Systems Questions

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which statement best describes how a data governance framework aligns with managing data?

A data governance framework does more than just manage data. It provides a governance system that sets the rules of engagement for management activities.

In any organization, the completion of the first iteration of the human resources and payroll accounting information systems (AIS) cycle implies that at leas which other cycles have completed?

Financing or Revenue

Regarding cyberattacks, which of the following can record the source Internet Protocol (IP) address that was used to attack?

Firewall logs

Which of the following statements is true about a firewall and an intrusion detection system (IDS)?

Firewalls are a complement to an IDS.

Depreciation amount is calculated separately and is then reconciled to which of the following accounting information system (AIS) cycles?

General ledger system

The Control Objectives for Information and Related Technologies (COBIT) framework makes a clear distinction between which two enterprise disciplines?

Governance and management

What result is the most common direct result of a lack of a clear record retention policy?

Growing data repositories with data kept past its useful lifetime

Which of the following regulations include specific requirements for data retention?

HIPAA, PCI-DSS, and GDPR

With multiple frameworks available that include data governance, what feature of the Control Objectives for Information and Related Technologies (COBIT) make it a good fit for organizations primarily interested in establishing links between business and IT goals for data management?

COBIT primarily focuses on security, risk management, and information governance.

All of the following items can help in database system recovery efforts except:

Check digit feature

Which of the following activities would not be part of the data analytics phase of the data life cycle?

Cleansing

How does an accounting information system (AIS) add value to an organization?

Collecting, analyzing, and presenting pertinent information for the primary value chain functions

Which definition best describes a relational database?

Collection of data that is stored logically as a collection of tables, along with a query language that makes it easy to find related data stored in separate tables

What primary characteristic of a relational database has made it the common enterprise database model for the last 40 years?

Common English-like query language

Which of the following is best to replace the use of personal identification numbers (PINs) in the world of automated teller machines (ATMs)?

Iris-detection technology

In the absence of a clear record retention policy, what are the most common respective negative impacts from under-retaining and over-retaining records?

Lack of evidence for investigations and excessive storage space use

Explain how data shared between financial and nonfinancial systems, each with different data input domains, can lose precision and granularity during the exchange process.

Larger input domain mapped to more limited input options

Regarding cybersecurity, which of the following is not a core part of defense-in-depth strategy?

Least functionality

Does a data warehouse generally have more or less granular data than an enterprise online transaction processing (OLTP) database?

Less granular; the ETL process aggregates data

What is the relationship between value chain and supply chain?

Linking the output of one organization's value chain to the input of another organization's value chain creates a single link in a supply chain

ABC Manufacturing (ABC) engaged Security Associates (SA) to carry out a vulnerability assessment of ABC's enterprise resource planning (ERP) environment. What would ABC expect SA's vulnerability assessment report to contain?

List of known vulnerabilities that exist in ABC's ERP environment

ABC Manufacturing realized that current operations were not in compliance with several regulations, including the European Union's GDPR. Governance, Risk, and Compliance (GRC) consultants recommend that ABC implement a new Enterprise Resource Planning (ERP) system. In what way can an ERP system best help ABC Manufacturing address its concerns?

Lower cost of compliance

Which of the following benefits is an organization most likely to realize first after implementing an Enterprise Resource Planning (ERP) system to replace separate financial, inventory, manufacturing, and shipping systems?

Lower operational costs

Identifying discrepancies between product shipping records and customer sales invoices by line item can affect which of the following accounting information system (AIS) cycles?

Revenue to cash cycle

When implementing the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, which framework component must be in place and precede defining control activities to ensure the selected controls meet stated objectives?

Risk assessment

Regarding database terminology, which of the following defines access keys and security locks in a database system?

Schema

Which one of the following advanced firewalls is most secure?

Screened subnet firewall

Of the following, which item is a characteristic of a database management system (DBMS)?

Security controls to prevent unauthorized access

Regarding enterprise performance management (EPM), the element check in the plan-do-check-act (PDCA) cycle focuses on which of the following in order to facilitate business planning and performance management activities?

Metrics and key performance indicators

What characteristic most influences the degree of impact an accounting information (AIS) system can have on an organization?

The quality of accounting information the AIS manages

Your small appliance manufacturing organization has experienced substantial growth over the last three years. Your separate financial, shop floor, and shipping systems no longer can keep up with your production demands, and management cannot keep track of what is going on in each system. You hire a consulting firm to assess your business environment and recommend a solution to help you manage the ever-growing demand for your products and separation of business processes. The consultants recommend that your organization implement an ERP system and provide an explanation of four main benefits of an ERP system. Which benefit most directly drives the decision to implement an ERP system?

Visibility of the entire organization's operation

Regarding cyberattacks, which of the following identifies a flaw in hardware, firmware, or software that leaves an information system open to potential exploitation by hackers and others?

Vulnerability testing

In order to detect and thwart cyberattacks, which of the following controls provides the strongest level of security?

Passwords plus biometrics plus PINs

Healthy Life, Inc. (HLI), is a health services company that specializes in managing health services scheduling. To ensure HIPAA compliance, HLI has engaged White Hat Security Group (WHSG) to evaluate the strength of its security controls. HLI wants WHSG to attempt to "break in" to its information systems to see how resilient it is to attacks. What type of engagement is HLI requesting?

Pen testing

What technique to identify security vulnerabilities allows security professionals to act as attackers to identify potential system security weaknesses?

Pen testing

What is the one single characteristic that separates a pen test from a real cyber attack?

Permission

A strong data retention policy can help organizations maintain compliance with data retention regulatory requirements. Once a policy is approved and in place, what else is necessary to provide the greatest assurance that the policy will be effective?

Personnel education

Solid Retirement Plans, Inc. (SRPI), recently acquired a smaller competitor, Grow Your Money (GYM). SRPI recently passed a complete security evaluation and included an independent attestation of security readiness in its annual report. SRPI stockholders are concerned that GYM's information systems may not be as secure as SRPI's information systems, and could pose a security risk. What recommendations would you make to SRPI to provide assurance to its stockholders that GYM's information system security controls are just as effective as SRPI's information system security controls?

Conduct a security control gap analysis between SRPI and GYM, followed by a pen test of GYM with the same scope used for the SRPI pen test.

Which two security properties are most commonly addressed using access controls?

Confidentiality and integrity

Which of the following components exist in both of COSO's Internal Control and Enterprise Risk Management frameworks?

Control Activities

Which of the following data publication concerns presents the highest probability of privacy compliance violation?

Controlling data is not possible once it is sent to another entity.

Enterprise Performance Management (EPM) is also known by what other names?

Corporate Performance Management (CPM) or Business Performance Managment (BPM)

What s the biggest obstacle to deciding to implement an enterprise resource planning system?

Cost of the implementation process

For biometric accuracy, which of the following defines the point at which the false rejection rates and the false acceptance rates are equal?

Crossover error rate

What term is best described as converting observations of real-world attributes and events into digital representations?

Data collection

What IT and business collaboration results in improved trustworthiness and quality of an enterprise's data?

Data governance

What enterprise endeavor is best described as a holistic approach to managing, improving, and leveraging information to help an enterprise's overall data management efficiency?

Data governance

What term is best described as the people, processes, and information technology required to create a consistent and proper handling of an organization's data across the business enterprise?

Data governance

Which term is best defined as "the exercise of decision-making and authority for data-related matters"?

Data governance

Which of the following is a major reason for the success and popularity of a relational database system?

Data is presented in a table format

Suppose your organization collects and analyzes water and air temperature readings, as well as relative humidity measurements, at all of your manufacturing and distribution facilities to understand seasonal trends and better predict energy use to maintain a consistent facility environment. During which data life cycle phase would measurements be normalized to make it easier to compare data sampled by sensors using different units of measure?

Data maintenance

Which definition best describes data governance?

Data management techniques that empower an organization to protect high data quality standards throughout the data's life cycle

Most U.S. organizations are required to provide access to employment tax records for up to four years after the tax is due or is paid (whichever is later). What policy should an organization have in place to ensure needed tax records are available on demand?

Data retention policy

What role's primary responsibility is to ensure that data governance processes are followed, guidelines enforced, and recommends improvements to data governance processes?

Data steward

Staying Healthy, Inc. (SHI), is an online health services broker that helps members find healthy activities near them that help them to quality for health insurance premium discounts and perks. SHI uses member data to recommend events and activities, but is careful to avoid violating its members' privacy. One technique to maintain privacy is to reduce the granularity of identifying data, such as classifying members as residing in an area consisting of several postal codes, instead of identifying a single postal code. In which phase of the data life cycle would SHI members be associated with a larger physical area to reduce privacy leakage?

Data synthesis

Which phase of the data life cycle presents the most governance and compliance challenges?

Data usage

Which of the following store precomputed, descriptive, and numerical data after extracting and transforming transactional data into operational informational in a central location?

Data warehouses

XYZ Tire Distributors engaged Advance Consulting to carry out data governance gap analysis and provide the results to XYZ's upper management. During Advance's executive presentation of the analysis results, consultants reported that current IT infrastructure was insufficient to satisfy data availability for continuous business operation. Which of the following recommendation would Advance Consulting likely make to best address this gap?

Database replication

What term refers to a database's data definition, which specify attributes that govern how that database stores each piece of data?

Database schema

What is the main difference between a database and a data warehouse?

Databases store current transactional data while data warehouses store historical summary data

What is the most common noticeable impact of separate financial and nonfinancial systems to workflow when creating expenditure transactions for matching production activities

Delays-Increased processing time

Which of the following is not one of the actions taken by a firewall on a network packet?

Destroy

Regarding cyberattacks, what do fundamental goals or elements of the defense-in-depth strategy include?

Detect-and-respond

All of the following facilitates information retrievable and data analytics as they store historical data except:

Distributed database systems

All of the following facilitates information retrieval and data analytics as they store historical data except:

Distributed database systems

Which of the following statements is not true about Internet firewalls?

A firewall can protect against computer viruses in personal computers.

Which of the following cases most closely fits the characteristics of a data warehouse solution?

A non-profit organization with three distinct business units, each with its own IT system and infrastructure, and a need to perform periodic analysis of performance across all business units.

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), how is internal control best described?

A process

At what point do many organizations encounter obstacles when implementing data governance?

Working collaboratively across business units

From a software vulnerability point of view, which one of the following items is different from the other three items?

Zero-day warez

Enterprise Resource Planning (ERP) systems can implement which of the following technologies to increase the efficiency and effectiveness of accounting and financial tasks?

Artificial Intelligence and machine-learning technologies

What primary characteristics identify data as a likely candidate for capture?

At least one data value differs from previously stored data and the remaining values align with current or planned analysis requirements.

Suppose your organization uses separate financial and nonfinancial systems. During a routine audit, you find that there are several shipments that are never billed each month. Where would you most likely start to look to find the cause of this issue?

Audit both systems and match transactions

All of the following processes are part of Enterprise Performance Management (EPM) except:

Auditing policies for compliance

Which of the following items is an advantage of an ERP system?

Improved reporting

Which of the following components exists in both of COSO's Internal Control and Enterprise Risk Management frameworks?

Information and Communication

Which of the following best describe an enterprise resource planning (ERP) system?

Integrated business process management software that manages all aspects of business activities

The Control Objectives for Information and Related Technologies (COBIT) framework formally defines core governance and management objectives, grouped into domains, all to satisfy principles for a governance system. How many objectives, domains, and principles does COBIT define?

40 core governance and management objectives, 5 domains, and 5 principles

What is the primary difference between a pen test and a vulnerability assessment?

A vulnerability assessment attempts to only identify vulnerabilities that exist in a system, while a pen test attempts to exploit vulnerabilities.

Why is a vulnerability assessment generally conducted prior to a pen test?

A vulnerability assessment provides a prioritized list of vulnerabilities that provide pen testers likely attack vectors to exploit.

From the perspective of upper management of an international manufacturing organization with dozens of subsidiaries, arrange the benefits of implementing an Enterprise Resource Planning (ERP) system in order of value, with the most valuable benefit listed first: A- Comprehensive, real-time reporting B- Reduced financial transaction settlement time C- Lower operational costs D- Operational transparency

A,C,D,B

Since enterprise resource planning systems provide integrated enterprise activity management, how can artificial intelligence (AI) and machine learning help to add more value to ERP?

AI and machine learning can aid in automating processes and supporting real-time decision making

What characteristic makes a firewall "advanced"?

Ability to examine the contents of a packet, as opposed to just its addresses and destination port

What type of security control includes authentication and authorization?

Access control

Why is an accounting information system (AIS) insufficient to enforce compliance with production cost budgetary limits?

An AIS imposes controls based on the organization's policies and is subject to the organization's tolerance

XYZ Plastics Corporation is a plastic product manufacturing and recycling organization that consists of 12 subsidiaries across 7 countries. An operational efficiency review of the XYZ organization resulted in a finding that multiple business functions are duplicated across business units and locations. In what way could an enterprise resource planning (ERP) system address finding and make XYZ more efficient?

Better resource utilization

Why are biometric controls generally considered to be more secure than passwords or tokens?

Biometric controls depend on a physical characteristic, which is more difficult to transfer to an unauthorized individual than a password or other physical device.

What type of access control is referred to as a "What you are" or "What you do" control?

Biometrics

Which of the following business goals are best aligned with enterprise performance management (EPM) features?

Business strategy transparency and improved scalability

Trident Manufacturing is currently pursuing data governance initiatives as part of its current fiscal year goals. Who most likely is driving these initiatives, and what is their likely motivation?

C-level executives responding to external regulations

What is enterprise performance management software?

EPM is enterprise software that helps organizations link their strategies to their plans and execution

How do enterprise performance management (EPM) and enterprise resource planning (ERP) relate to one another?

ERP is a subset of EPM

An application or suite of applications that automate, track, and support a range of administrative and operational business processes, such as the supply chain, across multiple industries can best be described as a(n):

ERP solution

You have been assigned the role of project manager for the project to assess the viability of moving from separate financial and nonfinancial systems to a unified information system. After examining the challenges in maintaining separate systems, what is the most powerful argument for funding the effort to move to an integrated information system?

Easier auditaility of full transaction life cycle

Which of the following economic principles can help an Enterprise Resource Planning (ERP) system to integrate financial systems and nonfinancial systems?

Economies of scope

What impact does implementing enterprise performance management (EPM) have on how legacy spreadsheets are used to track performance?

Eliminates, or at least augments, legacy spreadsheets

All of the following are the proper roles of information technology (IT) in enterprise resource planning (ERP) except:

IT is an inhibitor of ERP

What is the primary objective of Enterprise Performance Management (EPM)?

Ensure strategic goals and objectives are clearly communicated and understood by managers, and are reflected in their budgets and plans

What enterprise system includes e-commerce systems, front-office and back-office applications, data warehouses and external data sources, and consists of the processes of monitoring performance across the enterprise with the goal of improving business performance?

Enterprise Perfomance Management (EPM)

What is an EPM?

Enterprise Performance Management- this process and software system are designed to help companies link their strategic goals and objectives, communicate them to management, and align them with their budgets and corporate plans

Spend analysis is conducted on which of the following accounting information system (AIS) cycles?

Expenditures cycle

What common process must occur periodically to update a data warehouse?

Extract, Transform, Load (ETL)

Implementing an Enterprise Resource Planning (ERP) system impacts every aspect of an organization, from day-to-day operations to long-range strategic planning. What desired benefit of an ERP system, when realized, aligns most closely with enterprise strategy.

Higher business outcomes

Enterprise Resource Planning (ERP) systems impact an enterprise's operations at all levels. How will enterprise customers realize the impact of a well-implemented ERP system?

Higher customer satisfaction and retention

Do advanced firewalls operate at higher or lower network layers than simple firewalls?

Higher, since advanced firewalls operate near the application layer, layer 7

Regarding the business planning and performance management aspects of enterprise performance management (EPM), which of the following is required to transform hindsight vision into foresight vision? I. Historical results II. Metrics and key performance indicators III. What-if analysis IV. Simulation models

I II III and IV

Regarding cyberattacks, identity thieves can get personal information through which of the following means? I. Dumpster diving II. Skimming III. Phishing IV. Pretexting

I, II, III, and IV

Which of the following are the major advantages of implementing enterprise resource planning (ERP) systems? I. Elimination of legacy systems II. Improvements in workflow processes III. Increased access to data IV. Standardization of IT infrastructure

I, II, III, and IV

Enterprise Performance Management (EPM) typically includes monitoring what type of metrics?

Key Performance indicators (KPI)

Once an organization makes the decision to implement an enterprise resource planning (ERP) system, what tends to be the biggest implementation obstacle?

Maintaining personnel support throughout the implementation process

Regarding cyberattacks, adware is responsible for which of the following

Malvertizing attack

What benefit of implementing a data warehouse has the greatest impact on production relational database systems?

Moving the performance impact of reporting and analysis processes from production database systems to the data warehouse system.

Regarding cyberattacks, pharming attacks are an example of which of the following?

Network-based attacks

How is a next-generation firewall (NGFW) different from a traditional firewall?

Next-generation firewalls combine traditional firewall features with the addition of other advanced features, including application filtering

Assume your organization offers payment terms of net 30 days to all customers. Your accounting information system (AIS) reports that your average time to pay across all customers is 33.5 days. Does this result indicate a problem in your expenditures cycle?

No, this metric does not indicate any problems in the expenditures cycle

Describe a potential consequence of separate financial and nonfinancial systems in which the nonfinancial system allows more activities that require funding than are approved by the financial system.

Nonfinancial system allows activities that are not authorized by the financial system and therefore will not be supported financially

What terms refers to iteratively decomposing database table design into its simplest form?

Normalization

Which enterprise performance management (EPM) feature best positions an organization to react quickly to changing business needs?

Predictive analytics

The data analytics phase of the data life cycle has the potential to provide the most value derived from data to an organization. Why is one specific type of analytics, prescriptive analytics, often considered to potentially yield the greatest value from data?

Prescriptive analytics gives organizations tools to control desired outcomes.

Penetration and vulnerability scanning are forms of what type of control?

Preventive

Security controls mitigate a wide variety of information security risks. Security Awareness Training would best fall under which of the following controls?

Preventive and Deterrent

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework is built on 17 building blocks that support effective internal control. The building blocks are stated as explicit goals necessary to implement effective internal controls across 5 components. What does COSO call these 17 building blocks?

Principles

What is the most valuable benefit of implementing an enterprise resource planning (ERP) system from the perspective of integrating manufacturing of standardized products with customer management?

Quality control can benefit from analyzing current customer feedback on product quality for recent purchases

What relational database management system feature provides the ability to "join" tables together, returning data that share a common value among the source tables? (Normally resolved by matching data in a common field or column among tables.)

Query language

Regarding cyberattacks, which of the following refers to data hijacking?

Ransomware attack

Accurate Accounting, Inc. (AAI), is an accounting firm that specializes in conducting regulatory compliance audits for enterprises in the international shipping industry. AAI has been retained by your firm to ensure compliance with the European Union's General Data Protection Regulation (GDPR). When investigating compliance with GDPR's "right to be forgotten" requirement, AAI is most likely to request which policy to examine first?

Record retention policy

What organizational policy focuses on when information gets moved to tertiary storage and when it is completely removed from the organization?

Record retention policy

Which of the following is well qualified to conduct a penetration testing on an organization's security posture?

Red team

Which of the following items is an advantage of an ERP system?

Regulatory compliance

Strutured query language (SQL) and query-by-example (QBE) are heavily used a query tool in which of the following database models?

Relational data model

What is the most common purpose for setting up a data warehouse?

Reporting and analysis

Regarding enterprise performance management (EPM), which of the following cannot facilitate business planning and performance management functions?

Spreadsheet software

Which of the following items is an advantage of an ERP (Enterprise Resource Planning) System?

Standardized business processes

Which one of the following items is not intrinsically a computer crime or even a misdeed?

Super-zapping

What is the primary role of the accounting information system (AIS) in the value chain?

Supporting activity

Which definition best describes a data warehouse?

System used to collect, aggregate, and store data in a central location to support reporting and analysis

What critical auditing capability is compromised when financial and nonfinancial transactions are handled by separate systems?

The ability to race transactions throughout their life cycle

What does the word "relational" refer to in the term "relational database"?

The ability to relate multiple tables through the intersection of common fields (columns)

How can an assessor determine if a system that contains nonfinancial information can impact a system with financial data?

The nonfinancial system and financial system are not logically separated within the network

Which of the following types of cyber-threat intelligence information sharing practices among user organizations can help better understand the behavior of threat actors such as hackers?

Threat tactics

What is the ultimate goal of a data governance framework?

To enable an enterprise's upper management to make informed decisions about how to manage data, realize value from it, minimize cost and complexity, manage risk, and ensure compliance

Big Idea Distributing (BID) provides shipping and warehousing for over 900 customers in 43 states. BID's executives committed to implementing the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework two years ago to better manage their operations, financial reporting, and compliance goals. After completing the implementation and full auditing cycle, BID executives are disappointed with the results and why some of BID's objectives are not being met, in spite of the enormous investment in COSO. A COSO review revealed that the COSO implementation was carried out well and results are consistent with COSO objectives. What is the most likely reason for the executives' disappointment?

Unrealistic expectations

Which of the following is created after automating the accounting and finance functions?

Value chain

Corporate performance management (CPM) software is embedded in which of the following to improve performance reporting quality?

one version of the truth

Which statement best describes the role of the accounting informations system (AIS) in the value chain?

the AIS should help an organization adopt and maintain its strategic position


Kaugnay na mga set ng pag-aaral

Unit 11: ACSM Guidelines for Resistance Exercise Prescription

View Set

Chapter 6: Discounted Cash Flow Valuation

View Set

SPANISH 201 Lección 10 | Lesson Test

View Set

internal medicine formulas - commentary

View Set

BCOMM Chapter 11 Bad-News Messages

View Set