Systems Questions
Which statement best describes how a data governance framework aligns with managing data?
A data governance framework does more than just manage data. It provides a governance system that sets the rules of engagement for management activities.
In any organization, the completion of the first iteration of the human resources and payroll accounting information systems (AIS) cycle implies that at leas which other cycles have completed?
Financing or Revenue
Regarding cyberattacks, which of the following can record the source Internet Protocol (IP) address that was used to attack?
Firewall logs
Which of the following statements is true about a firewall and an intrusion detection system (IDS)?
Firewalls are a complement to an IDS.
Depreciation amount is calculated separately and is then reconciled to which of the following accounting information system (AIS) cycles?
General ledger system
The Control Objectives for Information and Related Technologies (COBIT) framework makes a clear distinction between which two enterprise disciplines?
Governance and management
What result is the most common direct result of a lack of a clear record retention policy?
Growing data repositories with data kept past its useful lifetime
Which of the following regulations include specific requirements for data retention?
HIPAA, PCI-DSS, and GDPR
With multiple frameworks available that include data governance, what feature of the Control Objectives for Information and Related Technologies (COBIT) make it a good fit for organizations primarily interested in establishing links between business and IT goals for data management?
COBIT primarily focuses on security, risk management, and information governance.
All of the following items can help in database system recovery efforts except:
Check digit feature
Which of the following activities would not be part of the data analytics phase of the data life cycle?
Cleansing
How does an accounting information system (AIS) add value to an organization?
Collecting, analyzing, and presenting pertinent information for the primary value chain functions
Which definition best describes a relational database?
Collection of data that is stored logically as a collection of tables, along with a query language that makes it easy to find related data stored in separate tables
What primary characteristic of a relational database has made it the common enterprise database model for the last 40 years?
Common English-like query language
Which of the following is best to replace the use of personal identification numbers (PINs) in the world of automated teller machines (ATMs)?
Iris-detection technology
In the absence of a clear record retention policy, what are the most common respective negative impacts from under-retaining and over-retaining records?
Lack of evidence for investigations and excessive storage space use
Explain how data shared between financial and nonfinancial systems, each with different data input domains, can lose precision and granularity during the exchange process.
Larger input domain mapped to more limited input options
Regarding cybersecurity, which of the following is not a core part of defense-in-depth strategy?
Least functionality
Does a data warehouse generally have more or less granular data than an enterprise online transaction processing (OLTP) database?
Less granular; the ETL process aggregates data
What is the relationship between value chain and supply chain?
Linking the output of one organization's value chain to the input of another organization's value chain creates a single link in a supply chain
ABC Manufacturing (ABC) engaged Security Associates (SA) to carry out a vulnerability assessment of ABC's enterprise resource planning (ERP) environment. What would ABC expect SA's vulnerability assessment report to contain?
List of known vulnerabilities that exist in ABC's ERP environment
ABC Manufacturing realized that current operations were not in compliance with several regulations, including the European Union's GDPR. Governance, Risk, and Compliance (GRC) consultants recommend that ABC implement a new Enterprise Resource Planning (ERP) system. In what way can an ERP system best help ABC Manufacturing address its concerns?
Lower cost of compliance
Which of the following benefits is an organization most likely to realize first after implementing an Enterprise Resource Planning (ERP) system to replace separate financial, inventory, manufacturing, and shipping systems?
Lower operational costs
Identifying discrepancies between product shipping records and customer sales invoices by line item can affect which of the following accounting information system (AIS) cycles?
Revenue to cash cycle
When implementing the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, which framework component must be in place and precede defining control activities to ensure the selected controls meet stated objectives?
Risk assessment
Regarding database terminology, which of the following defines access keys and security locks in a database system?
Schema
Which one of the following advanced firewalls is most secure?
Screened subnet firewall
Of the following, which item is a characteristic of a database management system (DBMS)?
Security controls to prevent unauthorized access
Regarding enterprise performance management (EPM), the element check in the plan-do-check-act (PDCA) cycle focuses on which of the following in order to facilitate business planning and performance management activities?
Metrics and key performance indicators
What characteristic most influences the degree of impact an accounting information (AIS) system can have on an organization?
The quality of accounting information the AIS manages
Your small appliance manufacturing organization has experienced substantial growth over the last three years. Your separate financial, shop floor, and shipping systems no longer can keep up with your production demands, and management cannot keep track of what is going on in each system. You hire a consulting firm to assess your business environment and recommend a solution to help you manage the ever-growing demand for your products and separation of business processes. The consultants recommend that your organization implement an ERP system and provide an explanation of four main benefits of an ERP system. Which benefit most directly drives the decision to implement an ERP system?
Visibility of the entire organization's operation
Regarding cyberattacks, which of the following identifies a flaw in hardware, firmware, or software that leaves an information system open to potential exploitation by hackers and others?
Vulnerability testing
In order to detect and thwart cyberattacks, which of the following controls provides the strongest level of security?
Passwords plus biometrics plus PINs
Healthy Life, Inc. (HLI), is a health services company that specializes in managing health services scheduling. To ensure HIPAA compliance, HLI has engaged White Hat Security Group (WHSG) to evaluate the strength of its security controls. HLI wants WHSG to attempt to "break in" to its information systems to see how resilient it is to attacks. What type of engagement is HLI requesting?
Pen testing
What technique to identify security vulnerabilities allows security professionals to act as attackers to identify potential system security weaknesses?
Pen testing
What is the one single characteristic that separates a pen test from a real cyber attack?
Permission
A strong data retention policy can help organizations maintain compliance with data retention regulatory requirements. Once a policy is approved and in place, what else is necessary to provide the greatest assurance that the policy will be effective?
Personnel education
Solid Retirement Plans, Inc. (SRPI), recently acquired a smaller competitor, Grow Your Money (GYM). SRPI recently passed a complete security evaluation and included an independent attestation of security readiness in its annual report. SRPI stockholders are concerned that GYM's information systems may not be as secure as SRPI's information systems, and could pose a security risk. What recommendations would you make to SRPI to provide assurance to its stockholders that GYM's information system security controls are just as effective as SRPI's information system security controls?
Conduct a security control gap analysis between SRPI and GYM, followed by a pen test of GYM with the same scope used for the SRPI pen test.
Which two security properties are most commonly addressed using access controls?
Confidentiality and integrity
Which of the following components exist in both of COSO's Internal Control and Enterprise Risk Management frameworks?
Control Activities
Which of the following data publication concerns presents the highest probability of privacy compliance violation?
Controlling data is not possible once it is sent to another entity.
Enterprise Performance Management (EPM) is also known by what other names?
Corporate Performance Management (CPM) or Business Performance Managment (BPM)
What s the biggest obstacle to deciding to implement an enterprise resource planning system?
Cost of the implementation process
For biometric accuracy, which of the following defines the point at which the false rejection rates and the false acceptance rates are equal?
Crossover error rate
What term is best described as converting observations of real-world attributes and events into digital representations?
Data collection
What IT and business collaboration results in improved trustworthiness and quality of an enterprise's data?
Data governance
What enterprise endeavor is best described as a holistic approach to managing, improving, and leveraging information to help an enterprise's overall data management efficiency?
Data governance
What term is best described as the people, processes, and information technology required to create a consistent and proper handling of an organization's data across the business enterprise?
Data governance
Which term is best defined as "the exercise of decision-making and authority for data-related matters"?
Data governance
Which of the following is a major reason for the success and popularity of a relational database system?
Data is presented in a table format
Suppose your organization collects and analyzes water and air temperature readings, as well as relative humidity measurements, at all of your manufacturing and distribution facilities to understand seasonal trends and better predict energy use to maintain a consistent facility environment. During which data life cycle phase would measurements be normalized to make it easier to compare data sampled by sensors using different units of measure?
Data maintenance
Which definition best describes data governance?
Data management techniques that empower an organization to protect high data quality standards throughout the data's life cycle
Most U.S. organizations are required to provide access to employment tax records for up to four years after the tax is due or is paid (whichever is later). What policy should an organization have in place to ensure needed tax records are available on demand?
Data retention policy
What role's primary responsibility is to ensure that data governance processes are followed, guidelines enforced, and recommends improvements to data governance processes?
Data steward
Staying Healthy, Inc. (SHI), is an online health services broker that helps members find healthy activities near them that help them to quality for health insurance premium discounts and perks. SHI uses member data to recommend events and activities, but is careful to avoid violating its members' privacy. One technique to maintain privacy is to reduce the granularity of identifying data, such as classifying members as residing in an area consisting of several postal codes, instead of identifying a single postal code. In which phase of the data life cycle would SHI members be associated with a larger physical area to reduce privacy leakage?
Data synthesis
Which phase of the data life cycle presents the most governance and compliance challenges?
Data usage
Which of the following store precomputed, descriptive, and numerical data after extracting and transforming transactional data into operational informational in a central location?
Data warehouses
XYZ Tire Distributors engaged Advance Consulting to carry out data governance gap analysis and provide the results to XYZ's upper management. During Advance's executive presentation of the analysis results, consultants reported that current IT infrastructure was insufficient to satisfy data availability for continuous business operation. Which of the following recommendation would Advance Consulting likely make to best address this gap?
Database replication
What term refers to a database's data definition, which specify attributes that govern how that database stores each piece of data?
Database schema
What is the main difference between a database and a data warehouse?
Databases store current transactional data while data warehouses store historical summary data
What is the most common noticeable impact of separate financial and nonfinancial systems to workflow when creating expenditure transactions for matching production activities
Delays-Increased processing time
Which of the following is not one of the actions taken by a firewall on a network packet?
Destroy
Regarding cyberattacks, what do fundamental goals or elements of the defense-in-depth strategy include?
Detect-and-respond
All of the following facilitates information retrievable and data analytics as they store historical data except:
Distributed database systems
All of the following facilitates information retrieval and data analytics as they store historical data except:
Distributed database systems
Which of the following statements is not true about Internet firewalls?
A firewall can protect against computer viruses in personal computers.
Which of the following cases most closely fits the characteristics of a data warehouse solution?
A non-profit organization with three distinct business units, each with its own IT system and infrastructure, and a need to perform periodic analysis of performance across all business units.
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), how is internal control best described?
A process
At what point do many organizations encounter obstacles when implementing data governance?
Working collaboratively across business units
From a software vulnerability point of view, which one of the following items is different from the other three items?
Zero-day warez
Enterprise Resource Planning (ERP) systems can implement which of the following technologies to increase the efficiency and effectiveness of accounting and financial tasks?
Artificial Intelligence and machine-learning technologies
What primary characteristics identify data as a likely candidate for capture?
At least one data value differs from previously stored data and the remaining values align with current or planned analysis requirements.
Suppose your organization uses separate financial and nonfinancial systems. During a routine audit, you find that there are several shipments that are never billed each month. Where would you most likely start to look to find the cause of this issue?
Audit both systems and match transactions
All of the following processes are part of Enterprise Performance Management (EPM) except:
Auditing policies for compliance
Which of the following items is an advantage of an ERP system?
Improved reporting
Which of the following components exists in both of COSO's Internal Control and Enterprise Risk Management frameworks?
Information and Communication
Which of the following best describe an enterprise resource planning (ERP) system?
Integrated business process management software that manages all aspects of business activities
The Control Objectives for Information and Related Technologies (COBIT) framework formally defines core governance and management objectives, grouped into domains, all to satisfy principles for a governance system. How many objectives, domains, and principles does COBIT define?
40 core governance and management objectives, 5 domains, and 5 principles
What is the primary difference between a pen test and a vulnerability assessment?
A vulnerability assessment attempts to only identify vulnerabilities that exist in a system, while a pen test attempts to exploit vulnerabilities.
Why is a vulnerability assessment generally conducted prior to a pen test?
A vulnerability assessment provides a prioritized list of vulnerabilities that provide pen testers likely attack vectors to exploit.
From the perspective of upper management of an international manufacturing organization with dozens of subsidiaries, arrange the benefits of implementing an Enterprise Resource Planning (ERP) system in order of value, with the most valuable benefit listed first: A- Comprehensive, real-time reporting B- Reduced financial transaction settlement time C- Lower operational costs D- Operational transparency
A,C,D,B
Since enterprise resource planning systems provide integrated enterprise activity management, how can artificial intelligence (AI) and machine learning help to add more value to ERP?
AI and machine learning can aid in automating processes and supporting real-time decision making
What characteristic makes a firewall "advanced"?
Ability to examine the contents of a packet, as opposed to just its addresses and destination port
What type of security control includes authentication and authorization?
Access control
Why is an accounting information system (AIS) insufficient to enforce compliance with production cost budgetary limits?
An AIS imposes controls based on the organization's policies and is subject to the organization's tolerance
XYZ Plastics Corporation is a plastic product manufacturing and recycling organization that consists of 12 subsidiaries across 7 countries. An operational efficiency review of the XYZ organization resulted in a finding that multiple business functions are duplicated across business units and locations. In what way could an enterprise resource planning (ERP) system address finding and make XYZ more efficient?
Better resource utilization
Why are biometric controls generally considered to be more secure than passwords or tokens?
Biometric controls depend on a physical characteristic, which is more difficult to transfer to an unauthorized individual than a password or other physical device.
What type of access control is referred to as a "What you are" or "What you do" control?
Biometrics
Which of the following business goals are best aligned with enterprise performance management (EPM) features?
Business strategy transparency and improved scalability
Trident Manufacturing is currently pursuing data governance initiatives as part of its current fiscal year goals. Who most likely is driving these initiatives, and what is their likely motivation?
C-level executives responding to external regulations
What is enterprise performance management software?
EPM is enterprise software that helps organizations link their strategies to their plans and execution
How do enterprise performance management (EPM) and enterprise resource planning (ERP) relate to one another?
ERP is a subset of EPM
An application or suite of applications that automate, track, and support a range of administrative and operational business processes, such as the supply chain, across multiple industries can best be described as a(n):
ERP solution
You have been assigned the role of project manager for the project to assess the viability of moving from separate financial and nonfinancial systems to a unified information system. After examining the challenges in maintaining separate systems, what is the most powerful argument for funding the effort to move to an integrated information system?
Easier auditaility of full transaction life cycle
Which of the following economic principles can help an Enterprise Resource Planning (ERP) system to integrate financial systems and nonfinancial systems?
Economies of scope
What impact does implementing enterprise performance management (EPM) have on how legacy spreadsheets are used to track performance?
Eliminates, or at least augments, legacy spreadsheets
All of the following are the proper roles of information technology (IT) in enterprise resource planning (ERP) except:
IT is an inhibitor of ERP
What is the primary objective of Enterprise Performance Management (EPM)?
Ensure strategic goals and objectives are clearly communicated and understood by managers, and are reflected in their budgets and plans
What enterprise system includes e-commerce systems, front-office and back-office applications, data warehouses and external data sources, and consists of the processes of monitoring performance across the enterprise with the goal of improving business performance?
Enterprise Perfomance Management (EPM)
What is an EPM?
Enterprise Performance Management- this process and software system are designed to help companies link their strategic goals and objectives, communicate them to management, and align them with their budgets and corporate plans
Spend analysis is conducted on which of the following accounting information system (AIS) cycles?
Expenditures cycle
What common process must occur periodically to update a data warehouse?
Extract, Transform, Load (ETL)
Implementing an Enterprise Resource Planning (ERP) system impacts every aspect of an organization, from day-to-day operations to long-range strategic planning. What desired benefit of an ERP system, when realized, aligns most closely with enterprise strategy.
Higher business outcomes
Enterprise Resource Planning (ERP) systems impact an enterprise's operations at all levels. How will enterprise customers realize the impact of a well-implemented ERP system?
Higher customer satisfaction and retention
Do advanced firewalls operate at higher or lower network layers than simple firewalls?
Higher, since advanced firewalls operate near the application layer, layer 7
Regarding the business planning and performance management aspects of enterprise performance management (EPM), which of the following is required to transform hindsight vision into foresight vision? I. Historical results II. Metrics and key performance indicators III. What-if analysis IV. Simulation models
I II III and IV
Regarding cyberattacks, identity thieves can get personal information through which of the following means? I. Dumpster diving II. Skimming III. Phishing IV. Pretexting
I, II, III, and IV
Which of the following are the major advantages of implementing enterprise resource planning (ERP) systems? I. Elimination of legacy systems II. Improvements in workflow processes III. Increased access to data IV. Standardization of IT infrastructure
I, II, III, and IV
Enterprise Performance Management (EPM) typically includes monitoring what type of metrics?
Key Performance indicators (KPI)
Once an organization makes the decision to implement an enterprise resource planning (ERP) system, what tends to be the biggest implementation obstacle?
Maintaining personnel support throughout the implementation process
Regarding cyberattacks, adware is responsible for which of the following
Malvertizing attack
What benefit of implementing a data warehouse has the greatest impact on production relational database systems?
Moving the performance impact of reporting and analysis processes from production database systems to the data warehouse system.
Regarding cyberattacks, pharming attacks are an example of which of the following?
Network-based attacks
How is a next-generation firewall (NGFW) different from a traditional firewall?
Next-generation firewalls combine traditional firewall features with the addition of other advanced features, including application filtering
Assume your organization offers payment terms of net 30 days to all customers. Your accounting information system (AIS) reports that your average time to pay across all customers is 33.5 days. Does this result indicate a problem in your expenditures cycle?
No, this metric does not indicate any problems in the expenditures cycle
Describe a potential consequence of separate financial and nonfinancial systems in which the nonfinancial system allows more activities that require funding than are approved by the financial system.
Nonfinancial system allows activities that are not authorized by the financial system and therefore will not be supported financially
What terms refers to iteratively decomposing database table design into its simplest form?
Normalization
Which enterprise performance management (EPM) feature best positions an organization to react quickly to changing business needs?
Predictive analytics
The data analytics phase of the data life cycle has the potential to provide the most value derived from data to an organization. Why is one specific type of analytics, prescriptive analytics, often considered to potentially yield the greatest value from data?
Prescriptive analytics gives organizations tools to control desired outcomes.
Penetration and vulnerability scanning are forms of what type of control?
Preventive
Security controls mitigate a wide variety of information security risks. Security Awareness Training would best fall under which of the following controls?
Preventive and Deterrent
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework is built on 17 building blocks that support effective internal control. The building blocks are stated as explicit goals necessary to implement effective internal controls across 5 components. What does COSO call these 17 building blocks?
Principles
What is the most valuable benefit of implementing an enterprise resource planning (ERP) system from the perspective of integrating manufacturing of standardized products with customer management?
Quality control can benefit from analyzing current customer feedback on product quality for recent purchases
What relational database management system feature provides the ability to "join" tables together, returning data that share a common value among the source tables? (Normally resolved by matching data in a common field or column among tables.)
Query language
Regarding cyberattacks, which of the following refers to data hijacking?
Ransomware attack
Accurate Accounting, Inc. (AAI), is an accounting firm that specializes in conducting regulatory compliance audits for enterprises in the international shipping industry. AAI has been retained by your firm to ensure compliance with the European Union's General Data Protection Regulation (GDPR). When investigating compliance with GDPR's "right to be forgotten" requirement, AAI is most likely to request which policy to examine first?
Record retention policy
What organizational policy focuses on when information gets moved to tertiary storage and when it is completely removed from the organization?
Record retention policy
Which of the following is well qualified to conduct a penetration testing on an organization's security posture?
Red team
Which of the following items is an advantage of an ERP system?
Regulatory compliance
Strutured query language (SQL) and query-by-example (QBE) are heavily used a query tool in which of the following database models?
Relational data model
What is the most common purpose for setting up a data warehouse?
Reporting and analysis
Regarding enterprise performance management (EPM), which of the following cannot facilitate business planning and performance management functions?
Spreadsheet software
Which of the following items is an advantage of an ERP (Enterprise Resource Planning) System?
Standardized business processes
Which one of the following items is not intrinsically a computer crime or even a misdeed?
Super-zapping
What is the primary role of the accounting information system (AIS) in the value chain?
Supporting activity
Which definition best describes a data warehouse?
System used to collect, aggregate, and store data in a central location to support reporting and analysis
What critical auditing capability is compromised when financial and nonfinancial transactions are handled by separate systems?
The ability to race transactions throughout their life cycle
What does the word "relational" refer to in the term "relational database"?
The ability to relate multiple tables through the intersection of common fields (columns)
How can an assessor determine if a system that contains nonfinancial information can impact a system with financial data?
The nonfinancial system and financial system are not logically separated within the network
Which of the following types of cyber-threat intelligence information sharing practices among user organizations can help better understand the behavior of threat actors such as hackers?
Threat tactics
What is the ultimate goal of a data governance framework?
To enable an enterprise's upper management to make informed decisions about how to manage data, realize value from it, minimize cost and complexity, manage risk, and ensure compliance
Big Idea Distributing (BID) provides shipping and warehousing for over 900 customers in 43 states. BID's executives committed to implementing the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework two years ago to better manage their operations, financial reporting, and compliance goals. After completing the implementation and full auditing cycle, BID executives are disappointed with the results and why some of BID's objectives are not being met, in spite of the enormous investment in COSO. A COSO review revealed that the COSO implementation was carried out well and results are consistent with COSO objectives. What is the most likely reason for the executives' disappointment?
Unrealistic expectations
Which of the following is created after automating the accounting and finance functions?
Value chain
Corporate performance management (CPM) software is embedded in which of the following to improve performance reporting quality?
one version of the truth
Which statement best describes the role of the accounting informations system (AIS) in the value chain?
the AIS should help an organization adopt and maintain its strategic position