Combo with "AIS Chapter 8" and 8 others
46) On February 14, 2008, students enrolled in an economics course at Swingline College received an email stating that class would be cancelled. The email claimed to be from the professor, but it wasn't. Computer forensic experts determined that the email was sent from a computer in one of the campus labs at 9:14 A.M. They were then able to uniquely identify the computer that was used by means of its network interface card's ________ address. Security cameras revealed the identity of the student responsible for spoofing the class.
B) MAC
12) Which of the following is not a requirement of effective passwords?
B) Passwords should be no more than 8 characters in length.
26) This is used to identify rogue modems (or by hackers to identify targets).
B) War dialing
8) Restricting access of users to specific portions of the system as well as specific tasks, is
B) authorization.
40) When new employees are hired by Folding Squid Technologies, they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader. In order to log in, the user's fingerprint must be recognized by the reader. This is an example of a(an)
B) biometric device.
34) In 2007, a major U.S. financial institution hired a security firm to attempt to compromise its computer network. A week later, the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found. This is an example of a
B) detective control.
43) Which of the following is the most effective method of protecting against social engineering attacks on a computer system?
B) employee awareness training
26) Which of the following is not a component of COSO
B) external environment and C) risk identification
27) The process of turning off unnecessary features in the system is known as
B) hardening.
14) An access control matrix
B) is a table specifying which portions of the system users are permitted to access.
What are the three components to backup architecture? M10
Backup Client, Backup Server, Storage Node
Which component of the backup architecture maintains the backup catalog? M9/10
Backup Server
What are the types of traditional backup approaches? M10
Backup agent on VM and Backup agent on Hypervisor
What are two types of profiles used in a server configuration backup? M10
Base Profile and Extended Profile
16) Telefarm Industries is a telemarketing firm that operates in the Midwest. The turnover rate among employees is quite high. Recently, the information technology manager discovered that an unknown employee had used a Bluetooth-enabled mobile phone to access the firm's database and copy a list of customers from the past three years that included credit card information. Telefarm was a victim of
Bluesnarfing
15) Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?
C) Controlling remote access
10) Which of the following is an example of a detective control?
C) Log analysis
31) This is an authorized attempt by an internal audit team or an external security consultant to attempt to break into the organization's information system.
C) Penetration test
36) Which of the following is commonly true of the default settings for most commercially available wireless access points?
C) Security is set to the lowest level that the device is capable of.
33) The ________ disseminates information about fraud, errors, breaches and other improper system uses and their consequences.
C) chief security officer
41) Information technology managers are often in a bind when a new exploit is discovered in the wild. They can respond by updating the affected software or hardware with new code provided by the manufacturer, which runs the risk that a flaw in the update will break the system. Or they can wait until the new code has been extensively tested, but that runs the risk that they will be compromised by the exploit during the testing period. Dealing with these issues is referred to as
C) patch management.
45) All employees of E.C. Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted. Entry to secure areas, such as the Information Technology Department offices, requires further procedures. This is an example of a(an)
C) physical access control.
23) The process that maintains a table that lists all established connections between the organization's computers and the Internet, to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer is known as
C) stateful packet filtering.
46) Global Economic Strategies, L.L.D., has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. They are transitioning from a ________to a_______control framework
COSO-Integrated Framework; COSO-ERM
What does EMC Networker do? M10
Centralizes, automates, and accelerates data backup and recovery operations across the enterprise.
Data Diddling
Changing data before or during entry into a computer system in order to delete, alter, add, or incorrectly update key system data.
Patch
Code released by software developers that fixes a particular software vulnerability
Patch
Code released by software developers that fixes a particular vulnerability.
Endpoints
Collective term for the workstations, servers, printers, and other devices that comprise an organization's network.
Endpoints
Collective term for the workstations, servers, printers, and other devices that comprose an organization's network. Supplementing preventive controls on the network perimeter with additional preventive controls on the endpoints enhances the security of information systems.
28) Which of the following statements is FALSE
Companies endorse integrity as a basic operating principle by actively teaching and reporting it.
55) The COSO Enterprise Risk Management Framework includes eight components. Which of the following is not one of them
Compliance with federal, state, or local laws
computer forensics specialists
Computer experts who discover, extract, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges.
Neural Networks
Computing systems that imitate the brain's learning process by using a network of interconnected processors that perform multiple operations simultaneously and interact dynamically.
Which of the following is not a way to reduce fraud losses?
Conduct periodic external and internal audits.
Describe the base profile M10
Contains the key elements of the OS required to recover the server
Detective Controls
Controls designed to discover control problems that were not prevented. Examples include duplicate checking of calculations and preparing bank reconciliations and monthly trial balances.
General Controls
Controls designed to make sure an organization's information system and control environment is stable and well managed. Examples include security; IT infrastructure; and software acquisition, development, and maintenance controls.
Preventive Controls
Controls that deter problems before they arise. Examples include hiring qualified personnel, segregating employee duties, and controlling physical access to assets and information.
Corrective Controls
Controls that identify and correct problems as well as correct and recover from the resulting errors. Examples include maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processing.
Application Controls
Controls that prevent, detect, and correct transaction errors and fraud in application programs. They are concerned with the accuracy, completeness, validity, and authorization of the data captured, entered, processed, stored, transmitted to other systems, and reported.
Collusion
Cooperation between two or more people in an effort to thwart internal controls.
What is Disaster Recovery? M9
Coordinated process of restoring systems, data, and infrastructure required to support business operations after a disaster occurs
What is true about incremental backup? M10
Copied the data that has changed since last full or incremental backup
Which of the following is not a way to make fraud less likely to occur?
Create an audit trail so individual transactions can be traced.
What does Image-based backup do? M10
Creates a copy of the guest OS, its data, VM state and configurations; enables quick restoration of VM
Posing
Creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering the product.
IP Adress Spoofing
Creating internet Protocol packets with a forged iP address to hide the sender's identity or to impersonate another computer system.
16) Which of the following preventive controls are necessary to provide adequate security for social engineering threats?
D) Awareness training
37) In recent years, many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.
D) Buffer overflow
11) Which of the following is an example of a corrective control?
D) Incident response teams
47) There are "white hat" hackers and "black hat" hackers. Cowboy451 was one of the "black hat" hackers. He had researched an exploit and determined that he could penetrate the target system, download a file containing valuable data, and cover his tracks in eight minutes. Six minutes into the attack he was locked out of the system. Using the notation of the time-based model of security, which of the following must be true?
D) P > 6
18) This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.
D) Transmission control protocol
44) The most effective way to protect network resources, like email servers, that are outside of the network and are exposed to the Internet is
D) a demilitarized zone.
21) Compatibility tests utilize a(n) ________, which is a list of authorized users, programs, and data files the users are authorized to access or manipulate.
D) access control matrix
39) When new employees are hired by Folding Squid Technologies, they are assigned user names and appropriate permissions are entered into the information system's access control matrix. This is an example of a(an)
D) authorization control.
17) A special purpose hardware device or software running on a general purpose computer, which filters information that is allowed to enter and leave the organization's information system, is known as a(n)
D) firewall.
3) According to the Trust Services Framework, the reliability principle of integrity is achieved when the system produces data that
D) is complete, accurate, and valid.
22) The process that screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header is known as
D) static packet filtering.
30) The process that uses automated tools to identify whether a system possesses any well-known security problems is known as a(n)
D) vulnerability scan.
What is subfile deduplication? M10
Data is deduplicated at the source (backup client); backup client sends only new, unique segments across the network; Reduced storage capacity and network bandwidth requirements; Increased overhead on the backup client.
In a SAN-based backup what is true? M9/10
Data passes through SAN and metadata through the LAN
In a Virtual Environment, what is the backup optimization?M10
Deduplication
What is file-level deduplication? M10
Detects and removes redundant copies of identical files; after a file is stored, all other references to the same file refer to the original copy
Compatibility Test
Determining whether a person attemting to access and information system resource is authorized to do so.
What are the three purposes for backup? M10
Disaster Recovery, Operational Recovery, and Archive
What are the three causes of Information Unavailability? M9
Disaster, Unplanned Outages, Planned Outages
What is Content Addressed Storage? M10
Disk-based storage that has emerged as an alternative to traditional archiving solutions that provides online accessibility to archive data
Caller ID Spoofing
Displaying an incorrect number on the recipient's caller ID display to hide the caller's identity.
Skimming
Double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, hand- held card reader that records credit card data for later use
War Driving
Driving around looking for unprotected home or corporate wireless networks.
Which EMC product performs target-based data deduplication? M9/10
EMC Data Domain
What are some examples of Fixed Content? M10
Electronic Documents, Digital Records, and Rich Media
Defense-In-Depth
Employing multiple layers of controls to avoid a single point-of-failure
Defense-in-depth
Employing multiple layers of controls to avoid a single point-of-failure.
What is involved in the planning of a business continuity lifecycle? M9
Establishing Objectives; Analyzing; Designing and Developing; Implementing; Training, Testing, Assessing, and Maintaining
Authorization
Establishing policies for employees to follow and then empowering them to perform certain organizational functions. authorizations are often documented by signing, initializing, or entering an authorization code on a document or record.
Sexting
Exchanging sexually explicit text messages and revealing pictures with other people, usually by means of a phone.
A 16 year old hacker was able to access the systems of U.S. Missile Command and accidently launched a small nuclear missile, which fortunately, failed to detonate
FALSE
What are the deduplication methods? M10
File level and Subfile level
Vulnerabilities
Flaws in programs that can be exploited to either crash the system or take control of it.
QR barcode replacements
Fraudsters cover valid quick response codes with stickers containing a replacement QR code to fool people into going to an unintended site that infects their phones with malware.
What are the ways backup granularity can be categorized? M10
Full Backup, Incremental Backup, Cumulative Backup, and Synthetic (constructed) Backup
masquerading / impersonation
Gaining access to a system by pretending to be an authorized user. This requires that the perpetrator know the legitimate user's ID and password
Hijacking
Gaining control of someone else's computer to carry out illicit activities, such as sending spam without the computer user's knowledge.
44) _________controls are designed to make sure an organization's control environment is stable and well managed
General
Authorization
Granting an employee power to perform certain organizational functions, such as purchasing or selling on behalf of the company.
What is Virtual Tape Library (VTL)? M10
Has the same components as that of a physical tape library, except that the majority of the components are presented as virtual resources.
Strategic Objectives
High-level goals that are aligned with and support the company's mission and create shareholder value
What are two methods of backup? M10
Hot or online Cold or Offline
Response Time
How long it takes for a system to respond.
Which of the following is not a way to improve fraud detection?
Implement computer-based controls over input, processing, storage, and output activities.
Time-based model of security
Implementing a set of preventive, detective, and corrective controls that enable an organization to recognize that an attack is occurring and take steps to thwart it before any assets have been compromised.
Segregation of Systems Duties
Implementing control procedures to clearly divide authority and responsibility within the information system function.
What is LAN-based backup? M10
In a LAN-based backup, the clients, backup server, storage node, and backup device are connected to the LAN
What is server-based backup?M10
In an application server-based backup, the NAS head retrieves data from a storage array over the network and transfers it to the backup client running on the application server
38) Which of the following is not a reason for the increase in security problems for AIS
Increasing efficiency resulting from more automation
Forensic Investigators
Individuals who specialize in fraud, most of whom have specialized training with law enforcement agencies such as the FBI or IRS or have professional certifications such as Certified Fraud Examiner (CFE).
49) The risk that exists before management takes any steps to control the likelihood or impact of a risk is
Inherent risk
SQL Injection (insertion) Attack
Inserting a malicious SQL query in input such that it is passed to and executed by an application program. this allows a hacker to convince the application to run SQL code that it was not intended to execute.
40) Pam is a receptionist for Dunderhead Paper Co., which has strict corporate policies on appropriate use of corporate resources. The first week of August, Pam saw Michael, the branch manager, putting pencils, pens, erasers, paper and other supplies into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework
Integrity and ethical values
41) Which of the following statements is true
Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes.
What is EMC Avamar? M10
It is a disk-based backup and recovery solution that provides source-based deduplication.
What is data deduplication? M10
It is a process of identifying and eliminating redundant data.
What is business continuity? M9
It is a process that prepares for, responds to, and recover from a system outage that can adversely affects business operations
What is backup? M10
It is an additional copy of production data (files) that is created and retained for the sole purpose of recovering lost or corrupted data
What is NDMP 2-way? M10
It is an industry-standard TCP/IP based protocol specifically designed for a backup in a NAS environment, it communicates with several elements in the backup environment for data transfer and enables vendors to use a common protocol for the backup architecture
What is Information Availability? M9
It is the ability of an IT infrastructure to function according to business expectations, during its specified time of operation
What is SAN-based backup? M10
It is the most appropriate solution when a backup needs to be share among clients. Also known as a LAN-free backup.
What are Single Points of Failure? M9
It refers to the failure of a component of a system that can terminate the availability of the entire system or IT service
35) Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties
Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000, Marie writes off the accounts as bad debt. Jim then issues new cards.
42) Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties
Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000, Marie writes off the accounts as bad debt. Jim then issues new cards.
Sarbanes-Oxley act (SOX)
Legislation intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies, and punish executives who perpetrate fraud.
Foreign Corrupt Practices act (FCPA)
Legislation passed to prevent companies from bribing foreign officials to obtain business; also requires all publicly owned corporations maintain a system of internal accounting controls.
Eavesdropping
Listening to private communications or tapping into data transmissions intended for someone else. one way to intercept signals is by setting up a wiretap.
What is the impact of downtime? M9
Lost Productivity, Damaged Reputation, Lost Revenue, Financial Performance, and Other Expenses
Which expression represents availability of a system in terms of MTBF and MTTR? M9
MTBF/(MTTR + MTBF)
Email-Spoofing
Making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source.
Describe the role of a backup server? M10
Manage the backup operation and maintains backup catalog
Click Fraud
Manipulating the number of times an ad is clicked on to inflate advertising bills.
What is MTBF? M9
Mean Time Between Failure, it is the average time available for a system or component to perform its normal operations between failures, it is the measure of system or component reliability and is usually expressed in hours
What is MTTR? M9
Mean time to Repair, it is the average time required to repair a failed component
32) Which of the following is not one of the risk responses identified in the COSO Enterprise Risk Management Framework
Monitoring
What is the process of restoring cumulative backup? M10
More file to be backed up, it takes more time to backup and requires more storage space, faster restore because only the last full and the last cumulative backup must be applied
Which NAS backup topology employs a private LAN? M9/10
NDMP 3-way
What allows grouping of two or more physical NICs and treating them as a single logical device? M9
NIC teaming
What is true if the recovery-point (RPO) of an application is 2 hours? M9
No more than 2 hours of production data can be lost
Operations Objectives
Objectives that deal with the effectiveness and efficiency of company operations and determine how to allocate resources.
Reporting Objectives
Objectives to help ensure the accuracy, completeness, and reliability of company reports; improve decision making; and monitor company activities and performance
Compliance Objectives
Objectives to help the company comply with all applicable laws and regulations.
Web Cramming
Offering a free website for a month, developing a worthless website, and charging the phone bill of the people who accept the offer for months, whether they want to continue using the website or not.
What is an advantage of image-based backup over traditional backup approach in a virtualized environment? M10
Offloads backup processing from the hypervisor
What ways can archiving be implemented? M10
Online, Nearline, and Offline
Security Management
People that make sure systems are se- cure and protected from internal and external threats.
Data Control Group
People who ensure that source data is properly approved, monitor the flow of work reconcile input and output, handle input errors to ensure their correction and resubmission, and distribute systems output.
Systems Analysts
People who help users determine their information needs and design systems to meet those needs.
Computer Operators
People who operate the company's computers.
Users
People who record transactions, authorize data processing, and use system output.
Programmers
People who take the analysts' design and develop, code, and test computer programs.
Network Manager
Person responsible for ensuring that applicable devices are linked to the organization's networks and that the networks operate properly.
Systems Administrator
Person responsible for making sure a system operates smoothly and efficiently.
Demilitarized Zone (DMZ)
Placing the organization's Web servers and e-mail servers in a separate network that sits outsite the corporations network but is accessible from the Internet.
What Recovery Point Objective (RPO)? M9
Point-in-time to which systems and data must be recovered after an outage
Project Milestones
Points where progress is reviewed and actual and estimated completion times are compared.
Control Activities
Policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out.
Chipping
Posing as a service engineer and planting a small chip that records transaction data in a legitimate credit card reader. the chip is later removed to access the data recorded on it.
Change Management
Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.
What is Disaster Restart? M9
Process of restarting business operations with mirrored consistent copies of data application
War Dialing
Programming a computer to dial thousands of phone lines searching for dial- up modem lines. hackers hack into the PC attached to the modem and access the network to which it is connected.
Packet Sniffers
Programs that capture data from information packets as they travel over the internet or company networks. Captured data is sifted to find confidential or proprietary information
Internet Protocol (IP)
Protocol that specifies the structure of the TCP packets and how to route them to the proper destination.
Cloud Computing
Purchasing software, storage, infrastructure, or platforms from a third-party on a pay-for-use or subscription basis. Cloud providers use virtualization technology to economically provide shared access simultaneouly to multiple customers.
What does Multipathing Software do? M9
Recognizes and utilizes alternate I/O path to data, provides load balancing by distributing I/Os to all available active paths, intelligently manages the paths to a device by sending I/O down the optimal path
Backup is based on what two requirements? M10
Recovery-Point Objective (RPO) and Recovery-Time Objective (RTO)
What are the key benefits of data deduplication? M10
Reduces infrastructure costs; Enables longer retention periods; Reduces backup window; Reduces backup bandwidth requirement.
In backup to tape environment, what does "shoe shining" mean? M10
Repeated back and forth motion that a tape drive makes when there is an interruption in the backup data stream
43) According to the ERM, these objectives help ensure the accuracy, completeness and reliability of internal and external company reports
Reporting objectives
________ is a simple, yet effective, method for catching or preventing many types of employee fraud.
Requiring all employees to take annual vacations
What are some solutions that enable business continuity? M9
Resolving single points of failure, Multipathing software, and Backup and replication
Postimplementation review
Review, performed after a new system has been operating for a brief period, to ensure that it meets its planned objectives.
scavenging / dumpster diving
Searching documents and records to gain access to con- fidential information. Scaveng- ing methods include searching garbage cans, communal trash bins, and city dump
War Dialing
Searching for an idle modem by programming a computer to dial thousands of phone lines.
War Dialing
Searching for an idle modem by programming a computer to dial thousands of phone lines. Finding an idle modem often enables a hacker to gain access to the network to which it is connected.
Tabnapping
Secretly changing an already open browser tab in order to capture user iDs and passwords when the victim logs back into the site.
Phising
Sending an electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification of information and often warning of a consequence if it is not provided. The request is bogus, and the information gathered is used to commit identity theft or to steal funds from the victim's account.
Address Resolution Protocol (ARP) spoofing
Sending fake ARP messages to an Ethernet LAN. ARP is a computer net- working protocol for determining a network host's hardware address when only its iP or network address is known.
Segregation of Accounting Duties
Separating the accounting functions of authorization, custody, and recording to minimize an employee's ability to commit fraud.
What are the common backup implementation is a NAS environments? M10
Server-based backup, Serverless backup, NDMP 2-way and NDMP 3-way
20) Which of the following is not an example of social engineering
Setting up a computer in a way that allows the user to use a neighbors unsecured wireless network
Typosquatting / URL Hijacking
Setting up similarly named websites so that users making typographical errors when entering a website name are sent to an invalid site.
Worm
Similar to a virus, except that it is a program rather than a code segment hidden in a host program. a worm also copies itself automatically and actively transmits itself directly to other system
Spamming
Simultaneously sending the same unsolicited message to many people, of- ten in an attempt to sell them something.
DNS Spoofing
Sniffing the iD of a Domain name System (DNS, the "phone book" of the internet that converts a domain, or website name, to an iP address) request and replying before the real DNS server.
Intrusion Prevention Systems (IPS)
Software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks.
torpedo software
Software that destroys competing malware. this sometimes results in "malware warfare" between competing malware developers.
Ransomware
Software that en- crypts programs and data until a ransom is paid to remove it.
Keylogger
Software that records computer activity, such as a user's keystrokes, e-mails sent and received, websites visited, and chat session participation.
Spyware
Software that secretly monitors computer usage, collects personal information about users, and sends it to someone else, often without the computer user's permission.
What are the deduplication implementations? M10
Source-based and Target-based
Splog
Spam blogs created to increase a website's google PageRank, which is how often a web page is referenced by other web pages.
Specific Authorization
Special approval an employee needs in order to be allowed to handle a transaction.
Routers
Special purpose devices that are designed to read the destination address fiels in IP packet headers to cecide where to send the packet next.
Routers
Special purpose devices that are designed to read the source and destination address fields in IP packet headers to decide where to send (route) the packet next.
Adware
Spyware that causes banner ads to pop up on a monitor, collects information about the user's web-surfing and spending habits, and forwards it to the adware creator, often an advertising or media organization. adware usually comes bundled with freeware and shareware downloaded from the internet.
bluesnarfing
Stealing (snarfing) contact lists, images, and other data using flaws in bluetooth applications.
Salami Technique
Stealing tiny slices of money from many different accounts.
What was the first known cyber-attack intended to harm a real-world physical target?
Stuxnet
Belief System
System that describes how a company creates value, helps employees under- stand management's vision, communicates company core values, and inspires employees to live by those values.
Boundary System
System that helps employees act ethically by setting boundaries on employee behavior.
Interactive Control System
System that helps managers to focus subordinates' attention on key strategic issues and to be more involved in their decisions.
Diagnostic Control System
System that measures, monitors, and compares actual company progress to budgets and performance goals.
A disgruntled employee in Australia hacked into a sewage system, causing a quarter of a million gallons of raw sewage to flood a hotel and a park.
TRUE
Virtualization
Taking advantage of the power and speed of modern computers to run multiple systems simultaneously on one physical computer. This reduces the number of serversneeded and thereby reduces hardware, maintenance, and data center costs.
What type of deduplication does EMC Data Domain utilize? M10
Target-based deduplication
54) Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies
The Sarbanes-Oxley Act of 2002
Risk Appetite
The amount of risk a company is willing to accept to achieve its goals and objectives. To avoid undue risk, risk appetite must be in alignment with company strategy.
Throughput
The amount of work performed by a system during a given period of time.
General Authorization
The authorization given employees to handle routine transactions without special approval.
Piggybacking
(1) tapping into a communications line and electronically latching onto a legitimate user who unknowingly carries the perpetrator into the system. (2) the clandestine use of a neighbor's Wi-fi network. (3) an unauthorized person following an authorized person through a secure door, bypass- ing physical security controls.
18. Which statement is true with respect to discussion among engagement personnel regarding the risk of material misstatement due to fraud? a. It is recommended but not required b. Audit documentation must include a description of the discussion
...
36. Which of the following factors is most relevant when an auditor considers the client's organizational structure in the context of control risk? a. Management's attitude toward info processing b. The suitability of clients lines of reporting
...
24) The Public Company Accounting Oversight Board consists of
5 members
A department requires access to the database application from Monday to Friday, 9AM to 5PM. Last Thursday at 1PM the application crashed and it took six hours to fix the problem. What was the availability of the application during last week? M9
85%
Internal Control—Integrated framework (IC)
A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems.
Enterprise Risk Management— Integrated framework (ERM)
A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO's Internal Control—Integrated.
Public Company Accounting Oversight Board (PCAOB)
A board created by SOX that regulates the auditing profession; created as part of SOX.
Firewall
A combination of security algorithms and router communications protocols that prevent outsiders from tapping into corporate databases and e-mail systems.
Denial-of-Service (DOS) attack
A computer attack in which the attacker sends so many e-mail bombs or web page requests, often from randomly generated false addresses, that the internet service provider's e-mail server or the web server is overloaded and shuts down.
Border Router
A device that connects an orgainization's information system to the internet.
man-in-the-middle (mitm) attack
A hacker placing himself between a client and a host to intercept communications between the
Zombie
A hijacked computer, typically part of a botnet, that is used to launch a variety of internet attacks.
MAC Adress
A media access Control address is a hardware address that uniquely identifies each node on a network.
Botnet
A network of powerful and dangerous hijacked computers that are used to attack systems or spread malware.
Intrusion Prevention System (IPS)
A new type of filter designed to identify and drop packets that are part of an attack.
Audit Trail
A path that allows a transaction to be traced through a data processing system from point of origin to output or backward from output to point of origin.
Event
A positive or negative incident or occurrence from internal or external sources that affects the implementation of strategy or the achievement of objectives.
Committee of Sponsoring Organizations (COSO)
A private- sector group consisting of the american accounting association, the AICPA, the Institute of Internal auditors, the Institute of Management accountants, and the financial Executives Institute.
Deep Packet Inspection
A process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers.
Static Packet Filtering
A process that screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header.
steganography program
A program that can merge con- fidential information with a seemingly harmless file, password protect the file, send it anywhere in the world, where the file is unlocked and the confidential information is reas- sembled. the host file can still be heard or viewed because humans are not sensitive enough to pick up the slight decrease in image or sound
What is a data archive? M10
A repository where fixed content is stored
Control Objectives for Information and Related Technology (COBIT)
A security and control framework that allows (1) management to benchmark the security and control practices of IT environments, (2) users of IT services to be assured that adequate security and control exist, and (3) auditors to substantiate their internal control opinions and advise on IT security and control matters.
What is NDMP 3-way? M10
A separate private backup network that is established between all NAS heads and the NAS head connected to the backup device, this will help to avoid the backup data traveling on the production LAN.
Access Control List (ACL)
A set of IF-THEN rules used to determine what to do with arriving packets.
Access Control List
A set of rules that determines which packets of information transmitted over a network are allowed entry and which are dropped.
Remote Authentication Dial-In Service (RADIUS)
A standard method for verifying the identity of users attempting to connect via dial-in access.
Remote Authentication Dial-in User Service (RADIUS)
A standard method for verifying the identity of users attempting to connect via dial-in access.
Intrusion Detection System (IDS)
A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions.
Intrusion detection systems (IDS)
A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions.
Computer Incident Response Team (CIRT)
A team that is responsible for dealing with major security incidents. The CIRT should include technical specialists as well as senior operations management, because some security incident responses may have significant economic consequences.
Stateful Packet Filtering
A technique employed by firewalls in which a table is maintained that lists all established connections between the organization's computers and the Internet.
20) This network access control determines which IP packets are allowed entry to a network and which are dropped.
A) Access control list
2) Which of the following is not a useful control procedure to control access to system outputs?
A) Allowing visitors to move through the building without supervision
9) Which of the following is an example of a preventive control?
A) Encryption
42) Murray Snitzel called a meeting of the top management at Snitzel Capital Management. Number one on the agenda was computer system security. "The risk of security breach incidents has become unacceptable," he said, and turned to the Chief Information Officer. "This is your responsibility! What do you intend to do?" Which of the following is the best answer?
A) Evaluate and modify the system using the Trust Services framework
4) Which of the following is not one of the three fundamental information security concepts?
A) Information security is a technology issue based on prevention.
29) This creates logs of network traffic that was permitted to pass the firewall.
A) Intrusion detection system
Why do many fraud cases go unreported and unprosecuted?
A) Major fraud is a public relations nightmare. B) Fraud is difficult, costly, and time-consuming to investigate and prosecute. C) Law enforcement and the courts are often so busy with violent crimes that little time is left for fraud cases. D) all of the above
32) A well-known hacker started his own computer security consulting business shortly after being released from prison. Many companies pay him to attempt to gain unauthorized access to their network. If he is successful, he offers advice as to how to design and implement better controls. What is the name of the testing for which the hacker is being paid?
A) Penetration test
25) The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as
A) an intrusion prevention system.
38) Meaningful Discussions is a social networking site that boasts over a million registered users and a quarterly membership growth rate in the double digits. As a consequence, the size of the information technology department has been growing very rapidly, with many new hires. Each employee is provided with a name badge with a photo and embedded computer chip that is used to gain entry to the facility. This is an example of a(an)
A) authentication control.
7) Verifying the identity of the person or device attempting to access the system is
A) authentication.
1) The Trust Services Framework reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as
A) availability.
28) The most common input-related vulnerability is
A) buffer overflow attack.
24) The process that allows a firewall to be more effective by examining the data in the body of an IP packet, instead of just the header, is known as
A) deep packet inspection.
6) If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is
A) effective.
13) Multi-factor authentication
A) involves the use of two or more basic authentication methods.
Perhaps the most striking fact about natural disasters in relation to AIS controls is that
A) many companies in one location can be seriously affected at one time by a disaster.
What three things are a part of Information Availability? M9
Accessibility, Reliability, and Timeliness
Spoofing
Altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of the recipien
Zero-Day-Attack
An attack between the time a new software vulnerability is discovered and "released it into the wild" and the time a software developer releases a patch to fix the problem.
Penetration Test
An authorized attempt to break into the organization's information system.
Identify the opportunity below that could enable an employee to commit fraud
An employee has a close association with suppliers or customers
computer security officer (CSO)
An employee independent of the information system function who monitors the system, disseminates information about improper system uses and their consequences, and reports to top management
chief compliance officer (CCO)
An employee responsible for all the compliance tasks associated with SOX and other laws and regulatory rulings.
Access Control Matrix
An internally maintained table specifying which portions of the system users are permitted to access and what actions they can perform.
Background Check
An investigation of a prospective or current employee that involves verifying their educational and work experience, talking to references, checking for a criminal record or credit problems, and examining other publicly avail- able information.
Systems integrator
An outside party hired to manage a company's systems development effort.
49) Describe four requirements of effective passwords .
Answer: 1. Strong passwords should be at least 8 characters. 2. Passwords should use a mixture of upper and lowercase letters, numbers and characters. 3. Passwords should be random and not words found in dictionaries. 4. Passwords should be changes frequently.
52) Describe the function of a computer incident response team (CIRT) and the steps that a CIRT should perform following a security incident.
Answer: A CIRT is responsible for dealing with major security incidents and breaches. The team should include technical specialists and senior operations management. In response to a security incident, first the CIRT must recognize that a problem exists. Log analysis, intrusion detection systems can be used to detect problems and alert the CIRT. Second, the problem must be contained, perhaps by shutting down a server or curtailing traffic on the network. Third, the CIRT must focus on recovery. Corrupt programs may need to be reinstalled and data restored from backups. Finally, the CIRT must follow-up to discover how the incident occurred and to design corrective controls to prevent similar incidents in the future.
51) Explain the value of penetration testing.
Answer: Penetration testing involves an authorized attempt by an internal audit team or an external security consultant to break into the organization's information system. This type of service is provided by risk management specialists in all the Big Four accounting firms. These specialists spend more than half of their time on security matters. The team attempts to compromise the system using every means possible. With a combination of systems technology skills and social engineering, these teams often find weaknesses in systems that were believed to be secure.
53) Identify six physical access controls.
Answer: Require visitors to sign in and receive a visitor badge before being escorted by an employee; require employees to wear photo ID badges that are checked by security guards; physical locks and keys; storing documents and electronic media in a fire-proof safe or cabinet; restrict or prohibit cell phones, iPods and other portable devices; set screen savers to start after a few minutes of inactivity; set computers to lock keyboards after a few minutes of inactivity; utilize screen protection devices; use biometric devices to authorize access to spaces and equipment; attach and lock laptops to immobile objects; utilize magnetic or chip cards to authorize access to spaces and equipment; limit or prohibit windows and glass walls in sensitive areas.
50) Explain social engineering.
Answer: Social engineering attacks use deception to obtain unauthorized access to information resources, such as attackers who post as a janitor or as a legitimate system user. Employees must be trained not to divulge passwords or other information about their accounts to anyone who contacts them and claims to be part of the organization's security team.
48) Identify three ways users can be authenticated and give an example of each.
Answer: Users can be authenticated by verifying: 1. something they know (password). 2. something they have (smart card or ID badge). 3. Something they are (biometric identification of fingerprint).
What are the components of archiving solutions? M10
Archiving agent, Archiving server, and Archiving storage device
Phreaking
Attacking phone systems to obtain free phone line access, use phone lines to transmit malware, and to access, steal, and destroy data.
vulnerability scanners
Automated tools designed to identify whether a given system possesses any unused and un- necessary programs that represent potential security threats.
Vulnerability Scanners
Automated tools designed to identify whether a given system possesses any well-know vulnerabilities. The scanning tool can also identify unused and unnecessary programs that represent potential security threats.
35) It was 9:08 A.M. when Jiao Jan, the Network Administrator for Folding Squid Technologies, was informed that the intrusion detection system had identified an ongoing attempt to breach network security. By the time that Jiao had identified and blocked the attack, the hacker had accessed and downloaded several files from the company's server. Using the notation for the time-based model of security, in this case
B) D > P
5) Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliability, as discussed in the Trust Services Framework?
B) Effectively communicating policies to all outsiders
19) This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.
B) Internet protocol
Internal Environment
The company culture that is the foundation for all other ERM components as it influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk.
Analytical Review
The examination of the relationships between different sets of data
Change control and change management
The formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability.
Why is computer fraud often more difficult to detect than other types of fraud?
The fraud may leave little or no evidence it ever happened.
On Tuesday morning, Chen Lee, Chief Information Officer at American Trading Corporation (ATC), got some bad news. The hard drive use to store system data backups was lost while it was being transported to an offsite storage location. Chen called a meeting of her technical staff to discuss the implications of the loss. Which of the following is most likely to relieve her concerns over the potential cost of the loss?
The hard drive was encrypted and password protected.
Expected Loss
The mathematical product of the potential dollar loss that would occur should a threat become a reality (called impact or exposure) and the risk or probability that the threat will occur (called likelihood).
What is serverless backup? M10
The network share is mounted directly on the storage node
Audit Comittee
The outside, independent board of director members responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors.
Utilization
The percentage of time a system is used.
Bot Herder
The person who creates a botnet by installing software on PCs that responds to the bot herder's electronic instructions.
Exposure/Impact
The potential dollar loss should a particular threat become a reality.
Likelihood
The probability that a threat will come to pass
Log Analysis
The process of examining logs to monitor security.
Hardening
The process of identifying and turning off unnecessary programs.
Patch Management
The process of regularly applying patches and updates to software.
What is the process of restoring incremental backup? M10
The process of restoration from an incremental backup requires the last full backup and all the incremental backups available until the point of restoration, less number of files to be backed up, it takes less time to backup and requires less storage space, longer restore because last full and all subsequent incremental backups must be applied
Internal Controls
The processes and procedures implemented to provide reasonable assurance that control objectives are met.
Transmission Control Protocol (TCP)
The protocol enabling communications on the Internet. Creats a packet-switching network. When a message is ready to be sent over the internet, the TCP breaks it up into small packets.
Residual Risk
The risk that remains after management implements internal controls or some other response to risk.
Exploit
The set of instructions for taking advantage of a vulnerability.
What is Direct-Attached Backup? M10
The storage node is configured on a backup client, and the backup device is attached directly to the client.
Inherent Risk
The susceptibility of a set of accounts or transactions to significant control problems in the absence of internal control.
Social Engineering
The techniques or psychological tricks used to get people to comply with the perpetrator's wishes in order to gain physical or logical access to a building, computer, server, or network. it is usually to get the information needed to obtain confidential data.
Software Piracy
The unauthorized copying or distribution of copyrighted software.
superzapping
The unauthorized use of a special system program to bypass regular system controls and perform illegal acts. the superzap utility was originally written to handle emergencies, such as restoring a system that had crash
Multimodal Authentication
The use of multiple authentication credentials of the same type to achieve a greater level of security.
multimodal authentication
The use of multiple authentication credentials of the same type to achieve a greater level of security.
Multifactor Authentication
The use of two or more authentication methosds in conjunction to achieve a greater level of security.
Economic Espionage
Theft of information, trade secrets, and intellectual property.
What best describes recovery-time objective (RTO)? M9
Time within which systems and application must be recovered after an outage
What is Recover-Time Objective? M9
Time within which systems and applications must be recovered after an outage
In a Virtual Environment, what are the backup options? M10
Traditional backup approach and Image-based backup approach
12) A set of unauthorized computer instructions in an otherwise properly functioning program is known as a
Trojan horse.
Describe the extend profile M10
Typically larger than base profile and contains all necessary information to rebuild application environment.
What agency did the United States create to use cyber weapons and to defend against cyber attacks?
U.S. Cyber Command
Hacking
Unauthorized access, modification, or use of an electronic device or some element of a computer system.
What is a mixed backup topology? M10
Uses both LAN and SAN-based topologies, might be implemented for several reasons, including cost, server location, reduction in admin and performance considerations.
Podslurping
Using a small de- vice with storage capacity (iPod, flash drive) to download unauthorized data from a computer.
Internet Auction Fraud
Using an internet auction site to defraud another person.
Pretexting
Using an invented scenario (the pretext) that creates legitimacy in the target's mind in order to increase the likelihood that a victim will divulge information or do something
Cyber-Bullying
Using computer technology to support deliberate, repeated, and hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person.
Social Engineering
Using deception to obtain unauthorized access to information resources.
War Rocketing
Using rockets to let loose wireless access points attached to parachutes that detect unsecured wireless networks.
SMS Spoofing
Using short message service (SmS) to change the name or number a text message appears to come from.
Dictionary Attacks
Using special software to guess company e-mail addresses and send them blank e-mail messages. Unreturned messages are usually valid e-mail addresses that can be added to spammer e-mail lists.
Internet Terrorism
Using the internet to disrupt electronic commerce and harm computers and communications.
Internet pump-and-dump fraud
Using the internet to pump up the price of a stock and then sell it.
Internet Misinformation
Using the internet to spread false or misleading information.
Biometric Identifier
Using unique physical characteristics such as fingerprints, voice patterns, retina prints, and signature dynamics to identify people.
Authentication
Verifying the identity of the person or device attempting to access the system.
Vishing
Voice phishing; it is like phishing except that the victim enters confidential data by phone
system performance measurements
Ways to evaluate and assess a system.
What are some challenges of traditional archiving solutions? M10
Wear and tear, no intelligence, inadequate for long-term preservation, unable to provide online and fast access to fixed content
Password Cracking
When an intruder penetrates a system's defenses, steals the file containing valid passwords, decrypts them, and uses them to gain access to programs, files, and data.
Shoulder Surfing
When perpetrators look over a person's shoulders in a public place to get information such as ATM Pin numbers or user IDs and passwords.
Buffer Overflow Attack
When the amount of data entered into a program is greater than the amount of the input buffer. the input overflow overwrites the next computer instruction, causing the system to crash. hackers exploit this by crafting the input so that the overflow contains code that tells the computer what to do next. this code could open a back door into the system
Deep Packet Inspection
When the firewall examines the data in the body of an IP packet rather than looking only at the information in the IP header.
Which of the following is not an example of one of the basic types of fraud?
While straightening the store at the end of the day, a shoe store employee finds and keeps an expensive pair of sunglasses left by a customer.
31) Which of the following does not violate separation of duties
Writing checks and receiving checks in the mail.
39) A computer operator is allowed to work as a programmer on a new payroll software project. Does this create a potential internal control problem
Yes, the computer operator could alter the payroll program to increase her salary.
Information System Library
a collection of corporate data- bases, files, and programs stored in a separate storage area and managed by the system librarian.
Border Router
a device that connects an organization's information system to the internet.
Policy and Procedures Manual
a document that explains proper business practices, describes needed knowledge and experience, explains document procedures, explains how to handle transactions, and lists the resources provided to carry out specific duties
Project Development Plan
a document that shows how a project will be completed.
Rootkit
a means of concealing system components and malware from the operating system and other programs; can also modify the operating system.
Digital Signature
a means of electronically signing a document with data that cannot be forged.
Strategic Master Plan
a multiple- year plan that lays out the projects the company must complete to achieve its long-range goals and the resources needed to achieve the plan.
Fraud Hotline
a phone number employees can call to anonymously report fraud and abuse
Biometric Identifier
a physical or behavioral characteristic that is used as an authentication credential.
Exploit
a program designed to take advantage of a known vulnerability.
Time bomb / Logic Bomb
a program that lies idle until some specified circumstance or a particular time triggers it. once triggered, the program sabotages the system by destroying programs or data.
Data Processing Schedule
a schedule that shows when each data processing task should be performed.
Virus
a segment of executable code that attaches itself to a file, program, or some other executable system component. When the hidden program is triggered, it makes unauthorized alterations to the way a system operates.
Demilitarized Zone (DMZ)
a separate network located outside the organization's internal information system that permits controlled access from the internet.
Trap door / back door
a set of computer instructions that allows a user to bypass the system's normal controls.
Trojan Horse
a set of unauthorized computer instructions in an authorized and otherwise properly functioning program.
Firewall
a special-purpose hardware device or software running a general-purpose computer that controls both inbound and outbound communication between the system behind the firewall and other networks.
Access Control Matrix
a table used to implement authorization controls (see figure 8-4)
computer incident response team (CIRT)
a team that is responsible for dealing with major security incidents.
Cross-site Scripting (XSS)
a vulnerability in dynamic web pages that allows an attacker to bypass a browser's security mechanisms and instruct the victim's browser to execute code, thinking it came from the desired website.
Evil Twin
a wireless network with the same name (Service Set Identifier) as a legitimate wireless access point. Users are connected to the twin because it has a stronger wireless signal or the twin disrupts or disables the legitimate access point. Users are unaware that they connect to the evil twin and the perpetrator monitors the traffic look- ing for confidential information
Carding
activities performed on stolen credit cards, including making a small online purchase to determine whether the card is still valid and buying and sell- ing stolen credit card numbers.
Which of the following will not reduce the likelihood of an occurrence of fraud?
adequate insurance coverage
Which of the following is least likely to result in computer fraud?
allowing computer operators full access to the computer room
The simplest and most common way to commit a computer fraud is to
alter computer input.
The fraud that requires the least computer knowledge or skill involves
altering or falsifying source data.
Penetration Test
an authorized attempt to break into the organization's information system.
Steering Committee
an executive-level committee to plan and oversee the information systems function.
Threat/Event
any potential adverse occurrence or unwanted event that could injure the AIS or the organization
Malware
any software that is used to do harm.
Lapping is best described as the process of
applying cash receipts to a different customer's account in an attempt to conceal prvious thefts of cash receipts.
37) Which of the following is an example of a preventive control
approving customer credit prior to approving a sales order
How does the U.S. Justice Department define computer fraud?
as an illegal act in which knowledge of computer technology is essential
Identity Theft
assuming someone's identity, usually for economic gain, by illegally ob- taining confidential information such as a Social Security number or a bank account or credit card numbe
Perpetrators do not typically
attempt to return or pay back stolen amounts soon after the initial theft, but find they are unable to make full restitution.
Why is computer fraud often much more difficult to detect than other types of fraud?
because massive fraud can be committed in only seconds, leaving little-to-no evidence
Which of the following is the best way to hide theft of assets?
charging the stolen asset to an expense account
Which of the following is not a management characteristic that increases pressure to commit fraudulent financial reporting?
close relationship with the current audit engagement partner and manager
25) Which of the following objectives involves parties external to the organization
compliance
In many cases of fraud, the ________ takes more time and effort than the ________.
concealment; theft
18) Jiao Jan had been the Web master for Folding Squid Technologies for only three months when he received an anonymous email that threatened to inundate the company Web site with access attempts unless a payment was wired to an account in Eastern Europe. Jiao was concerned that FST would suffer significant losses if the threat was genuine. The author of the email was engaged in
cyber-extortion.
Downloading a master list of customers and selling it to a competitor is an example of
data fraud.
8) The unauthorized copying of company data is known as
data leakage
48) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his company's budgeting practices. It seems that, as a result of "budget handcuffs" that require managers to explain material deviations from budgeted expenditures, his ability to creatively manage his department's activities have been curtailed. The level of control that the company is using in this case is a
diagnostic control system.
5) When a computer criminal gains access to a system by searching records or the trash of the target company, this is referred to as
dumpster diving
52) Hiring decisions at Frazier's Razors are made by Sheila Frazier, the Director of Human Resources. Pay rates are approved by the Vice President for Operations. At the end of each pay period, supervisors submit time cards to Sheila, who prepares paycheck requisitions. Paychecks are then distributed through the company's mail room. This represents a_________ segregation of duties
effective
30) The third ERM component is
event identification
What is the most prevalent opportunity within most companies to commit fraud?
failure to enforce the internal controls
Researchers have compared the psychological and demographic characteristics of white-collar criminals, violent criminals, and the general public. They found that
few differences exist between white-collar criminals and the general public
Intentional or reckless conduct that results in materially misleading financial statements is called
fraudulent financial reporting.
Which of the following is a financial pressure that could cause an employee to commit fraud?
having a spouse injured in a car accident and in the hospital for several weeks
10) Gaining control of someone else's computer to carry out illicit activities without the owner's knowledge is known as
hijacking
47) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Folding Squid Technologies
hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
51) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for
hiring and firing the external auditors.
Most frauds are detected by
hotline tip.
Which of the following is the greatest risk to information systems and causes the greatest dollar losses?
human errors and omissions
11. In planning an audit of a new client, an auditor most likely would consider the methods used to process acct information because such methods: a. Influence the design of internal control b. Affect the auditor's preliminary judgment about materiality levels
i. A
16. When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor most likely would increase the a. Extent of test of details b. Extent of test of controls
i. A
17. Control risk should be assessed in terms of a. Financial statements assertions b. Control environment factors
i. A
20. Which of the following journal entries would the auditor least likely examine in an effort to address the risk of mgmt override of controls? a. A journal entry made to record recurring periodic accounting estimates b. A journal entry made by an individual who does not typically make journal entries c. A journal entry made to a seldom-used account
i. A
24. Which of the following situations represents a risk factor that relates to misstatements arising from misappropriation of assets? a. A lack of independent checks b. An inability to generate cash flow from operations
i. A
25. Which of the following relatively small misstatements most likely could have a material effect on an entity's financial statements? a. An illegal payment to a foreign official that was not recorded b. A piece of obsolete office equipment that was not retired c. A petty cash fund disbursement that was not properly authorized d. An uncollectible account receivable that was not written off
i. A
32. An auditor uses the knowledge provided by the understanding of internal control and the final assessed risk of material misstatement primarily to determine the nature, timing and extent of the a. Tests of controls b. Substantive tests
i. A
41. When there are numerous property and equipment transactions during the year, an auditor who plans to assess control risk at a low level usually performs a. Tests of controls or limited tests of current year property and equipment transactions b. Analytical procedures for current year property and equipment transactions
i. A
46. Which of the following factors would least likely affect the extent of the auditor's consideration of the client's internal controls? a. The amount of time budgeted to complete the engagement b. How frequently the control is performed c. The expected deviation rate from the control d. The extent to which other tests provide evidence about the same assertion
i. A
51. An audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of FS? a. Document the auditor's understanding of internal controls b. Assess control risk at the maximum level
i. A (
30. Which of the following components of an entity's internal control includes the development of personnel manuals documenting employee promotion and training policies? a. Control environment b. Quality control system
i. A ( b is not an internal control)
7. Which of the following would an auditor most likely use in determining the auditor's preliminary judgment about materiality ? a. The entity's annualized interim FS b. The results of the internal control questionnaire
i. A (b is for the preliminary judgment about risk)
12. The audit work performed by each assistant should be reviewed to determine whether it was adequately performed and to evaluate whether the a. Results are consistent with the conclusions to be presented in the auditor's report b. Audit has been performed by persons having adequate technical training and proficiency as auditors
i. A (b is not a review )
19. Which of the following is not an inquiry the auditor should make to identify the risks of material misstatement due to fraud? a. Whether operating personnel have communicated to mgmt regarding internal control and how it functions to prevent, deter or detect material misstatement due to fraud b. How management communicates to employees its views on acceptable business practices?
i. A (it should be whether the management has communicated to those charged with governance)
40. An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that system flowcharts: a. Provide a visual depiction of client's activities b. Identify internal control weaknesses more prominently
i. A (not b bc it needs understanding)
38. In planning an audit, the auditor's knowledge about the DESIGN of relevant internal controls should be used to: a. Identify the types of potential misstatements that could occur b. Document the assessed level of control risk
i. A (not b because tests of controls determine b)
10. In using the work of a specialist, an auditor of a nonissuer may refer to the specialist in the auditor's report,if, as a result of the specialist's findings, the auditor: a. Becomes aware of conditions causing substantial doubt about the entity's ability to continue as a going concern b. Discovers significant deficiencies in the design of the entity's internal control that management does not correct...
i. A (not b because the report does not express opinion on internal control)
35. Internal control over safeguarding of assets may include controls relating to a. Financial reporting objectives b. Operations objectives c. Compliance objectives
i. A and b only
15. Which of the following risks may be assessed in qualitative and quantitative terms? a. Control risk b. Detection risk c. Inherent risk
i. All
9. During an audit an internal auditor may provide direct assistance to an independent CPA in a. Obtaining an understanding of internal control b. Performing tests of controls c. Performing substantive tests
i. All
4. The work of internal auditors may affect the independent auditor's a. Procedures performed in obtaining an understanding of internal control b. Procedures performed in assessing the risk of material misstatement c. Substantive procedures performed in gathering direct evidence
i. All (the internal auditor's work may affect the nature, timing, and extent of the audit, including procedures the auditor performs when obtaining an understanding of the entity's internal control, when assessing risk, and when performing substantive procedures.)
22. Which of the following circumstances most likely would cause an auditor to consider whether material misstatements exist in an entity's financial statements? a. Significant deficiencies in internal control previously communicated to management are not corrected b. Transactions selected for testing are not supported by proper documentation
i. B
26. When performing a substantive test of a random sample of cash disbursements, an auditor is supplied with a photocopy of vendor invoices supporting the disbursements for one particular vendor rather than the original invoices. The auditor is told that the vendor's original invoices have been misplaced. What should the auditor do in response to this situation? a. Increase randomly the number of items in the substantive test b. Reevaluate the risk of fraud, and design alternate tests for the related transactions
i. B
27. During the audit of a new client, the auditor determined that mgmt had given illegal bribes to municipal officials during the year under audit. The auditor notified the client's BOD, but the BOD refused to take any actions bc the amount was immaterial to the FS. What should the auditor do? a. Add an explanatory paragraph emphasizing b. Withdraw from the engagement
i. B
28. Which of the following procedures would an auditor most likely perform in planning a financial statement audit? a. Inquiring of the client's legal counsel concerning pending litigation b. Comparing the FS to anticipated results
i. B
29. Which of the following factors would most likely be considered an inherent limitation to an entity's internal control a. The complexity of the info processing system b. Human judgment in the decision making process
i. B
44. Which of the following audit techniques ordinarily would provide an auditor with the least assurance about the operating effectiveness of an internal control activity a. Preparation of system flowcharts b. Inquiry of client personnel
i. B
50. What is the most likely course of action that an auditor would take after determining that performing substantive tests on inventory will take less time than performing tests of controls a. Assess control risk at a low level b. Perform only substantive tests on inventory c. Perform only tests of controls on inventory
i. B
the objectives of tests of details transactions performed as tests of controls is to a. Determine whether internal controls have been implemented b. Evaluate whether internal controls operate effectively
i. B
34. Objectives of an entity include a. Info and communication systems b. Reliable financial reporting c. Effective and efficient operating
i. B &C (not a, it should be compliance)
49. As part of understanding internal control, an auditor is not required to: a. Ascertain whether internal controls have been implemented b. Obtain knowledge about the operating effectivenss of internal control
i. B ( evaluate not obtain knowledge)
47. Which of the following statements about performing tests of controls to support a lower level of control risk is not ture? a. Observation by the auditor provides more assurance than inquiry alone b. Inquiry alone generally will support a conclusion for a lower assessed level of control risk
i. B ( not conclusion)
2. Which of the following factors most likely would lead a CPA to conclude that a potential audit engagement should be rejected? a. Internal control activities requiring the segregation of duties are subject to mgmt override b. It is unlikely that sufficient appropriate evidence is available to support an opinion on the FS
i. B (a post-acceptance)
14. Before applying principal substantive tests to an entity's accounts receivable at an interim date, an auditor should: a. Ascertain that AR are immaterial to the FS b. Assess the difficulty in controlling the incremental audit risk
i. B (assess the incremental risk involved)
23. Which of the following procedures would least likely result in the discovery of possible illegal acts? a. Making inquiries of the client's management b. Reviewing an internal control questionnaire
i. B (b/s it does not tell the transactions have occurred)
48. After performing risk assessment procedures, an auditor decided not to perform tests of controls. The auditor most likely decided that a. The available evidence obtained thru tests of controls would not support an increased level of control risk b. It would be inefficient to perform tests of controls that would result in a reduction in planned substantive tests
i. B (not a bc it would not support a decreased level of control risk)
33. In obtaining an understanding of an entity's internal control, an auditor is required to obtain knowledge about the a. Operating effectiveness of controls b. Design of controls
i. B only (a is not for planning stage)
37. Which of the following is an inherent limitation of internal controls?? a. Judgmental sampling b. Collusion
i. B( not a bc sampling is not a judgment)
31. Which of the following statements about internal control is correct? a. The establishment and maintenance of internal control is an important responsibility of the internal auditor b. The cost-benefit relationship is a primary criterion that should be considered in designing internal control
i. B... (a is mgmt's responsibility)
1. A successor auditor ordinarily should request to review the predecessor's audit documentation relating to a. Contingencies b. Internal control
i. Both
39. Which of the following types of evidence would an auditor most likely examine to determine whether internal controls are operating as designed a. Gross margin info regarding the client's industry b. Confirmations of receivables verifying account balances c. Client records documenting the use of EDP programs d. Anticipated results documented in budgets or forecasts
i. C
21. Which of the following factors most likely would heighten an auditor's concern about the risk of fraudulent financial reporting? a. Low growth and profitability as compared to other entities in the same industry b. Large amounts of liquid assets that are easily convertible into cash c. An overly complex organizational structure involving unusual lines of authority
i. C (not b b/c it would heighten misappropriation of assets)
8. An internal auditor's work would most likely affect the nature, timing and extent of an independent CPA's auditing procedures when the internal auditor's work relates to assertions about the a. Existence of contingency b. Valuation of intangible assets c. Valuation of related party transactions d. Existence of fixed assets additions
i. D (a-c are subjective)
13. When assessing an internal auditor's competence, a CPA ordinarily obtains info about all of the following, except a. Quality of audit documentation b. Educational level and professional experience c. The audit plan and audit procedures d. Access to info about related parties
i. D (that has nothing to do with auditor's competence)
3. In assessing the objectivity of internal auditors, an independent auditor should?
i. Determine the organization level to which the internal auditors report
45. In an environment that is highly automated, an auditor determines that it is not possible to reduce detection risk solely by substantive tests of transactions. Under these circumstances, the auditor most likely would: a. Perform tests of controls to support a lower level of assessed control risk b. Increase the sample size to reduce sampling risk and detection risk c. Adjust the materiality level and consider the effect on inherent risk d. Apply analytical procedures and consider the effect on control risk
i. a
52. Which of the following explanations best describes why an auditor may decide to reduce tests of details for a particular audit objective? a. Analytical procedures have revealed no unusal or unexpected results b. There were many transactions posted to the account during the period
i. a
53. the most likely explanation why the auditor's examination cannot reasonably be expected to bring an illegal acts by the client to the auditor's attention is that a. illegal acts by clients often relate to operating aspects rather than accounting aspects b. illegal acts are perpetrated by management override of internal accounting control
i. a (not b -the audit should be designed to identify material misstatements due to illegal acts, even if they are caused by mgmt override of internal controls)
42. Tests of controls include procedures
i. inspecting documentation ii. inquiry iii. observation iv. reperformance
6. The work of a specialist who has a contractual relationship with the client may be acceptable under certain circumstances
i. the auditor should assess the risk that the specialist's objectivity might be impaired. ii. If the auditor believes that the relationship might impair the specialist's objectivity, the auditor should perform additional procedures with respect to the specialist's assumptions, methods or findings to determine that the findings are not unreasonable...
50) The COSO Enterprise Risk Management Integrated Framework identifies four objectives necessary to achieve corporate goals. Objectives specifically identified include all of the following except
implementation of newest technologies
Time-Based Model of Security
implementing a combination of preventive, detective and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised.
"Cooking the books" is typically accomplished by all the following except
inflating accounts payable.
Lebanese Looping
inserting a sleeve into an ATM that prevents it from ejecting the card. the perpetrator pretends to help the victim, tricking the person into entering the Pin again. once the victim gives up, the thief removes the card and uses it and the Pin to withdraw money.
Round-down fraud
instructing the computer to round down all interest calculations to two decimal places. the fraction of a cent rounded down on each calculation is put into the programmer's account.
27) What is the most important component of the ERM
internal environment
One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks. This is known as
kiting.
Which fraud scheme involves stealing customer receipts and applying subsequent customer cash payments to cover the theft?
lapping
Which of the following fraudulent acts generally takes most time and effort?
lapping accounts receivable
7) A part of a program that remains idle until some date or event occurs and then is activated to cause havoc in the system is a
logic bomb
Scareware
malicious software of no benefit that is sold using scare tactics.
2) Software that can be used to do harm is
malware
compatibility test
matching the user's authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action.
Excessive heat is an example of a(n) ________ threat.
natural and political disasters
Which characteristic of the fraud triangle often stems from a lack of internal controls within an organization?
opportunity
19) I work in the information technology department of a company I'll call CMV. On Wednesday morning, I arrived at work, scanned in my identity card and punched in my code. This guy in a delivery uniform came up behind me carrying a bunch of boxes. I opened the door for him, he nodded and went on in. I didn't think anything of it until later. Then I wondered if he might have been
piggybacking
11) Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called
piggybacking.
Which situation below makes it easy for someone to commit a fraud?
placing excessive trust in key employees B) inadequate staffing within the organization C) unclear company policies All of the above situations make it easy for someone to commit a fraud
SAS No. 99 requires that auditors
plan audits based on an analysis of fraud risk.
33) A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n)
preventive control
23) What type of internal controls finds the problem before it occurs
preventive controls
This component of the fraud triangle explains how perpetrators justify their (illegal) behavior
rationalization
Pharming
redirecting website traffic to a spoofed websites
45) According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except
reporting potential risks to auditors.
Which of the following is not an example of the fraud triangle characteristic concerned with rationalization
revenge against the company
21) In November of 2005 it was discovered that many of the new CDs distributed by Sony BMG installed software when they were played on a computer. The software was intended to protect the CDs from copying. Unfortunately, it also made the computer vulnerable to attack by malware run over the Internet. The scandal and resulting backlash was very costly. The software installed by the CDs is a
rootkit
virtualization
running multiple systems simultaneously on one physical computer.
1) Stealing tiny slices of money over time is which technique
salami technique
6) Jerry Schneider was able to amass operating manuals and enough technical data to steal $1 million of electronic equipment by
scavenging
14) It was late on a Friday afternoon when Troy Willicott got a call at the help desk for Taggitt Finances. A man with an edge of panic clearly discernible in his voice was on the phone. "I'm really in a bind and I sure hope that you can help me." He identified himself as Chet Frazier from the Accounting Department. He told Troy that he had to work on a report that was due on Monday morning and that he had forgotten to bring a written copy of his new password home with him. Troy knew that Taggitt's new password policy, that required that passwords must be at least fifteen characters long, must contain letters and numbers, and must be changed every sixty days, had created problems. Consequently, Troy provided the password, listened as it was read back to him, and was profusely thanked before ending the call. The caller was not Chet Frazier, and troy Willicott was a victim of
social engineering
3) Techniques used to obtain confidential information, often by tricking people, are referred to as what
social engineering
A power outage is an example of a(n) ________ threat.
software errors and equipment malfunctions
15) After graduating from college with a communications degree, Sylvia Placer experienced some difficulty in finding full-time employment. She free-lanced during the summer as a writer and then started a blog in the fall. Shortly thereafter she was contacted by Clickadoo Online Services, who offered to pay her to promote their clients by mentioning them in her blog and linking to their Web sites. She set up several more blogs for this purpose and is now generating a reasonable level of income. She is engaged in
splogging.
4) What type of software secretly collects personal information about users and sends it to someone else without the user's permission
spyware
29) What corporate objective is based on a company's mission statement
strategic
36) According to the ERM, high level goals that are aligned with and support the company's mission are
strategic objectives.
Identify the threat below that is not one of the four types of threats faced by accounting information systems
system inefficiency
bluebugging
taking control of someone else's phone to make or listen to calls, send or read text messages, connect to the internet, forward the victim's calls, and call numbers that charge fees.
34) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the following situations does this control detect
the box office cashier accidentally gives too much change to a customer.
Log Analysis
the process of examining logs to identify evidence of possible attacks.
Hardening
the process of modifying the default configuration of endpoints to eliminate unnecessary settings and services.
Patch Management
the process of regularly applying patches and updates to software.
Authorization
the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform.
Data Leakage
the unauthorized copying of company data, often without leaving any indication that it was copied.
Multifactor Authentication
the use of two or more types of authentication credentials in conjunction to achieve a greater level of security.
Misappropriation of assets is a fraudulent act that involves
theft of company property
Insiders are frequently the ones who commit fraud because
they know more about the system and its weaknesses than outsiders.
Cyber-Extortion
threatening to harm a company or a person if a specified amount of money is not paid.
Email Threats
threats sent to victims by e-mail. the threats usually require some follow-up action, often at great expense to the victim.
All of the following are required for an act to be legally classified as fraudulent except
to inflict pain.
53) The primary purpose of the Foreign Corrupt Practices Act of 1977 was
to prevent the bribery of foreign officials by American companies.
17) Jim Chan decided to Christmas shop online. He linked to Amazon.com, found a perfect gift for his daughter, registered, and placed his order. It was only later that he noticed that the Web site's URL was actually Amazom.com. Jim was a victim of
typosquatting.
Logic errors are an example of which type of threat?
unintentional acts
Which type of threat causes the greatest dollar losses?
unintentional acts
Cloud Computing
using a browser to remotely access software, data storage, hardware, and applications.
Social Engineering
using deception to obtain unauthorized access to information resources.
22) Wally Hewitt maintains an online brokerage account. In early March, Wally received an email from the firm that explained that there had been a computer error and that provided a phone number so that Wally could verify his customer information. When he called, a recording asked that he enter the code from the email, his account number, and his social security number. After he did so, he was told that he would be connected with a customer service representative, but the connection was terminated. He contacted the brokerage company and was informed that they had not sent the email. Wally was a victim of
vishing.
9) What is a denial of service attack
when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server.
13) A_______is similar to a________except that it is a program rather than a code segment hidden in a host program
worm; virus
The most efficient way to conceal asset misappropriation is to
write-off a customer receivable as bad debt