Module 41 MCQ
37. User acceptance testing is more important in an object-oriented development process than in a traditional environment because of the implications of the a. Absence of traditional design documents. b. Lack of a tracking system for changes. c. Potential for continuous monitoring. d. Inheritance of properties in hierarchies.
d.
27. Which term below describes the technology that allows multiple operating systems to run simultaneously on a single computer? a. Client. b. Mainframe. c. Linux. d. Virtualization.
d.
26. Most current computers process data using which of the following formats? a. Analog. b. Digital. c. Memory enhanced. d. Organic
b.
30. The wireless input device that is used for inventory control and similar to bar-codes technology but does not require line-of sight access is a. MICR. b. RFID. c. Touch screen. d. Point-of-sale recorders.
b.
61. A company using EDI made it a practice to track the functional acknowledgements from trading partners and to issue warning messages if acknowledgements did not occur within a reasonable length of time. What risk was the company attempting to address by this practice? a. Transaction that have not originated from a legitimate trading partner may be inserted into the EDI network. b. Transmission of EDI transactions to trading partners may sometimes fail. c. There may be disagreement between the parties as to whether the EDI transactions form a legal contract. d. EDI data may not be accurately and completely processed by the EDI software.
b.
68. Which of the following is likely to be a benefit of EDI? a. Increased transmission speed of actual documents. b. Improved business relationships with trading partners. c. Decreased liability related to protection of proprietary business data. d. Decreased requirements for backup and contingency planning
b.
8. MIPS stands for a. Memory in protocol standards. b. Millions of instructions per second. c. Mitigating individualistic personnel standards. d. Multiple input physical savings.
b.
85. Which of the following statements is correct concerning internal control when a client is using an electronic data interchange system for its sales? a. Controls should be established over determining that all suppliers are included in the system. b. Encryption controls may help to assure that messages are unreadable to unauthorized person. c. A value-added network (VAN) must be used to assure proper control. d. Attention must be paid to both the electronic and "paper"versions of transactions.
b.
46. Able Co. uses an online sales order processing system to process its sales transactions. Able's sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks MOST likely would be a a. Report of all missing sales invoices. b. File of all rejected sales transactions. c. Printout of all user code numbers and passwords. d. List of all voided shipping documents.
b. Edit checks are used to screen incoming data against established standards of validity, with data that pass all edit checks viewed as "valid" and then processed. Edit check will ordinarily create an output file of rejected transactions.
104. Output controls ensure that the results of computer processing are accurate, complete, and properly distributed which of the following is NOT a typical output control? a. Reviewing the computer processing logs to determine that all of the correct computer jobs executed properly. b. Matching input data with information on master files and placing unmatched items in a suspense file. c. Periodically reconciling output reports to make sure that totals, formats, and critical details are correct and agree with input. d. Maintaining formal procedures and documentation specifying authorized recipients of output reports, checks, or other critical documents.
b. Matching the input data with information held on mater or suspense files is a processing control, not an output control, to ensure that data are complete and accurate during updating.
59. Laptop computers provide automation outside of the normal office location. Which of the following would provide the LEAST security for sensitive data stored on a laptop computer? a. Encryption of data files on the laptop computer. b. Setting up a password for the screensaver program on the laptop computer. c. Using a laptop computer with a removable hard disk drive. d. Using a locking device that can secure the laptop computer to an immovable object.
b. Password protection for a screensaver program can be easily bypassed.
29. Another term for cloud-based storage is a. RAID b. Solid state storage c. Analog. d. Storage-as-a-Service.
d
12. The systems Development Life Cycle (SDLC) is the traditional methodology for developing information systems. In which phase of the SDLC would the activity of identifying the problem(s) that need to be solved MOST likely occur? a. Analysis. b. Implementation. c. Planning. d. Development
c
135. Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group? a. Parity check. b. Validity check. c. Echo check. d. Limit check.
c
16. Which computer application is most frequently used to analyzes numbers and financial information? a. Computer graphics programs. b. WAN applications. c. Spreadsheets. d. Word processing programs.
c
28. What type of secondary storage device requires no moving parts for read/write operations? a. Magnetic tape. b. Compact discs. c. Solid State Drives. d. RAID
c
20. Which of the following compiles a complete translation of a program in a high-level computer language before the program is run for the first time? a. Visual Basic. b. Java c. Algorithm d. Compiler
d.
71. Which of the following risks is NOT greater in an electronic funds transfer (EFT) environment than in a manual system using paper transactions? a. Unauthorized access and activity b. Duplicate transaction processing. c. Higher cost per transaction. d. Inadequate backup and recovery capabilities.
c
95. Many of the Web 2.0 applications rely on an XML-based application that facilitates the sharing and syndication of web content, by subscription, which of the applications below represents this XML application? a. Wiki. b. Blog. c. RSS/Atom Feeds. d. Twitter.
c
48. Mill Co. uses a batch processing method to process its sales transactions. Data on Mill's sales transaction tape are electronically sorted by customer number and are subjected to programmed edit checks in preparing its invoices, sales journals, and updated customer account balances. One of the direct outputs of the creation of this tape MOST likely would be a a. Report showing exceptions and control totals. b. Printout of the updated inventory records. c. Report showing overdue accounts receivable. d. Printout of the sales price master file.
a.
118. Which of the following are essential elements of the audit trail in an EDI system? a. Network and sender/recipient acknowledgements. b. Message directories and header segments. c. Contingency and disaster recovery plans. d. Trading partner security and mailbox code.
a
128. The use of a header label in conjunction with magnetic tape is most likely to prevent errors by the a. Computer operator. b. Keypunch operator. c. Computer programmer. d. Maintenance technician.
a
13. Samco Inc. is in the process of designing a new customer relations system. In which phase of the development life-cycle would a need assessment MOST likely be performed? a. Analysis. b. Design. c. Development. d. Testing.
a
14. Which of the following system implementation models has the advantage of achieving a full operational test of the new system before it is implemented? a. Parallel implementation. b. Plunge implementation. c. Pilot implementation. d. Phase implementation.
a
35. Several language interfaces exist in a database management system. These typically include a data definition language (DDL), a data control language (DCL), a data manipulation language (DML), and a database query language (DQL). What language interface would a database administrator use to establish the structure of database tables? a. DDL. b. DCL. c. DML. d. DQL.
a
73. In traditional information systems, computer operators are generally responsible for backing up software and data files on a regular basis. In distributed or cooperative systems, ensuring that adequate backups are taken is the responsibility of a. User management. b. Systems programmers. c. Data entry clerks. d. Tape librarians.
a
79. Securing client/server system is a complex task because of all of the following factors EXCEPT: a. The use of relational databases. b. The number of access points. c. Concurrent operation of multiple user sessions. d. Widespread data access and update capabilities.
a
115. Which of the following statements is correct concerning internal control in an EDI system? a. Preventive controls generally are more important than detective controls in EDI systems. b. Control objectives for EDI systems generally are different from the objectives for other information systems. c. Internal controls in EDI systems rarely permit control risk to be assessed at below the maximum. d. Internal controls related to the segregation of duties generally are the most important controls in EDI systems.
a.
36. User making database queries often need to combine several tables to get the information they want. One approach to combining tables is known as a. Joining. b. Merging. c. Projecting. d. Pointing
a.
77. Which of the following statements is correct regarding the Internet as a commercially viable network? a. Organizations must use firewalls if they wish to maintain security over internal data. b. Companies must apply to the Internet to gain permission to create a homepage to engage in electronic commerce. c. Companies that wish to engage in electronic commerce on the Internet must meet required security standards established by the coalition of Internet providers. d. All of the above.
a.
89. Which of the following is an example of how specific controls in a database environment may differ from controls in a nondatabase environment? a. Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access. b. Controls over data sharing by diverse users within an entity should be the same for every user. c. The employee who manages the computer hardware should also develop and debug the computer programs. d. Controls can provide assurance that all processed transactions are authorized, but CANNOT verify that all authorized transactions are processed.
a.
9. Which of the following is an example of application software that a large client is most likely to use a. Enterprise resource planning b. Operating system. c. Central processing unit. d. Value-added network.
a.
92. In building an EDI system, what process is used to determine which elements in the entity's computer system correspond to the standard data elements? a. Mapping b. Translation. c. Encryption. d. Decoding.
a.
94. Which of the following is a password security problem? a. Users are assigned passwords when accounts are created, but do NOT change them. b. Users have accounts on several systems with different passwords. c. Users copy their passwords on note paper, which is kept in their wallets. d. Users select passwords that are NOT listed in any online dictionary.
a.
69. The internal auditor is reviewing a new policy on electronic mail. Appropriate elements of such a policy would include all of the following EXCEPT: a. Erasing all employee's electronic mail immediately upon employment termination. b. Encrypting electronic mail messages when transmitted over phone lines. c. Limiting the number of electronic mail packages adopted by the organization. d. Directing that personnel do not send highly sensitive or confidential messages using electronic mail.
a. The company should have access to the business-related e-mail that is left behind. Access t e-mail can also be critical in business or possible criminal investigations. The privacy concerns of the individual case must be mitigated by compelling business interest: the need to follow up on business e-mail and to assist in investigations.
87. Which of the following is usually a benefit of transmitting transactions in an electronic data interchange environment? a. A compressed business cycle with lower year-end receivable balances. b. A reduced need to test computer controls related to sales and collections transactions. c. An increased opportunity to apply statistical sampling techniques to account balances d. No need to rely on third-party service providers to ensure security.
a. The speed at which transactions can occur and be processed electronically results in lower year-end receivables since payments occur so quickly.
101. Almost all commercially marketed software is Copyrighted / Copy protected a. Yes / Yes b. Yes / No c. No / Yes d. No / no
b
116. Which of the following statements is correct concerning the security of messages in an EDI system? a. When the confidentiality of data is the primary risk, message authentication is the referred control rather than encryption. b. Encryption performed by physically secure hardware device is more secure than encryption performed by software. c. Message authentication in EDI systems performs the same function as segregation of duties in other information systems. d. Security at the transaction phase in EDI systems is not necessary because problems at that level will usually be identified by the service provider.
b
127. Which of the following activities would most likely be performed in the information systems department? a. Initiation of changes to master records. b. Conversion of information to machine-readable form. c. Correction of transactional errors. d. Initiation of changes to existing applications.
b
129. For the accounting system of Acme Company, the amounts of cash disbursements entered into a terminal are transmitted to the computer that immediately transmits the amounts back to the terminal for display on the terminal screen. This display enables the operator to a. Establish the validity of the account number. b. Verify the amount was entered accurately. c. Verify the authorization of the disbursement. d. Prevent the overpayment of the account.
b
17. Analysis of data in a database using tools which look for trends or anomalies without knowledge in advance of the meaning of the data is referred to as a. Artificial intelligence b. Data mining. c. Virtual reality. d. Transitory analysis.
b
31. The 2nd generation programming language that is generally specific to a computer architecture (i.e., it is not portable) is a. Binary b. Assembly language c. COBOL d. C++
b
5. An "office suite" of software is LEAST likely to include a(n) a. Database b. Operating system. c. Spreadsheet. d. Word processing.
b
96. Which of the following is not one of the five principles of COBIT 5? a. Meeting stakeholder needs. b. Business processes. c. Covering the enterprise end-to-end. d. Applying a single integrated framework.
b
105. Minimizing the likelihood of unauthorized editing of production programs, job control language, and operating system software can BEST be accomplished by a. Database access reviews. b. Compliance reviews. c. Good change-control procedures. d. Effective network security software.
c
117. Which of the following is an essential element of the audit trail in an EDI system? a. Disaster recovery plans that ensure proper backup of files. b. Encrypted hash totals that authenticate messages. c. Activity logs that indicate failed transactions. d. Hardware security modules that store sensitive data.
c
44. Misstatement in a batch computer system caused by incorrect programs or data may NOT be detected immediately because a. Errors in some transactions may cause rejection of other transactions in the batch. b. The identification of errors in input data typically is NOT part of the program c. There are time delays in processing transactions in a batch system. d. The processing of transactions in a batch system is NOT uniform.
c.
50. In a computerized system, procedure or problem-oriented language is converted to machine language through a(n) a. Interpreter. b. Verifier. c. Compiler. d. Converter.
c.
54. A computer that is designed to provide software and other applications to other computers is referred to as a a. Microcomputer b. Network computer. c. Server. d. Supercomputer
c.
56. The network most frequently used for private operations designed to link computers within widely separated portions of an organization is referred to as a(n) a. Bulletin board service. b. Local area network. c. Wide area network. d. Zero base network.
c.
60. When developing a new computer system that will handle customer orders and process customer payments, a high-level systems design phase would include determination of which of the following? a. How the new system will affect current inventory and general ledger systems. b. How the file layouts will be structured for the customer order records. c. Whether to purchase a turn-key system or modify an existing system. d. Whether formal approval by top management is needed for the new system.
c.
82. Which of the following is considered a component of a local area network? a. Program flowchart. b. Loop verification c. Transmission media. d. Input routine.
c.
88. Which of the following is a network node that is used to improve network traffic and to set up as a boundary that prevents traffic from one segment to cross over to another? a. Router b. Gateway. c. Firewall. d. Heuristic.
c.
80. Which of the following would an auditor ordinarily consider the greatest risk regarding an entity's use of electronic data interchange? a. Authorization of EDI transactions. b. Duplication of EDI transmissions. c. Improper distribution of EDI transactions. d. Elimination of paper documents.
c. An EDI system must include controls to make certain that EDI transactions are processed by the proper entity, using the proper accounts.
66. The use of message encryption software a. Guarantees the secrecy of data. b. Requires manual distribution of keys. c. Increase system overhead. d. Reduces the need for periodic password changes.
c. The machine instruction necessary to encrypt and decrypt data constitute system overhead, which means that processing may be slowed down.
39. All of the following are methods for distributing a relational database across multiple servers EXCEPT: a. Snapshot (making a copy of the database for distribution). b. Replication (creating an maintaining replica copies at multiple locations) c. Normalization (separating the database into logical tables for easier user processing). d. Fragmentation (separating the database into parts and distributing where they are needed.)
c. normalization is a process of dattabase design, not distribution.
112. In a large organization, the biggest risk in not having an adequately staffed information center help desk is a. Increased difficulty in performing application audits. b. Inadequate documentation for application systems. c. Increased likelihood of use of unauthorized program code. d. Persistent errors in user interaction with systems.
d
122. Which of the following security controls would best prevent unauthorized access to sensitive data through an unattended data terminal directly connected to a mainframe? a. Use of a screen saver with a password. b. Use of workstation scripts. c. Encryption of data files. d. Automatic log-off of inactive users.
d
123. An entity has the following invoices in a batch: Invoice # / Product / Quantity / Unit price 201 / F10 / 150 / $5 202 / G15 / 200 / $10 203 / H20 / 250 / $25 204 / K35 / 300 / $30 Which of the following MOST likely represents a hash total? a. FGHK80 b. 4 c. 204 d. 810
d
133. Which of the following input controls is a numeric value computed to provide assurance that the original value has NOT been altered in construction or transmission? a. Hash total. b. Parity check. c. Encryption. d. Check digit.
d
49. Where disk files are used, the grandfather-father-son updating backup concept is relatively difficult to implement because the a. Location of information points on disks is an extremely time-consuming task. b. Magnetic fields and other environmental factors cause off-site storage to be impractical. c. Information must be dumped in the form of hard copy if it is to be reviewed before used in updating. d. Process of updating old records is destructive.
d
99. A company is concerned that a power outage or disaster could impair the computer hardware's ability to function as designed. The company desires off-site backup hardware facilities that are fully configured and ready to operate within several hours. The company MOST likely should consider a a. Cold site. b. Cool site. c. Warm site. d. Hot site.
d
86. Which of the following statements MOST likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files? a. Random error associated with processing similar transactions in different ways is usually greater. b. It is usually more difficult to compare recorded accountability with physical count of assets. c. Attention is focused on the accuracy of the programming process rather than errors in individual transactions. d. It is usually easier for unauthorized person to access and alter the files.
d.
25. Which of the following is LEAST likely to be considered an advantage of a database? a. Easy to store large quantities of information. b. Easy to retrieve information quickly. c. Easy to organize and reorganize information. d. Easy to distribute information to every possible user.
d. A database itself does not make it easy to distribute information to every possible user - information must still be distributed either electronically or physically.
120. Preventing someone with sufficient technical skill from circumventing security procedures and making changes to production programs is BEST accomplished by a. Reviewing reports of jobs completed. b. Comparing production programs with independently controlled copies. c. Running test data periodically. d. Providing suitable segregation of duties.
d. suitable segregation of duties will make such alteration impossible since when duties are separated, users cannot obtain the detailed knowledge of programs and computer operators cannot gain unsupervised access to production programs.