Accounting Information Systems Exam 3 Ch. 11-13
The test data technique uses:
a set of input data to validate system integrity
Based on SOX, which of the following sections is about corporate responsibility for financial reports?
302
Based on SOX, what section is about internal controls
404
Controls that are designed to prevent, detect, or correct errors in transactions as they are processed through a specific subsystem are referred to as
Application controls
The computer sums the first four digits of a customer number to calculate the value of the fifth digit and then compares that calculation to the number typed during data entry. This is an example of a:
Check digit verification
What can be considered as a good alternative to backup data and applications
Cloud computing
Indicates that the subscriber identified has sole control and access to the private key
Digital certificate
An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?
Disaster recovery plan
__________ __________ is an internal process that examines accounting practices, risk controls, compliance, information technology systems and business procedures on an ongoing basis
Continuous audit
What is not one of the five essential components in the COSO 2013 framework
Control assessment
Unauthorized alteration of records in a database system would impair which component of the CIA (related to security)?
Integrity
Which is not an example of a batch total
Exception total
T or F : SOX requires companies to use COSO or COSO ERM as the framework in evaluating internal controls.
False
T or F: Backup is a preventive control
False
T or F: The integrated test facility is a programmed module or segment that is inserted into an application program to monitor and collect data based on daily transactions.
False
T or F: The responsibility of monitoring the effectiveness of internal controls belongs to the internal audit group.
False
Which network component is set up to serve as a security measure that prevents unauthorized traffic between different segments of the network
Firewall
Access control to ensure only authorized personnel have access to a firm's network is a
General control
The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the best audit technique to use in this situation?
Generalized audit software
Which audit technique should an IS auditor use to detect duplicate invoice records within an invoice master file?
Generalized audit software
A message digest is the result of hashing. What is true about the hashing process?
Hashing is the best approach to make sure that two files are identical.
To ensure confidentiality in an asymmetric-key encryption system, knowledge of which of the following keys is required to decrypt the received message? I. Private II. Public
I. Private
An organization is planning to replace its wired networks with wireless networks. What approach provides the most secure wireless network?
Implement wi-fi protected access (WPA2)
Incentive to commit fraud usually will include all of the following, except:
Inadequate segregation of duties
The ISO 27000 series are a framework for
Information security management
A group of computers, printers, and other devices connected to the same network and covers a limited geographic range is called a
LAN
A field check is a(n)
Preventive control
The fraud triangle indicates three conditions existing for a fraud to be perpetrated:
Rationalization and pressure
To ensure the data sent over the Internet are protected, which of the following keys is required to encrypt the data (before transmission) using an asymmetric-key encryption method?
Receiver's public key
Data processing activities may be classified in terms of three stages or processes: input, processing, and output. An activity that is not normally associated with the input stage is
Reporting
Which is not a COSO ERM control objective?
Risk assessment
Which of the following groups/laws was the earliest to encourage auditors to incorporate fraud examination into audit programs?
SAS No. 99
Not a main purpose for WAN
Securely connects a network to distant offices in a building by sending encrypted packets
To authenticate the message sender in an asymmetric-key encryption system, which of the following keys is required to decrypt the received message?
Sender's Public Key
Authentication is the process by which the
System verifies the identity of the user.
What is not a task performed by an operating system?
Translate high-level languages to machine-level language
T or F: Fault tolerance uses redundant units to provide a system with the ability to continue functioning when part of the system fails
True
T or F: Regarding IT control and governance, the COBIT framework is most commonly adopted by companies in the United States.
True
Which vulnerabilities would create the most serious risk to a firm?
Unauthorized access to the firm's network
The symmetric-key encryption method...
Uses the same key for both senders and receivers for encryption and decryption
Prenumbering of source documents helps to verify that
all transactions have been recorded because the numerical sequence serves as a control.
A local area network (LAN) is best described as a(n):
computer system that connects computers of all sizes, workstations, terminals, and other devices within a limited proximity.
An operational database...
contains data that are volatile
Unauthorized alteration of records in a database system can be prevented by employing:
database access controls
The most common security threats for wireless LANs include
man-in-the-middle
Managers at a consumer products company purchased personal computer software from only recognized vendors and prohibited employees from installing nonauthorized software on their personal computers by enforcing a new end-user computing policy. To minimize the likelihood of computer viruses infecting any of its systems, the company should also:
test all new software on a stand-alone personal computer.
