W41-Characteristics of IT Systems-Specific

Question 1

Q54. A computer that is designed to provide software and other application to other computers is referred to as a

a. Microcomputer
b. Network computer
c. Server
d. Supercomputer

Answer 1

Q54. (c) A server provides other computers (“clients”) with access to files and printers as shared resources to a computer network.

Question 2

Q55. Which is least likely to be considered a component of a computer network?

a. Application program
b. Computers
c. Software
d. Routers

Answer 2

Q55. (a) application program is a program that gives a computer instructions that provide the user with tools to accomplish a specific task (e.g., a word processing application).

Question 3

Q59 Laptop computers provide automation outside of the normal office location. Which of the following would provide the least security for sensitive data stored on a laptop computer?

a. Encryption of data files on the laptop computer
b. Setting up a password for the screensaver program on the laptop computer
c. Using a laptop computer with a removable hard disk drive
d. Using a locking device that can secure the laptop computer to an immovable object

Answer 3

Q59. (b) password protection for a screensaver program can be easily bypassed.

Question 4

Q60. When developing a new computer system that will handle customer orders and process customer payments, a high-level systems design phase would include determination of which of the following?

a. How the new system will affect current inventory and general ledger systems
b. How the file layouts will be structured for the customer order records
c. Whether to purchase a turn-key system or modify an existing system
d. Whether formal approval by top management is needed for the new system

Answer 4

Q60. (c) the determination of what type of system to obtain is made during the high-level design phase.

Question 5

Q62. Management is concerned that data uploaded from a microcomputer to the company’s mainframe system in batch processing may be erroneous. Which of the following controls would best address this issue?

a. The mainframe computer should be backed up on a regular basis
b. Two persons should be present at the microcomputer when it is uploading data
c. The mainframe computer should subject the data to the same edits and validation routines that online data entry would require
d. The users should be required to review a random sample of processed data

Answer 5

Q62. (c) this could help prevent data errors

Question 6

Q66. The use of message encryption software

a. Guarantees the secrecy of data
b. Requires manual distribution of keys
c. Increases system overhead
d. Reduces the need for periodic password changes

Answer 6

Q66. (c) the machine instructions necessary to encrypt and decrypt data constitute system overhead, which means that processing may be slowed down

Question 7

Q67. A company’s management is concerned about computer data eavesdropping and wants to maintain the confidentiality of its information as it is transmitted. The company should utilize

a. Data encryption
b. Dial-back systems
c. Message acknowledgement procedures
d. Password codes

Answer 7

Q67. (a) data encryption prevents eavesdropping by using codes to ensure that data transmissions are protected from unauthorized tampering or electronic eavesdropping

Question 8

Q69. The internal auditor is reviewing a new policy on electronic mail. Appropriate elements of such a policy would include all of the following except:

a. Erasing all employee’s electronic mail immediately upon employment termination
b. Encrypting electronic mail messages when transmitted over phone lines
c. Limiting the number of electronic mail packages adopted by the organization
d. Directing that personnel do not send highly sensitive or confidential messages using electronic mail

Answer 8

Q69. (a) the company should have access to the business-related e-mail that is left behind. Access to e-mail can also be critical in business or possible criminal investigations. The privacy concerns of the individual case must be mitigated by compelling business interests: the need to follow up on business e-mail and to assist in investigations.

Question 9

Q70. Which of the following risks is most likely to be encountered in an end-user computing (EUC) environment as compared to a mainframe computer system?

a. Inability to afford adequate uninterruptible power supply system
b. User input screens without a graphical user interface (GUI)
c. Applications that are difficult to integrate with other information systems
d. Lack of adequate utility programs

Answer 9

Q70. (c) this risk is considered unique to end-user computing (EUC) system development

Question 10

Q72. Method to minimize the installation of unlicensed microcomputer software include all of the following except:

a. Employee awareness programs
b. Regular audits for unlicensed software
c. Regular monitoring of network access and start-up scripts
d. An organizational policy that includes software licensing requirements

Answer 10

Q72. (c) this technique will not affect introduction of unlicensed software

Question 11

Q73. In traditional information systems, computer operators are generally responsible for backing up software and data files on a regular basis. In distributed or cooperative systems, ensuring that adequate backups are taken is the responsibility of

a. User management
b. Systems programmers
c. Data entry clerks
d. Tape libratians

Answer 11

Q73. (a) in distributed or cooperative systems, the responsibility for ensuring that adequate backups are taken is the responsibility of user management because the systems are under the control of users

Question 12

Q74. An auditor is least likely to find that a client’s data is input through

a. Magnetic tape reader
b. Dynamic linking character reader
c. Point-of-sale recorders
d. Touch sensitive screens

Answer 12

Q74. (b) the term “dynamic linking character reader” is a combination of therms that has no real meaning

Question 13

Q75. End-user computing is an example of which of the following?

a. Client/server processing
b. A distributed system
c. Data mining
d. Decentralized processing

Answer 13

Q75. (d) end-use computing involves individual users performing the development and execution of computer applications in a decentralized manner

Question 14

Q77. Which of the following statements is correct regarding the Internet as a commercially viable network?

a. Organizations must use firewalls if they wish to maintain security over internal data
b. Companies must apply to the Internet to gain permission to create a homepage to engage in electronic commerce
c. Companies that wish to engage in electronic commerce on the Internet must meet required security standards established by the coalition of Internet providers
d. All of the above

Answer 14

Q77. (a) companies that wish to maintain adequate security must use firewalls to protect data from being accessed by unauthorized users

Question 15

Q78. To reduce security exposure when transmitting proprietary data over communication lines, a company should use.

a. Asynchronous modems
b. Authentic techniques
c. Call-back procedures
d. Cryptographic devices

Answer 15

Q78. (d) cryptographic devices protect data in transmission over communication lines

Question 16

Q79. Securing client/server systems is a complex task because of all of the following factors except:

a. The use of relational databases
b. The number of access points
c. Concurrent operation of multiple user sessions
d. Widespread data access and update capabilities

Answer 16

Q79. (a) client/server implementation does not necessarily use relational databases

Question 17

Q80. Which of the following would an auditor ordinarily consider the greatest risk regarding an entity’s use of electronic data interchange (EDI) ?

a. Authorization of EDI transactions
b. Duplication of EDI transmissions
c. Improper distribution of EDI transactions
d. Elimination of paper documents

Answer 17

Q80. (c) an EDI system must include controls to make certain that EDI transactions are processed by the proper entity, using the proper accounts.

Question 18

Q82. Which of the following is considered a component of a local area network?

a. Program flowchart
b. Loop verification
c. Transmission media
d. Input routine

Answer 18

Q82. (c) a local area network requires that data be transmitted from one computer to another through some form of transmission media

Question 19

Q84. Which of the following is not considered an exposure involved with electronic data interchange (EDI) systems as compared to other systems?

a. Increased reliance upon computer system
b. Delayed transaction processing time
c. Possible loss of confidentiality of information
d. Increased reliance upon third parties

Answer 19

Q84. (b) EDI ordinarily decreases transaction processing time; it does not delay transaction processing time

Question 20

Q85. Which of the following statements is correct concerning internal control when a client is using an electronic data interchange system for its sales?

a. Controls should be established over determining that all suppliers are included in the system
b. Encryption controls may help to assure that messages are unreadable to unauthorized persons
c. A value-added-network (VAN) must be used to assure proper control
d. Attention must be paid to both the electronic and “paper” versions of transactions

Answer 20

Q85. (b) encryption controls are designed to assure that messages are unreadable to unauthorized persons and to thereby control the transactions

Question 21

Q87. Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (EDI) environment?

a. A compressed business cycle with lower year-end receivables balances
b. A reduced need to test computer controls related to sales and collections transactions
c. An increased opportunity to apply statistical sampling
d. No need to rely on third-party service providers to ensure security

Answer 21

Q87. (a) the speed at which transactions can occur and be processed electronically results in lower year-end receivables since payments occur so quickly