AIS Chapter 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The potential for hardware and software incompatibility among users

A disadvantage of distributed data processing is A. the increased time between job request and job completion B. the potential for hardware and software incompatibility among users C. the disruption caused when the mainframe goes down D. that users are not likely to be involved E. none of the above are disadvantages

Unauthorized Access

Adequate backups will protect against all of the following except A. natural disasters such as fires B. unauthorized access C. data corruption caused by program errors D. system crashes

system interdependency

All of the following are control risks associated with the distributed data processing structure except A. lack of separation of duties B. system incompatibilities C. system interdependency D. lack of documentation standard

an elaborate water sprinkler system

All of the following are recommended features of a fire protection system for a computer center except A. clearly marked exits B. an elaborate water sprinkler system C. manual fire extinguishers in strategic locations D. automatic and manual alarms in strategic location

verification of the second site backup location

All of the following tests of controls will provide evidence about the physical security of the computer center except A. review of fire marshal records B. review of the test of the backup power supply C. verification of the second site backup location D. observation of procedures surrounding visitor access to the computer center

the initial recovery period is very quick

An advantage of a recovery operations center is that A. this is an inexpensive solution B. the initial recovery period is very quick C. the company has sole control over the administration of the center D. none of the above are advantages of the recovery operations center

Internally provided backup

In general which of the following disaster recovery techniques has the least risk associated with it? A. empty shell B. ROC C. internally provided backup D. they are all equally risky

all of the above

Segregation of duties in the IT environment includes A. Separating the programmer form the computer operator B. Separating News systems development from program maintenance C. Separating the DBA from systems development D. All of the above E. only a and b

allows programmers access to make unauthorized changes to applications during execution

Systems development is separated from data processing activities because failure to do so A. weakens database access security B. allows programmers access to make unauthorized changes to applications during execution C. results in inadequate documentation D. results in master files being inadvertently erased

Systems development

The following are examples of commodity assets except: A. Network management B. Data Center Operations C. Systems development D. Server maintenance E. All are commodity assets

Mutual Aid Pact

Which of the following disaster recovery techniques may be least effective in the case of a disaster? A. Empty Shell B. Mutual Aid Pact C. internally provided backup D. they are equally beneficial

Empty Shell

Which of the following disaster recovery techniques may be least effective in the case of a wide-spread natural disaster? A. empty shell B. internally provided backup C. ROC D. they are all equally beneficial

All of the above are control concerns

Which of the following is NOT a control concern in a distributed data processing environment? A. Redundancy B. Hiring qualified professionals C. Incompatibility D. Lack of standards E. All of the above are control concerns

The service provider prepares a separate SSAE 16 report tailored to the needs of each of its client firms, upon which the client auditors rely

Which of the following is NOT true about the SSAE report? A. It is a third-party attestation report B. It replaced statement on auditing standards no 70 (SAS 70) C. The service provider prepares a separate SSAE 16 report tailored to the needs of each of its client firms, upon which the client auditors rely D. When using the carve-out method, service provider management would exclude the subservice organization's relevant controls E. All of the above are true

RAID

Which of the following is a feature of fault tolerance control? A. interruptible power supplies B. RAID C. DDP D. MDP

computer services function

Which of the following is not an essential feature of a disaster recovery plan? A. off-site storage of backups B. computer services function C. second site backup D. critical applications identified

Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients

Which of the following is not true? A. Large-scale IT outsourcing involves transferring specific assets to a vendor B. Specific assets, while valuable to the client, are of little value to the vendor C. Once an organization outsources its specific assets, it may not be able to return to its pre-outsource state. D. Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients

The SSAE 16 report, which is prepared by the outsourcer's auditor, attests to the adequacy of the vendor's internal controls

Which of the following is not true? A. Management may outsource their organizations' IT functions, but they cannot outsource their management responsibilities for internal control. B. Section 404 requires the explicit testing of outsourced controls. C. The SSAE 16 report, which is prepared by the outsourcer's auditor, attests to the adequacy of the vendor's internal controls. D. Auditors issue two types of SSAE 16 reports: Type I report and Type II report.

Core competency theory argues that an organization should focus exclusively on its core business competencies

Which of the following is true? A. Core competency theory argues that an organization should outsource core assets B. Core competency theory argues that an organization should focus exclusively on its core business competencies C. Core competency theory argues that an organization should not outsource commodity assets D. Core competency theory argues that an organization should retain specific assets in-house E. None of the above statements are correct

None of the above

Which of the following would strengthen organizational control in a centralized data processing environment? A. requiring the user departments to specify the general control standards necessary for processing transactions B. requiring that requests and instructions for data processing services be submitted directly to the computer operator in the data center C. Having the database administrator report to the systems development manager D. assigning maintenance responsibility to the original system designer who best knows its logic E. None of the above


Ensembles d'études connexes

Racism { SENIOR CYCLE IRISH } { NOT FINISHED }

View Set

Sampling Distribution and Point Estimation of Parameters, Statistical Intervals

View Set

Fluid and Electrolyte from PrepU

View Set