Accounting Information Systems Exam 3 Ch. 11-13

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

The test data technique uses:

a set of input data to validate system integrity

Based on SOX, which of the following sections is about corporate responsibility for financial reports?

302

Based on SOX, what section is about internal controls

404

Controls that are designed to prevent, detect, or correct errors in transactions as they are processed through a specific subsystem are referred to as

Application controls

The computer sums the first four digits of a customer number to calculate the value of the fifth digit and then compares that calculation to the number typed during data entry. This is an example of a:

Check digit verification

What can be considered as a good alternative to backup data and applications

Cloud computing

Indicates that the subscriber identified has sole control and access to the private key

Digital certificate

An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?

Disaster recovery plan

__________ __________ is an internal process that examines accounting practices, risk controls, compliance, information technology systems and business procedures on an ongoing basis

Continuous audit

What is not one of the five essential components in the COSO 2013 framework

Control assessment

Unauthorized alteration of records in a database system would impair which component of the CIA (related to security)?

Integrity

Which is not an example of a batch total

Exception total

T or F : SOX requires companies to use COSO or COSO ERM as the framework in evaluating internal controls.

False

T or F: Backup is a preventive control

False

T or F: The integrated test facility is a programmed module or segment that is inserted into an application program to monitor and collect data based on daily transactions.

False

T or F: The responsibility of monitoring the effectiveness of internal controls belongs to the internal audit group.

False

Which network component is set up to serve as a security measure that prevents unauthorized traffic between different segments of the network

Firewall

Access control to ensure only authorized personnel have access to a firm's network is a

General control

The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the best audit technique to use in this situation?

Generalized audit software

Which audit technique should an IS auditor use to detect duplicate invoice records within an invoice master file?

Generalized audit software

A message digest is the result of hashing. What is true about the hashing process?

Hashing is the best approach to make sure that two files are identical.

To ensure confidentiality in an asymmetric-key encryption system, knowledge of which of the following keys is required to decrypt the received message? I. Private II. Public

I. Private

An organization is planning to replace its wired networks with wireless networks. What approach provides the most secure wireless network?

Implement wi-fi protected access (WPA2)

Incentive to commit fraud usually will include all of the following, except:

Inadequate segregation of duties

The ISO 27000 series are a framework for

Information security management

A group of computers, printers, and other devices connected to the same network and covers a limited geographic range is called a

LAN

A field check is a(n)

Preventive control

The fraud triangle indicates three conditions existing for a fraud to be perpetrated:

Rationalization and pressure

To ensure the data sent over the Internet are protected, which of the following keys is required to encrypt the data (before transmission) using an asymmetric-key encryption method?

Receiver's public key

Data processing activities may be classified in terms of three stages or processes: input, processing, and output. An activity that is not normally associated with the input stage is

Reporting

Which is not a COSO ERM control objective?

Risk assessment

Which of the following groups/laws was the earliest to encourage auditors to incorporate fraud examination into audit programs?

SAS No. 99

Not a main purpose for WAN

Securely connects a network to distant offices in a building by sending encrypted packets

To authenticate the message sender in an asymmetric-key encryption system, which of the following keys is required to decrypt the received message?

Sender's Public Key

Authentication is the process by which the

System verifies the identity of the user.

What is not a task performed by an operating system?

Translate high-level languages to machine-level language

T or F: Fault tolerance uses redundant units to provide a system with the ability to continue functioning when part of the system fails

True

T or F: Regarding IT control and governance, the COBIT framework is most commonly adopted by companies in the United States.

True

Which vulnerabilities would create the most serious risk to a firm?

Unauthorized access to the firm's network

The symmetric-key encryption method...

Uses the same key for both senders and receivers for encryption and decryption

Prenumbering of source documents helps to verify that

all transactions have been recorded because the numerical sequence serves as a control.

A local area network (LAN) is best described as a(n):

computer system that connects computers of all sizes, workstations, terminals, and other devices within a limited proximity.

An operational database...

contains data that are volatile

Unauthorized alteration of records in a database system can be prevented by employing:

database access controls

The most common security threats for wireless LANs include

man-in-the-middle

Managers at a consumer products company purchased personal computer software from only recognized vendors and prohibited employees from installing nonauthorized software on their personal computers by enforcing a new end-user computing policy. To minimize the likelihood of computer viruses infecting any of its systems, the company should also:

test all new software on a stand-alone personal computer.


संबंधित स्टडी सेट्स

The Legal Environment of Business,Unit One Chapter 2, Terms and Concepts

View Set

CH. 7 Production, costs, and industry structure

View Set

NURB 3060 PrepU: Chapter 26: Assessing Male Genitalia and Rectum

View Set

Oceanography Chapter 16 Homework

View Set

Chapter 9: warehousing (ownership warehousing)

View Set

ART 100 Final Exam (CH. 7 - 13) hoefia jup

View Set