ACCT 390 Chapter 15.1-4

Parity checks and echo checks are examples of

Hardware controls.

General controls include Physical controls. Access controls. Hardware controls. Environmental controls. Logical controls.

I, II, III, IV, and V.

Which of the following risks are greater in computerized systems than in manual systems? Erroneous data conversion Erroneous source document preparation Repetition of errors Concentration of data

I, III, and IV.

Spoofing is one type of malicious online activity. Spoofing is

Identity misrepresentation in cyberspace.

Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?

Independently verify the transactions.

Which of the following statements is true concerning the COBIT 5 framework?

Information and organizational structures are among the enablers identified in COBIT 5.

Innovations in IT increase the importance of risk management because

Information system security is continually subject to new threats.

Which of the following is most likely a disadvantage for an entity that keeps data files prepared by personal computers rather than manually prepared files?

It is usually easier for unauthorized persons to access and alter the files.

General controls in an information system include each of the following except

Logic tests.

Which of the following is a key difference in controls when changing from a manual system to a computer system?

Methodologies for implementing controls change.

Which of the following passwords would be most difficult to crack?

O?Ca!FlSi

Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of this change,

Part of the audit trail is altered.

A client installed the sophisticated controls using the biometric attributes of employees to authenticate user access to the computer system. This technology most likely replaced which of the following controls?

Passwords.

Which of the following classifications of security controls includes smoke detectors, generators, security guards, and ID badges?

Physical

An organization relied heavily on e-commerce for its transactions. Evidence of the organization's security awareness manual would be an example of which of the following types of controls?

Preventive

Which of the following is the best policy for the protection of a company's vital information resources from computer viruses?

Prudent management procedures instituted in conjunction with technological safeguards.

Which of the following statements presents an example of a general control for a computerized system?

Restricting access to the computer center by use of biometric devices.

Which of the following activities would most likely detect computer-related fraud?

Reviewing the systems-access log.

All of the following are correct statements regarding general controls except

Segregation of duties is less important because IT facilitates the separation of functions (authorization, recording, and access to assets).

Which of the following statements best characterizes the function of a physical access control?

Separates unauthorized individuals from computer resources.

All of the following are adequate controls for protection against unauthorized access to sensitive information except

System access log.

As a result of technological developments facing businesses and CPAs,

System boundaries are becoming less distinct.

What should be examined to determine if an information system is operating according to prescribed procedures?

System control.

Authentication is the process by which the

System verifies the identity of the user.

A small client recently put its cash disbursements system on a server. About which of the following internal control features would an auditor most likely be concerned?

The server is operated by employees who have cash custody responsibilities.

What is the primary objective of data security controls?

To ensure that storage media are subject to authorization prior to access, change, or destruction.

Your firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automatic system?

Traditional duties are less segregated.

Which of the following is a computer program that appears to be legitimate but performs some illicit activity when it is run?

Trojan horse.

A network firewall is designed to provide adequate protection against which of the following?

Unauthenticated logins from outside users.

When a client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?

User accounts are not removed upon termination of employees.

Which of the following is a password security problem?

Users are assigned passwords when accounts are created but do not change them.

Which of the following is an advantage of a computer-based system for transaction processing over a manual system? A computer-based system

Will be more efficient at producing financial statements.

An auditor was examining a client's network and discovered that the users did not have any password protection. Which of the following would be the best example of the type of network password the users should have?

tR34ju78.

A company wants to protect its IT system from unauthorized users accessing the system. Which of the following controls would best serve to mitigate this risk?

A biometric device.

One of the major problems in a computer system is that incompatible functions may be performed by the same individual. One compensating control is the use of

A computer log.

A company's web server has been overwhelmed with a sudden surge of false requests that caused the server to crash. The company has most likely been the target of

A denial of service attack.

Attacks on computer networks may take many forms. Which of the following uses the computers of innocent parties infected with Trojan horse programs?

A distributed denial-of-service attack.

Which of the following statements is correct regarding information technology (IT) governance?

A primary goal of IT governance is to balance risk versus return over IT and its processes.

The firewall system that limits access to a computer by routing users to replicated Web pages is

A proxy server.

An entity has many employees that access a database. The database contains sensitive information concerning the customers of the entity and has numerous access points. Access controls prevent employees from entry to those areas of the database for which they have no authorization. All salespersons have certain access permission to customer information. Which statement is true regarding the nature of the controls and risks?

A salesperson's access to customer information should extend only to what is necessary to perform his or her duties.

Which of the following statements is true regarding internal control objectives of information systems?

A secure system may have inherent risks due to management's analysis of trade-offs identified by cost-benefit studies.

Controls in the information technology area are classified into the preventive, detective, and corrective categories. Which of the following is a preventive control?

Access control software.

Dora Jones, an auditor for Farmington Co., noted that the Acme employees were using computers connected to Acme's network by wireless technology. On her next visit to Acme, Jones brought one of Farmington's laptop computers with a wireless network card. When she started the laptop to begin work, Jones noticed that the laptop could view several computers on Acme's network and that she had access to Acme's network files. Which of the following statements is the most likely explanation?

Acme was not using security on the network.

All of the following are correct statements regarding a firewall except

An application firewall is an adequate substitute for a network firewall.

Which of the following is an important senior management responsibility with regard to information systems security?

Assessing exposures.

When a user enters a certain entity's system, a series of questions is asked of the user, including a name and mother's birth date. These questions are primarily intended to provide

Authentication of the user.

The headquarters' computer of a certain entity maintains a matrix of user names and the files/programs the user can access as well as what the user can do to/with the file or program. This matrix is primarily intended to provide

Authorization for processing.

Which of the following security controls may prevent unauthorized access to sensitive data via an unattended workstation connected to a server?

Automatic log-off of inactive users.

A company permits employees to work from home using company-owned laptops. Which of the following competitive advantages does the company most likely obtain as a result of this decision?

Availability.

Which of the following characteristics distinguishes computer processing from manual processing?

Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing.

Some data processing controls relate to all computer processing activities (general controls) and some relate to specific tasks (application controls). General controls include

Controls for documenting and approving programs and changes to programs.

Which of the following statements most accurately describes the impact that automation has on the controls normally present in a manual system?

Controls must be more explicit in a computer-based system because many processing points that present opportunities for human judgment in a manual system are eliminated.

Which of the following is a true statement regarding security over an entity's IT?

Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access.

A company began issuing handheld devices to key executives. Each of the following factors is a reason for requiring changes to the security policy except

Convenience of the device.

A retail store uses batch processing to process sales transactions. The store has batch control total and other control checks embedded in the information processing system of the sales subsystem. While comparing reports, an employee notices that information sent to the subsystem was not fully processed. Which of the following types of controls is being exercised by the employee?

Detective

Review of the audit log is an example of which type of security control?

Detective.

A client who recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name, and the individual's password is the same as the UIC. Users are not required to change their passwords at initial log-in, nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client's computer-access control?

Employees are not required to take regular vacations.

Which of the following is the most effective user account management control in preventing the unauthorized use of a computer system?

Employees are required to renew their accounts semiannually.

The significance of hardware controls is that they

Ensure the proper execution of machine instructions.

Which of the following statements is inconsistent with the key principles of the COBIT 5 framework?

Enterprise governance and management are treated as the same activity.

Which of the following is an electronic device that separates or isolates a network segment from the main network while maintaining the connection between networks?

Firewall

Which of the following risks can be minimized by requiring all employees accessing the information system to use passwords?

Firewall vulnerability.

Which of the following is a network security system that is used to control network traffic and to set up a boundary that prevents traffic from one segment from crossing over to another?

Firewall.

The two broad groupings of information systems control activities are general controls and application controls. General controls include controls

For developing, modifying, and maintaining computer programs.