may be integrated into the programs.
• The potential for systemic errors is substantially reduced in a computerized environment.

Answer 165

The potential for systemic errors is increased in a computerized environment.

Question 166

In an accounting information system, which of the following types of computer files most likely would be a master file?
A. Inventory subsidiary.
B. Cash disbursements.
C. Cash receipts.
D. Payroll transactions.

Answer 166

The “inventory subsidiary” is an example of a “ledger.” A ledger maintains the balances of some kind of account (A/R subsidiary ledger maintains customer accounts, A/P subsidiary ledger maintains vendor accounts, inv subsidiary ledger maintains product accounts). Ledger files are called “master files” because the individual transaction amounts found in the journals (“transaction files”) are used to update the balances in the ledger files: the transaction files contain the detail; the master file contains the totals.

Question 167

Manual Processing steps: (no question)
Source Doc
Journal
Ledger (T-accts)
Trial Bal
Financial Stmts

Answer 167

Manual Processing steps

Question 168

Online Real time processing VS Batch processing?

Top benefits?

Answer 168

OLRT is more current/up to date, Batches are always at least somewhat behind
Data can be varying in OLRT, batches must follow common key and be sequential

Question 169

Centralized vs Decentralized
Higher transmission cost?
Higher hardware cost?

Answer 169

Higher transmission cost - Centralized

Higher hardware cost - Decentralized

Question 170

The multi-location system structure that is sometimes called the “Goldilocks” solution because it seeks to balance design trade offs is

• Centralized.
• Decentralized.
• Distributed.
• ROM.

Answer 170

Distributed

A compromise between centralized and decentralized computing.

Question 171

Which of the following is NOT an advantage of decentralized/distributed systems?

• Decentralized/distributed systems are more responsive to the needs of the end user.
• Data transmission costs are greatly reduced.
• Input/output bottlenecks associated with high traffic periods are largely avoided.
• Data security is enhanced.

Answer 171

Data security is enhanced.
Because data processing in decentralized/distributed systems is carried out at multiple locations instead of a single, centralized location, these systems are inherently less secure than centralized systems.

Question 172

Which of the following multi-location system structures has the fewest problems with input and output bottlenecks?

• Centralized.
• Decentralized.
• Networked systems.

Answer 172

Decentralized

Question 173

I, II, neither, both
I. LANs use dedicated lines.
II. WANs use dedicated lines.

Answer 173

I only
“Local”
“Wide”

Question 174

Which of the following is a low-cost wired transmission medium?

• Router.
• Microwave media.
• Fiber optic cable.
• Twisted pair.

Answer 174

Twisted pair

Question 175

The data control protocol used to control transmissions on the Internet is

• CSMA-CD
• TCP/IP
• ISP
• HTML

Answer 175

TCP/IP

Transmission control protocol/Internet protocol

Question 176

Which of the following is NOT true?

• Intranets are implemented using Internet protocols.
• Training time for intranet-based applications is usually lower than training for similar programs using a traditional LAN interface.
• Intranets are generally available to the public.
• Intranets are often used to connect geographically separate LANs within a company.

Answer 176

Intranets are generally available to the public.

Intranets usually require a username and password in order to access the system.

Question 177

Which of the following technologies is specifically designed to exchange financial information over the World Wide Web?

• Hypertext markup language (HTML).
• Extensible business reporting language (XBRL).
• Hypertext transfer protocol (HTTP).
• Transmission control program/Internet protocol (TCP/IP).

Answer 177

Extensible business reporting language (XBRL).

XBRL is specifically designed to exchange financial information over the World Wide Web.

Question 178

_____ systems include redundancy of components.

• Inefficient.
• Online real-time.
• Quicken.
• Fault tolerant.

Answer 178

Fault tolerant

Question 179

A company has a significant e-commerce presence and self-hosts its website. To assure continuity in the event of a natural disaster, the firm should adopt which of the following strategies?

• Back up the server database daily.
• Store records off-site.
• Purchase and implement RAID technology.
• Establish off-site mirrored web server.

Answer 179

-Establish off-site mirrored web server.
Mirroring is a high-cost, high-reliability approach to backup that is common in e-commerce applications. Of the offered alternatives in this question, this is the best approach to assuring the continuous delivery of services despite a natural disaster.

Question 180

In which of the following locations should a copy of the accounting system data backup of year-end information be stored?

• Secure off-site location.
• Data backup server in the network room.
• Fireproof cabinet in the data network room.
• Locked file cabinet in the accounting department.

Answer 180

Secure off-site location
At least one copy of important backup files should be stored in an off-site location so that the data is secure in the event of a disaster at the IT site.

Question 181

Mirroring is

• Used in flashpoint recovery systems.
• The creation of duplicate data.
• A disaster recovery plan.
• Always onsite.

Answer 181

The creation of duplicate data.

This is the purpose of mirroring. The purpose of such systems is to distribute excess demand among multiple data sets.

Question 182

Rollins Corporation uses batch processing for its accounting system. During a recent monthly payroll processing run, it experienced a power failure that corrupted the payroll database.
Which of the following controls will be most useful to the company in recovering from this failure?
-Batch control totals.
-Off-site backup files.
-Checkpoint/restart controls.
-Hot site.

Answer 182

A checkpoint/restart control would be an appropriate way to reprocess only those transactions that took place after the last valid run.

Question 183

A checkpoint is used mostly in _____ systems.

• Online real time.
• Faulty.
• Batch.
• General.

Answer 183

Batch

The use of checkpoint and restart is an important backup procedure.

Question 184

A rollback and recovery is used mostly in _____ systems.

• Online real-time.
• Faulty.
• Batch.
• General.

Answer 184

Online Real-Time
Rollback and recovery procedures are common in online real-time systems. Rollback and recovery is an important backup procedure in which periodic snapshots are taken of a master file and, upon detection of a problem, the system reprocesses all transactions that have occurred since the snapshot.

Question 185

Which of the following statements about firewalls is NOT true?
A. Firewalls frequently include both a hardware component and a software component.
B. Firewalls screen data packets to determine if they are acceptable or unacceptable and block unacceptable packets from the system.
C. Application firewalls, in addition to monitoring data packets, control the execution of programs and examine the handling of data by specific applications.
D. “Network firewall” and “application firewall” are two different names for a program designed to prevent and detect unauthorized access to the system.

Answer 185

“Network firewall” and “application firewall” are two different names for a program designed to prevent and detect unauthorized access to the system.

“Application firewalls” are separate and distinct from “network firewalls”: the terms definitely do not refer to the same program. Network firewalls perform relatively low-level filtering capabilities; application firewalls have the ability to do much more sophisticated checks and provide much better control.

Question 186

Logical (as in access controls) equals….

Answer 186

Virtual

Question 187

Which of the following statements best characterizes the function of a physical access control?

• Protects systems from the transmission of Trojan horses.
• Provides authentication of users attempting to log in to the system.
• Separates unauthorized individuals from computer resources.
• Minimizes the risk of incurring a power or hardware failure.

Answer 187

Separates unauthorized individuals from computer resources.
Physical access controls restrict access to computer hardware, as well as program and data files, to authorized individuals.

Question 188

IT facility controls are

• Detective.
• General.
• Corrective.
• Preventive.

Answer 188

IT facility controls are general controls. That is, they are controls over the IT department as a whole. For example, restricting access to the IT department prevents unauthorized individuals from gaining physical access to the system.

Question 189

In an accounting system, a header can be used to

• Help format a word processing document.
• Identify data records.
• Identify file folders.
• All of the above.

Answer 189

Identify data records.

Identify records in an accounting system file

Question 190

Which of the following solutions creates an encrypted communication tunnel across the Internet for the purpose of allowing a remote user secure access to the network?

• Packet-switched network.
• Digital encryption.
• Authority certificate.
• Virtual private network.

Answer 190

A virtual private network (VPN) is a secure way to create an encrypted communication tunnel to allow remote users secure access to a network. The VPN uses authentication to identify users and encryption to prevent unauthorized users from intercepting data.

Question 191

What is a major disadvantage of using a private key to encrypt data?

• Both the sender and receiver must have the private key before this encryption method will work.
• The private key cannot be broken into fragments and distributed to the receiver.
• The private key is used by the sender for encryption, but not by the receiver for decryption.
• The private key is used by the receiver for decryption, but not by the sender for encryption.

Answer 191

Both the sender and receiver must have the private key before this encryption method will work.
In order to decrypt a message encrypted via private key encryption (single key encryption), both the sender and the receiver must have access to the key, as a single key is used both to encrypt (run the encryption algorithm “forward”) and decrypt (run the algorithm “backward”). This is a disadvantage because the transmission of the key is inherently insecure.

Question 192

Which of the following can be used to authenticate messages transmitted in a networked environment?

• Public/private key encryption.
• Digital signature.
• One-time password.
• Mathematical message digest.

Answer 192

Digital signature.
Uses public/private key encryption technology to provide a means of authenticating messages delivered in a networked environment.

Question 193

A digital signature is used primarily to determine that a message is

• Unaltered in transmission.
• Not intercepted en route.
• Received by the intended recipient.
• Sent to the correct address.

Answer 193

Unaltered in transmission
A digital signature consists of a digest of the original message that is encrypted with the sender’s private key. The use of the private key provides the sender’s authentication, and the transmission of the encrypted digest (which is later decrypted and compared to a digest of the message received) permits the detection of any alterations during transmission.

Question 194

Which of the following provides the most reliable form of electronic authentication?

• Digital signature.
• Symmetric encryption.
• Asymmetric encryption.
• Digital certificate.

Answer 194

Digital Certificate
When a digital certificate is requested, an independent background check is completed to confirm the identity of the requesting entity.
Thus, a digital certificate provides a higher level of reliability than a digital signature.

Question 195

Which of the following is true regarding public/private key encryption?
A. Both the public and private keys can be used to encrypt and decrypt messages.
B. Messages encrypted using public/private key encryption are more difficult to crack (or break) than messages encrypted using private key encryption.
C. Messages are generally encrypted with the sender’s private key so that no one else can decipher the message during transmission.
D. In public/private key encryption, to gain access to the key used to decrypt the message, the recipient must know of the key to use from the sender.

Answer 195

Both the public and private keys can be used to encrypt and decrypt messages, although the public key can only decrypt messages encrypted using the private key and vice versa.
B(No strength difference)
C(Encrypted w/ private key can be decrypt with public key)
D(recipient looks up the sender’s public key on the Certificate Authority’s sites and uses it to decrypt the message)

Question 196

Which of the following is true about denial-of-service attacks? (I, II, both, neither)
I. A denial-of-service attack takes advantage of a network communications protocol to tie up the server’s communication ports so that legitimate users cannot gain access to the server.
II. If the denial-of-service attack is successful, the attacker can gain access to unprotected resources on the server.

Answer 196

I only
A denial-of-service attack prevents legitimate users from accessing the system by flooding the server with hundreds of incomplete access requests.
The object of the attack is to prevent access to the system: the attacker does not actually gain access to information on the system.

Question 197

A company’s web server has been overwhelmed with a sudden surge of false requests that caused the server to crash. The company has most likely been the target of

• Spoofing.
• Piggybacking.
• An eavesdropping attack.
• A denial of service attack.

Answer 197

In a denial of service attack, servers are overwhelmed with incomplete access requests, causing them to hang, zombie like, in a living, though brain-dead, useless state.

Question 198

A type of malware designed to let the attacker bypass the normal user authentication process (e.g., enter username and password) and enter the user’s system is

• A Trojan horse.
• A virus.
• A back door.
• A worm.

Answer 198

Back Door
A back door is a program that allows an unauthorized user to gain access to the system by side-stepping the normal logon procedures.

Question 199

Which of the following is a computer program that appears to be legitimate, but performs an illicit activity when it is run?

• Redundant verification.
• Parallel count.
• Web crawler.
• Trojan horse.

Answer 199

A Trojan horse is an apparently legitimate program that contains an unauthorized code that performs malicious activities when the program is run. Trojan horse programs are often used to provide a “back door” to the victim’s system, enabling the hacker to gain access to the targeted system.