AIS Examlet 3
Software that protects confidentiality by screening outgoing documents to identify and block transmission of sensitive information is called: A. Data Loss Prevention (DLP) B. Digital Watermark C. Information Rights Management (IRM) D. None of these are correct
A. Data Loss Prevention (DLP)
ERP is the abbreviation for A. enterprise resource planning. B. enterprise reporting program. C. entity resource planning. D. enterprise resource program.
A. enterprise resource planning.
The unauthorized use of someone's personal information is referred to as A. opt-out. B. identity theft. C. data masking. D. opt-in.
B. identity theft.
Which type of file is retained indefinitely? A. UPS B. RAID C. Archive D. Backup
C. Archive
Which of the following statements is true? A. Neither hashing nor encryption is reversible. B. Encryption and hashing are both reversible (can be decoded). C. Encryption is reversible, but hashing is not. D. Hashing is reversible, but encryption is not.
C. Encryption is reversible, but hashing is not.
A turnaround document is an example of a(n) A. processing control. B. output control. C. input control. D. None of these are correct.
C. input control.
Security
Controls and restrict access to systems and data
Which of the following statements is true? A. VPNs protect the confidentiality of information while it is in transit over the Internet. B. Encryption limits firewalls' ability to filter traffic. C. A digital certificate contains that entity's public key. D. All of the above are true.
D. All of the above are true.
The Trust Services Framework identifies five principles for systems reliability. Which one of those five principles is a necessary prerequisite to the other four? A. Confidentiality B. Availability C. Processing integrity D. Security E. Privacy
D. Security
Confidentiality
Protection of sensitive corporate data from unauthorized disclosure
Availability
System and data can be accessed when needed
Which of the following techniques is the most effective way for a firewall to protect the perimeter? a. Deep packet inspection b. Packet filtering c. Access control lists d. All of the above are equally effective.
a. Deep packet inspection
Assume that the XYZ Company wants to create batch totals for a transaction file that contains payments to suppliers. Which of the following fields could be used to create a financial total? (Check all that apply.) A. Check amount B. Gross amount due C. Quantity purchased D. Discount for prompt payment E. Vendor number
A. Check amount B. Gross amount due D. Discount for prompt payment
One of the 10 Generally Accepted Privacy Principles concerns security. According to GAPP, what is the nature of the relationship between security and privacy? A. Security is both necessary and sufficient to protect privacy. B. Privacy is a necessary, but not sufficient, precondition to effective security. C. Privacy is both necessary and sufficient to effective security. D. Security is a necessary, but not sufficient, precondition to protect privacy.
D. Security is a necessary, but not sufficient, precondition to protect privacy.
Which of the following provides detailed procedures to resolve the problems resulting from a flash flood that completely destroys a company's data center? A. backup plan B. business continuity plan (BCP) C. archive plan D. disaster recovery plan (DRP)
D. disaster recovery plan (DRP)
A digital signature is ____________. A. created by hashing a document and then encrypting the hash with the signer's private key B. created by hashing a document and then encrypting the hash with the signer's public key C. created by hashing a document and then encrypting the hash with the signer's symmetric key D. none of the above
A. created by hashing a document and then encrypting the hash with the signer's private key
The Trust Services Principle "Privacy" focuses on A. ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. B. the accessibility of system and data when needed. C. protection of sensitive corporate data from unauthorized disclosure. D. ensuring the accuracy of data.
A. ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies.
Which data entry application control would detect and prevent entry of alphabetic characters as the price of an inventory item? A. field check B. limit check C. sign check D. reasonableness check
A. field check
In a hurry to catch a train, a man in Grand Central Station made a quick ATM stop to withdraw $40. Before he went to bed, he checked his bank account and found his $40 withdrawal, as well as five additional withdrawals, for a total of $700, all made within a minute of his. This man was most likely a victim of _______________. A. shoulder surfing B. scavenging C. chipping D. eavesdropping E. carding
A. shoulder surfing
Management seeks assurance that __________. (Check all that apply.) A. the information produced by the organization's own accounting system is reliable B. there is no security risk C. the company is complying with regulatory requirements D. the Cloud service providers the company uses are reliable
A. the information produced by the organization's own accounting system is reliable C. the company is complying with regulatory requirements D. the Cloud service providers the company uses are reliable
A programmer at a large bank inserted code into the company's computer system that told the computer to not only ignore any overdrafts on his accounts, but to not charge his accounts any late or service fees. This is an example of what type of fraud? A. Input fraud B. Computer instruction fraud C. Output fraud D. Data fraud E. Processor fraud
B. Computer instruction fraud
Which of the following statements is true? A. Encryption is sufficient to protect confidentiality and privacy. B. Cookies are text files that only store information. They cannot perform any actions. D. The controls for protecting confidentiality are not effective for protecting privacy. E. All of the above are true.
B. Cookies are text files that only store information. They cannot perform any actions.
Which of the following is the most common source doc in the expenditure cycle? A. Credit memo B. Purchase order C. Bill of lading D. Remittance advice
B. Purchase order
Which statement is true? A. Both statements are true. B. Privacy is concerned with protecting an organization's intellectual property. C. Neither statement is true. D. Confidentiality is concerned with protecting a customer's personal information.
C. Neither statement is true.
In the movie "Identity Thief," Melissa McCarthy used an invented scenario to get the name and other identifying information of Jason Bateman, enabling her to steal his identity. Which computer fraud and abuse technique did she use? A. Phishing B. Piggybacking C. Pretexting D. Posing E. Pharming
C. Pretexting
Information that needs to be stored securely for 10 years or more would most likely be stored in which type of file? A. backup B. encrypted C. archive D. log
C. archive
Which of the following statements is true? A. Virtualization significantly reduces RTO for hardware problems. B. Cloud computing reduces the risk that a single catastrophe from either a natural disaster or terrorist attack would result in significant downtime and loss of availability. C. Backups still need to be made when using either virtualization or cloud computing. D. All of the above are true.
D. All of the above are true.
When Jo, a sales associate, enters an account number, which of the following controls would allow the system to retrieve and display the account name so that Jo could verify that the correct account number had been entered? A. Sequence check B. Prompting C. Data matching D. Closed-loop verification
D. Closed-loop verification
A hacker was able to break into the system that transmitted the daily transactions of a retail store to the company's central office. Every night for several weeks he copied the transaction data that included customer names, credit card numbers, and other confidential data. Hundreds of thousands of customers were affected. This is an example of what type of fraud? A. Processor fraud B. Input fraud C. Computer instruction fraud D. Data fraud E. Output fraud
D. Data fraud
After a tornado destroys an organization's data center, the CIO turns to the __________ for instructions on how to recover. A. Business Continuity Plan (BCP) B. Incident Response Plan (IRP) C. Backup Plan (BP) D. Disaster Recovery Plan (DRP)
D. Disaster Recovery Plan (DRP)
Which of the following is designed to prevent an attacker from executing a buffer overflow attack by submitting lengthy attack code into the address field on a website form? A. Reasonableness test B. Limit check C. Field check D. Size check
D. Size check
A cold site is an appropriate strategy for disaster recovery for organizations that are willing to tolerate operating for several ________ without their ERP system and who are also willing to reenter or even lose several __________ worth of transactions. A. hours; days B. hours; hours C. minutes; days D. days; days E. minutes; hours
D. days; days
A batch total that is computed by adding up the invoice numbers in a set of sales invoices is called a A. record count. B. checksum. C. financial total. D. hash total.
D. hash total.
A weakness an attacker can take advantage of to either disable or take control of a system is called a[n] __________. a. exploit b. patch c. vulnerability d. attack
c. vulnerability
Which of the following was developed jointly by the AICPA and the CICA? A. GDPR B. Trust Services C. COBIT 2019 D. SOX
B. Trust Services
multimodal authentication examples
1. Password + Security Question 2. Fingerprint + Retina Scan 3. Passphrase + UserID + Answer to Security Question 4. Retina Scan + Fingerprint + Voice Recognition
multifactor authentication examples
1. Password + Smart Card 2. Smart Card + Retina Scan 3. Password + Fingerprint 4. Password + Retina Scan 5. Security Question + Retina Scan 6. Security Question + Smart Card 7. Smart Card + Fingerprint 8. Security Question + Fingerprint 9. Security Question + Smart Card + Retina Scan 10. Security Question + Smart Card + Fingerprint 11. Password + Smart Card + Retina Scan 12. Password + Smart Card + Fingerprint
Digital watermark
A code embedded in documents or files that contains confidential information
Which of the following is not an example of multi-factor authentication? A. A passphrase and a security question B. A 6-digit PIN and a smart card C. A fingerprint and a USB device D. A password and a cellphone
A. A passphrase and a security question
Which of the following techniques can be used to minimize system downtime? A. All of these B. UPS C. Preventive maintenance D. RAID
A. All of these
Which of the following is a benefit of implementing an ERP system at a multinational corporation? A. All of these are correct B. Customer service improves as employees can quickly access data C. Increased productivity of employees D. Standardization of procedures and reports across business units
A. All of these are correct
Which of the following government regulations mandates that almost every company in the U.S. must take specific actions to protect privacy or face fines for failure to comply? (Check all that apply.) A. CCPA B. COSO C. GAPP D. GDPR
A. CCPA D. GDPR
Able wants to send a file to Baker over the Internet and protect the file so that only Baker can read it and verify that it came from Able. What should Able do? A. Encrypt the file using Able's private key, and then encrypt it again using Baker's public key. B. Encrypt the file using Able's private key, and then encrypt it again using Baker's private key. C. Encrypt the file using Able's public key, and then encrypt it again using Baker's public key. D. Encrypt the file using Able's public key, and then encrypt it again using Baker's private key.
A. Encrypt the file using Able's private key, and then encrypt it again using Baker's public key.
Each night during the week an organization backs up just that day's transactions. This is referred to as making what kind of backup? A. Archival B. Full C. Incremental D. Differential
C. Incremental
Computer systems are particularly vulnerable to fraud for the following reasons: (Check all that apply.) A. It is difficult to control physical access to each electronic device that accesses a network B. Computer programs need to be illegally modified only once, in order for them to operate improperly for as long as they are in use C. Most employees and suppliers with access to a computer system will eventually perpetrate a computer fraud, irrespective of the strength of the Internal controls D. Few companies design controls into their computer systems E. Perpetrators who break into corporate databases can steal or destroy massive amounts of data in very little time, often leaving little evidence
A. It is difficult to control physical access to each electronic device that accesses a network B. Computer programs need to be illegally modified only once, in order for them to operate improperly for as long as they are in use E. Perpetrators who break into corporate databases can steal or destroy massive amounts of data in very little time, often leaving little evidence
Which of the following are indicators that an organization's change management and change control process is effective? A. A reduction in the number of problems that need to be fixed B. All of these are correct C. Testing of all changes takes place in a system separate from the one used for regular business operations D. A low number of emergency changes
B. All of these are correct
Combining a password with which of the following is an example of multi-modal authentication? A. Name of your first-grade teacher B. All of these are examples of multi-modal authentication C. Your e-mail address D. Correctly identifying a picture you had selected when you set up the account
B. All of these are examples of multi-modal authentication
A facility that is not only prewired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities is called A. a cold site. B. a hot site. C. Virtualization. D. a real-time mirroring site.
B. a hot site.
Which disaster recovery strategy involves contracting for use of a physical site to which all necessary computing equipment will be delivered within 24 to 36 hours? A. virtualization B. cold site C. data mirroring D. hot site
B. cold site
Which of the following statements is true? A. Differential daily backups are faster to perform than incremental daily backups, but restoration is slower and more complex. B. Differential daily backups are faster to perform than incremental daily backups, and restoration is faster and simpler. C. Incremental daily backups are faster to perform than differential daily backups, but restoration is slower and more complex. D. Incremental daily backups are faster to perform than differential daily backups, and restoration is faster and simpler.
C. Incremental daily backups are faster to perform than differential daily backups, but restoration is slower and more complex.
Which of the following is an example of a turnaround doc A. A company's financial statements B. Employee earnings record C. Utility bill D. Purchase orders
C. Utility bill
Privacy
Ensures that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies
Enterprise resource planning systems (ERP)
Systems that integrate all aspects of an organization's activities—such as accounting, finance, marketing, human resources, manufacturing, inventory management—into one system. An --- system is modularized; companies can purchase the individual modules that meet their specific needs. An --- facilitates information flow among the company's various business functions and manages communications with outside stakeholders.
Which of the following combinations of credentials is an example of multifactor authentication? a. voice recognition and a fingerprint reader b. PIN and ATM cards c. password and a user ID d. All of the above
b. PIN and ATM cards
Which of the following is a detective control? a. patch management b. penetration testing c. physical access controls d. endpoint hardening
b. penetration testing
Which of the following statements is true? a. Changes should be tested in a system separate from the one used to process transactions. b. "Emergency" changes need to be documented once the problem is resolved. c. Change controls are necessary to maintain adequate segregation of duties. d. All of the above are true.
d. All of the above are true.
The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called __________. a. intrusion prevention b. authentication c. intrusion detection d. authorization
d. authorization
Which of the following is a corrective control designed to fix vulnerabilities? a. penetration testing b. authorization c. virtualization d. patch management
d. patch management
Which of the following is a preventive control? a. CIRT b. virtualization c. log analysis d. training
d. training
multimodal authentication
the use of multiple authentication credentials of the same type to achieve a greater level of security
multifactor authentication
the use of two or more types of authentication credentials in conjunction to achieve a greater level of security
Which of the following is the most effective way to segregate duties in an ERP system? A. No one person should be responsible for recording and monitoring of organizational assets. B. No one person should be responsible for recording, risk assessment, and control procedures. C. No one person should be responsible for authorization, monitoring, and risk assessment. D. No one person should be responsible for authorization, recording, and have custody of organizational assets.
D. No one person should be responsible for authorization, recording, and have custody of organizational assets.
Which of the following actions can reduce the risk of becoming a victim of identity theft? (Check all that apply.) A. Carry your social security with you at all times B. Do not place outgoing e-mail containing checks or personal information in your mailbox for pickup C. Respond to e-mails from the IRS that ask you for your social security number D. Immediately cancel any lost or stolen credit cards
B. Do not place outgoing e-mail containing checks or personal information in your mailbox for pickup D. Immediately cancel any lost or stolen credit cards
Incremental daily backups take ____ time to make than Differential daily backups, but the restoration process taken is _____. A. more, longer B. less, longer C. more, shorter D. less, shorter
B. less, longer
Which of the following statements is not true? A. Encryption protects the confidentiality of information while it is being sent over the Internet. B. Encryption does not protect information when it is displayed on a monitor or printed in a report. C. Encryption protects the confidentiality of information while it is in processing. D. Encryption protects the confidentiality of information while it is in storage.
C. Encryption protects the confidentiality of information while it is in processing.
Employees at a large brokerage house used their employer's computer system to run a large and lucrative side business that their employer knew nothing about. This is an example of what type of fraud? A. Data fraud B. Input fraud C. Processor fraud D. Output fraud E. Computer instruction fraud
C. Processor fraud
The GDPR gives people the right to request that organizations delete personal information that they have collected. This is referred to as the "right to be forgotten." Which GAPP principle most clearly relates to that right? A. Disclosure to third parties B. Quality C. Use, retention, and disposal D. Access
C. Use, retention, and disposal
Which control ensures that the master inventory file contains an inventory item identified by the number 251184? A. Limit check B. Field check C. Validity check D. Check digit verification
C. Validity check
Data must be collected about three facets of each business activity. These facets are A. activity of interest, the resource(s), and the process. B. activity of interest, the process, and the people who participate. C. activity of interest, the resource(s), and the people who participate. D. the resource(s), the benefits, and the process.
C. activity of interest, the resource(s), and the people who participate.
Which of the following can organizations use to protect the privacy of a customer's personal information when giving programmers a realistic data set with which to test a new application? A. data loss prevention B. digital watermark C. data masking D. digital signature
C. data masking
If the time an attacker takes to break through the organization's preventive controls is shorter than the sum of the time required for the organization to detect the attack and the time required to respond to the attack, then organization's security is considered A. inefficient. B. efficient. C. ineffective. D. effective.
C. ineffective.
Confidentiality focuses on protecting ____________. A. personal information collected from customers B. a company's annual report stored on its website C. merger and acquisition plans D. all of the above
C. merger and acquisition plans
Which of the following is a control that can be used to verify the accuracy of information transmitted over a network? A. size check B. check digit C. parity bit D. completeness check
C. parity bit
The Trust Services Principle "Confidentiality" focuses on A. ensuring the accuracy of data. B. ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. C. protection of sensitive corporate data from unauthorized disclosure. D. the accessibility of system and data when needed.
C. protection of sensitive corporate data from unauthorized disclosure.
The Trust Services Reliability Principle that states, "access to the system and its data is controlled and restricted to legitimate users," is known as A. privacy. B. confidentiality. C. security. D. processing integrity.
C. security.
Arrange the four steps of the incident response process into the proper sequence, starting with the first step at the top of the list. 1. Recognition of an attack 2. Analysis of the root cause of the incident 3. Recovery from backups 4. Containment of the problem by the incident response team
1. Recognition of an attack 2. Containment of the problem by the incident response team 3. Recovery from backups 4. Analysis of the root cause of the incident
Fraudsters take advantage of which of the following human traits to entice a person to reveal information or take a specific action? (Check all that apply.) A. Trust B. Fear C. Vanity D. Urgency E. Compassion
A. Trust C. Vanity D. Urgency E. Compassion
Information Rights Management (IRM)
Software that protects confidentiality by controlling the actions (read, copy, print, etc.) that authenticated users can perform on documents or files
Data Loss Prevention (DLP)
Software that protects confidentiality by screening outgoing documents in order to identify and block transmission of sensitive information
Which of the following is an effective data entry control to ensure that overtime hours should be zero for someone who has not worked the maximum number of regular hours in a pay period? A. A reasonableness check B. A range check C. A limit check D. A validity check
A. A reasonableness check
What is the first step in the data processing cycle? A. Input B. Processing C. Storage D. Output
A. Input
Which of the following statements about obtaining consent to collect and use a customer's personal information is true? A. The default policy in both Europe and the United States is opt-in. B. The default policy in Europe is opt-in, but in the United States the default is opt-out. C. The default policy in both Europe and the United States is opt-out. D. The default policy in Europe is opt-out, but in the United States the default is opt-in.
B. The default policy in Europe is opt-in, but in the United States the default is opt-out.
What is the objective of a penetration test? A. To prevent employees from doing actions that are incompatible with their job functions B. To identify where additional protections are most needed to increase the time and effort required to compromise the system C. To determine whether or not a system can be broken into D. To correct identified weaknesses by applying updates that eliminate known vulnerabilities
B. To identify where additional protections are most needed to increase the time and effort required to compromise the system
In an ERP system, the module used to record data about transactions in the disbursement cycle is called A. financial. B. purchase to pay. C. manufacturing. D. order to cash.
B. purchase to pay.
Which option is appropriate for an organization, like an airline, that cannot tolerate any downtime or any loss of data? A. Hot site B. Any of the three choices is appropriate. C. Cold site D. Real-time mirroring
D. Real-time mirroring
The Trust Services Principle "Processing Integrity" focuses on A. ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies. B. the accessibility of system and data when needed. C. protection of sensitive corporate data from unauthorized disclosure. D. ensuring the accuracy of data.
D. ensuring the accuracy of data.
Which of the following statements is true? a. Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources. b. Information security is primarily an IT issue, not a managerial concern. c. The time-based model of security can be expressed in the following formula: P < D + R. d. The concept of defense-in-depth reflects the fact that security involves the use of a few sophisticated technical controls.
a. Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources.
Modifying default configurations to turn off unnecessary programs and features to improve security is called _______. a. hardening b. user account management c. vulnerability scanning d. defense-in-depth
a. hardening
Assume that the XYZ Company wants to create batch totals for a transaction file that contains all sales invoices. Which of the following fields could be used to create a hash total? (Check all that apply.) A. Customer number B. Quantity sold C. Total amount of sale D. Customer name E. Part number
A. Customer number B. Quantity sold E. Part number
Software that is embedded in documents or files that contain confidential information to indicate who owns that information is called A. Digital Watermark B. Data Loss Prevention (DLP) C. Information Rights Management (IRM) D. None of these are correct
A. Digital Watermark
Which statement is true? A. Encryption is necessary to protect confidentiality and privacy. B. Encryption is sufficient to protect confidentiality and privacy.
A. Encryption is necessary to protect confidentiality and privacy.
Which of the following are advantages of ERP systems? (Check all that apply.) A. Management gains greater visibility into every area of the enterprise, and greater monitoring capabilities. B. ERP systems provide an integrated, enterprise-wide view of an organization's data and financial situation. C. ERP systems are relatively inexpensive. D. Procedures and reports are standardized across business units. E. Because the ERP system benefits are so great, there is little resistance to their installation.
A. Management gains greater visibility into every area of the enterprise, and greater monitoring capabilities. B. ERP systems provide an integrated, enterprise-wide view of an organization's data and financial situation. E. Because the ERP system benefits are so great, there is little resistance to their installation.
ERP systems are modular, with each module handling a standard business process. This modular design allows businesses to add or delete modules as needed. Which of the following are typical ERP modules mentioned in the text? (Check all that apply.) A. Project management—costing, billing, time and expense, performance units, and activity management B. System tools—tools for establishing master file data, specifying flow of information, and access controls C. Vendor relationship management—procurement and promotion, vendor contact and service, and call center support D. Order to cash—sales order entry, shipping, inventory, cash receipts, and commission calculation E. Financial—general ledger, budgeting, cash management, and preparation of managerial reports and financial statements
A. Project management—costing, billing, time and expense, performance units, and activity management B. System tools—tools for establishing master file data, specifying flow of information, and access controls D. Order to cash—sales order entry, shipping, inventory, cash receipts, and commission calculation E. Financial—general ledger, budgeting, cash management, and preparation of managerial reports and financial statements
Which of the following statements is true? A. Symmetric encryption is faster than asymmetric encryption but cannot be used to provide nonrepudiation of contracts. B. Asymmetric encryption is faster than symmetric encryption but cannot be used to provide nonrepudiation of contracts. C. Asymmetric encryption is faster than symmetric encryption and can be used to provide nonrepudiation of contracts. D. Symmetric encryption is faster than asymmetric encryption and can be used to provide nonrepudiation of contracts.
A. Symmetric encryption is faster than asymmetric encryption but cannot be used to provide nonrepudiation of contracts.
Which of the following statements about ERP systems is(are) true? (Check all that apply.) A. The importance of sound internal controls in an ERP system cannot be overstated. B. Top management's commitment to an ERP system greatly increases the chances of success. C. One way to choose a suitable ERP system is to select a package designed for your industry. D. Companies seldom hire outside help to implement ERP software. E. Since there are so few quality ERP systems, choosing one is an easy task.
A. The importance of sound internal controls in an ERP system cannot be overstated. B. Top management's commitment to an ERP system greatly increases the chances of success. C. One way to choose a suitable ERP system is to select a package designed for your industry.
On your dream vacation to Hawaii you decide to log into the hotel's Wi-Fi network and notice that there are two networks with very similar names. You select one and are immediately connected to the network without having to enter the access code given you at check in. Weeks later you find that your identity has been stolen. You were a victim of which computer fraud and abuse technique? A. Tab napping B. Evil twin C. Carding D. Chipping E. Typosquatting
B. Evil twin
Most websites provide information about what data is being collected, how it will be used, and why it is being collected. Websites provide this information in order to satisfy which GAPP principle? A. Collection B. Notice C. Use, retention, and disposal D. Choice and consent
B. Notice
Which of the following is the correct sequence of steps in the incident response process? A. Stop the attack, recognize that a problem exists, repair the damage, learn from the attack B. Recognize that a problem exists, stop the attack, repair the damage, learn from the attack C. Stop the attack, repair the damage, recognize that a problem exists, learn from the attack D. Recognize that a problem exists, repair the damage, stop the attack, learn from the attack
B. Recognize that a problem exists, stop the attack, repair the damage, learn from the attack
Which of the following are disadvantages of ERP systems? (Check all that apply.) A. Data input must be captured or keyed multiple times as it is entered into different systems. B. Usually companies must adapt their processes to standardized ERP business processes. C. It can take years to select and fully implement an ERP system. D. They are complex because they have to integrate many different business activities and systems. E. The organization is less able to control access to the system.
B. Usually companies must adapt their processes to standardized ERP business processes. C. It can take years to select and fully implement an ERP system. D. They are complex because they have to integrate many different business activities and systems.
Which of the following statements about ERP systems is(are) true? (Check all that apply.) A. Before ERP systems were developed, it was easy to include nonfinancial information in an AIS. B. Well-designed ERP systems provide management with the easy access to up-to-date information needed to plan, control, and evaluate business processes more effectively. C. ERP systems integrate all aspects of a company's operations with a traditional AIS. D. ERP systems use a centralized database to share information across business processes and coordinate activities.
B. Well-designed ERP systems provide management with the easy access to up-to-date information needed to plan, control, and evaluate business processes more effectively. C. ERP systems integrate all aspects of a company's operations with a traditional AIS. D. ERP systems use a centralized database to share information across business processes and coordinate activities.
Which of the following is an example of the kind of batch total called a hash total? A. the sum of the purchase amount field in a set of purchase orders B. the sum of the purchase order number field in a set of purchase orders the number of completed documents in a set of purchase orders All of the above
B. the sum of the purchase order number field in a set of purchase orders
Which of the following controls would prevent entry of a nonexistent customer number in a sales transaction? A. batch total B. validity check C. completeness check D. field check
B. validity check
A woman sent her company fictitious medical bills from doctors who did not exist. The bills were processed in the normal way by her employer, and payments went to her husband's office address. She bilked her company out of millions of dollars. This is an example of what type of fraud? A. Processor fraud B. Output fraud C. Input fraud D. Computer instruction fraud E. Data fraud
C. Input fraud
In your haste to watch a video that you heard about, you type in yuube.com and are taken to a site with the familiar YouTube logo but find that the site sells a video ad blocker that allows you to watch YouTube without having to watch the ads. This is an example of _______________. A. vishing B. skimming C. typosquatting D. scavenging E. chipping
C. typosquatting
Which of the following is an example of an ERP system? A. Jim has a system that keeps track of the cash receipts and cash disbursements of his cleaning business. At the end of each month, the system helps him prepare a monthly profit and loss statement. B. Ken is a freelance contractor. He keeps records of all expenses and revenues on his cell phone app and the files are uploaded to the cloud on a regular basis. C. John uses a computerized information system to keep track of all the financial data generated by his business. D. Each week Emily enters all of the data into a system that automatically generates purchase orders, based on predetermined inventory reorder points. Production quotas for the coming week are also automatically generated based on customer orders.
D. Each week Emily enters all of the data into a system that automatically generates purchase orders, based on predetermined inventory reorder points. Production quotas for the coming week are also automatically generated based on customer orders.
Cupcake by Emma is a dessert retailer located in Springtown, Texas. Emma is a sole proprietorship that stocks an inventory of between 30 and 50 different kinds of desserts. Inventory is updated in real time by the company's AIS. If Emma wishes to keep cumulative data about the company, Emma might use a A. transaction file. B. specific file. C. relational file. D. master file.
D. master file.
Which of the following measures the amount of data that might be potentially lost as a result of a system failure? A. disaster recovery plan (DRP) B. recovery time objective (RTO) C. business continuity plan (BCP) D. recovery point objective (RPO)
D. recovery point objective (RPO)
Processing integrity
Ensures accuracy of data