CMA Part 1 Section F

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

custom code injection

- Attackers can inject custom code into the website for subsequent browsers to process via cross-site scripting (XSS) software. - Subtle changes introduced into the web server can radically change the server's behavior (e.g., turning a trusted entity into malicious one), the accuracy of the computation (e.g., changing computational algorithms to yield incorrect results), or the confidentiality of the information (e.g., disclosing collected information).

Big Data vs Traditional Operational Data

- Big Data sources include a variety of formats and organization - traditional operational data is generally stored on more formal structures

What primary characteristic of a relational database has made it the common enterprise database model for the last 40 years?

- Common English-like query language - SQL made it easy for application developers to make data available to end users

What is the main difference between a database and a data warehouse?

- Databases store current transaction data while data warehouses store historical summary data.

Linear regression benefit

- It indicates impact of independent variables. - enables analysts to compare the effects of independent variables measured on different scales - help data scientists to eliminate and evaluate the best set of variables to be used for building predictive models.

Financial and non-financial systems

- SHOULD be logically separated either by network segmentation or firewalls - if not logically separated, accesser can tell if non-financial info can impact financial data system

dual-homed gateway firewall

- a firewall consisting of a bastion host with two network interfaces, one of which is connected to the protected network, the other of which is connected to the Internet. - Internet Protocol (IP) traffic forwarding is usually disabled, restricting all traffic between the two networks to whatever passes through some kind of application proxy

Gantt chart

- a graphical illustration of a scheduling technique - shows output plotted against units of time - does NOT include cost information - highlights activities over the life of a project and contrasts actual times with projected times using a horizontal (bar) chart. - gives a quick picture of a project's progress in terms of actual time lines and projected time lines - used for milestone scheduling where each milestone has start and completion dates. - A milestone represents a major activity or task to be accomplished (e.g., design phase in a computer system development project).

Online analytical processing (OLAP)

- a query tool applicable to performing multidimensional (i.e., more than two dimensions) and complex queries. - OLAP can perform complex data comparisons that SQL cannot. - Retail companies use the OLAP query tool to perform data mining applications using the big data.

zero day exploit

- actual computer code that can use a security vulnerability to carry out an attack - used or shared by attackers before the software vendor knows about the vulnerability - no known software patch

data synthesis phase of data life cycle

- adding attributes based on derivations of sampled data - derived data, including aggregate calculations occurs

Biometrics

"what you are" or "what you do" access control - 2 factor authentication

masquerading attack

(1) impersonating an authorized user and gaining unauthorized privileges; (2) an unauthorized agent claiming the identity of another agent; (3) an attempt to gain access to a computer system by posing as an authorized user; and (4) the pretense by which an entity pretends to be a different entity

economies of scale

(or size); ability of firm to lower average unit cost by increasing output level

pharming attack

- An attacker may modify the domain name system (DNS) mechanism to direct it to a false website. - These techniques are often used to perform pharming attacks, where users may divulge sensitive information. - - Note that pharming attacks can also be initiated by subverting the victim's host computer files.

Which of the following data visualization tools can be used as a milestone scheduling technique?

Gantt chart

What result is the most common direct result of a lack of a clear record retention policy?

Growing data repositories with data kept past its useful lifetime

Which of the following regulations include specific requirements for data retention?

HIPAA PCI-DSS GDPR

After completing your data analytics project and delivering your final report, the project sponsor asks you to deliver an executive summary presentation of the results. What deliverables should you include in such a presentation?

High-level summary that includes goals, risk, and ROI

Implementing an Enterprise Resource Planning (ERP) system impacts every aspect of an organization, from day-to-day operations to long-range strategic planning. What desired benefit of an ERP system, when realized, aligns most closely with enterprise strategy?

Higher business outcomes

Enterprise Resource Planning (ERP) systems impact an enterprise's operations at all levels. How will enterprise customers realize the impact of a well-implemented ERP system?

Higher customer satisfaction and retention

Regarding the business planning and performance management aspect of enterprise performance management (EPM), which of the following is required to transform hindsight vision into foresight vision?

Historical results Metrics and key performance indicators What-if analysis Simulation models - past historical results show hindsight vision - metrics and KPIs give insights - what-if and simulation analysis give foresight vision to the insights - ad hoc (on-the-fly) forecast updates can also be added to the insights to give foresight vision

COSO Risk Assessment

ID and prioritize organizational risk - necessary prior to selecting control activities for each risk

Data cleansing

ID missing or erroneous data

dynamic analysis

IS executed while a program is in operation

How would an analyst determine that linear regression would be a better model to use than logistic regression in a specific situation?

Identify that the desired output is quantitative, as opposed to categorical.

What purpose does the R-squared (coefficient of determination) calculation serve?

Indicates how well the model describes variances in the outcome, or dependent variable - measures how well a model predicts outcomes

Why are regression and time series analyses never 100% accurate?

Influencers always exist that are not considered in any model.

Which of the following best describes an enterprise resource planning (ERP) system?

Integrated business process management software that manages all aspects of business activities

Which of the following is best to replace the use of personal identification numbers (PINs) in the world of automated teller machines (ATMs)?

Iris-detection technology -NOT finger print bc finger print may require a PIN if print changes due to cuts and bruises

Robotics Process Automation (RPA)

Is not just about swapping out humans for machines. It provides the "glue" that integrate multiple systems dedicated to order taking and fulfillment. This goes beyond physical systems to embrace the underlying software, with the help of AI. Even where people are still present _________ can perform a valuable service. Ripe areas for ___ include procurement transaction processing, order management, and data quality assurance.--- requires little or no modification to pre-existing software - use AI to learn from users then automatically perform repetitive software actions on behalf of the user instead of requiring user to manually repeat actions - provide answers to customers and employees in natural language not predefined responses

Enterprise Performance Management (EPM) typically includes monitoring what type of metrics?

Key performance indicators (KPI)

Once an organization makes the decision to implement an enterprise resource planning (ERP) system, what tends to be the biggest implementation obstacle?

Maintaining personnel support throughout the implementation process

Primary goals of Data Governance Framework

Managing data leveraging its value minimizing risk maintaining compliance

In what ways can cloud computing make data analysis of large datasets more accessible?

Many cloud computing vendors offer toolsets and libraries to carry out advanced analysis of cloud-stored data.

Which of the following activities would be part of the data analytics phase of the data life cycle?

Modeling Interpreting Visualization (NOT cleansing)

Which of the following databases are best suited to support big data volumes containing unstructured data (i.e., data lakes)?

MongoDB

What benefit of implementing a data warehouse has the greatest impact on production relational database systems?

Moving the performance impact of reporting and analysis processes from production database systems to the data warehouse system. - bc reduced performance demand for reporting and analysis queries can increase production systems performance substantially

Data alignment

NOT part of data governance - ensure data practices align with organizational goals

Types of classification algorithms

Naive Bayes Logistic regression Decision tree

exponential smoothing technique formula

New forecast = [Smoothing constant × (actual demand - forecasted demand)] + (Previous forecast)

OAI is considering migrating its primary bidding tracking app to blockchain technology to provide an audit trail of each auction's bids and handle the high volume of bids that occur as auctions are ending. Would a bid tracking app be a good fit for blockchain technology?

No, because each bid added to the blockchain comes with a cost which would reduce the true bid amount.

Assume your organization offers payment terms of net 30 days to all customers. Your accounting information system (AIS) reports that your average time to pay across all customers is 33.5 days. Does this result indicate a problem in your expenditures cycle?

No, this metric does not indicate any problems in the expenditures cycle. - relates to revenue to cash cycle

System Development Life Cycle (SDLC) - Software Flaws

Operations & Maintenance - ID and report software flaws Implementation & Conversion - add or modify software to fix software flaws Conceptual & Physical Design - address flaw by revisiting design phase

Business intelligence software can be used to create which of the following to turn raw data into actionable information?

Pivot Table and Contingency Table

Suppose you have a sales dataset that consists of item number, price, quantity, and sales date-time. Based on past sales, you want to estimate what price you need to set for a group of items to achieve the desired sales targets for those items. What type of analytics are you carrying out?

Prescriptive

The data analytics phase of the data life cycle has the potential to provide the most value derived from data to an organization. Why is one specific type of analytics, prescriptive analytics, often considered to potentially yield the greatest value from data?

Prescriptive analytics gives organizations tools to control desired outcomes. - can alter behavior to achieve desired goals

Security controls mitigate a wide variety of information security risks. Security Awareness Training would best fall under which of the following controls?

Preventive and Deterrent -As a Preventive control it stops unauthorized or unwanted activity from occurring, and as a Deterrent control it discourages the same type of activities

Porter's Value Chain

Primary: inbound logistics, operations, outbound logistics, marketing and sales, service Support: firm infrastructure, human resource mgmt, technology development (incl. AIS), procurement -primary activities generate revenues

Which of the following most closely describes the automation of invoice pre-processing?

Processing systems can incorporate invoices that originated in an assortment of formats: by scanning a physical document, by reading contents of an email or electronic fax, or by translating data from a portal upload.

Sports Clothing, Inc. (SCI) recently installed automated conveyor systems in its primary warehouse. How could implementing automated robotics components reduce labor costs associated with loss of misplaced goods?

Providing an audit trail of last known product location and path - Knowing where a package was last seen can materially reduce labor costs associated with searching for lost packages.

--- is the most effective method to ensure that resulting application software meets its original goals.

Providing developers with a clear understanding of the business needsq

SDLC - Physical Design

Purpose- develop technology and organizational specifications. - define database to DBMS, physical data organization, database processing programs - define data schema objects; specific low-level data storage issues defined and specified

What major philosophical change did blockchain technology introduce that allows blockchain to support value exchanges between parties that do not trust one another?

Replacing trust in individuals with a trust in technology

database replication

Replicating mission critical databases provide alternative data repositories that are immediately available after a failure of the primary copy.

SQL: to return all fields for all rows in the customer table for customers that live in the state of Georgia

SELECT * FROM customer WHERE state = "GA"

types of relational database management system

SQL Oracle DB v11 DB2

What is the most common difference between on-premises applications and Software as a Service (SaaS) applications?

SaaS applications are web-based applications delivered over the Internet and on-premises applications require access to an enterprise network.

Reliable Refrigerated Shipping (RRS) provides refrigerated containers and vehicles to ship items that require refrigeration en route. Each RRS container vehicle reports its internal current temperature at predefined intervals. How could the RRS automated sensors provide RRS with more manageable cash flow?

Sensors could indicate failing refrigeration units before loss, and trigger immediate insurance claims for loss resulting from refrigeration failure.

How can organizations that utilize cloud service providers guarantee performance minimums to their customers?

Service level agreements (SLA) include guarantees of service uptime.

Why does the practice of using simulation models, such as the Monte Carlo technique, improve a model's accuracy?

Simulation models allow analysts to consider potential inputs that are not distinctly represented in input datasets.

Which of the following best describes a software application that is hosted by a cloud service provider accessible over a secure Internet connection?

Software as a Service (SaaS)

Which cloud computing service model provides access to one or more programming languages with necessary libraries and development tools, along with the cloud service provider's applications running in the virtual instance?

Software as a Service (SaaS) The SaaS model provides access to running instances of a provider's software application running in a virtualized environment, and may include additional components, such as programming languages.

Which definition best describes a data warehouse?

System used to collect, aggregate, and store data in a central location to support reporting and analysis

Infrastructure as a Service (IaaS)

The IaaS service model provides a basic virtual machine, with necessary connectivity and storage support.

What does the word "relational" refer to in the term "relational database"?

The ability to relate multiple tables through the intersection of common fields (columns)

Extract, Transform, Load (ETL)

The common process for importing data into a data warehouse is to extract from the source, transform into the proper input format, and then load the transformed data into the data warehouse

A business brings in a new application that performs valuation modeling. Which of the following best describes this innovative capability?

The model can quickly calculate the valuation of an asset using data points around the asset and historical examples.

Software Development Life Cycle

The process that a program goes through. It consists of the development, maintenance, and demise of a software system. The phases include analysis, design, coding, testing/verification, maintenance, and obsolescence

Resource pooling

The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

What is the ultimate goal of a data governance framework?

To enable an enterprise's upper management to make informed decisions about how to manage data, realize value from it, minimize cost and complexity, manage risk, and ensure compliance

Business process analysis

- examines every part of a process to determine overall process effectiveness and efficiency - IDs the process, its structure, its users, its information exchange

Technology for acct and finance dept

- first step in the process would be to integrate as many of the accounting and finance systems as possible to be able to send info to other depts - An example of integration is how data from purchasing can be captured at the invoice level. - Information from the invoice can then be shared electronically with other departments, without the need for human data entry or intervention. - Quantity and price information can be sent to operations for cost and inventory control. - The amount, terms, and due date can be sent to accounts payable for collections management and cash control.

Limitations of time series analysis

- framing - over-specification - reliance on mechanical extrapolation

Blockchain

- fully distributed and decentralized ledger synchronized through consensus between parties - decentralized operations for peer-to-peer transactions - uses cryptographic hash function = secure hash function - uses digital signature algorithm

What does the magnitude of any coefficient in a linear regression equation tell you about that coefficient's variable?

Value changes for variables with coefficients of large magnitude have large effects on the outcome.

What is the greatest limitation of data analytics visualization, which can undermine the value of analysis work?

Visualizations can overly simplify analysis results and lead to reliance on the visual, as opposed to the true meaning of the output.

RDMS example of using primary and foreign keys

- use of a vendor number as an identifier. - Rachel can use the vendor number to tie together individual reports downloaded from her bookkeeping system, converted from pdfs and from her Excel spreadsheets, to create specialized management reports such as purchases by vendor, accounts payable analysis, and purchases by vendor by time period.

BPA

- used to analyze a dept to see which processes would benefit most from technology like AI or RPA - also to analyze communication flows between depts to see where cloud computing would be useful

Bitcoin

- uses Blockchain and Hash chain - does NOT use investment chain or incident chain - mutually distrusting entities without intermediary (aka no central bank)

Blcokchain - Advantages

- uses protected encryptography to secure data ledgers - current ledger dependent on its adjacent completed block to complete cryptography processes - transparent transactions --> individuals who have authority can view the transaction - decentralized bc stored millions of participating computers for transactions stored in blocks - data is "append only" - only added to end no insert; data can't be altered or deleted

Present existing data in a manner that helps in making business decisions.

What is the primary purpose of business intelligence?

Quasi-structured data

Which type of digital data consists of textual data with inconsistent formats but can be formatted with the use of software tools?

Regarding enterprise performance management (EPM), which of the following can facilitate business planning and performance management functions?

Workflow software Online analytical processing technology Structured query language software

At what point do many organizations encounter obstacles when implementing data governance?

Working collaboratively across business units

JPM Manufacturing Corporation's sales forecast for January was 120 units and actual demand was 135 units. Using the exponential smoothing technique as a part of time series analysis, what would be the forecast for February if the smoothing constant is 0.10?

121.5 units

PINs

3 factor authentication

COBIT (Control Objectives for Information and related Technology) Framework

40 objectives, 5 domains, 3 principles

You have developed a linear regression equation, y = −58.2 + 1.5467x, that models the expected grade in Calculus II (y), based on the earned grade in Calculus I (x). If a student earns the grade of 90 in Calculus I, what is the expected grade for that student in Calculus II? (Round to the nearest whole number.)

81

Physical layer

= 1, lower level - simple firewalls operate on level 2 or 3

Application layer

= 7, higher level - advanced firewalls operate on level 7

Ransomware attack

= data hijacking - send emails that look like legit courtesy messages to spread malware (ransomware botnet) - encrypts all files saved on hard drive so only can be opened with decryption key - hold the files hostage and demand payment

Narrowest confidence interval

= lowest confidence level

Platform as a Service (PaaS)

A cloud service in which consumers can install and run their own specialized applications on the cloud computing network. - The PaaS service model provides platform components, including programming languages and supporting libraries and tools, but does not include application software.

Data

A collection of unprocessed items, which can include text, numbers, images, audio, and video. ex. person in front of an object

On-demand self-service

A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Which statement best describes how a data governance framework aligns with managing data?

A data governance framework does more than just manage data. It provides a governance system that sets the rules of engagement for management activities. - addresses all aspects of managing data beyond just regulatory compliance

Quantum computing

A field of computer design using the principles of quantum mechanics in which a single bit of information can be not just a 0 or a 1 but in both states at the same time - computers with large word sizes with vast amounts of memory power and great speed

Database Schema

A graphic that documents the data model and shows the tables, attributes, keys, and logical relationships for a database. - definitions attributes that govern how database stores each piece of data - includes entity names, data sets, data groups, sort sequences, access keys, and security locks

Linear regression

A quantitative statistical technique often used for forecasting, but based on the assumption that the future will be just like the past . To the extent that historical relationships are unstable, linear regression is less accurate. - quantitative input relationship to quantitative output

artificial intelligence (AI)

A scientific field that focuses on creating machines capable of performing activities that require intelligence when they are done by people. - extension of functionality of existing applications; little or no additional license cost

Access control

A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it. - authentication and authorization

Check sum

A sum generated using individual digits of a number and employed as an error-detecting device.

How many rows does a Structured Query Language (SQL) SELECT query with a WHERE clause return?

All the rows that match the WHERE clause

Why is an accounting information system (AIS) insufficient to enforce compliance with production cost budgetary limits?

An AIS imposes controls based on the organization's policies and is subject to the organization's tolerance to control exceptions.

Which of the following would be the best answer that describes a business reason to utilize Data Analytics?

An organization wishes to assess a large volume of data for trends, filtering, and visualization in order to make the information easier to comprehend. - Data analytics will empower the business to intake a large amount of data to make intelligent decisions based on the trends identified.

General Retailers (GR) is a chain of 75 general merchandise stores and a central online fulfillment warehouse. Is has seen its overall sales and repeat customer base steadily decreasing over the last 2 years. GR management recently adopted a top priority strategic objective to increase its customer base and sales. How can GR's existing IT assets support this objective?

Analyze existing data to discover reasons for customer turnover.

If blockchains are not technically immutable, how can rogue changes to any block be detected?

Any data change invalidates the current block and all subsequent blocks. - Any changes to data after a block is added to the blockchain causes the stored cryptographic to no longer match what is stored in the previous block, which invalidates the current block and all subsequent blocks

Automated sensors can detect physical or logical attributes. Which of the following logical automated sensors could reduce billing cycles for project-related activities?

Application triggers to automatically bill for work as tasks are completed in workflow management software

What primary characteristics identify data as a likely candidate for capture?

At least one data value differs from previously stored data and the remaining values align with current or planned analysis requirements.

How can artificial intelligence (AI) reduce accounts receivable cycles?

Automatically learn to recognize signs of potential slow or late payments - AI can learn to identify events that likely preceded slow or late payments and create early alerts, or even automatically take action to reduce the possibility of slow or late payments.

An operational efficiency review of the XYZ organization resulted in a finding that multiple business functions are duplicated across business units and locations. In what way could an enterprise resource planning (ERP) system address this finding and make XYZ more efficient?

Better resource utilization

Why are biometric controls generally considered to be more secure than passwords or tokens?

Biometric controls depend on a physical characteristic, which is more difficult to transfer to an unauthorized individual than a password or other physical device.

What are the implications and possible effects of blockchain technology on network controls and the internal audit process, if any?

Blockchain will have an impact on information storage, transmission, and analysis, which in turn will certainly change internal audit processes.

one version of the truth

Both financial data and nonfinancial data (operational data) are automatically recorded or captured in the CPM software. Later, these two types of data are reconciled to each other to achieve the goal of one version of the truth

To design the most efficient and effective software application components, application designers need the results, or output, from what process to provide the scope and requirements of a solution?

Business process analysis, to understand the business problem that needs a solution

Trident Manufacturing is currently pursuing data governance initiatives as part of its current fiscal year goals. Who most likely is driving these initiatives, and what is their likely motivation?

C-suite level executives responding to external regulations

With multiple frameworks available that include data governance, what feature of the Control Objectives for Information and Related Technologies (COBIT) make it a good fit for organizations primarily interested in establishing links between business and IT goals for data management?

COBIT primarily focuses on security, risk management, and information governance.

---- is a stratification model where items in a population are first classified or divided into separate subgroups or strata with similar characteristics. ---- can be used to focus procedures on risk areas or to reduce variability in sampling populations. Then a simple random or systematic sample is taken separately from each stratum. ---- uses random sampling methods and has nothing to do with time-series data.

Classification model

In what way can cloud computing best increase efficiency among geographically dispersed workers?

Cloud computing and storage supports easy collaboration and document sharing.

---- is a type of random sampling in which the population items occur naturally in subgroups. Entire subgroups or clusters are then randomly sampled for observation and evaluation. ---- uses random sampling methods and has nothing to do with time-series data.

Clustering model

a relational database

Collection of data that is stored logically as a collection of tables, along with a query language that makes it easy to find related data stored in separate tables

You have been asked to classify objects in a large dataset using a predefined set of labels. The data in the dataset includes discontinuous age data that should not affect the model's output. Which classification algorithm would be a likely good fit for your analysis?

Decision tree

What is the most common noticeable impact of separate financial and nonfinancial systems to workflow when creating expenditure transactions for matching production activities.

Delays—increased processing time

Enterprise Performance Management (EPM) is also known by what other names?

EPM aka Business Performance Management, Corporate Performance Management

How do enterprise performance management (EPM) and enterprise resource planning (ERP) relate to one another?

ERP is a subset of EPM

An application or suite of applications that automate, track, and support a range of administrative and operational business processes, such as the supply chain, across multiple industries can best be described as a(n):

ERP solution

After examining the challenges in maintaining separate financial and non-financial systems, what is the most powerful argument for funding the effort to move to an integrated information system?

Easier auditability of full transaction life cycle

What enterprise system includes e-commerce systems, front-office and back-office applications, data warehouses and external data sources, and consists of the processes of monitoring performance across the enterprise with the goal of improving business performance?

Enterprise Performance Management (EPM)

What is EPM?

Enterprise Performance Management—This process and software system are designed to help companies link their strategic goals and objectives, communicate them to management, and align them with their budgets and corporate plans.

What common process must occur periodically to update a data warehouse?

Extract, Transform, Load (ETL)

Overfitting

Fitting a model too closely to sample data, resulting in a model that does not accurately reflect the population.

Global Package Service (GPS) is a worldwide package delivery service that specializes in expediting shipments through international channels to minimize regulatory obstacles. GPS is planning to develop a public blockchain app to record packages at each step in the shipping and delivery process. Would a package tracking app be a good fit for blockchain technology?

Yes, because it would give shippers, recipients, and any other interested parties easy access to a package's location and status.

Could blockchain technology provide identity management for individuals to prove their real-life identification without papers?

Yes, refugees and disaster survivors could prove their true identities.

zero day attack

a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available - no known software patch

decision tree

a graphical representation of possible alternative decisions, events, or states of nature resulting from each decision with its associated probabilities, and the outcomes of the events or states of nature. - has nodes, branches, and circles to represent junction boxes, connectors between the nodes, and states-of-nature nodes

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), how is internal control best described?

a process - COSO framework defines internal control as a process that is effected by an organization's management to achieve goals in operations, financial reporting, and compliance.

Data warehouse

a repository of historical, pre-computed, descriptive, and numerical data that are organized by subject to support decision makers in the organization - central location for transactional data that has been transformed into operational informational data - stores summary data, less granular, aggregated

Enterprise Resource Planning (ERP)

a suite of applications called modules, a database, and a set of inherent processes for consolidating business operations into a single, consistent, computing platform - most valuable for managing of standardized products and customer management = quality control -analyze current customer feedback on product quality for recent purchases

EPM solution

a suite of applications that is used to monitor, analyze, and manage the performance of an organization possibly reporting from multiple ERP solutions - mostly driven by finance dept

Utility computing

a technology whereby a service provider makes computing resources and infrastructure management available to a customer as needed - allows end users to access technical services to perform simple tasks without needing technical knowledge

Line chart

a visual aid consisting of a grid that maps out the direction of a trend by plotting a series of points ex. visualization of returns of individual products at various time intervals

Advanced Firewall

ability to examine contents of a packet as opposed to just its address and destination port

What critical auditing capability is compromised when financial and nonfinancial transactions are handled by separate systems?

ability to trace a transaction through its entire life cycle

Application filtering

able to determine if application being used through the firewall is in fact that application

If chi-square is > than the critical value...

accept the null

Firewall Actions on Packets

accept, deny, and discard 1. examine network packet's source and destination addresses and ports to determine what protocol in use 2. start at top of rule base and work down through rules until it finds a rule that accepts or denies the packet 3. drops the packet and does not return a error message to source system (discards it)

Supply chain

accepting input from and providing output to other organizations

End users of integration testing

accounting and finance staff

Cyber Threat intelligence

acquire and analyze info to ID, track, and prevent cyber attacks

When data physically comingled for multiple subscribers:

affects data to recover due to data sanitization

From a software testing viewpoint, when does a formal change control mechanism start in a system development project?

after integration testing

Business intelligence

aggregates data and presents it visually in a manner that enables users to sort and filter through volumes of different data types with ease.

Enterprise Performance Management (EPM)

aka Business Performance Management - Plan, Do, Check, Act (PDCA) - helps organizations link strategies to their plans and execution - provides analysis and correlation of how well execution aligns with plans - ensure strategic goals and objectives clearly communicated and understood by managers and reflected in plans and budgets - does NOT include auditing or compliance gap ID systems

gray-box testing

aka focused-testing - anything not tested in white or black box testing - assumes some knowledge of the internal structure and implementation detail of the assessment object

black-box testing

aka functional testing - executes part or all of the system to validate that the user requirements and system requirements are satisfied

Unit testing

aka module testing - boundaries (beginning and end) well defined - deals with specific inputs and outputs - detailed design documentation - first test conducted - should be comprehensive enough to include black-box testing and white-box testing

white-box testing

aka structural testing and comprehensive testing - examines the logic of the program units and may be used to support software requirements for test coverage

trivial linear regression

all data points lie exactly on a single line; r square = 100

Which of the following are the intuitive conclusions about the high sales in the fourth quarter for the QTV Corporation? 1. Sales increased 14% above the average quarterly value 2. Television interest has increased 3. Television purchase pattern is increased 4. The total of the four seasonal indexes must be 4.0

all four

Software Development Life Cycle - Planning

allocation of resource requirements, budgeting, agreement on timeline, and the definition of key milestones for the software development project

False non-match rate

alternative to false rejection rate - used to avoid confusion in applications that reject claimants if their biometric data matches with that of an application

Service level agreements (SLA)

an agreement between service consumers and cloud service providers (CSP) that details all aspects of service the CSP provides, including uptime guarantees and consequences of violating uptime guarantees.

economies of technology

as number of technical innovations increases, cost of producing a product-unit decreases (can be IT and non-IT)

Structured Query Language (SQL)

asks users to write lines of code to answer questions against a database - international standard language to create, process, and manipulate a database

Ex. separate financial and non-financial systems, some shipments are never billed

audit both systems and match transactions

Blaockchain for Supply Chain Management

bc ownership status and reverse tracking

The CFO and Controller want to see daily reports in the form of dashboards outlining cash flow, accounts receivable, accounts payable, etc.

benefit of business intelligence

Internal investigations requests to have the capability to forensically assess data to determine if fraud or corrupt practices are being carried out.

benefit of data mining

Augmented Reality Customer Management

beyond traditional displays of monitor and keyboard

framing

bias where people decide on options based on if the options are presented with positive or negative semantics (e.g., as a loss or as a gain). People tend to avoid risk when a positive frame is presented but seek risks when a negative frame is presented.

In a system development life cycle (SDLC), which of the following tests is driven by system requirements?

black-box testing

Masquerading attack is an example of

browser based attack

What term refers to the collection of applications, tools, and best practices that transform data into actionable information in order to make better decisions and optimize performance?

business intelligence

Which single type of analysis often increases overall system performance by allowing application software developers to understand how users operate and to create software that helps users complete their job role requirements?

business process analysis

ERP (Enterprise Resource Planning)

business process management software that allows an organization to use a system of integrated applications to manage the business and automate many back office functions related to technology, services and human resources

check digit

calculation to ensure primary key or data are entered correctly

glass-box testing

called white-box testing bc tester can see inside the system as seen through glass

Rapid elasticity (scalability)

can expand or restrict cloud provider's capabilities and resources based on user demand

All of the following items can help in database system recovery efforts

checkpoint feature rollback feature rollforward feature

Chi-square test for Goodness of Fit

chi-square closer to zero when observed frequencies close to expected

What is the most time consuming and labor-intensive phase of a data analytics project life-cycle?

cleaning and preparing data (Collecting suitable data from multiple sources and transforming it into a format suitable for analysis)

COBIT (Control Objectives for Information and related Technology) Framework

clear distinction between 2 enterprise disciplines: governance and management

Which of the following defines a model for enabling a convenient and on-demand network access to a shared pool of configurable computing resources?

cloud computing

Dynamic Provisioning

cloud computing only pay for what IT you need at a point in time; scalability

Software Development Life Cycle - Maintenance

code is updated to support enhancements or feature upgrades of dependent software

Goodness of fit =

coefficient of determination

Active user interface analytics

collect input from multiple users used to determine trends, classify behavior, and predict future actions - may be one part of RPA

screened host firewall

combines a packet-filtering router with an application gateway located on the protected subnet side of the router

SaaS Applicaiton Growth: key driver is

competitive SaaS pricing model when compared to on-premise application - subscription based pricing

What data analytics term refers to the probability that an observed data value lies in a specified range?

confidence interval

Which two security properties are most commonly addressed using access controls?

confidentiality & integrity

least functionality

configuring an information system to provide only essential capabilities and specifically prohibiting or restricting the use of risky (by default) and unnecessary functions, ports, protocols, and/or services

Robotic Process Automation (RPA)

configuring virtual robots using software and tools - these bots use preexisting systems to perform tasks based on predesigned rules

What type of blockchain implementation would be best for a supply chain app with independent parts manufacturers, shippers, and assemblers of airplane components for a major aviation manufacturer?

consortium blockchain

Which of the following components exist in both of COSO's Internal Control and Enterprise Risk Management frameworks?

control activities

Data collection

convert real-world observations of attributes and events into digital representations

What is the biggest obstacle to deciding to implement an enterprise resource planning (ERP) system?

cost of implementation process

A database query language

creates the ability to join tables

example of financial administrative activity currently manual but candidate for process customization

creation of P&L reports traditionally is manual bots could automate entire report creation process

ERP Advantages

customization, cost savings, customer service

adware

cyber attack malvertizing attack (malicious ads on legit websites)

Data management techniques that empower an organization to protect high data quality standards throughout the data's life cycle

data governance

What IT and business collaboration results in improved trustworthiness and quality of an enterprise's data?

data governance

What enterprise endeavor is best described as a holistic approach to managing, improving, and leveraging information to help an enterprise's overall data management efficiency?

data governance

Online Analytical Processing (OLAP)

data is divided into cubes to make creating and viewing reports easier

Suppose your organization collects and analyzes water and air temperature readings, as well as relative humidity measurements, at all of your manufacturing and distribution facilities to understand seasonal trends and better predict energy use to maintain a consistent facility environment. During which data life cycle phase would measurements be normalized to make it easier to compare data sampled by sensors using different units of measure?

data maintenance

All of the following facilitates information retrieval and data analytics as they store historical data

data marts virtual databases data warehouses (NOT distributed database systems)

Data mining: an art and a science

data models can all produce numbers, but takes time to find the best model for your data

Most U.S. organizations are required to provide access to employment tax records for up to four years after the tax is due or is paid (whichever is later). What policy should an organization have in place to ensure needed tax records are available on demand?

data retention policy

Predictive Analytics

extracts information from data and uses it to predict future trends and identify behavioral patterns

Type II error (beta)

false acceptance rate - imposters are accepted as genuine users

Type I error (alpha)

false rejection rate - genuine users rejected as imposters

In any organization, the completion of the first iteration of the human resources and payroll accounting information system (AIS) cycle implies that at least which other cycles have completed?

financing or revenue (must have $ to pay out)

Which of the following statements is true about a firewall and an intrusion detection system (IDS)?

firewalls are a complement to an intrusion detection system (IDS)

Security should always be included in software development projects when?

from the very beginning aka systems analysis stage

economies of scope

gaining efficiencies with the integration of the number of products, services, systems, functions, and activities in an organization ability of firm to produce multiple products or services more inexpensively in combo than separately

Depreciation amount is calculated separately and is then reconciled to which of the following accounting information system (AIS) cycles?

general ledger system (initially recorded in PPE account then reconciled in Gl)

usage metering for cloud computing

gives teams real-time visibility into how much computing resources are being utilized (does NOT improve efficiency)

Process automation

gives the organizations the capability to eliminate or reduce administrative processes that were traditionally manual in nature.

"What-if" questions can be applied to all of the following

goal seeking sensitivity analysis simulation techniques

Box Plot

graphs distribution of a dataset, measuring data variability at quartiles and interquartile range - main technique of exploratory data analytics (EDA) ex. distribution of patient treatment length in time for each type of treatment category

In blockchain technology, core smart contract features provide which of the following?

guaranteed execution results for all network nodes (each node can locally verify that transactions are valid)

Decision tree classifiers

handle nonlinear and discontinuous data without negatively affecting the output

common applications of bitcoin currency

handling AR and AP transactions raising new capital in the primary market trading precious metals in the secondary market (NOT trading securities in the secondary market)

Intrusion detection system (IDS)

hardware or software product that gathers and analyzes info from various areas within a computer or network to ID possible security breaches, including intrusion by external hackers or misuse by employee

AIS should

help organization adopt and maintain its strategic position

predictive analytics

helps organizations to prepare for likely outcomes before they occur

Executive summaries should only include

high-level overviews that directly address the issues that executives value most—the impact to the business

Enterprises that implement autonomous operations most likely will realize which benefit first?

higher production consistency

Which of the following confidence levels would result in the lowest sampling error?

highest confidence level

Diagnostic analytics

historical data to determine "why" - risk, performance, and problem indicators

Data owner

holds legal rights and complete control over data elements. Possess the ability to define distribution and associated polices. - ultimate responsibility for data

Which of the following phases of the System Development Lifecycle can be best described as the project plan is put into motion and the work of the project is performed?

implementation

Because the unit test is the first test conducted, its scope should

include both white-box and black-box testing

Next Generation Firewalls (NGFW)

incorporate traditional firewall and advanced features like application filtering

SDLC - Conceptual Design

issues like data storage technology must be resolved (ex. Blockchain vs. traditional database)

Most common negative impacts of under-retaining and over-retaining records:

lack of evidence for investigations and excessive storage space use

Autonomous operations

leverage quicker anomalous activity recognition with faster response to problems, resulting in lower downtime loss and better production quality.

coefficient of determination

linear relationship of variables

EPM

link execution to plans

Supply Chain and Value Chain relationship:

linking output of one organization's value chain to input of another organization's value chain = a single link in a supply chain

Support Desk Intelligence

locate best response to a query

All of the following are defining characteristics of cloud computing that support the business rationale of improving efficiency

on-demand resources connectivity from anywhere rapid elasticity

How does the Control Objectives for Information and Related Technologies (COBIT) relate objectives to processes and related components to achieve that objective?

one governance or management objective always relates to one process and one or more components of other types to help achieve the objective

Corporate performance management (CPM) software is embedded in which of the following to improve performance reporting quality?

one version of the truth

During which phase of the systems development life cycle (SDLC) are access control lists (ACLs) for application users added after initial installation typically defined?

operations and maintenance

EPM - Do

orders and sales

Pareto charts are used to

organize errors, problems, or defects

Healthy Life, Inc. (HLI), is a health services company that specializes in managing health services scheduling. To ensure HIPAA compliance, HLI has engaged White Hat Security Group (WHSG) to evaluate the strength of its security controls. HLI wants WHSG to attempt to "break in" to its information systems to see how resilient it is to attacks. What type of engagement is HLI requesting?

pen testing

What technique to identify security vulnerabilities allows security professionals to act as attackers to identify potential system security weaknesses?

pen testing

Difference between pen testing and cyber attack

permission

Subject

person using a computer system

A strong data retention policy can help organizations maintain compliance with data retention regulatory requirements. Once a policy is approved and in place, what else is necessary to provide the greatest assurance that the policy will be effective?

personnel education

physical design phase of SDLC

physical attributes of the application system are defined to meet the application's functional requirements

Which method should ABC choose to remove archived database copies from solid state disk (SSD) devices to provide the highest assurance that all PHI is purged?

physical device destruction

First line of defense

physical security, network monitors, and quality assurance

checkpoint

point taken at regular internals where intermediary results are dumped to a secondary storage to minimize risk of work loss

Which enterprise performance management (EPM) feature best positions an organization to react quickly to changing business needs?

predictive analytics

Exploratory Data Analysis (EDA)

preliminary/initial analysis; patterns and relationships - box plots, stem and leaf diagram - primary purpose to present set data using a variety of visualizations to organically reveal interesting aspects of the data

what if and goal seeking

prescriptive analytics

Regarding cyberattacks, what do fundamental goals or elements of the defense-in-depth strategy include?

prevent and detect-and-respond

Penetration and vulnerability scanning are forms of what type of control?

preventative

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework is built on 17 building blocks that support effective internal control. The building blocks are stated as explicit goals necessary to implement effective internal controls across 5 components. What does COSO call these 17 building blocks?

principles COSO framework maps 17 principles to 5 components

What type of blockchain implementation would be best for managing the manufacturing process of automobiles from parts receipt to the rollout of final products?

private - private blockchain is a good fit for organizations that want to manage a progression of data within a controlled access environment, such as within a single organization

An organization wishes to automate processes such as repetitive data entry that are entered via OCR scanning of documents and input into the respective fields.

problem that Robotic Process Automation (RPA) could solve

data reduction

process of simplifying data, not database design

In-transit encryption

protects data as it is being transmitted - use sniffers to monitor network traffic

Volume encryption

protects stored data from physical theft

What relational database management system feature provides the ability to "join" tables together, returning data that share a common value among the source tables? (Normally resolved by matching data in a common field or column among tables.)

query language

What is the most achievable common goal of implementing autonomous operations?

reduce costs by enhancing operational stability for more uptime and higher quality

zero day warez

refers to software, games, videos, music, or data unlawfully released or obtained on the day of public release

Which of the following can be used when time-series data is unavailable?

regression model - Time series analysis involves breaking down data measured over time into one or more components of trend, cyclical, seasonal, and irregular. Time-series analysis is similar to regression analysis in that both techniques help to explain the variability in data as much as possible. Regression model is a causal forecasting method that can be used to develop forecasts when time-series data are not available.

Which analytical model would be the best choice if a company wishes to test the prediction that is in the form of a quantity?

regression modeling

Which of the following items is an advantage of an ERP (Enterprise Resource Planning) System?

regulatory compliance

If chi squared value is less than critical value

reject the null

Structured query language (SQL) and query-by-example (QBE) are heavily used as query tools in which of the following database models?

relational data model

Data warehouse: most common purpose

reporting and analysis

Column-based encryption

required different encryption key for each column

Data steward

responsible for ensuring data governance processes are followed, guidelines enforced, and recommends improvements to data governance processes

rollforward

restores a database from a point in time when it is known to be correct to a later time

rollback

restores database from one point in time to an earlier point in time

Identifying discrepancies between product shipping records and customer sales invoices by line item can affect which of the following accounting information system (AIS) cycles?

revenue to cash cycle

Prior to participating in a bitcoin's initial coin offering (ICO), a potential investor should assess and evaluate which of the following most?

right to recover

right to recover

right to recover the invested money in the event of investment fraud or financial crime is the most important thing to assess and evaluate during an ICO offering

EPM - Act

rolling forecasts

dumpster diving

rummaging through personal trash, a business's trash, or public trash dumps

relational database management system

schema-oriented, which means the structure of the data should be known in advance to ensure that the data adheres to the schema

Which one of the following advanced firewalls is mostsecure?

screened subnet firewall

Firewalls aka...

secure gateways

All of the following are characteristics of smart contracts

self verifying self enforcing tamper-proof (NO third party authorization)

Logistic regression classifiers

sensitive to any input data that is nonlinear or discontinuous

Naive Bayes classifiers

sensitive to any input data that is nonlinear or discontinuous

network intrusion detection system (NIDS) logs

sensors that can detect that an attack was launched against a particular host computer

Custom code injection is an example of

server-based attack

Logistic Regression Algorithms

show relationship between quantitative input and categorical output

Descriptive analytics

show trends

Part to a Whole Chart

shows percent of part in relation to the whole ex. demographics

normalization

simplifies database design to remove redundancy and increase integrity

Last line of defense

software testing (bc last step to ensure proper functioning)

Why is understanding the completeness of your data important when choosing a data model?

some models handle missing data poorly

Regarding enterprise performance management (EPM), which of the following cannot facilitate business planning and performance management functions?

spreadsheet software - because the data in the spreadsheet is presented in two dimensions which cannot be updated constantly and automatically due to the limitation of the spreadsheet design principles.

GUI Automation

static response to repetitive actions by aggregating multiple actions into macros that users can invoke at will - does NOT learn from users

skimming

stealing credit card or debit card numbers by capturing the information in a data storage device

pretexting

stealing information by phone by posing as legitimate companies and claiming that you have a problem with your account - type of social engineering

phishing

stealing information through email by posing as legitimate companies and claiming that you have a problem with your account. (online)

Object oriented database

stores data as collection of objects not tables with instructions for how to use the data ex. PDF reader

Database

stores more detailed, transaction oriented data than a data warehouse

Which of the following can act both as a database query tool and an attacker's tool?

structured query language (SQL)

Data compliance

subset of data governance; make sure data practices comply with regulations

Data management

superset of data governance; all aspects of managing data

Decision tree

support predictive queries based on known categories, but can be susceptible to over fitting

Why vulnerability testing before pen testing?

vulnerability assessment provides prioritized list of vulnerabilities that provide pen testers likely attack vectors to exploit

Regarding cyberattacks, which of the following identifies a flaw in hardware, firmware, or software that leaves an information system open to potential exploitation by hackers and others?

vulnerability testing

economies of skill

whether employees are more skilled or less skilled increased skill level means increased quantity of output from given amount of inputs

Regression

y = a + bx + c c = residual aka difference between observed and estimated outcomes

From a software vulnerability point of view, which three items go together?

zero day attacks zero day exploits zero day incidents (NOT zero day warez)

Unstructured data

Data does not exist in a fixed location and can include text documents, PDFs, voice messages, emails, media files - no discernible structure

Hierarchical database

Data is arranged in a tree structure, with parent records at the top, and a hierarchy of child records in successive layers - does NOT combine multiple tables from multiple sources

Structured data

Data that (1) are typically numeric or categorical; (2) can be organized and formatted in a way that is easy for computers to read, organize, and understand; and (3) can be inserted into a database in a seamless fashion. - repeating groups or records of data all in same format - schema definition limits data value storage formats

Objects

Database elements, such as tables, queries, forms, and reports. - records, blocks, files, programs - passive entity that contains or receives info

screened subnet firewall

- adds an extra layer of security by creating a network where the bastion host resides. - Often called a perimeter network, the screened subnet firewall separates the internal network from the external network. - attacker is restricted to the perimeter (external) network and therefore is not attacking the internal network. This leads to a stronger security. - Conceptually, the screened subnet firewall is similar to a dual-homed gateway firewall, except that an entire network, rather than a single host, is reachable from the outside. It can be used to locate each component of the firewall on a separate system, thereby increasing throughput and flexibility.

AI benefits for accounting and finance information

- allow users to retrieve data easily and quickly, sometimes even using voice commands (instead of loading data into databases then constructing queries) - identify patterns and potentially reduce the incidence of fraud - streamline reporting and data analysis - help the company capture and process unstructured data, such as that from receipts, pdf forms, and external systems such as those of customers, vendors, and the government

spear phishing

- an attack targeting a specific user or group of users that attempts to deceive the user into performing an action that launches an attack. - Examples of these actions include opening a document or clicking a link. - rely on knowing some personal piece of information about their target beforehand, such as a specific event, special interest, specific travel plans, or current issues as a basis for their attacks

confirmatory data analysis

- analysis of data for the purpose of testing hypotheses - after EDA to provide final conclusions on the patternd

limitations in linear regression analysis

- assessed at the mean of the dependent variable. - responsive to outliers. - assumes data is independent

Phishing attack

- attackers try to trick users into accessing a fake website and divulging personal information. - Social engineering methods are employed

zero day incident

- attacks through previously unknown weaknesses in computer networks - no known software patch

Data analytics - Use

- automate risk management: calculate vulnerability, likelihood of exploitation, and potential impact - manage customer data - fraud detection: correlate past fraud data and map to current activities - data classification NOT a use of data analytics

Examples of RPA in acct and finance dept

- automating the closing process - producing financial statements and other specialized reports

Security alerts

- brief, human-readable technical notifications - tell about current vulnerabilities, exploits, and other security issues - aka advisories, bulletins, and vulnerability notes

Internet firewalls...

- can enforce security policy - can log internet activity - can limit an organization's security exposure (can NOT protect against computer virus in personal computer)

Firewall logs

- can record events about any traffic that reaches a firewall -commonly log source/destination IP (internet protocol), source/destination ports, but not the packet contents

Consortium Blockchain

- consist of members that are approved by other members and agree to protect intellectual property of one another - These blockchains may be considered "partially decentralized".

Challenges of separate systems

- coordination of sales and purchasing. - Purchasing is particularly difficult for a restaurant as most of the inventory is highly perishable, customers demand fresh ingredients, and running out of ingredients is highly undesirable. - With separate systems, it is very difficult for Rachel to identify trends in sales of menu items and apply those trends to purchasing and inventory management.

ERP disadvantages

- costly implementation - depends largely on the skill and willingness of employees who use it - resistance in info sharing across depts - benefits don't usually appear immediately after implementation

SDLC - Design

- create algorithms to satisfy stated problem(s) - most efficient algorithms to address the problem in scope - conceptual and physical

Confidence interval

- deals with sampling risk - measures data reliability

system testing

- derived from requirements specification document - better understood than integration testing - system based on functional knowledge

MongoDB

- designed to support humongous databases - a NoSQL database with document-oriented storage, full index support, replication, and high availability

Public blockchain

- easy access to publicly available data from variety of sources - confidential data could be placed on the blockchain after being encrypted to protect confidentiality - As a substitute for centralized or quasi-centralized trust, public blockchains are secured by cryptoeconomics - the combination of economic incentives and cryptographic verification using mechanisms such as proof of work or proof of stake, following a general principle that the degree to which someone can have an influence in the consensus process is proportional to the quantity of economic resources that they can bring to bear. These blockchains are generally considered to be "fully decentralized".

Enterprise Resource Planning (ERP) Systems - Advantages

- eliminate legacy systems - improve workflow processes - increased access to data bc centralized database - standardized IT infrastructure - visibility of entire organization's operations - integrated financial management throughout organization --> additional control - improved reporting bc of integration - standardized bus. processes --> usually from best practices with automated processes, decreases errors and costs

Cloud computing: accounting efficiencies

- ensure you are always using the latest version, so more efficient updates - eliminates the need for an IT department to constantly install or upgrade applications on individual computers or the network - facilitates communication as it eliminates the need for emailing multiple versions of a spreadsheet or pdf back and forth and keeping track of corrections - makes data instantly available to authorized users, as opposed to waiting for another department to pull and transmit the data

root causes

- fundamental deficiencies or problems that result in a nonconformance, which must be corrected to prevent recurrence - link undesirable events or problems to their sources. - Examples of computer system's performance-related problems include system downtime, website crashes, software glitches, slow response time for online transactions and queries, system outages, and system reboots. - Measuring a problem's root causes involves determining the sources of identified risks (known risks) and understanding the positive and negative impacts of those known risks on other areas of a computer system. - Corrective controls must address and reduce the root causes of problems at their source, not symptoms

Data governance requires initial upper management commitment as an ongoing endeavor which includes

- funding - staffing requirements - authorization (no need for re-authorization later)

Pareto charts

- graphical way of identifying the few critical items from the many less important ones. - 80/20 rule: 80% of problems are due to 20% of items - looks like a pie chart but not the same

Data sanitization

- impacts data security and recovery in cloud - removal of sensitive data from a storage device - when storage device is removed from service or moved elsewhere to be stored - when residual data remains upon termination of a service - when back-up copies are made for recovery and restoration of service

AIS adds value to an organization by:

- improving efficiency, sharing knowledge and, improving the internal control structure - providing accurate and timely info to support primary activities - collect, analyze, and present pertinent info for primary functions

Technology for Accounting and Finance Information

- increase speed and accuracy of capturing data into the system (from POs and invoices) - automate processing of accounting data (making producing reports and data queries more accurate)`

ERP

- integrate functions to lower operating costs bc decreases redundancy with a single integrated workflow

static code analysis

- is performed in a non-runtime environment - will inspect program code for all possible runtime behaviors - done after coding and before executing unit tests - NOT executed while a program is in operation

Red team

- lab-based penetration testing - authorized and organized to emulate potential adversary's attack or exploitation capabilities against security posture through penetration testing

Regarding cybersecurity, which of the following is a core part of defense-in-depth strategy?

- layered protections - system partitioning - lines of defense

Initial Coin Offering (ICO): Major risks

- no central bank to trace money flows - no 3rd party custodian holding the virtual currency - no central authority for collecting user info - no easy access to 3rd party business partners

exponential smoothing technique

- part of time series analysis - smoothing constant called alpha with value between 0 and 1 - uses weighted average - high alpha if more weight given to recent data - low alpha if more weight given to past data

Association rules analysis = market basket analysis

- popular with retailers to increase sales with customer insights - ID products frequently bought together to design better store layouts

Passwords

- private phrases or words that give a particular user a unique access to a particular program or network - most common security tool to restrict access to computer systems - 1 factor authentication

RPA benefits

- reduces error rates as the robot will process the information in the same way each time - streamline the audit process, reducing the need for extensive testing - ensures the quality of the process, as instructions will be followed exactly and in the correct order - ensure that the information provided is current, such as tax rates

Types of Database management systems

- relational DBMS - hierarchical DBMS - object oriented DBMS - OLAP - online analytical processing

Data warehouses

- require LT/continued investment in budget and resources - require ongoing effort to maintain normal operation, adjust sealing for operational changes, and modify processes as data sources and availability changes - require central collection and authority and sufficient budget and IT staff to build and maintain - only contain historical data (not real-time) bc requires data transformation processing - supports periodic analysis of historical data

ERP advantages

- scalability as business grows in complexity over time - improved data quality due to near elimination of duplicate records - fewer delays in producing specialized reports - improve supply chain and inventory management

Database Management System (DBMS)

- should have security controls to prevent unauthorized access

Semi-structured data

- some structure to support parsing but it is informal and extensible ex. XML (Extensible Markup Language), a self describing format

logistic regression

- supports predictive queries and is less susceptible to over fitting - also can be used for prescriptive analytics

SDLC - Analysis

- system requirements are studied and structured - discover scope of specific problem or group of problems and examine potential solutions - bus. problems explored and potential solutions compared

Root cause analysis

- technique used to identify the conditions that initiate the occurrence of an undesirable activity, state, or an event. - It identifies relevant causes and effects of problems. - Root cause analysis is a part of risk management techniques and can help in improving a computer system's performance. - moves past events to current events to future events.

integration testing is...

- the cutoff point for the development project, and, after integration, it is labeled as the back-end testing - The product is under formal change control after completion of integration testing

Integration testing: approaches

- top down - bottom up - both top down and bottom up (sandwich) - all-at-once (big bang)

From the perspective of upper management of an international manufacturing organization with dozens of subsidiaries, arrange the benefits of implementing an Enterprise Resource Planning (ERP) system in order of value, with the most valuable benefit listed first: A. Comprehensive, real-time reporting B. Reduced financial transaction settlement time C. Lower operational costs D. Operational transparency

1. Comprehensive, real-time reporting 2. Lower operational costs 3. Operational transparency 4. Reduced financial transaction settlement time

Internet-related threats are broken down into three categories:

1. browser-based 2. server-based 3. network-based attacks

EPM business goals are

1. business strategy transparency to all employees 2. improved scalability 3. increased focus on core business

How do AI and machine-learning increase efficiency and effectiveness of accounting and financial tasks?

1. flagging transactions that are not compliant with GAAP or the organization's policies&procedures 2. detect suspicious transactions to reduce fraud risk 3. predictive analytics that will improve overall ROI 4. decision making based on real-time data insights

COSO Enterprise Risk Management (ERM) Framework: Components (8)

1. internal environment 2. objective setting 3. event identification 4. risk assessment 5. risk response 6. control activities 7. information and communication 8. monitoring

PDF files are useful for

1. providing reports in standard format for human consumption 2. to be parsed with special tools to extract text and match images for order history analysis

AICPA Trust Services Principles categorizes IT controls and risks into five categories:

1. security 2. confidentiality 3. processing integrity 4. availability 5. privacy

COSO Enterprise Risk Management Framework: Objectives

1. strategic 2. operations 3. reporting 4. compliance

What is the correct sequence of application software testing in a system development project?

1. unit test 2. integration test 3. systems test 4. acceptance test

systems testing order

1. unit testing 2. integration testing 3. system testing

Why is integration testing difficult to understand?

1. variety of approaches to conducting integration testing 2. no base document with specifications for testing

ERP for a growing business

1. will need more financing as looks to expand with more locations 1b. ERP enables the efficient creation of specialized reports to show potential investors 2. will integrate the separate business functions more effectively by linking accounting, payroll, HR, inventory mgmt, purchasing and scheduling information 2b. reduce the time needed to manually convert data into spreadsheets to generate reports for analysis 2c. eliminates duplicate information which enhances data quality 3. better integrate financial and nonfinancial systems to track patterns and perform effective analysis to improve the business 4. enhances collaboration and communication with external vendors and customers to improve the supply chain 5. saves considerable time and effort converting reports from variety of systems and maintaining separate legacy Excel spreadsheets

The formula for calculating the standard error of the estimate is: SQRT(SSE ÷ (N − 2)), where SSE is the sum of squared errors. If SSE = 163.44 for a dataset of 100 samples, what is the standard error of the estimate for this dataset, rounded to the nearest thousandth (i.e., 3 decimal places), and does this value indicate that the model is accurate?

1.292. Without knowing what the underlying data is, we cannot tell if a standard error of this magnitude is big or small. Therefore, it is not possible to determine if this value is good or bad.

cloud computing

A system in which all computer programs and data is stored on a central server owned by a company (e.g. Google) and accessed virtually - decreases an organization's investment in fault tolerance and recovery capabilities - virtualization provides the ability to easily replicate processing and data among multiple locations - cloud recovery models rely on cloned version of data easily accessed at multiple data centers - dynamic provisioning scales cost to customer demand - NOT a secondary site to on-premises data center --> replaces on-premises data center - core to CC success is virtualization, run multiple virtual machines

Accounting Information System (AIS)

A system that collects, records, stores, and processes data to produce information for decision makers. It includes people, procedures and instructions, data, software, information technology infrastructure, and internal controls and security measures. - can aggregate functionality and data - inputs and outputs provide ability for organizations to link their value chains - supporting activity in the value chain bc AIS an integral part of technology

Intrusion Prevention System (IPS)

A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity - responds to suspicious traffic

Blockchain

A type of distributed ledger technology consisting of data structure blocks that may contain data or programs, with each block holding batches of individual transactions and the results of any executables. Each block contains a time stamp and a link to a previous block. - good audit trail bc tamper resistant and tamper evident

What is the primary difference between a pen test and a vulnerability assessment?

A vulnerability assessment attempts to only identify vulnerabilities that exist in a system, while a pen test attempts to exploit vulnerabilities.

Since enterprise resource planning (ERP) systems provide integrated enterprise activity management, how can artificial intelligence (AI) and machine learning help to add more value to ERP?

AI and machine learning can aid in automating processes and supporting real-time decision-making.

What single characteristic makes artificial intelligence (AI) different from other technology advances?

AI gives programs the ability to learn without having to be reprogrammed with new rules

What implications and applications are most important for the integration of artificial intelligence (AI) over the internal audit and examination processes?

AI will be a part of the data analysis, reporting, and review process for all sorts of information across industry lines and geographic boundaries.

Effective controls during the application software-testing activities in a system development project include which of the following?

Activity logs, incident reports, and software versioning

Integration Testing

After unit testing, integration testing is done to see that the modules communicate the necessary data between and among themselves and that all modules work together smoothly. - check how software units interact with other software and hardware - test interfaces among separately tested program units

How do application designers validate that their solution aligns with, and solves, the stated problem?

Aligning application design documents with business process analysis documents to ensure the design solves the stated problems and satisfies business requirements (NOT testing)

Solid Retirement Plans, Inc. (SRPI), recently acquired a smaller competitor, Grow Your Money (GYM). SRPI recently passed a complete security evaluation and included an independent attestation of security readiness in its annual report. SRPI stockholders are concerned that GYM's information systems may not be as secure as SRPI's information systems, and could pose a security risk. What recommendations would you make to SRPI to provide assurance to its stockholders that GYM's information system security controls are just as effective as SRPI's information system security controls?

Conduct a security control gap analysis between SRPI and GYM, followed by a pen test of GYM with the same scope used for the SRPI pen test.

confidence interval formula

Confidence interval = Point estimate +/- Precision

What is the best description and summarization of how blockchain technology will change the auditing process, specifically the confirmations that occur during an integrated audit?

Confirmations will be changed and virtually eliminated by the utilization of blockchain technology since this information is available in real time and is already secured via the platform. - blockchain will eliminate need for confirmations

Which of the following would best describe a Pentest (Penetration Test)?

Contract with an external company to essentially gain access to potentially high-valued systems within your company.

TireMax Distributors provides over 250 retail automobile tire stores with products. Its order fulfillment software takes orders and manages the process of shipping products to each store. The software creates PDF files for each order to accompany the physical products. How can TireMax derive value from unstructured PDF files?

Create standard report output and carry out text/image extraction for frequency analysis

Staying Healthy, Inc. (SHI), is an online health services broker that helps members find healthy activities near them that help them to quality for health insurance premium discounts and perks. SHI uses member data to recommend events and activities, but is careful to avoid violating its members' privacy. One technique to maintain privacy is to reduce the granularity of identifying data, such as classifying members as residing in an area consisting of several postal codes, instead of identifying a single postal code. In which phase of the data life cycle would SHI members be associated with a larger physical area to reduce privacy leakage?

data synthesis

Which phase of the data life cycle presents the most governance and compliance challenges?

data usage

XYZ Tire Distributors engaged Advance Consulting to carry out data governance gap analysis and provide the results to XYZ's upper management. During Advance's executive presentation of the analysis results, consultants reported that current IT infrastructure was insufficient to satisfy data availability for continuous business operation. Which of the following recommendation would Advance Consulting likely make to best address this gap?

database replication

A ----- is designed to optimize transaction processing, while a ----- best supports reporting and analysis queries.

database; data warehouse

Prospective analysis

deals with assumptions, actions, and responses that relate to future events. - This analysis projects current events into future events with the ability to handle future events based on current information and events. - However, prospective analysis cannot help in improving a computer system's performance.

Discrete data analysis

deals with whole numbers (integers)

Which of the following data visualization tools is used in evaluating capital investment decisions?

decision tree

data retention policy

defines when and how stored data is removed from data repositories

What is the most important step when developing a predictive analytics model to ensure that the model provides actionable results?

defining business objectives

Threat reports

describe tactics, techniques, and procedures; actors; types of systems and info being targeted; other info for situational awareness

Systems Development Life Cycle (SDLC)

design (conceptual and physical), implementation + conversion, maintenance, planning, analysis

File integrity checking software logs

detect changes to important files using a checksum software that counts the total number of bits in a file to determine whether a file's size was changed

prescriptive analytics

determine what inputs needed in order to achieve desired output - what if analysis and goal seeking - like determine what meds needed to get better

SDLC - Implementation + Conversion

develop initial proof of concept solution and determine best fit solution - writing software most timely - converting legacy and external data to conform to new data repository formats at end of this phase --> installing and configuring software and data repositories; conducting unit tests during software writing

HD Aircraft manufactures airplane engines. One of its latest turbine models, the EG-1000, recently failed in-flight while the airplane it was powering was 20 miles off the Southern California coast. The engine failure resulted in a catastrophic event in which the engine departed the airplane and dropped into the sea. The aircraft crew was able to maintain control and make an emergency landing at a coastal airport. Since the physical engine was lost, HD Aircraft turned to its data analysts to help determine the possible cause of the failure. They downloaded engine performance data from the airplane and compared it to their testing datasets to identify failure characteristics. What type of analytics are these analysts using?

diagnostic

sum of squared errors

difference between data and the model's prediction

variability

different ways in which a Big Data dataset may be interpreted

Application software logs

documents changes that occurred to a specific application software

Regarding cyberattacks, identity thieves can get personal information through which of the following means?

dumpster diving phishing skimming pretexting

Economic Principles

economies of technology economies of scope economies of scale economies of skill

What impact does implementing enterprise performance management (EPM) have on how legacy spreadsheets are used to track performance?

eliminates, or at least augments, legacy spreadsheets

Defense in depth

employ multiple layers of controls in order to avoid having a single point of failure - an information security strategy integrating people, technology, and operations capabilities to establish variable barriers

IT role in ERP

enabler, challenger, and facilitator (NOT inhibitor)

Total Data Encryption (TDE)

encrypts entire database with a single key

formal change control

every software change must have a specific reason, must be documented and tracked

Data governance

exercise of decision-making and authority for data related matters - empowers organization to protect high data quality standards throughout data's life cycle - people, processes, and IT required for consistent and proper handling of data across the business

Information

expanded related data beyond the facts ex. recognize your friend and the Eiffel Tower

Spend analysis is conducted in which of the following accounting information system (AIS) cycles?

expenditures cycle

Suppose Dana Sunderson works as a data analyst for Ellen Votemein, who is running for a state office. Ms. Votemein has asked Ms. Sunderson to take statewide voter demographic information and predict whether any voter will vote for one of two political parties (and which one), or will not vote for either party. The model should also provide information on which features would most likely influence a voter to vote for Ms. Votemein, without being concerned about model overfitting. Ms. Sunderson is using a voter dataset with 34 features for each record. Which analytic model is she likely to select in order to provide the requested results?

logistic regression

Larger input domain mapped to more limited output options =

lose precision and granularity

ABC Manufacturing realized that current operations were not in compliance with several regulations, including the European Union's GDPR. Governance, Risk, and Compliance (GRC) consultants recommend that ABC implement a new Enterprise Resource Planning (ERP) system. In what way can an ERP system best help ABC Manufacturing address its concerns?

lower cost of compliance

desired standard error of estimate

lowest = most reliable and valid dataset

After considering the Mean Absolute Deviation and Mean Square Error values from the table shown here and after computing the forecast error, which of the following models is accurate and fits the sales data?

lowest MAD and lowest MSE and y-variable closest to actual (aka lowest forecast error)

confidence level with highest tolerable error and narrowest confidence interval?

lowest confidence level, i.e. 90% if options are 90, 95, 98, and 99%

Enterprise Resource Planning (ERP) systems can implement which of the following technologies to increase the efficiency and effectiveness of accounting and financial tasks?

machine learning & artificial intelligence

Supervised learning algorithms

machine learning techniques to determine how input maps to output values

Unsupervised learning algorithms

machine learning techniques to help describe structure of unlabeled data

insight

make interpretations beyond knowledge ex. understanding what your friend wants to do next

PHI requirements

make mining health data more challenging

knowledge

maps info to the real-world and associates meaning ex. your friend is in Paris

EPM - Plan

market and financial projections

EPM - Check

metrics and KPIs

Which of the following models would be the most reliable in increasing sales for the WMT Retail Corporation?

model with the highest coefficient of determination (r square)

forecast error

model y-variable minus actual y-variable

Reliable Cash Flow (RCF) is a service organization that helps its customers manage their billing and receipts. RCF's IT staff aggressively updates their main customer and billing management application, AccuPay, to take advantage of the latest features and stay up to date with security patches. To get updates as soon as they are released, RCF maintains a Platinum support agreement with AccuPay's application provider. RCF is considering switching to AccuPay's new SaaS offering. Which SaaS advantage would likely be the most beneficial to RCF?

more efficient software upgrades

Sports Clothing, Inc. (SCI) recently installed automated conveyor systems in its primary warehouse. It now has over 2 miles of conveyors that run from loading docks, to storage bins, and then to shipping docks. These conveyors are automatically managed by robotic components to ensure that products are automatically routed from incoming trucks to intermediate storage bins, and then to outbound shipments as needed. In what way is SCI likely to see accounting data processing efficiency increase due to this type of robotics?

more timely transfer of ownership to recipients

Regarding cyberattacks, pharming attacks are an example of which of the following?

network based attack

Which of the following challenges are most likely to occur in common data mining projects to degrade output quality?

noisy and incomplete data

What term refers to iteratively decomposing database table design into its simplest form

normalization

nontrivial linear regression

not all data points lie on exactly a single line; r square < 100

Valuation modeling enables an organization to

obtain near-accurate valuations based on historical data and industry trends

ABC Manufacturing has decided to develop a new application that interfaces with its enterprise resource planning (ERP) system. This new software will allow customers to design and order custom products that the ABC's automated manufacturing line will produce without any human interaction. ABC's CIO raises concerns about security and privacy, both in the context of ABC's intellectual property and customer private data. At which phase in the systems development life cycle (SDLC) should the CIO's security concerns first be addressed?

systems analysis

Relational Database

table format, which is easy to relate to, visualize, understand, and work with)

Hash functions

take variable length data input and output a fixed length result, which is used as evidence to represent the original data - if hash of two messages is identical, can reasonably assume the two messages are identical

Data lake

takes a "store everything" approach to big data, saving all the data in its raw and unaltered form

Software Development Life Cycle - Development

teams actually construct the code for the software

Threat indicators

technical artifacts or objects that indicate threat may have already occurred, may be in progress, or an attack is about to happen

Audit team

tests internal controls

data mining

the application of statistical techniques to find patterns and relationships among data for classification and prediction

operations and maintenance phase of SDLC

the phase in which the organization addresses all ongoing operations issues, including adding and authorizing users after the initial installation process

Cross over error rate (in biometrics)

the point where false rejection rates = false acceptance rates - goal is to obtain low crossover error rate bc represents high accuracy

AIS impact is influenced by

the quality of accounting info the AIS manages (accuracy and completeness)

Software Development Life Cycle - Testing

the software code will be tested for vulnerabilities and defects. - also User acceptance testing (UAT)

Cloud computing

the use of tools such as software and applications, data storage, servers, networking, and databases over the Internet, instead of using individual hard drives or local storage devices

Threat Tactics

to understand behavior of threat actors (i.e. hackers)

Blockchain general goal it handles well:

transferring ownership for items of value

Which testing is best understood by system developers and end users?

unit (aka module) testing

Big Idea Distributing (BID) provides shipping and warehousing for over 900 customers in 43 states. BID's executives committed to implementing the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework two years ago to better manage their operations, financial reporting, and compliance goals. After completing the implementation and full auditing cycle, BID executives are disappointed with the results and why some of BID's objectives are not being met, in spite of the enormous investment in COSO. A COSO review revealed that the COSO implementation was carried out well and results are consistent with COSO objectives. What is the most likely reason for the executives' disappointment?

unrealistic expectations (COSO's goal is reasonable assurance not absolute assurance)

Corporate Performance Management solution

used mainly to manage and monitor performance based on return on investment, key performance indicators (KPIs), and operational costs

Time Series Analysis

useful to predict capacity or network traffic on a particular day, like a holiday

Phishing attack is which kind of cyber attack

user based attack

Continuous Data analysis

uses fractional values (not whole numbers)

Which of the following is created after automating the accounting and finance functions?

value chain

Standard error of estimate

variation of an observation from the regression line

Which of the Big Data Four Vs refers to the complexity of data, including both structured and unstructured data?

variety

Big Data 4 Vs

velocity, variety, variability, volume

Radar Chart

visual method to show size of gaps in a number of areas ex. budget: current vs previous ex. current performance vs ideal (expected) performance


संबंधित स्टडी सेट्स

CITI Training, Modules 1-24 (Biomedical Research)

View Set

Unit 2 Review Questions (Executive)

View Set

history of animation notes TV Shows

View Set

CH 7 ETHICS, HW #1/#2, Ethics in Accounting Chapter 4 - Part 2, Chapter 4, Accounting ethics 4 - professional judgment in accounting, ACCT Ethics CH 5-8, ACG445 Chapter 1-4, Accounting Ethics Midterm 2, Ethics for Accountants - Test 3, Chapter 3 and...

View Set

Accounting 208: Chapter 1-4: Quiz

View Set