ACC 340 Final Exam Revel Study Set
REA diagrams for individual business cycles are built around basic (blank) economic changes. A. give-to-get B. debit-credit C. in-and-out D. none
A
Which type of relationship between two entities must have a concatenated key? A. M:N B. 1:N C. 1:1 D. all
A
XYZ company's REA diagram depicts the following entities: sales, inventory, salesperson, cashier, customer, cash receipts, and cash. The inventory-sales and cash receipts-sales relationships are both many-to-many. How many tables does it need to implement its REA diagram in a relational database? A. 8 B. 7 C. 9 D. 10
A
Which of the following is NOT an example of multi-factor authentication? A. a passphrase and a security question B. A password and a cellphone C. A 6-digit PIN and a smart card D. A fingerprint and a USB device
A. A passphrase and a security question
The DBMS language that builds the data dictionary is called A. DDL B. DQL C. Both B and A. D. DML
A. DDL
Which of the following does not help safeguard assets, documents, and data? A. measure the throughput and utilization of data and physical assets B. create and enforce appropriate policies and procedures C. store data and documents in fireproof storage areas D. periodically reconcile recorded asset quantities
A. Measure the throughput and utilization of data and physical assets
Developing an REA diagram for a specific business cycle consists of which of the following steps? A. all B. determine cardinalities of each relationship C. identify the resources affected by each event and the agents who participate in those events D. identify the events about which management wants to collect information
A. all
The examination of the relationships between different sets of data is called A. analytical reviews B. top-level reviews C. comparison of actual quantities with recorded amounts D. reconciliation of independently maintained records
A. analytical reviews
In an REA diagram, information about all the payments received from customers would be stored in which type of entity? A. event B. none C. resource D. agent
A. event
If the time an attacker takes to break through the organization's preventive controls is shorter than the sum of the time required for the organization to detect the attack and the time required to respond to the attack, then the organization's security is considered: A. ineffective B. inefficient C. efficient D. effective
A. ineffective
The Trust Services Framework identifies 5 principles for systems reliability. Which one of those 5 principles is a necessary prerequisite to the other four? A. security B. privacy C. processing integrity D. confidentiality
A. security
A set of interrelated, centrally coordinated data files that are stored with as little data redundancy as possible is called? A. a database B. a file set C. an AIS D. a data set
A: a databas
Which of the following is the correct sequence of steps in the incident response process? A. stop attack, repair damage, recognize that a problem exists, learn from the attack B. recognize that a problem exists, stop the attack, repair the damage, learn from the attack C. recognize that a problem exists, repair the damage, stop the attack, learn from the attack
B. Recognize that a problem exists, stop the attack, repair damage, learn from the attack
Which of the following is an effective data entry control to ensure tht overtime hours should be zero for someone who has not worked in the maximum number of regular hours in a pay period? A. limit check B. a reasonable check C. a range check D. a validity check
B. a reasonableness check
One of the benefits of using database is to allow an organization to change its data in one location without affecting its data in another location. This benefit is called A. data redundancy minimization B. data independence C. data integration D. data sharing
B. data independence
Using your private key to encrypt a hash of a document creates a A. digital certificate B. digital signature C. cookie D. digital watermark
B. digital signature
In an REA model, activities about which management wants to collect information for planning or control purposes are known as A. resources B. events C. activities D. agents
B. events
Annie is a sales associate and uses her company issued computer to access the AIS. She has access to view customer and product information. She also has access that allows her to enter and cancel customer orders. Annie's right to access Drug Co.'s AIS represents a(n) (blank) in the company's database management system. A. data dictionary B. external-level schema C. internal-level schema D. conceptual-level schema
B. external-level schema
An attribute in a table that serves as a unique identifier in another table and is used to link the two tables is a A. local key B. foreign key C. secondary key D. primary key
B. foreign key
Each night during the week an organization backs up just that day's transactions. This is referred to as making what kind of backup? A. archival B. incremental C. differential D. full
B. incremental
Which of the following is the first stage of the database design process? A. conceptual design B. physical design C. conversion
B. physical design
Hiring qualified personnel, segregation employee duties, and controlling physical access to assets and information are examples of what kind of internal controls? A. corrective controls B. preventative controls C. general controls D. detective controls
B. preventative controls
The butterfly society maintains a database of all types of butterflies within the United States. One database table will store the butterfly species name and classification, with each species uniquely identified by a registration number. A second table will contain butterfly characteristics, uniquely identified by a characteristic number, and will be linked to the species table by the registration number. The primary key of the species table is: A. species B. registration number C. classification D. characteristic number
B. registration number
The Trust Services Reliability Principle that states, "access to the system and its data is controlled and restricted to legitimate users," is known as: A. confidentiality B. security C. privacy D. processing integrity
B. security
If the same key is used to both encrypt and decrypt a file, that is an example of what is referred to as a(n) A. virtual private network B. symmetric encryption system C. public key infrastructure D. asymmetric encryption system
B. symmetric encryption system
Which of the following is used to protect the privacy of customers' personal information? A. cookies B. tokenization C. certificate authority D. digital watermarks
B. tokenization
An integrated REA diagram merges multiple copies of (blank) and (blank) entities but retains multiple copies of (blank) entities. A. event; agent; resources B. resource; agent; event C. resource; event; agent
C
The relationship between sales and inventory for ABC Company is M:N. During the year, the ABC Company runs periodic sales. The actual sales price of an item sold to a particular customer would be stored in which table? A. Inventory B. Sales C. Inventory Sales D. none
C
(Blank) provides assurance that someone cannot enter into a digital transaction and then subsequently deny they had done so and refuse to fulfill their side of the contract. A. Public key infrastructure B. Certificate authority C. Digital signature D. Digital certificate
C. Digital signature
Which of following action(s) must an organization take to preserve the confidentiality of sensitive information? A. Hire a CISO B. All of these C. Train employees to properly handle information D. Purchase fraud insurance
C. Train employees to properly handle information
A faciliity that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities is called A. virtualization B. a real-time mirroring site C. a hot site D. a cold site
C. a hot site
In an REA diagram, suppliers would be examples of the type of entity called: A. event B. agent C. resource
C. agent
A(n) (blank) helps employees understand management's vision. It communicates company core values and inspires employees to live by those values. A. diagnostic control system B. boundary system C. belief system D. interactive control system
C. belief system
When Jo, a sales associate, enters an account number, which of the following controls that would allow the system to retrieve and display the account name so that Jo could verify that the correct account number had been entered? A. data matching B. sequence check C. closed-loop verification D. prompting
C. closed loop verification
Replacing sensitive personal information with fake data is called A. information rights management B. encryption C. data masking D. nonrepudiation
C. data masking
Mary keeps record of every cupcake she has ever made and sold. She has also kept records of customer comments and entered them into a computerized accounting system called a "data warehouse". Mary wants to rebrand and has her accountant identify top sellers. What is her accountant doing? A. product auditing B. data exploring C. data mining D. product resource management
C. data mining
A cold site is an appropriate strategy for disaster recovery for organizations that are willing to tolerate operating for several (bank) without their ERP system and who are also willing to reenter or even lose several (blank) worth of transactions. A. minutes, hours B. hours, hours C. days, days D. hours, days
C. days, days
A batch total that is computed by adding up the invoice numbers in a set of sales invoices is called a A. record count B. checksum C. hashtotal D. financial total
C. hash total
Which of the following is not a key method of monitoring internal control system performance? A. employ a computer security officer B. perform internal control eval C. hire private investigator to investigate employee behavior D. implement a fraud hotline
C. hire private investigators to investigate employee behavior
A turnaround document is an example of a(n) A. processing control B. output control C. input control
C. input
Every employee at the Grizzley Corp can enroll in more than one training program, and each training program can have more than one employee to participate. Thus, the cardinality that exists between employee and training program is A. one to one B. one to many C. many to many D. none
C. many to many
Which of these is NOT true? A. the maximum cardinality in a relationship can be one B. the minimum cardinality in a relationship can be one C. the minimum can be many D. the minimum can be zero E. the maximum can be many
C. minimum can be many
Which objective deals with a company's effectiveness and efficiency and the allocation of resources? A. strategic objectives B. reporting objectives C. operations objectives D. compliance objectives
C. operations objectives
Managers can use completed REA diagrams to guide the design of queries to print A. managerial receipts B. journals and ledgers C. financial statements D. all
D
The steps to implement an REA diagram in a relational database include: A. creating a table for each distinct entity in the diagram and for many-to-many relationships B. use foreign keys to implement one-to-one and one-to-many relationships C. Assign attributes to all tables D. All
D
Which of the following rules must be followed when implementing an REA diagram in a relational database? A. Every table must have a primary key B. Every attribute must be single-valued C. Any attributes other than the primary key must be either a fact about the thing designated by the primary key or foreign keys used to link that table to another table D. all
D
Which is true? A. In a M:N relationship, the primary key of either entity can become a foreign key in the database table representing the other entity B. all C. in a 1:N relationship, the primary key of either entity can become a foreign key in the database table representing the other entity D. In a 1:1 relationship, the primary key of either entity can become a foreign key in the database table representing the other entity
D.
Which is true? A. the choice of cardinalitiies in a REA diagram depends upon the wishes of the data modeler. B. The choice of cardinalities in an REA diagram is arbitrary C. none D. the choice of cardinalities in an REA diagram reflects facts about the organization's business practices.
D.
Which of the following factor(s) should be considered when determining the strength of any encryption system? A. encryption algorithm B. Policies for managing the cryptographic keys C. Key length D. All of these
D. All
Which of the following helps protect you from identity theft? A. Encrypt all email that contains personal information B. Monitor your credit reports regularly C. Shred all paper documents that contain personal information before disposal D. All
D. All of these
Which of the following techniques can be used to minimize system downtime? A. preventative maintenance B. RAID C. UPS D. All of these
D. All of these
What is the objective of a penetration test? A. to correct identified weaknesses by applying updates that eliminate known vulnerabilities B. To prevent employees from doing actions that are incompatible with their jobs C. To determine whether or not a system can be broken into D. To identify where additional protections are most needed to increase time and effort required to compromise the system
D. To identify where additional protections are most needed to increase time and effort required to compromise the system
The organization-wide view of the entire database that lists all data elements and the relationships between them is called A. subschema B. internal-level schema C. external-level schema D. conceptual-level schema
D. conceptual-level schema
In an E-R diagram, relationships are depicted as A. rectangles B. inverted triangles C. ovals D. diamonds
D. diamonds
Which term refers to software that an attacker can use to compromise a system? A. patch B. vulnerability C. virtualization D. exploit
D. exploit
The problem of not being able to add records to a database is called A. database anomaly B. update anomaly C. delete anomaly D. insert anomaly
D. insert anomaly
In an REA diagram information about various cash accounts would be found in? A. none B. agent C. event D. resource
D. resource
The amount of risk a company is willing to accept in order to achieve its goals and objectives is called A. risk acceptance B. risk tolerance C. risk management D. risk appetite
D. risk appetite
Virtualization refers to the ability to A. eliminate the need for a physical computer B. use the internet to perform all needed system functions C. use web-based security to protect an organization D. run multiple systems simultaneously on one physical computer
D. run multiple systems simultaneously on one physical computer
The steps that criminals take to identify potential points of remote entry is called: A. research B. attempt social engineering C. conduct reconnaissance D. scan and map the target
D. scan and map the target
Which of the following is designed to prevent an attacker from executing a buffer overflow attack by submitting lengthy attack codes into the address field on a website form? A. field check B. reasonableness test C. limit check D. size check
D. size check
The database view that allows a sales manager to view all customer information as being stored in a table is called A. the custom view B. the detail view C. the physical view D. the logical view
D. the logical view
A potential adverse occurrence is called a threat or an event. With respect to threats, which of these statements is false? A. the potential dollar loss from a threat is called the exposure or impact B. none are false C. the probability a threat will occur is called the likelihood or risk D. the timing of when a threat will occur is called the timeframe or timeline
D. the timing of when a threat will occur is called a timeline or timeline
Merging redundant resources (blank) affect any cardinalities, but merging redundant events alters the (blank) cardinalities associated with the other events that are related to the merged event. A. does not, maximum B. does, minimum C. does, maximum D. does not, minimum
d
Which of the following is not a SOX requirement? A. the CEO must certify financial statements B. Auditors must maintain an audit trail that documents all client communications C. Auditors must report specific info to company's audit committee D. Audit committee members must be on company's board of directors and independent from company
B. Auditors must maintain an audit trail that documents all client communication
Which of the following Generally Accepted Privacy Principles would an organization violate if it collects and stores your sensitive personal information without your knowledge? A. Collection B. Choice and consent C. Notice D. Management
B. Choice and consent
After a tornado destroys an organization's data center, the CIO turns to the (blank) for instructions on how to recover. A. Backup Plan (BP) B. Disaster Recovery Plan (DRP) C. Business Continuity Plan (BCP) D. Incident Response Plan (IRP)
B. Disaster Recovery Plan
A website has a checkbox that states, "Click here if you do NOT want the AJAX company to share your information with third parties and send you offers that you might be interested in" is following the choice and consent practice known as A. Hashing B. Opt-out C. Opt-in
B. Opt-out
A firewall is an example of a (blank) control. A. Detective B. Preventative C. Corrective D. none
B. Preventative
