BEC - IT Questions

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following provides the most reliable form of electronic authentication?

When a digital certificate is requested, an independent background check is completed to confirm the identity of the requesting entity. Thus, a digital certificate provides a higher level of reliability than a digital signature.

IT policies are particularly important in:

IT policies are particularly important in decentralized companies since IT services are likely to be less under the control of management.

Which of the following is least likely to be a benefit of a big data initiative?

it cost savings Big data projects are likely to be expensive. Therefore, IT cost savings from big data are unlikely.

A small accounting firm buys SaaS from a third-party CSP. As a part of this process, the accounting firm regularly requests and receives data about the system's performance of the CSP. This is an example of managing which of the following cloud-computing risks?

lack of CSP transparency This is an example of requiring information from the CSP to ensure transparency.

Which of the following is responsible for overall program logic and functionality?

lead systems analyst This individual is usually responsible for all direct contact with the end user and for developing overall programming logic and functionality.

the state of emerging online payment systems is:

lower costs to sellers

Sweet Caroline's Tasty Treats is deciding where to locate their centralized computer facility. If it is available, they should locate the facility:

middle floor

Which of the following is less likely to occur in a small business than in a large business?

name badges

A fire suppression system in a computer facility

Fire suppression systems in a computer facility should not use halon, because it is an environmental hazard.

Hildegard works at Amazon in the warehouse. What is the screen called that she most likely uses to assemble the goods for customers' orders for shipping?

A picking ticket identifies the items to be pulled for a sales order.

The following customer data is stored in the sales processing system to a regional produce distributor: CustomerNumber, CustomerName, CustomerPhone, CustomerContact, CustomerCreditLimit Which of the following is true?

CustomerNumber is an example of a field (also known as an attribute).

Data control language used in a relational database is most likely to include commands used to control

Which users have various privileges relating to a database. This answer is correct because data control language is composed of commands used to control a database, including controlling which users have various privileges (e.g., who is able to read from and write to various portions of the database).

Which of the following statements about firewalls is NOT true?

"Network firewall" and "application firewall" are two different names for a program designed to prevent and detect unauthorized access to the system. You Answered Correctly! "Application firewalls" are separate and distinct from "network firewalls": the terms definitely do not refer to the same program. Network firewalls perform relatively low-level filtering capabilities; application firewalls have the ability to do much more sophisticated checks and provide much better control

Which of the following techniques would be used to verify that a program was free of unauthorized changes?

A source code comparison program is used to compare an archived version of the program to the program actually in use.

The CPU includes all of the following

ALU. RAM. Control unit

An audit trail is considered what type of control?

An audit trail is considered a processing control.

Which of the following devices "burns" data onto a surface?

An optical disc recorder uses a laser to burn data onto a disk surface.

All of the following are examples of IT changes that have impacted internal control risk

Clouding computing, repurposed computing, blockchain The web, mobile computing, the cloud, and social media. Text analytics, defense in depth, and in-shoring You Answered Correctly! Correct! Each of these factors has changed IT risks.

To maintain effective segregation of duties within the information technology function, an application programmer should have which of the following responsibilities?

Code approved changes to a payroll program.

Which of the following characteristics distinguishes computer processing from manual processing?

Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing. The high degree of accuracy of computer computation virtually eliminates the occurrence of computational errors.

In a client/server environment, the "client" is most likely to be the

Computers of various users. the "client" may be viewed as the computer or workstation of the individual user.

n example of big data?

Dark data. Multifactor identification data. video conferencing data.

Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals?

Data entry and application programming. The separation of the data entry function from the application programming function is critical to the segregation of duties within an IT department. This is because if one both enters data and changes the programs into which those data are entered, one can perpetrate consequential financial frauds. This is why data entry occurs within the operations unit of an IT department and application development occurs within the development function of an IT department. These functions must be kept separate and their duties segregated. Therefore, this is the best answer to the question.

Which of the following is an advantage of decentralized/distributed systems?

Decentralized/distributed systems are more responsive to the needs of the end user. Data transmission costs are greatly reduced. Input/output bottlenecks associated with high traffic periods are largely avoided.

All of the following are potential applications of HMDs except

Generating system logs

Management of a financial services company is considering a strategic decision concerning the expansion of its existing local area network (LAN) to enhance the firm's customer service function. Which of the following aspects of the expanded system is significant strategic issue for management?

How the expanded system can contribute to the firm's long-range business plan. How the expanded system would support daily business operations. How indicators can be developed to measure how well the expanded system achieves its business objectives.

IT facility controls are

IT facility controls are general controls. That is, they are controls over the IT department as a whole. For example, restricting access to the IT department prevents unauthorized individuals from gaining physical access to the system.

Which of the following is an effective control related to personal computing in a small business?

Locking doors when offices are open and removing storage devices to secure locations an important physical security control in a small business environment.

The system that most resembles a managerial accounting, budgeting system is:

MIS take planning information (budgets, forecasts, etc.) data and compare it to actual results in periodic management reports (summary reports, variance reports, and exception reports). Hence, MIS can be considered similar to, and may incorporate, traditional budgeting systems.

secondary storage device?

Magnetic disk. . Flash drives. Optical disc.

Roberta is a programmer who writes applications for Parsnips Health Care. She also has access to the file library. This is a concern because she may:

Make changes to both the live and archive copies of programs. If she changes both live and archive copies of programs, changes that she has made may not be detected.

Acme Corp. uses data on the strength of a user's touch on a keyboard to partially authenticate users. This is an example of:

Multifactor authentication. You Answered Correctly! Correct! Why? Because the system will not use only the user's touch on keyboard, it will also use other authentication metrics (notice the "partially" in the sentence above).

This is an example of B2G

Municipal audit procurement is an example of business to government e-commerce.

Simone works as an airline reservations agent. She mostly likely interacts with a:

OLRT system. You Answered Correctly! (Correct!) An online, real-time system would be appropriate for airline reservations.

Complete the missing words in the following sentence: ____ are actions that implement _____.

Procedures are actions that implement policies.

What is an example of the use of the cloud to access software and programs?

Saas

A hacker breaks into an entity's system but fails to access the information that she seeks. Which of the following statements is correct according to the time-based model of controls?

Security procedures are effective. Preventive controls failed. You Answered Correctly! Correct! Although preventive controls failed in this case, the detective and corrective procedures prevented a loss. Therefore, security procedures are effective even though preventive controls failed.

Which of the following statements is (are) true. I. A greater level of control is necessary in automated than manual systems. II. The uniformity of transaction processing is higher in automated than manual systems.

Statement II is correct. Automated transaction processing results in a greater uniformity of transactions.

Challenges of big data include all of the following

Storage. Quality. Integration.

Categories of computer software

System software. Programming languages. Application software.

benefit of a big data initiative?

Targeted marketing. Improved system monitoring. Better compliance

In DRP, the lowest priority is given to which activities?

Task-critical tasks are given the lowest priority in DRP.

The part of the computer that does most of the data processing is referred to as the

The CPU, the central processing unit, does the primary processing for a computer.

An entity doing business on the Internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except

The use of batch processing is unrelated to attempts to prevent unauthorized intruders from accessing proprietary information. Hence, this alternative would not be used by an organization to prevent unauthorized intruders.

Selling a digitized product can:

Therefore, this is the correct answer since selling a digitized product can reduce costs and improve quality (e.g., some online books are cheaper, include hyperlinks to resources and key terms, and include additional content).

An entity has the following sales orders in a batch: Invoice# Product Quantity Unit Price 101 K 10 50 $ 5.00 102 M 15 100 $10.00 103 P 20 150 $25.00 104 Q 25 200 $30.00 105 T 30 250 $35.00 Which of the following numbers represents the record count?

This answer is correct because a record count is simply a count of the number of records in a batch. 5

Which of the following would provide the most security for sensitive data stored on a personal computer?

This answer is correct because encryption involves coding of the data files and, accordingly, encrypted sensitive data provides security because the files cannot be read by those without knowledge of the encryption code. Encrypting data files on the computer.

Peetie's Pet Care has a system that examines large data sets to determine patterns in clients' use of its facilities. This is most likely an example of:

This is a data-drive DSS that is engaging in data mining.

Which of the following types of systems would you use to record the number of hours worked during the current pay period for each of your employees?

Transaction processing systems (TPSs) support the day-to-day activities of the business (purchasing of goods and services, manufacturing activities, sales to customers, cash collections, payroll, etc.).

In the accounting cycle, closing journal entries:

Transfer balances in temporary accounts to retained earnings.

Which of the following is not considered to be an electronic funds transfer (EFT) transaction?

cash cards Cash cards do not involve bank clearing processes and are not considered to be EFT transactions.

Management of a company has a lack of segregation of duties within the application environment, with programmers having access to development and production. The programmers have the ability to implement application code changes into production without monitoring or a quality assurance function. This is considered a deficiency in which of the following areas?

change control The management of changes to applications is part of the Source Program Library Management System (SPLMS).

Which of the following implementation approaches has been described as "sink or swim?"

cold turkey Also called the plunge or big bang approach. The old system is dropped and the new system is put in place all at once.q

Robert the Grievous is reading an online summary production cost report and wants to know why the cost of sprockets, used in constructing orbital sanders, is so high. Robert most likely needs to:

drill down He needs to move from summary to detailed information to determine its cause.

This system is most likely to include external data.

ess

The state of emerging online payment systems is:

lower cost to sellers

_____ is the foundation of systems reliability.

security According to the AICPA ASEC principles, security is the foundation of systems reliability.

More than one file may be stored on a single magnetic disc. Several programs may be in the core storage unit simultaneously. In both cases it is important to prevent the mixing of data. One way to do this is to use

the primary purpose of boundary protection is to prevent the mixing of data on a magnetic memory disc and a core storage unit.

What is the correct ascending hierarchy of data in a system?

Specifically, a character has fewer pieces of data than does a field. A field has fewer pieces of data than does a record. And a record has fewer pieces of data than does a file.

Which of the following items would be most critical to include in a systems specification document for a financial report?

Specifying the required data elements would be a critical activity in determining the attributes of a document in a financial reporting system.

The widespread adoption of the IoT will:

Speed the adoption of automated authentication. This is true because, with the widespread data provided by electronic devices, there will be less need for user authentication by password.

Stagger Lee pretended to be an accountant in the payroll department to gain access to the Wichita Lineman Electrical Services Co. accounting system. This is an example of:

Spoofing

Which of the following statements is true regarding small business computing?

Spreadsheets should be reviewed and tested by an independent third party.

Which of the following statements is correct? I. An important advantage of flat file systems is that they are program independent. II. Flat file systems contain little data redundancy.

Statement one is incorrect because, while flat file systems do contain program independence, this is seen as a disadvantage not an advantage. This is because the program independence of flat file systems means that multiple programs must be used to read, access and process the data. Statement II is incorrect because flat file systems contain a high degree of data redundancy.

risk of e-commerce?

System availability. Nonrepudiation. Failure of trust in trading partners. Integrity. Authentication. Security and confidentiality.

Which of the following is a category of computer software?

System software. Programming languages. Application software.

electronic funds transfer (EFT) transaction

Direct deposit of payroll payments into the employee's bank account. Automated teller machine (ATM) transactions. Credit card payment initiated from a POS terminal.

At this stage, we purchase hardware:

design and development Technical architecture specification and a systems model occur at the design stage. During development, programmers use the design specifications to develop the program and data files.

Which of the following is true of batch processing? I. In batch processing, data is captured in a transaction file as transactions occur. II. Periodically (once a day, once a week, etc.), the group of transactions in the transaction file are edited, sorted, and then the transactions are used to update the master file.

2 In batch processing, transactions are first gathered together in a group and then keyed into a transaction file. Periodically, the transaction file is edited, sorted, and then the transactions are used to update the master file.

A type of malware designed to let the attacker bypass the normal user authentication process (e.g., enter username and password) and enter the user's system is

A back door is a program that allows an unauthorized user to gain access to the system by side-stepping the normal logon procedures.

A cloud computing system solution integrates which of the following elements?

A business process, a deployment model, and a service delivery model Effective cloud solutions require considering and integrating a relevant business process, a deployment model and a service delivery model.

Rollins Corporation uses batch processing for its accounting system. During a recent monthly payroll processing run, it experienced a power failure that corrupted the payroll database. Which of the following controls will be most useful to the company in recovering from this failure?

A checkpoint/restart control would be an appropriate way to reprocess only those transactions that took place after the last valid run.

An internal cloud is:

A cloud that is behind an entity's firewall. Although an internal cloud has many other elements, one essential element is that it is protected by an entity's firewall.

Which of the following terms refers to a site that has been identified and maintained by the organization as a data processing disaster recovery site but has not been stocked with equipment?

A cold site is created and maintained as a site for disaster recovery, but is not stocked with equipment. Therefore, this is the best answer to this question.

One of the major problems in a computer system is that incompatible functions may be performed by the same individual. One compensating control for this is use of

A computer log. You Answered Correctly! This answer is correct because the use of a computer log will allow a review of an individual's access to the system.

Space Cowboy Amusements operates amusement parks throughout the U.S. Its chief technology officer, Steve Miller, wants to implement a system that allows for more customization to meet the needs of location operations. It most likely will implement:

A concern for customized systems would suggest the use of a decentralized system.

cycle times

A cycle time in manufacturing is the time required to produce an order. In computer science, it is the time between one random access memory event to the next. Neither of these definitions is relevant to the IoT.

A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments is known as

A data mart is focused on a particular market or purpose and contains only information specific to that objective.

A data warehouse differs from a data mart because

A data mart supports specific needs. You Answered Correctly! A data mart is more specialized than a data warehouse. The data mart is often constructed to support specific needs of subunits of an organization.

Which of the following is true in regard to data warehouses? I. The bulk of the data found in a data warehouse comprises historical operational data. II. Pattern recognition is one of the principal functionalities offered by data mining software.

A data warehouse is a database archive of an organization's operational transactions (sales, purchases, production, payroll, etc.) over a period of years; external data that might be correlated with these transactions, such as economic indicators, stock prices, and exchange rates, are also included. Pattern recognition is a major component of data mining software: data mining is the process of performing statistical analysis and automatically searching for patterns in large volumes of data.

A company's web server has been overwhelmed with a sudden surge of false requests that caused the server to crash. The company has most likely been the target of

A denial of service attack. You Answered Correctly! In a denial of service attack, servers are overwhelmed with incomplete access requests, causing them to hang, zombie like, in a living, though brain-dead, useless state.

Which of the following is true about denial-of-service attacks? I. A denial-of-service attack takes advantage of a network communications protocol to tie up the server's communication ports so that legitimate users cannot gain access to the server. II. If the denial-of-service attack is successful, the attacker can gain access to unprotected resources on the server.

A denial-of-service attack prevents legitimate users from accessing the system by flooding the server with hundreds of incomplete access requests. The object of the attack is to prevent access to the system: the attacker does not actually gain access to information on the system.

Which of the following can be used to authenticate messages transmitted in a networked environment?

A digital signature uses public/private key encryption technology to provide a means of authenticating messages delivered in a networked environment.

_____ systems include redundancy of components.

A fault tolerant system includes redundant components.

Which of the following structures refers to the collection of data for all vendors in a relational data base?

A file would contain the collection of data for all vendors in a relational database. This would also be called a table in a relational database. Therefore, this is the best answer.

Cecilia's Breaking My Heart dating service seeks to implement a system that distributes processing to local units but also maintains a centralized database. This is an example of:

A hybrid system.

In a computer-based system, the equivalent of a subsidiary ledger is a

A master file holds account and account balance information and is roughly equivalent to a ledger (or subsidiary ledger) in a manual system.

Hamish works in a factory that builds tractors in Des Moines, Iowa. He wants to get a B352 sprocket that is needed in building a X793 tractor. The document, form, or screen that would authorize this action is:

A materials requisition, also called a "materials transfer ticket," would authorize Hamish to move the sprocket from raw materials to production.

A poor quality connection caused extensive line noise, resulting in faulty data transmission. Which of the following controls is most likely to detect this condition?

A parity check is designed to detect errors in data transmission.

Which of the following terms best describes a payroll system?

A payroll system is an example of a transaction processing system.

Reggie is the purchasing agent for a wholesale paint store (Ye Ol' Paint Pots). Reggie's cousin, Earl-the-Earl, owns a small paint store. Reggie arranged for paint to be delivered to Earl-the-Earl's stores from paint manufacturers, thereby allowing Earl-the-Earl to get the paint at a wholesale (cheaper) price, which violates a policy of the Ye Ol' Paint Pots. Reggie was most likely able to violate this policy because of a failure in Ye Ol' Paint Pots' controls related to:

A purchase order formally requests a supplier to sell and deliver specified products at designated prices. Better controls over this document would most likely have caught this violation of policy.

The most important document in the billing process is the

A sales (or customer) invoice documents a sale and the billing of the customer for the sale.

Which of the following solutions creates an encrypted communication tunnel across the Internet for the purpose of allowing a remote user secure access to the network?

A virtual private network (VPN) is a secure way to create an encrypted communication tunnel to allow remote users secure access to a network. The VPN uses authentication to identify users and encryption to prevent unauthorized users from intercepting data.

The most appropriate type of network for a company that needs its network to function inexpensively in widely separated geographical areas is

A wide area network (WAN) is the best kind of network because it can connect many sites located across a broad geographical distance.

According to the AICPA ASEC, GAPP are:

According to the AICPA ASEC principles, GAPP is a set of criteria to guide best practices related to data privacy.

_____ concerns whether the system is operational and usable as specified in commitments and agreements.

According to the AICPA ASEC principles, this is the definition of availability.

_____ concerns whether confidential information is protected consistent with the organization's commitments and agreements.

According to the AICPA ASEC principles, this is the definition of confidentiality.

______ addresses whether the collection, use, retention, disclosure, and disposal of personal information is consistent with the entity's commitments and with GAPP.

According to the AICPA ASEC principles, this is the definition of privacy.

_____ concerns the completeness, validity, accuracy, timeliness, and authorization of system process.

According to the AICPA ASEC principles, this is the definition of processing integrity.

In COBIT, the process of identifying automated solutions falls within the ________ control process domain.

Acquire and implement. The process of identifying automated solutions does fall within the acquire and implement control process domain.

When designing the physical layout of a data processing center, which of the following would be least likely to be a necessary control?

Adequate physical layout space for the operating system. an operating system ordinarily requires no physical layout space since it represents software within a computer.

After changes to a source program have been made and verified, it moves to

After changes and verification to those changes, source programs move into production.

Harold is a sales person at a jeweler. His friend Robert wants to buy a ring for his fiancée. Who should establish the credit limit for Robert's purchase?

Allowing the credit manager to set the credit limit is most likely to result in following organizational policy related to the setting of customer credit limits.

Happy's Nutty Clownery ordered 82 bags of balloons from a supplier but received only 28. Which of the following controls is most likely to have caught this error?

An automated receiving system that includes multiple points of scanning of received goods You Answered Correctly! (Correct!) An automated receiving system that includes multiple scans of received goods is likely to have caught this error.

A client would like to implement a management information system that integrates all functional areas within an organization to allow information exchange and collaboration among all parties involved in business operations. Which of the following systems is most effective for this application?

An enterprise resource planning system. You Answered Correctly! ERPs provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ERPs attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions. This is the correct answer since facilitating information exchange and collaboration is the primary purpose of the proposed system.

Which of the following is an example of a report that would be produced by a management information system (MIS) as opposed to an accounting information system (AIS)?

An exception report that lists all days when production volume was more than 10% over or under the planned level of production for the day. Production volume data and planned (budgeted) production data do not generate debits and credits and are not part of most accounting information systems (AISs). This type of information is, however, frequently used by mid-level managers to support daily operations and is included in most management information systems (MISs).

Each of the following is a desirable characteristic of IT policies

An owner is responsible for the policy. Should include a statement of purpose and a title. Should be linked to strategy and objectives.

Each of the following is an enabler of big data

Analytics. Dark data. IoT.

Which of the following statements related to IT policy monitoring is true

Analyzing help calls can be useful in improving policy compliance. Internal audit staff may be involved in policy monitoring. Monitoring may be continuous or periodic.

In business information systems, the term "stakeholder" refers to which of the following parties?

Anyone in the organization who has a role in creating or using the documents and data stored on the computers or networks. You Answered Correctly! The "stakeholders" in an IT environment include both the IT personnel responsible for developing and maintaining the system as well as the personnel from all areas of the organization, who are the end users of the systems. In extranet environments, these end users may also include customers and suppliers who access data relevant to their activities with the organization online.

Roles for accountants in big data include all of the following

Assessing the quality and integrity of big data. Integrating big data into evaluations of internal control.. Data scientists. You Answered Correctly! (Correct!) While accountants may have a role in designing big data systems, they will not hold responsibility for building them.

During the annual audit, it was learned from an interview with the controller that the accounting system was programmed to use a batch processing method and a detailed posting type. This would mean that individual transactions were

Assigned to groups before posting, and each transaction had its own line entry in the appropriate ledger.

Managing cyber risks requires:

Attempting to prevent cyber breaching but addressing those that occur through detective and corrective controls. Organizations attempt to prevent cyber breaches but address those that occur through detective and corrective controls.

If complete segregation of duties is impossible in a small business, which two functions should be potentially combined?

Authorization and review/auditing. You Answered Correctly! Combining the authorization and review/auditing functions, while not desirable, is the least risky option and is recommended, if necessary for cost reasons, in small business systems.

Which of the following critical accounting function is most likely to be absent in a small business computing environment?

Authorization is most likely to be absent in a small business computing environment. There is a great need for third-party review and testing within the small business computing environment.

Each of the following is an enabler of big data except:

Big data uses existing data warehouses. but data warehousing is not a direct enabler of big data.

In walking through O'Hare airport in Chicago, you notice a man talking into an ear piece. The communication between the ear piece and the man's cell phone mostly likely uses which transmission media and protocol?

Bluetooth is designed for exactly this scenario, i.e., short-range, low power communication, for example, between an ear piece and a cell phone.

Which of the following is true regarding public/private key encryption?

Both the public and private keys can be used to encrypt and decrypt messages. Both the public and private keys can be used to encrypt and decrypt messages, although the public key can only decrypt messages encrypted using the private key and vice versa.

What is a major disadvantage of using a private key to encrypt data?

Both the sender and receiver must have the private key before this encryption method will work. This answer is correct. In order to decrypt a message encrypted via private key encryption (also known as single key encryption), both the sender and the receiver must have access to the key, as a single key is used both to encrypt (run the encryption algorithm "forward") and decrypt (run the encryption algorithm "backward"). This is a disadvantage because the transmission of the key is inherently insecure.

Bacchus, Inc. is a large multinational corporation with various business units around the world. After a fire destroyed the corporate headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery?

Business continuity planning will help the business recover after a fire.

Vindaloo Corporation wants data storage for a large volume of data that is unlikely to change often. They should consider using

CD-ROM is the best choice of the available answers. It can handle a large volume of data and is suited to data that changes infrequently.

Control Objectives for Information and Related Technology (COBIT) provides a framework for

COBIT provides a framework for IT governance and management of enterprise IT.

Big data:

Changes an entity's risk profile. adds a new set of risks to an entity and changes some existing risks.

benefit of mobile computing?

Cheaper data capture. Better organizational information quality . Better integration with cloud-based system applications. You Answered Correctly! Mobile computing increases, not decreases, usability issues since systems must be redesigned for display and data entry on small screens.

A checkpoint is used mostly in _____ systems.

Checkpoints are mostly used in batch systems. The use of checkpoint and restart is an important backup procedure.

Rootin' Roberta of Sharpie Shooters Range Corp. is charged with replacing the computer used in the accounting system. She wants a quick boot time and fast access to storage. She doesn't need a lot of storage, but she wants maximum security in storage. She should consider purchasing:

Computers that primary rely on SSD storage. You Answered Correctly! (Correct!) Solid state drive (SSD) storage has the desired characteristics.

Reconciling the accounts receivable control and subsidiary accounts is useful in ensuring that:

Correct. Because credit sales should appear in the subsidiary ledger (and obviously, in aggregate, in the control account), this activity will be useful in determining that all credit sales are recorded. All credit sales transactions are recorded.

Today organizations are using microcomputers for data presentation because microcomputer use, compared to mainframe use, is more

Cost effective. You Answered Correctly! This answer is correct. In cooperative processing, microcomputers are more cost effective than mainframes for data entry and presentation because microcomputers are better suited to frequent screen updating and graphical user interfaces.

Which of the following is not an advantage of decentralized/distributed systems?

Data security is enhanced. You Answered Correctly! Because data processing in decentralized/distributed systems is carried out at multiple locations instead of a single, centralized location, these systems are inherently less secure than centralized systems.

An organization implements an integrated package of authentication controls related to its critical systems. This is an example of:

Defense in depth includes the implementation of multiple control layers.

When designing the physical layout of a data processing center, which of the following would be likely to be a necessary control?

Design of controls to restrict access. Inclusions of an adequate power supply system with surge protection. Consideration of risks related to other uses of electricity in the area.

What is the role of the systems analyst in an IT environment?

Designing systems, prepares specifications for programmers, and serves as intermediary between users and programmers.

Which of the following tasks comes first in business continuity management (BCM)?

Determine business continuity strategies is the third step in BCM but it is the earliest procedure listed for this question.

Which of the following controls is usually found in batch processing systems?

Financial control totals. Check digits. Limit checks.

Mr. Shankley's Medical Services Corp. operates in all states and territories of the U.S. It is developing a new patient relationship management system. The system is approaching completion and is behind schedule. Which of the following implementation methods would be potentially fastest but also involve the most risk?

Direct cutover would be the riskiest, since all locations would implement simultaneously.

Maxwell's House of Fun asks suppliers to submit proposals to provide its never-ending need for silver hammers. This is an example of:

E-procurement. You Answered Correctly! (Correct!) This is an example of e-procurement, in which a company seeks bids to provide a product or service.

Which of the following best defines electronic data interchange (EDI) transactions in business applications?

Electronic business information is exchanged between two or more businesses.

A manufacturing company that wants to be able to place material orders more efficiently most likely would utilize which of the following?

Electronic data interchange (EDI) allows companies to place orders with their suppliers electronically. This reduces the costs associated with producing, distributing, and managing the paperwork associated with a traditional ordering system and dramatically reduces the amount of time required to receive and process the order.

e-commerce system?

Electronic data interchange (EDI). Supply chain management (SCM). Electronic funds transfer (EFT). You Answered Correctly! Customer relationship management (CRM) systems are e-business systems, but are not e-commerce systems, because they are used primarily for internal operations.

A client that recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name, and the individual's password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements reflect a limitation of the client's computer-access control?

Employees can easily guess fellow employees' passwords. Employees are not required to change passwords. Employees can circumvent procedures to segregate duties.

Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI) system?

Encryption can be used to ensure the privacy and security of EDI messages both during transmission and when stored. Hardware-based encryption is inherently more secure than software-based encryption, as software can be more easily accessed and altered than hardware. Encryption performed by a physically secure hardware device is more secure than encryption performed by software.

Which of the following is responsible for identifying problems and proposing initial solutions?

End users. You Answered Correctly! This group has the primary responsibility of identifying problems and proposing initial solutions.

Checkpoint auto leasing is a small company with six employees. The best action that it can take to increase its internal control effectiveness is

Engage the owner in direct participation in the activities, including financial record-keeping, of the business. You Answered Correctly! This is the best answer since engaging the owner in the activities of the business is an important compensating control in small organizations.

A company has a significant e-commerce presence and self-hosts its website. To assure continuity in the event of a natural disaster, the firm should adopt which of the following strategies?

Establish off-site mirrored web server. You Answered Correctly! Mirroring is a high-cost, high-reliability approach to backup that is common in e-commerce applications. Of the offered alternatives in this question, this is the best approach to assuring the continuous delivery of services despite a natural disaster.

Problems associated with e-commerce in general include all of the following except

Establishing contractual agreements between trading partners Most e-commerce transactions are not based on prior contractual agreements between trading partners.

usually found in batch processing systems?

Financial control totals. Check digits. Limit checks.

The Board of Directors of Martin Manufacturing Enterprises, Inc. is meeting to consider whether they should expand their manufacturing facilities to include a product line. Although the company's current financial position and sales potential for existing products are part of the information the Board must consider, of even greater importance is external information concerning economic conditions, market projects for the new product, the cost of long-term financing alternatives, and information about potential competitors. The Board of Directors' decision process would be best supported by a

Executive support systems (ESSs) are a subset of DSS that are especially designed for forecasting and making long-range, strategic decisions, and they place greater emphasis on external data. The need to consider a large proportion of external information in the decision process makes an executive support system (ESS) the best choice listed.

Which of the following cycles does have accounting information that is recorded into the general ledger reporting system?

Expenditure. Production. Revenue.

Which of the following technologies is specifically designed to exchange financial information over the World Wide Web?

Extensible business reporting language (XBRL). XBRL is specifically designed to exchange financial information over the World Wide Web.

type of IT outsourcing:

External, public cloud Internal, public cloud External, private cloud

A start-up company seeks to build a wired LAN in its building. Cost is unimportant; security and speed are critical. The company should consider using:

Fiber optic cable is a higher-cost, higher-quality choice for a wired network.

firewalls

Firewalls frequently include both a hardware component and a software component. Firewalls screen data packets to determine if they are acceptable or unacceptable and block unacceptable packets from the system. Application firewalls, in addition to monitoring data packets, control the execution of programs and examine the handling of data by specific applications. "Application firewalls" are separate and distinct from "network firewalls": the terms definitely do not refer to the same program. Network firewalls perform relatively low-level filtering capabilities; application firewalls have the ability to do much more sophisticated checks and provide much better control.

Which of the following statements about firewalls is true?

Firewalls frequently include both a hardware component and a software component. Firewalls screen data packets to determine if they are acceptable or unacceptable and block unacceptable packets from the system. Application firewalls, in addition to monitoring data packets, control the execution of programs and examine the handling of data by specific applications. .

Bad, Bad, Leroy Brown Corp., a BBQ food chain based in Kansas City, MO is building a new customer relationship management (CRM) system. In transitioning between phases in the SDLC, the company must obtain and document:

Formal approval is necessary before moving into the next phase.

The Internet is made up of a series of networks which include

Gateways connect Internet computers of dissimilar networks. Gateways to allow mainframe computers to connect to personal computers.

Governance is primarily the responsibility of:

Governance is primarily the responsibility of the board of directors.

One important purpose of COBIT is to

Guide managers, users, and auditors to adopt best practices related to the management of information technology.

All of the following are examples of IT changes that have impacted internal control risk except:

Hackers, crackers, flappers, and wrappers.

Big data initiatives should:

Have a strong governance structure.

In an accounting system, a header can be used to

Headers are used to identify data records in an accounting system file.

Management of a financial services company is considering a strategic decision concerning the expansion of its existing local area network (LAN) to enhance the firm's customer service function. Which of the following aspects of the expanded system is the significant strategic issue for management?

How the expanded system can contribute to the firm's long-range business plan. How the expanded system would support daily business operations. How indicators can be developed to measure how well the expanded system achieves its business objectives.

Management of a financial services company is considering a strategic decision concerning the expansion of its existing local area network (LAN) to enhance the firm's customer service function. Which of the following aspects of the expanded system is the least significant strategic issue for management?

How the expanded system will contribute to the reduction of operating costs. You Answered Correctly! This answer is correct. Cutting costs, per se, is the least important issue. Payoff, or return on costs, is a more relevant strategic consideration.

which of the following roles is responsible for prioritizing systems development proposals?

IT steering committee This group's principal duty is to approve and prioritize systems proposals for development.

In which of the following stages of computer system development would training occur?

Implementation phase. You Answered Correctly! Note: Most systems' life cycle descriptions call this phase the installation and operation phase. During this phase, the users are trained on the new system, the data is converted from the old system to the new system, and the system is moved from the program development area to the production library.

A controller is developing a disaster recovery plan for a corporation's computer systems. In the event of a disaster that makes the company's facilities unusable, the controller has arranged for the use of an alternate location and the delivery of duplicate computer hardware to this alternate location. Which of the following recovery plans would best describe this arrangement?

In a cold site approach to disaster recovery, hardware and records are delivered after the occurrence of a disaster. This approach is less expensive, but more risky than a hot site approach.

Bob sends a message using asymmetric key to Cassie. In this exchange, who holds the private key:

In asymmetric encryption, the receiver (Cassie) has the private key.

An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems?

Increased responsiveness and flexibility while aiding in the decision-making process. Improving responsiveness and flexibility, and aiding the decision-making processes in an organization, are important goals of an ERP system. Hence, this is the best answer.

QuikStop, Inc., a local convenience store chain, is planning to install point-of-sale (POS) systems in all eight of its locations by the end of the year. In the first year or so of operation, QuikStop can reasonably expect to experience all of the following

Increases in order processing efficiency. Increases in order processing accuracy. Decreases in total inventory carrying costs. The reduction in inventory levels results in more frequent ordering for smaller quantities. This, in turn, leads to higher total inventory order costs.

According to the AICPA ASEC, the requirement of notice related to privacy states:

Individuals must be told about privacy policies including why information is collected, used, retained, and disclosed.

Automating security systems changes:

Internal controls. You Answered Correctly! Correct! Control over access to systems is a part of accounting controls.

Internal disk labels are physically read by

Internal disk labels are read by software.

true statements

Intranets are implemented using Internet protocols. Training time for intranet-based applications is usually lower than training for similar programs using a traditional LAN interface.. Intranets are often used to connect geographically separate LANs within a company. Intranets usually require a username and password in order to access the system

Which of the following is the primary advantage of using a value-added network (VAN)?

It provides increased security for data transmissions. This is the best answer because increased security is a common motivation for the use of a value-added network.

After journal entries are recorded, they are posted to:

Journal entries are first recorded in general journals. Then they are posted to ledger accounts.

Consider the following statements: I. LANs use dedicated lines. II. WANs use dedicated lines.

LANs use dedicated lines, but WANs use public or shared lines. Hence, I is true, but II is not.

A distributed processing environment would be most beneficial in which of the following situations?

Large volumes of data are generated at many locations and fast access is required. This answer is correct because a distributed data processing system is useful when processing is done in multiple locations. It enables processing of a large volume of transactions and fast access to data.

In applying COSO to cyber risks, managing cyber risks should begin with:

Managing cyber risks begins with identifying system value and protecting systems according to their value.

In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?

Managing remote access. Managing remote access is an appropriate responsibility for a network administrator.

Which of the following is true about master files?

Master files are the computerized counterpart of ledgers found in manual systems. You Answered Correctly! Master files maintain balances by accounts (financial statement accounts, customer accounts, vendor accounts, etc.), just as ledgers do in manual systems.

In DRP, top priority is given to which activities?

Mission-critical tasks are given first priority in DRP.

IT people controls are mostly

Most IT people controls are general and preventive. For example, the segregation of duties prevents employees from making unauthorized changes to program and data files.

Which of the following transaction processing modes provides the most accurate and complete information for decision making

Online processing provides the most up-to-date and complete information for decision making. Therefore, this is the best answer to this question.

Which of the following statements about processing methodologies is true?

Online real-time processing is especially desirable when transactions occur continuously and are interdependent. Online real-time processing is especially desirable when transactions occur continuously and are interdependent. Batch processing is especially desirable when transactions occur periodically and are independent.

this system is sometimes also called a TPS.

Operational systems are sometimes called TPS (transaction processing systems).

burns" data onto a surface?

Optical disc recorder. You Answered Correctly! An optical disc recorder uses a laser to burn data onto a disk surface.

HMDs:

Partly result from the IoT. HMDs attach sensors to glasses or helmets and are therefore a type of IoT device.

Which of the following cycles does not have accounting information that is recorded into the general ledger reporting system?

Planning. You Answered Correctly! The general ledger contains all the accounts present in the financial statements; thus, any transactions which are reported in the financial statements must be recorded in the general ledger. Transactions in the planning cycle are used to produce the various budgets used to manage the company, but do not affect any of the actual accounts found on the financial statements. Because of this, they are not recorded in the general ledger.

Which of the following statements related to IT policy monitoring is false?

Policy monitoring is particularly important in centralized entities. You Answered Correctly! Correct! There is no reason why monitoring IT policies is particularly important in centralized entities. Because this is a false statement, it is the correct answer.

The performance audit report of an information technology department indicated that the department lacked a disaster recovery plan. Which of the following steps should management take first to correct this condition?

Prepare a statement of responsibilities for the tasks included in a disaster recovery plan. You Answered Correctly! This would be a logical first step toward the creation of a disaster recovery plan.

Problems associated with e-commerce in general include all of the following

Problems in establishing identity and authenticity. Maintaining privacy of customer information. Effecting a secure exchange of payment for the goods/services.

Each of the listed IT policies is matched to its description

Quality—statement of IT performance standards. Electronic communications use—policy related to employ use of the Internet, intranet, email, and so on. Security—related to guarding against physical or electronic threats to IT.

All of the following are potential applications of HMDs

Real-time system monitoring. . Visualizing. Video conferencing.

Mark Chen was recently hired by the Rollins Company at a monthly salary of $1,800. When his employee information was entered into the company's personnel system, his monthly salary amount was entered correctly, but he was inadvertently classified as an hourly employee. Which of the following controls would be most likely to detect this error?

Reasonableness checks look at the values in two related fields to ensure that they make sense as a unit; for example, Mark's $1,800 rate is reasonable and his assignment as an hourly employee could be reasonable, but the combination of the two fields ($1,800 hourly rate) is unreasonable.

An employee mistakenly enters April 31 in the date field. Which of the following programmed edit checks offers the best solution for detecting this error?

Reasonableness. You Answered Correctly! April has only 30 days. The reasonableness test will catch this error.

online/real-time transaction processing systems?

Records are usually updated as transactions occur. Random access storage devices are normally required. Errors are captured and corrected as the transaction occurs. You Answered Correctly! Online/real-time systems are updated as transactions occur and consequently require networked information systems based on random access storage devices. Because the information system is updated immediately, errors are detected as soon as the transaction occurs.

James Victor's Snickers Joke House hires illegal workers. Which of the core activities of the HR department should have identified and prevented this violation of law?

Recruiting and hiring employees. You Answered Correctly! (Correct!) This is the function that should have determined whether the hired workers could legally be employed.

potential applications of HMDs

Reduced privacy. Data storage. Risk exposure.

Which of the following is a major motivation for the adoption of new payment systems?

Reducing abandonment rates. You Answered Correctly! Correct! This statement is true. Reducing the rates at which customers abandon purchases at checkout is a major motivation for adopting new payment systems.

Requiring direct deposits instead of paying employees by checks improves accounting controls by:

Reducing the likelihood of the theft of payroll payments. Direct deposits move directly to employees' accounts, thereby lessening the likelihood that checks are deposited by someone other than employees.

Which of the following is a benefit of using an electronic data interchange (EDI) system?

Reduction in the ordering costs. Faster transaction processing. Reduction in the lead time between placing the order and receiving the goods. You Answered Correctly! EDI does not necessarily reduce the number of suppliers a company works with.

Reggie is the purchasing agent for a wholesale paint store (Ye Ol' Paint Pots) that sells only to large chains. Reggie's cousin, Earl the Earl, owns a small paint store. Reggie arranged for paint to be delivered from paint manufacturers to Earl the Earl's store, thereby allowing Earl the Earl to get the paint at a wholesale (cheaper) price, which violates a policy of Ye Ol' Paint Pots. The control that is most likely to have prevented this violation of policy is:

Segregation of the receiving function from the purchasing function would help prevent the violation because, if all purchase orders had to be checked in by a separate receiving department, we would detect the mis-delivered order. Requiring purchasing agents to disclose relationships with vendors and purchases

A bank discovers that it has violated federal law in its retention of customer records. Which of the following IT policies should address this violation?

This is a failure of IT policies related to regulatory compliance.

Which of the following is an example of a non-financial transaction?

Sending a purchase order to a vendor to purchase items for re-sale. Sending a purchase order to a vendor to purchase items for re-sale is an example of a non-financial transaction, as it does not require a debit/credit entry in the accounting system (there is no completed transaction, just a request for a transaction).

Which of the following statements best characterizes the function of a physical access control?

Separates unauthorized individuals from computer resources. Physical access controls restrict access to computer hardware, as well as program and data files, to authorized individuals.

Assessments of cyber risk impact:

Should assess the likelihood and severity of impacts and should be led by senior management in consultation with business and IT stakeholders. The initiative should assess likelihood and severity of impact and should be led by senior management in consultation with business and IT stakeholders.

Each of the following is a desirable characteristic of IT policies except:

Should relate to physical or electronic threats to IT This is a false statement. IT policies need not relate specifically to physical or electronic threats to IT.

Which of the following sets of characteristics is most closely associated with online real-time processing?

Single transaction, random processing technology, immediate update. You Answered Correctly! Online real-time processing is characterized by (1) the processing of one transaction at a time; 2) use of random processing technology, and (3) processing of transactions immediately (as they occur).

Database management software is considered:

Software. Middleware

The requirements definition document is signed at this stage:

Systems analysts work with end users to understand and document business processes and system requirements at this stage. All parties sign off on the requirements definition to signify their agreement with the projects goals and processes at this stage.

Rose and McMullin, a regional public accounting firm, has recently accepted a contract to audit On-the-Spot, Inc., a mobile vending service that provides vending machines for large events. On-the-Spot uses a computerized accounting system, portions of which were developed internally to integrate with a standard financial reporting system that was purchased from a consultant. What type of documentation will be most useful to Rose and McMullin in determining how the system as a whole is constructed?

Systems documentation provides an overview of the program and data files, processing logic, and interactions with each of the other programs and systems and is appropriate for the auditor to use as a means of gaining familiarity with the system.

Morgan Property Management, Inc. recently switched from a manual accounting system to a computerized accounting system. The system supports online real-time processing in a networked environment, and six employees have been granted access to various parts of the system in order to perform their jobs. Relative to the manual system, Morgan can expect to see

That functions that had previously been spread across multiple employees have been combined It is common for computerized systems to combine functions that would be considered incompatible in a manual system (for example, in computerized systems, a single employee is often responsible for creating the deposit and posting the transactions to the cash receipts journal, the accounts receivable sub ledger, and the general ledger). This can occur because the system limits the transactions that it is possible for the employee to record, creating a compensating control.

In an accounting information system, which of the following types of computer files most likely would be a master file?

The "inventory subsidiary" is an example of a "ledger." A ledger maintains the balances of some kind of account (accounts receivable subsidiary ledger maintains customer accounts, accounts payable subsidiary ledger maintains vendor accounts, inventory subsidiary ledger maintains product accounts). Ledger files are called "master files" because the individual transaction amounts found in the journals ("transaction files") are used to update the balances in the ledger files: the transaction files contain the detail; the master file contains the totals.

The accounting cycle begins by recording _____________ in the form of journal entries.

The accounting cycle as a sequence of steps begins by recording business transactions.

Hamish works in a factory that builds tractors in Des Moines, Iowa. He can't remember whether the B352 or the C917 sprocket is needed in building a X793 tractor. The document, form, or screen that would help him decide is:

The bill of materials specifies which parts are used in making a product. This is what Hamish needs.

The position responsible for managing the flow of documents and reports in and out of the computer operations department is the

The data control clerk controls the flow of all documents into and out of computer operations.

Which of the following is responsible for designing, creating, and testing programs?

The data control clerk controls the flow of all documents into and out of computer operations.

In a large firm, the custody of an entity's data is most appropriately maintained by which of the following personnel?

The data librarian is the person who should maintain the custody of an entity's data in a large firm.

Which of the following allows a database management system to add new records, delete old records, and update existing records?

The data manipulation language allows the user to add new records, delete old records, and update existing records.

Who is responsible for granting users access to specific data resources?

The database administrator is responsible for establishing user names and authorizing access to specific data files and fields.

Which of the following components of a database is responsible for maintaining the referential integrity of the data in the system?

The database management system (DBMS) controls the storage and retrieval of the information maintained in a database and is responsible for maintaining the referential integrity of the data.

Major Tom's Ground Control Flight Services uses biometrics. The control goal of the use of biometrics is:

The goal of biometrics is to authenticate the user.

A company that sells hand-carved statues from rural Indonesia online is using a ___________ strategy

This is an example of a product differentiation strategy since competitors are unlikely to be able to sell this same product.

Which of the following is true of enterprise resource planning (ERP) systems? I. The online analytical processing system (OLAP) provides data warehouse capabilities for the ERP system. II. The ability of an ERP system to provide an integrated view of transactions in all parts of the system is a function of the online transaction processing (OLTP) system.

The online analytical processing system (OLAP) incorporates data warehouse and data mining capabilities within the ERP. The online transaction processing system (OLTP) records the day-to-day operational transactions and enhances the visibility of these transactions throughout the system. It is primarily the OLAP and not the OLTP, that provides an integrated view of transactions in all parts of the system. The OLTP is primary concerned with collecting data (and not analyzing it) across the organization.

A consortium of accounting firms shares information about security breaches, including descriptions of cyber attackers and the exploitation methods that they use. This is an IT application of the COSO principle of:

The organization communicates with external parties regarding matters affecting the functioning of internal control. The example illustrates external communication (with a consortium of accounting firms) about internal control.

An item in an organization's newsletter describes a fraud in which cyber criminals pretend to be IT staff who are asking about a system's reliability problem. This is an IT application of the COSO principle of:

The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. This statement is true. This is an example of internally communicating information to support the functioning of internal controls.

A new attack involves hacking into medical records and then offering these records for sale on the black market. A medical records company in Brazil learned of this attack and has built controls into its systems to prevent hackers from accessing its systems. This is an IT application of the COSO principle of _______ and evidences _______ controls.

The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. Preventive. You Answered Correctly! Correct! This statement is accurate. The example illustrates external communication (with a consortium of accounting firms) about internal control. In addition, the example does illustrate a preventive control.

Which of the following is not true of a computerized environment as compared to a manual environment?

The potential for systemic errors is substantially reduced in a computerized environment. You Answered Correctly! The potential for systemic errors is increased in a computerized environment.

A brokerage firm has changed a program so as to permit higher transaction volumes. After proper testing of the change, the revised programs were authorized and copied to the production library. This practice is an example of

The practice of authorizing changes, approving tests results, and copying developmental programs to a production library is program change control.

In COBIT, the process of reviewing system response time logs falls within the _______ control process domain.

The process of reviewing system response logs is within the "monitor the processes" (M1) activity, which falls within the "monitor and evaluate" domain. Therefore, this is the correct answer.

in COBIT, the process of reviewing system response time logs falls within the _______ control process domain.

The process of reviewing system response logs is within the "monitor the processes" (M1) activity, which falls within the "monitor and evaluate" domain. Therefore, this is the correct answer.

In COBIT, the process of ensuring security and continuous service falls within the _______ control process domain.

The process of security and continuous service does fall within the deliver and support control process domain.

In August 2013, Google's gmail system went down for many users for about an hour due to multiple network failures in its system. This is most likely an example of:

The risk of even well-managed cloud computing systems. You Answered Correctly! Correct! Gmail is a type of cloud computing system. Its failure is indicative of some of the risks of even well-managed cloud systems.

An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?

This information would contribute to the development of a disaster recovery plan.

Which of the following systems assists with non-routine decisions, serves strategic levels of the organization, and helps answer questions regarding what a company's competitors are doing, as well as identifies new acquisitions that would protect the company from cyclical business swings?

This is the best answer to the question since executive support systems focus on strategic levels of the organization and non-routine questions and include external scanning capabilities.

What is the primary objective of data security controls?

To ensure that storage media are subject to authorization prior to access, change, or destruction. Ensuring that accessing, changing, or destroying storage media is subject to authorization is, in fact, a primary objective of data security controls.

The data control protocol used to control transmissions on the Internet is

Transmission control protocol/Internet protocol (TCP/IP) is the protocol used by the Internet.

Which of the following is a computer program that appears to be legitimate, but performs an illicit activity when it is run?

Trojan horse. You Answered Correctly! A Trojan horse is an apparently legitimate program that contains an unauthorized code that performs malicious activities when the program is run. Trojan horse programs are often used to provide a "back door" to the victim's system, enabling the hacker to gain access to the targeted system.

Which of the following is a low-cost wired transmission medium?

Twisted pair is a low-cost, comparatively low-quality transmission medium.

Which of the following correctly states some of the categories of criteria used to assess IT security principles?

Use and retention, management, quality, access.

When a client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?

User accounts are not removed upon termination of employees. Failing to remove user accounts upon termination of employees is an important control risk, and it is directly relevant to the case facts.

In a small business with only microcomputers, which documentation would be most useful to an untrained user to learn how to correct data errors in a database application?

User documentation should be useful to untrained users.

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?

Validity check. You Answered Correctly! A validity check compares the value entered in a field to a list of valid data values. An error message is displayed if the value is not found on the list.

Each of the listed IT policies is matched to its description except:

Values and service culture—policies for ensuring the quality of live IT services. This is a false statement.The description given is of the "service management and operational service problem solving" policy.

Which of the following strategies is important to managing security over mobile systems?

View-only access is a useful control (i.e., restriction) on the ability of mobile devices to make changes in data.

viral marketing

Viral marketing is the use of e-commerce or e-business to increase brand awareness or sales. Limited growth is a risk of failing to implement e-commerce, not a risk of e-commerce

Encryption protection is likely to be used in which of the following situations?

When wire transfers are made between banks. When confidential data are sent by satellite transmission. When financial data are sent over dedicated leased lines. Various factors need to be considered. Encoding is important when confidential data are transmitted between geographically separated locations that can be electronically monitored. Although LANs may need encryption protection, the type of data and the described communication media make the other options appear more vulnerable.

Which of the following is an advantage of a computer-based system for transaction processing over a manual system? A computer-based system

Will be more efficient at producing financial statements. This answer is correct. Financial statements can be produced more efficiently in a computerized environment than in a manual environment because, once the data has been entered into the computerized system, the preparation of the financial statements only requires arithmetic calculations, which computers perform with great efficiency.

Eleanor Rigby's Crematorium and Pet Custodian Services wants to choose the strongest control method for accessing its systems. Eleanor should choose:

With improving technologies, biometrics are likely the strongest method for accessing systems.

sales data.

You Answered Correctly! (Correct!) This is a traditional accounting data source. Therefore, while these data will find their way into a big data pool (eventually), this is the least likely to be an example of big data, from the offered alternatives.

closed loop verification

You Answered Correctly! Closed loop verification is an input control associated with online real-time systems.

A data warehouse in an example of

a data warehouse is an approach to online analytical processing that combines data into a subject-oriented, integrated collection of data used to support management decision-making processes.

____ is a legal contract that defines responsibility for goods that are in transit.

bill of lading is the authorization for, and terms of, a shipping agreement. It is a legal contract between a seller and a shipper.

In August 2013, Google's gmail system went down for many users for about an hour due to multiple network failures in its system. This is most likely an example of which of the following cloud computing risks?

cloud service provider (CSP, in this case Google) reliability and performance is the most likely risk illustrated in this case.

The multi-location system structure that is sometimes called the "Goldilocks" solution because it seeks to balance design tradeoffs is

distributed This question presumes a knowledge of the Grimms' fairy tale, "The Story of the Three Bears." In the fairy tale, Goldilocks wants her porridge neither too hot, nor too cold. Hence, the "Goldilocks" solution, which is sought by this question in relation to computing and file sharing, is a solution that is neither too centralized, nor too decentralized (metaphorically, neither too hot nor too cold). Hence, this is the correct answer — a compromise between centralized and decentralized computing.

A system in which the end user is responsible for the development and execution of the computer application that he or she uses is referred to as

end-user computing the user is responsible for the development and execution of the computer application that generates the information used by that same user.

In general, information about cyber breaches should be communicated to:

external auditors Information about cyber breaches should be communicated to an entity's external auditors.

Which of the following is an electronic device that separates or isolates a network segment from the main network while maintaining the connection between networks?

firewall a firewall prevents unauthorized users from accessing a network segment.

Which of the following is correct concerning electronic commerce security?

he successful use of a firewall will help assure the security of a firm's computer systems. You Answered Correctly! This answer is correct because a firewall will limit who is able to access a database.

Data conversion occurs at this stage:

implementation The process of moving from the old to the new system occurs at this stage.

A rollback and recovery is used mostly in _____ systems.

online real time Rollback and recovery procedures are common in online real-time systems. Rollback and recovery is an important backup procedure in which periodic snapshots are taken of a master file and, upon detection of a problem, the system reprocesses all transactions that have occurred since the snapshot.

The distribution of reports is considered what type of control?

output

What is an example of the use of the cloud to create software and programs?

paas

In which of the following implementation approaches do the new and old systems run concurrently until it is clear that the new system is working properly?

parallel The new and old systems run concurrently until it is clear that the new system is working properly.

Which of the following is a critical success factor in data mining a large data store?

pattern recognition Data mining is the process of sorting through data maintained in a data warehouse in an effort to identify relationships between data fields or events. These relationships are often classified as sequences (one event leads to another) or associations (one event is correlated with another event). The ability to recognize these patterns is, thus, critical to successful data mining.

Alejandro uses Amazon "one-click." This is an example of:

payment processing

In which of the following implementation approaches is the system divided into modules for implementation?

phased The system is divided into modules that are brought on line one at a time.

In which of the following implementation approaches are users divided into smaller groups and trained on the new system, one group at a time?

pilot Users are divided into groups and are trained on the new system one group at a time.

In which of the following locations should a copy of the accounting system data backup of year-end information be stored?

secure off site location At least one copy of important backup files should be stored in an off-site location so that the data is secure in the event of a disaster at the IT site.

A manufacturing company discovers that its rollback and retention procedures do not include data from a key system related to production quality. Which of the following IT policies should address this violation?

security This problem relates to disaster recovery preparation, which is a subcategory of IT security policies.

Communications between trading partners in an electronic data interchange (EDI) environment are usually

sent through VAN Because of their security and auditing features, VANs remain the most popular means of managing EDI communications.

What document is useful in determining which employee should be assigned a new job duty?

skills inventory report This report would be helpful in matching employee skills (from the report) to the new job duty.

An auditor was examining a client's network and discovered that the users did not have any password protection. Which of the following would be the best example of the type of network password the users should have?

tR34ju78. You Answered Correctly! This answer is correct because good passwords contain a combination of upper- and lowercase letters, numbers, and punctuation symbols. This selection is the best because it contains a combination of numbers and upper- and lowercase letters.

Which of the following types of networks is often utilized to process electronic data interchange (EDI) transactions?

value added network VANs often provide the additional security and addressing capabilities necessary to process EDI transactions.


Kaugnay na mga set ng pag-aaral

Astronomy HW/Practice Exam Questions Unit 3

View Set

Factors that Influence Voter Behavior

View Set

Med Surg 1 Chapter 44 Harrison College 2017

View Set