ACT 6651 Ch 15

An entity has the following sales orders in a batch: Invoice # Product Quantity Unit Price 101 K 10 50 $ 5.00 102 M 15 100 $10.00 103 P 20 150 $25.00 104 Q 25 200 $30.00 105 T 30 250 $35.00 Which of the following numbers represents the record count? A. 5 B. 100 C. 105 D. 750

A. 5

Attacks on computer networks may take many forms. Which of the following uses the computers of innocent parties infected with Trojan horse programs? A. A distributed denial-of-service attack. B. A man-in-the-middle attack. C. A brute-force attack. D. A password-cracking attack.

A. A distributed denial-of-service attack.

Which of the following statements is correct regarding information technology (IT) governance? A. A primary goal of IT governance is to balance risk versus return over IT and its processes. B. IT governance is an appropriate issue for organizations at the level of the board of directors only. C. IT goals should be independent of strategic goals. D. IT governance requires that the Control Objectives for Information and related Technology (COBIT) framework be adopted and implemented.

A. A primary goal of IT governance is to balance risk versus return over IT and its processes.

Which of the following errors most likely would be detected by batch financial totals? A. A transposition error on one employee's paycheck on a weekly payroll run. B. A missing digit in an invoice number in a batch of daily sales. C. A purchase order mistakenly entered into two different batches. D. Malfeasance resulting from a receivable clerk's pocketing of a customer's payment and altering of the related records.

A. A transposition error on one employee's paycheck on a weekly payroll run.

Which of the following is an important senior management responsibility with regard to information systems security? A. Assessing exposures. B. Assigning access privileges. C. Identifying ownership of data. D. Training employees in security matters.

A. Assessing exposures.

The headquarters' computer of a certain entity maintains a matrix of user names and the files/programs the user can access as well as what the user can do to/with the file or program. This matrix is primarily intended to provide A. Authorization for processing. B. Access control to computer hardware. C. Authentication of the user. D. Data integrity control.

A. Authorization for processing.

A customer intended to order 100 units of product Z96014 but incorrectly ordered nonexistent product Z96015. Which of the following controls most likely would detect this error? A. Check digit verification. B. Record count. C. Hash total. D. Redundant data check.

A. Check digit verification.

An employee in the receiving department keyed in a shipment from a remote terminal and inadvertently omitted the purchase order number. The best systems control to detect this error is A. Completeness test. B. Sequence check. C. Reasonableness test. D. Compatibility test.

A. Completeness test.

Which of the following characteristics distinguishes computer processing from manual processing? A. Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing. B. Errors or fraud in computer processing will be detected soon after their occurrence. C. The potential for systematic error is ordinarily greater in manual processing than in computerized processing. D. Most computer systems are designed so that transaction trails useful for audit purposes do not exist.

A. Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing.

A computer operator responsible for a particular job needed to know whether the job had already been run that day. The computer operator examined the A. Console log. B. Data control log. C. Job queue. D. Master run book.

A. Console log.

Which of the following is a true statement regarding security over an entity's IT? A. Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access. B. Controls over data sharing by diverse users within an entity should be the same for every user. C. The employee who manages the computer hardware should also develop and debug the computer programs. D. Controls can provide assurance that all processed transactions are authorized but cannot verify that all authorized transactions are processed.

A. Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access.

In a large firm, custody of an entity's data is most appropriately maintained by which of the following personnel? A. Data librarian. B. Systems analyst. C. Computer operator. D. Computer programmer.

A. Data librarian.

Which of the following would be the responsibility of a database administrator (DBA)? A. Develop the database. B. Maintain control over programs and data storage media. C. Develop information security policies. D. Write computer programs.

A. Develop the database.

The significance of hardware controls is that they A. Ensure the proper execution of machine instructions. B. Reduce the incidence of user input errors in online systems. C. Ensure accurate programming of operating system functions. D. Ensure that run-to-run totals in application systems are consistent.

A. Ensure the proper execution of machine instructions.

Which of the following statements is inconsistent with the key principles of the COBIT 5 framework? A. Enterprise governance and management are treated as the same activity. B. The needs of stakeholders are the focus of all organizational activities. C. Information technology controls are considered to be intertwined with those of the organization's everyday operations. D. COBIT 5 can be applied even when other IT-related standards have been adopted.

A. Enterprise governance and management are treated as the same activity.

Parity checks and echo checks are examples of A. Hardware controls. B. Access controls. C. Logical controls. D. Environmental controls.

A. Hardware controls.

In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator? A. Managing remote access. B. Developing application programs. C. Reviewing security policy. D. Installing operating system upgrades.

A. Managing remote access.

Which of the following passwords would be most difficult to crack? A. O?Ca!FlSi B. language C. 12 HOUSE 24 D. pass56word

A. O?Ca!FlSi

An organization relied heavily on e-commerce for its transactions. Evidence of the organization's security awareness manual would be an example of which of the following types of controls? A. Preventive. B. Detective. C. Corrective. D. Compliance.

A. Preventive.

To ensure the completeness of update in an online system, separate totals are accumulated for all transactions processed throughout the day. The computer then agrees these totals to the total of items accepted for processing. This is an example of A. Run-to-run totals. B. Computer matching. C. Computer sequence check. D. One-for-one checking.

A. Run-to-run totals.

As a result of technological developments facing businesses and CPAs, A. System boundaries are becoming less distinct. B. Computer programmers and operators have eliminated the need for accountants. C. Internet use has spread, and e-business control over user interaction has been simplified. D. Better controls have resulted in a reduction in threats.

A. System boundaries are becoming less distinct.

An accounts payable clerk is accused of making unauthorized changes to previous payments to a vendor. Proof could be uncovered in which of the following places? A. Transaction logs. B. Error reports. C. Error files. D. Validated data file.

A. Transaction logs.

Which of the following is a password security problem? A. Users are assigned passwords when accounts are created but do not change them. B. Users have accounts on several systems with different passwords. C. Users copy their passwords on note paper, which is kept in their wallets. D. Users select passwords that are not listed in any online dictionary.

A. Users are assigned passwords when accounts are created but do not change them.

An accounts payable program posted a payable to a vendor not included in the online vendor master file. A control that would prevent this error is a A. Validity check. B. Range check. C. Reasonableness test. D. Parity check.

A. Validity check.

Which of the following controls is a processing control designed to ensure the reliability and accuracy of data processing? Limit Test Validity Check Test A. Yes Yes B. No No C. No Yes D. Yes No

A. Yes, Yes

An entity has the following invoices in a batch: Invoice Number Product Quantity Unit Price 201 F10 150 $ 5.00 202 G15 200 $10.00 203 H20 250 $25.00 204 K35 300 $30.00 Which of the following numbers represents the record count? A. 1 B. 4 C. 810 D. 900

B. 4

A company's accounts payable clerk obtained the payroll supervisor's computer password. The clerk then used the password to obtain unauthorized access to the company's payroll files. Any of the following can be used to prevent such unauthorized access to the payroll files, except A. A smart card. B. A digital signature. C. Multifactor authentication. D. Multimodal authentication.

B. A digital signature.

Which of the following statements is true regarding internal control objectives of information systems? A. Primary responsibility of viable internal control rests with the internal audit division. B. A secure system may have inherent risks due to management's analysis of trade-offs identified by cost-benefit studies. C. Control objectives primarily emphasize output distribution issues. D. An entity's corporate culture is irrelevant to the objectives.

B. A secure system may have inherent risks due to management's analysis of trade-offs identified by cost-benefit studies.

All of the following are correct statements regarding a firewall except A. A network firewall regulates traffic to an entire network. B. An application firewall is an adequate substitute for a network firewall. C. A firewall alone is not an adequate defense against computer viruses. D. A firewall is a combination of hardware and software that separates an internal network from an external network (e.g., the Internet) and prevents passage of traffic deemed suspicious.

B. An application firewall is an adequate substitute for a network firewall.

In the organization of the information systems function, the most important segregation of duties is A. Not allowing the data librarian to assist in data processing operations. B. Assuring that those responsible for programming the system do not have access to data processing operations. C. Having a separate information officer at the top level of the organization outside of the accounting function. D. Using different programming personnel to maintain utility programs from those who maintain the application programs.

B. Assuring that those responsible for programming the system do not have access to data processing operations.

Which of the following computerized control procedures is most effective in ensuring that files of data uploaded from personal computers to a server are complete and that no additional data are added? A. Self-checking digits to ensure that only authorized part numbers are added to the database. B. Batch control totals, including control totals and hash totals. C. Passwords that effectively limit access to only those authorized to upload the data to the server. D. Field-level edit controls that test each field for alphanumerical integrity.

B. Batch control totals, including control totals and hash totals.

Which of the following activities would most likely be performed in the computer processing department? A. Initiation of changes to master records. B. Conversion of information to machine-readable form. C. Correction of transactional errors. D. Initiation of changes to existing applications.

B. Conversion of information to machine-readable form.

The increased use of database processing systems makes managing data and information a major information service function. Because the databases of an organization are used for many different applications, they are coordinated and controlled by a database administrator. The functions of a database administrator are A. Data input preparation, database design, and database operations. B. Database design, database operation, and database security. C. Database design, database operation, and equipment operations. D. Database design, software support, and database security.

B. Database design, database operation, and database security.

What is the role of the systems analyst in an IT environment? A. Developing long-range plans and directing application development and computer operations. B. Designing systems, preparing specifications for programmers, and serving as intermediary between users and programmers. C. Maintaining control over the completeness, accuracy, and distribution of input and output. D. Selecting, implementing, and maintaining system software, including operating systems, network software, and the database management system.

B. Designing systems, preparing specifications for programmers, and serving as intermediary between users and programmers.

The purpose of check digit verification of an account number on an update transaction is to A. Verify that the account number corresponds to an existing account in the master file. B. Detect a transposition of an account number entered into the system. C. Ensure that supporting documentation exists for the update transaction. D. Require the account number to have the correct logical relationship with other fields.

B. Detect a transposition of an account number entered into the system.

Review of the audit log is an example of which type of security control? A. Governance. B. Detective. C. Preventive. D. Corrective.

B. Detective.

Which of the following should not be the responsibility of a database administrator? A. Design the content and organization of the database. B. Develop applications to access the database. C. Protect the database and its software. D. Monitor and improve the efficiency of the database.

B. Develop applications to access the database.

Which of the following is considered an application input control? A. Run control total. B. Edit check. C. Report distribution log. D. Exception report.

B. Edit check.

Able Co. uses an online sales order processing system to process its sales transactions. Able's sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely would be a A. Report of all missing sales invoices. B. File of all rejected sales transactions. C. Printout of all user code numbers and passwords. D. List of all voided shipping documents.

B. File of all rejected sales transactions.

Which of the following is an electronic device that separates or isolates a network segment from the main network while maintaining the connection between networks? A. Query program. B. Firewall. C. Image browser. D. Keyword.

B. Firewall.

The two broad groupings of information systems control activities are general controls and application controls. General controls include controls A. Relating to the correction and resubmission of faulty data. B. For developing, modifying, and maintaining computer programs. C. Designed to assure that only authorized users receive output from processing. D. Designed to ensure that all data submitted for processing have been properly authorized.

B. For developing, modifying, and maintaining computer programs.

Innovations in IT increase the importance of risk management because A. The objective of complete security is becoming more attainable. B. Information system security is continually subject to new threats. C. Closed private systems have proliferated. D. Privacy is a concern for only a very few users.

B. Information system security is continually subject to new threats.

Which of the following is most likely a disadvantage for an entity that keeps data files prepared by personal computers rather than manually prepared files? A. Attention is focused on the accuracy of the programming process rather than errors in individual transactions. B. It is usually easier for unauthorized persons to access and alter the files. C. Random error associated with processing similar transactions in different ways is usually greater. D. It is usually more difficult to compare recorded accountability with physical count of assets.

B. It is usually easier for unauthorized persons to access and alter the files.

Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of this change, A. A generalized computer audit program must be used. B. Part of the audit trail is altered. C. The potential for payroll-related fraud is diminished. D. Transactions must be processed in batches.

B. Part of the audit trail is altered.

Which of the following classifications of security controls includes smoke detectors, generators, security guards, and ID badges? A. Technical. B. Physical. C. Administrative. D. Logical.

B. Physical.

The most critical aspect of separation of duties within information systems is between A. Project leaders and programmers. B. Programmers and computer operators. C. Management and users. D. Programmers and systems analysts.

B. Programmers and computer operators.

Which of the following controls most likely could prevent computer personnel from modifying programs to bypass programmed controls? A. Periodic management review of computer utilization reports and systems documentation. B. Segregation of duties for computer programming and computer operations. C. Participation of user department personnel in designing and approving new systems. D. Physical security of computer facilities in limiting access to computer equipment.

B. Segregation of duties for computer programming and computer operations.

All of the following are adequate controls for protection against unauthorized access to sensitive information except A. Automatic log-off. B. System access log. C. Device authorization table. D. Passwords and ID numbers.

B. System access log.

What should be examined to determine if an information system is operating according to prescribed procedures? A. System capacity. B. System control. C. System complexity. D. Accessibility to system information.

B. System control.

Authentication is the process by which the A. System verifies that the user is entitled to enter the transaction requested. B. System verifies the identity of the user. C. User identifies himself or herself to the system. D. User indicates to the system that the transaction was processed correctly.

B. System verifies the identity of the user.

A small client recently put its cash disbursements system on a server. About which of the following internal control features would an auditor most likely be concerned? A. Programming of the applications is in BASIC, although C++ is a more up-to-date, flexible programming language. B. The server is operated by employees who have cash custody responsibilities. C. Only one employee has the password to gain access to the cash disbursement system. D. There are restrictions on the amount of data that can be stored and on the length of time that data can be stored.

B. The server is operated by employees who have cash custody responsibilities.

If a payroll system continues to pay employees who have been terminated, control weaknesses most likely exist because A. Procedures were not implemented to verify and control the receipt by the computer processing department of all transactions prior to processing. B. There were inadequate manual controls maintained outside the computer system. C. Programmed controls such as limit checks should have been built into the system. D. Input file label checking routines built into the programs were ignored by the operator.

B. There were inadequate manual controls maintained outside the computer system.

What is the primary objective of data security controls? A. To establish a framework for controlling the design, security, and use of computer programs throughout an organization. B. To ensure that storage media are subject to authorization prior to access, change, or destruction. C. To formalize standards, rules, and procedures to ensure the organization's controls are properly executed. D. To monitor the use of system software to prevent unauthorized access to system software and computer programs.

B. To ensure that storage media are subject to authorization prior to access, change, or destruction.

A network firewall is designed to provide adequate protection against which of the following? A. A computer virus. B. Unauthenticated logins from outside users. C. Insider leaking of confidential information. D. A Trojan horse application.

B. Unauthenticated logins from outside users.

A company wants to protect its IT system from unauthorized users accessing the system. Which of the following controls would best serve to mitigate this risk? A. A keystroke log. B. A transaction log. C. A biometric device. D. Public key encryption.

C. A biometric device.

The firewall system that limits access to a computer by routing users to replicated Web pages is A. A packet filtering system. B. Kerberos. C. A proxy server. D. An authentication system.

C. A proxy server.

Which of the following types of control plans is particular to a specific process or subsystem, rather than related to the timing of its occurrence? A. Preventive. B. Corrective. C. Application. D. Detective.

C. Application.

When a user enters a certain entity's system, a series of questions is asked of the user, including a name and mother's birth date. These questions are primarily intended to provide A. Authorization for processing. B. Access control to computer hardware. C. Authentication of the user. D. Data integrity control.

C. Authentication of the user.

A company permits employees to work from home using company-owned laptops. Which of the following competitive advantages does the company most likely obtain as a result of this decision? A. Integrity. B. Reliability. C. Availability. D. Confidentiality.

C. Availability.

To maintain effective segregation of duties within the information technology function, an application programmer should have which of the following responsibilities? A. Modify and adapt operating systems software. B. Correct detected data entry errors for the cash disbursement system. C. Code approved changes to a payroll program. D. Maintain custody of the billing program code and its documentation.

C. Code approved changes to a payroll program.

Some data processing controls relate to all computer processing activities (general controls) and some relate to specific tasks (application controls). General controls include A. Controls designed to ascertain that all data submitted to computer processing have been properly authorized. B. Controls that relate to the correction and resubmission of data that were initially incorrect. C. Controls for documenting and approving programs and changes to programs. D. Controls designed to assure the accuracy of the processing results.

C. Controls for documenting and approving programs and changes to programs.

Which of the following statements most accurately describes the impact that automation has on the controls normally present in a manual system? A. Transaction trails are more extensive in a computer-based system than in a manual system because a one-for-one correspondence always exists between data entry and output. B. Responsibility for custody of information assets is more concentrated in user departments in a computer-based system than it is in a manual system. C. Controls must be more explicit in a computer-based system because many processing points that present opportunities for human judgment in a manual system are eliminated. D. The quality of documentation becomes less critical in a computer-based system than it is in a manual system because data records are stored in machine-readable files.

C. Controls must be more explicit in a computer-based system because many processing points that present opportunities for human judgment in a manual system are eliminated.

Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals? A. Network maintenance and wireless access. B. Data entry and antivirus management. C. Data entry and application programming. D. Data entry and quality assurance.

C. Data entry and application programming.

A retail store uses batch processing to process sales transactions. The store has batch control total and other control checks embedded in the information processing system of the sales subsystem. While comparing reports, an employee notices that information sent to the subsystem was not fully processed. Which of the following types of controls is being exercised by the employee? A. Preventive. B. Corrective. C. Detective. D. Input.

C. Detective.

Which of the following is a network security system that is used to control network traffic and to set up a boundary that prevents traffic from one segment from crossing over to another? A. Router. B. Gateway. C. Firewall. D. Heuristic.

C. Firewall.

In an automated payroll processing environment, a department manager substituted the time card for a terminated employee with a time card for a fictitious employee. The fictitious employee had the same pay rate and hours worked as the terminated employee. The best control to detect this action using employee identification numbers is a A. Reasonableness test. B. Record count. C. Hash total. D. Financial total.

C. Hash total.

Which of the following risks are greater in computerized systems than in manual systems? I. Erroneous data conversion II. Erroneous source document preparation III. Repetition of errors IV. Concentration of data A. I and II. B. II and III. C. I, III, and IV. D. I, II, III, and IV.

C. I, III, and IV.

Which of the following areas of responsibility are normally assigned to a systems programmer in a computer system environment? A. Systems analysis and applications programming. B. Data communications hardware and software. C. Operating systems and compilers. D. Computer operations.

C. Operating systems and compilers.

A client installed the sophisticated controls using the biometric attributes of employees to authenticate user access to the computer system. This technology most likely replaced which of the following controls? A. Use of security specialists. B. Reasonableness tests. C. Passwords. D. Virus protection software.

C. Passwords.

Which of the following is the best policy for the protection of a company's vital information resources from computer viruses? A. Stringent corporate hiring policies for staff working with computerized functions. B. Existence of a software program for virus prevention. C. Prudent management procedures instituted in conjunction with technological safeguards. D. Physical protection devices in use for hardware, software, and library facilities.

C. Prudent management procedures instituted in conjunction with technological safeguards.

An important function of a database administrator is A. Reviewing database output for errors and omissions. B. Scheduling daily database operations. C. Redefining and restructuring the database. D. Evaluating internal controls for hardware.

C. Redefining and restructuring the database.

All of the following are correct statements regarding general controls except A. General controls relate to the organization's IT environment and sustain the conditions under which application controls can function properly. B. Treating IT as a separate functional area of the organization involves the designation of a chief information officer (CIO) or chief technology officer (CTO) and the establishment of an information systems steering committee to set a coherent direction for the organization's systems and prioritize information technology projects. C. Segregation of duties is less important because IT facilitates the separation of functions (authorization, recording, and access to assets). D. Controls over software acquisition, change, and maintenance include controls over systems software and controls over application software.

C. Segregation of duties is less important because IT facilitates the separation of functions (authorization, recording, and access to assets).

Which of the following statements best characterizes the function of a physical access control? A. Protects systems from the transmission of Trojan horses. B. Provides authentication of users attempting to log into the system. C. Separates unauthorized individuals from computer resources. D. Minimizes the risk of incurring a power or hardware failure.

C. Separates unauthorized individuals from computer resources.

Which one of the following input validation routines is not likely to be appropriate in a real-time operation? A. Sign check. B. Reasonableness check. C. Sequence check. D. Field check.

C. Sequence check.

For control purposes, which of the following should be organizationally segregated from the computer operations function? A. Data conversion. B. Surveillance of screen display messages. C. Systems development. D. Minor maintenance according to a schedule.

C. Systems development.

Which of the following is a validity check? A. The computer ensures that a numerical amount in a record does not exceed some predetermined amount. B. As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out. C. The computer flags any transmission for which the control field value did not match that of an existing file record. D. After data are entered, the computer sends certain data back to the terminal for comparison with data originally sent.

C. The computer flags any transmission for which the control field value did not match that of an existing file record.

Which of the following is a computer program that appears to be legitimate but performs some illicit activity when it is run? A. Hoax virus. B. Web crawler. C. Trojan horse. D. Killer application.

C. Trojan horse.

When a client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk? A. User passwords are not required to be in alpha-numeric format. B. Management procedures for user accounts are not documented. C. User accounts are not removed upon termination of employees. D. Security logs are not periodically reviewed for violations.

C. User accounts are not removed upon termination of employees.

A customer's order was never filled because an order entry clerk transposed the customer identification number while entering the sales transaction into the system. Which of the following controls would most likely have detected the transposition? A. Sequence test. B. Completeness test. C. Validity check. D. Limit test.

C. Validity check.

Which of the following is an advantage of a computer-based system for transaction processing over a manual system? A computer-based system A. Does not require as stringent a set of internal controls. B. Will produce a more accurate set of financial statements. C. Will be more efficient at producing financial statements. D. Eliminates the need to reconcile control accounts and subsidiary ledgers.

C. Will be more efficient at producing financial statements.

An entity has the following invoices in a batch: Invoice Number Product Quantity Unit Price 201 F10 150 $ 5.00 202 G15 200 $10.00 203 H20 250 $25.00 204 K35 300 $30.00 Which of the following most likely represents a hash total? A. FGHK80 B. 4 C. 204 D. 810

D. 810

One of the major problems in a computer system is that incompatible functions may be performed by the same individual. One compensating control is the use of A. Echo checks. B. A check digit system. C. Computer-generated hash totals. D. A computer log.

D. A computer log.

A company's web server has been overwhelmed with a sudden surge of false requests that caused the server to crash. The company has most likely been the target of A. Spoofing. B. Piggybacking. C. An eavesdropping attack. D. A denial of service attack.

D. A denial of service attack.

An online data entry program is used for original entry of vendor invoices. A batch check-writing program occasionally prepares a check for a vendor not yet included in the vendor file. Checks for such vendors contain nonsense characters in the payee field. The most effective programmed control to prevent this kind of error is to perform A. A batch control total check on vendor payments. B. A completeness test on fields in the check-writing program. C. A verification of vendors in the check-writing program. D. A record lookup for vendors during data entry.

D. A record lookup for vendors during data entry.

An entity has many employees that access a database. The database contains sensitive information concerning the customers of the entity and has numerous access points. Access controls prevent employees from entry to those areas of the database for which they have no authorization. All salespersons have certain access permission to customer information. Which statement is true regarding the nature of the controls and risks? A. Because there is no segregation of duties among the salespersons, risk of collusion is increased. B. Only one salesperson should be allowed access permission. C. Sales department personnel should not have access to any part of the database. D. A salesperson's access to customer information should extend only to what is necessary to perform his or her duties.

D. A salesperson's access to customer information should extend only to what is necessary to perform his or her duties.

Controls in the information technology area are classified into the preventive, detective, and corrective categories. Which of the following is a preventive control? A. Contingency planning. B. Hash total. C. Echo check. D. Access control software.

D. Access control software.

Dora Jones, an auditor for Farmington Co., noted that the Acme employees were using computers connected to Acme's network by wireless technology. On her next visit to Acme, Jones brought one of Farmington's laptop computers with a wireless network card. When she started the laptop to begin work, Jones noticed that the laptop could view several computers on Acme's network and that she had access to Acme's network files. Which of the following statements is the most likely explanation? A. Acme's router was improperly configured. B. Farmington's computer had the same administrator password as the server. C. Jones had been given root account access on Acme's computer. D. Acme was not using security on the network.

D. Acme was not using security on the network.

Which of the following security controls may prevent unauthorized access to sensitive data via an unattended workstation connected to a server? A. Use of a screen saver. B. Use of passwords to identify users. C. Encryption of data files. D. Automatic log-off of inactive users.

D. Automatic log-off of inactive users.

Certain payroll transactions were posted to the payroll file but were not uploaded correctly to the general ledger file on the main server. The best control to detect this type of error would be A. A standard method for uploading mainframe data files. B. An appropriate edit and validation of data. C. A record or log of items rejected during processing. D. Balancing totals of critical fields.

D. Balancing totals of critical fields.

A customer notified a company that the customer's account did not reflect the most recent monthly payment. The company investigated the issue and determined that a clerk had mistakenly applied the customer's payments to a different customer's account. Which of the following controls would help to prevent such an error? A. Checksum. B. Field check. C. Completeness test. D. Closed-loop verification.

D. Closed-loop verification.

A company began issuing handheld devices to key executives. Each of the following factors is a reason for requiring changes to the security policy except A. Storage of sensitive data. B. Portability of the device. C. Vulnerability of the device. D. Convenience of the device.

D. Convenience of the device.

If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll computer application? A. Hours worked. B. Total debits and total credits. C. Net pay. D. Department numbers.

D. Department numbers.

A client who recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name, and the individual's password is the same as the UIC. Users are not required to change their passwords at initial log-in, nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client's computer-access control? A. Employees can easily guess fellow employees' passwords. B. Employees are not required to change passwords. C. Employees can circumvent procedures to segregate duties. D. Employees are not required to take regular vacations.

D. Employees are not required to take regular vacations.

Which of the following is the most effective user account management control in preventing the unauthorized use of a computer system? A. Management enforces a password policy that requires passwords to be 10 characters long, to be nonreusable, and to be changed weekly. B. An account manager is responsible for authorizing and issuing new accounts. C. The passwords and usernames of failed log-in attempts are logged and documented in order to cite attempted infiltration of the system. D. Employees are required to renew their accounts semiannually.

D. Employees are required to renew their accounts semiannually.

Each of the following would help prevent incorrect postings to the general ledger in a computerized accounting system, except A. Validating the posting date of the transaction. B. Restricting the ability to post directly to accounts with subsidiary ledgers. C. Performing a range check on the general ledger account in the transaction. D. Establishing a unique transaction number for each general ledger posting.

D. Establishing a unique transaction number for each general ledger posting.

Which of the following risks can be minimized by requiring all employees accessing the information system to use passwords? A. Collusion. B. Data entry errors. C. Failure of server duplicating function. D. Firewall vulnerability.

D. Firewall vulnerability.

General controls include I. Physical controls. II. Access controls. III. Hardware controls. IV. Environmental controls. V. Logical controls. A. I and IV. B. II, III, and IV. C. I, II, and III. D. I, II, III, IV, and V.

D. I, II, III, IV, and V.

The risks created by rapid changes in IT have not affected which concepts of internal control? I. Cost-benefit analysis II. Control environment III. Reasonable assurance IV. Management's responsibility A. I and II only. B. III and IV only. C. II, III, and IV only. D. I, II, III, and IV.

D. I, II, III, and IV.

Spoofing is one type of malicious online activity. Spoofing is A. Trying large numbers of letter and number combinations to access a network. B. Eavesdropping on information sent by a user to the host computer of a website. C. Accessing packets flowing through a network. D. Identity misrepresentation in cyberspace.

D. Identity misrepresentation in cyberspace.

Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system? A. Segregation of duties. B. Ensure proper authorization of transactions. C. Adequately safeguard assets. D. Independently verify the transactions.

D. Independently verify the transactions.

Which of the following statements is true concerning the COBIT 5 framework? A. Governance and management are synonyms for the activities of upper management. B. Information technology controls are most effectively designed and executed in isolation from other business processes. C. Minimization of risk and resource use are among the major goals of COBIT 5. D. Information and organizational structures are among the enablers identified in COBIT 5.

D. Information and organizational structures are among the enablers identified in COBIT 5.

Which of the following internal control procedures would prevent an employee from being paid an inappropriate hourly wage? A. Having the supervisor of the data entry clerk verify that each employee's hours worked are correctly entered into the system. B. Using real-time posting of payroll so there can be no after-the-fact data manipulation of the payroll register. C. Giving payroll data entry clerks the ability to change any suspicious hourly pay rates to a reasonable rate. D. Limiting access to employee master files to authorized employees in the personnel department.

D. Limiting access to employee master files to authorized employees in the personnel department.

General controls in an information system include each of the following except A. Information technology infrastructure. B. Security management. C. Software acquisition. D. Logic tests.

D. Logic tests.

Which of the following is a key difference in controls when changing from a manual system to a computer system? A. Internal control principles change. B. Internal control objectives differ. C. Control objectives are more difficult to achieve. D. Methodologies for implementing controls change.

D. Methodologies for implementing controls change.

Which one of the following represents a lack of internal control in a computer-based system? A. The design and implementation is performed in accordance with management's specific authorization. B. Any and all changes in application programs have the authorization and approval of management. C. Provisions exist to ensure the accuracy and integrity of computer processing of all files and reports. D. Programmers have access to change programs and data files when an error is detected.

D. Programmers have access to change programs and data files when an error is detected.

A systems engineer is developing the input routines for a payroll system. Which of the following methods validates the proper entry of hours worked for each employee? A. Check digit. B. Sequence check. C. Capacity check. D. Reasonableness check.

D. Reasonableness check.

An employee mistakenly enters April 31 in the date field. Which of the following programmed edit checks offers the best solution for detecting this error? A. Online prompting. B. Mathematical accuracy. C. Preformatted screen. D. Reasonableness.

D. Reasonableness.

Which of the following statements presents an example of a general control for a computerized system? A. Limiting entry of sales transactions to only valid credit customers. B. Creating hash totals from Social Security numbers for the weekly payroll. C. Restricting entry of accounts payable transactions to only authorized users. D. Restricting access to the computer center by use of biometric devices.

D. Restricting access to the computer center by use of biometric devices.

Which of the following activities would most likely detect computer-related fraud? A. Using data encryption. B. Performing validity checks. C. Conducting fraud-awareness training. D. Reviewing the systems-access log.

D. Reviewing the systems-access log.

A company has in place an authentication system that requires users to enter a logon name and password. In an effort to strengthen this method of authentication, the company's chief information officer (CIO) asked the technology steering committee to recommend a biometric control for the authentication process. Which of the following committee recommendations best meets the requirement of the CIO? A. The use of a number-generating token that generates a different seven-digit number every 30 seconds to allow system entry. B. The use of a voice-to-text converter on user workstations that allows users to speak their user name and password. C. The use of a picture selection screen in which a user must choose a matching photo to one that was selected when the system was first implemented. D. The installation of fingerprint scanners on all workstations.

D. The installation of fingerprint scanners on all workstations.

Your firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automatic system? A. Processing errors are increased. B. The firm's risk exposures are reduced. C. Processing time is increased. D. Traditional duties are less segregated.

D. Traditional duties are less segregated.

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data? A. Reasonableness test. B. Field check. C. Digit verification check. D. Validity check.

D. Validity check.

An auditor was examining a client's network and discovered that the users did not have any password protection. Which of the following would be the best example of the type of network password the users should have? A. trjunpqs. B. 34787761. C. tr34ju78. D. tR34ju78.

D. tR34ju78.