ACCT4600 - Final
What percent of electronic records breached were in the financial services industry? A) 93% B) 84% C) 89% D) 97%
A) 93%
If Company A wants to send a contract and digitally sign it to Company B, Company B will use which key to verify the authenticity of the contract (aka, the digital signature)? A) Company A's public key B) Company A's private key C) Company B's public key D) Company B's private key
A) Company A's public key
Which of the following is NOT part of the 10 domains of cybersecurity? A) Database Security Domain B) Information Security and Risk Management Domain C) Control Access Domain D) Application Security Domain
A) Database Security Domain
Which of the following is not considered a deterrent to the physical access to corporate offices? A) GPS tracking B) fences C) locked doors D) cameras
A) GPS tracking
When evaluating purchased software, it is often helpful to use a decision table format to consider various issues and potential problems with the software. A question (or questions) to be asked in a decision table which might uncover any "skeletons in the closet" regarding a software package is A) How many other installations that are 'second-reference organizations' have used the software, and for how long? B) How stable is the software vendor? C) How closely does the software fit the needs of the company? D) How flexible is the software?
A) How many other installations that are 'second-reference organizations' have used the software, and for how long?
In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer? A) Nonrepudiation B) Encryption C) Authentication D) Integrity
A) Nonrepudiation
An IS auditor reviewing a series of completed projects finds that the implemented functionality often exceeded requirements and most of the projects ran significantly over budget. Which of these areas of the organization's project management process is the MOST likely cause of this issue? A) Project scope management B) Project time management C) Project risk management D)Project procurement management
A) Project scope management
Which of the following is a computer input device? A) Touch screen B) Plotter C) Speakers D) Flash drive
A) Touch screen
What does the system development methodology define? A) When to perform the steps B) How to perform the steps C) What steps to complete D) Where to complete the steps
A) When to perform the steps
A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor's main concern about the new process? A) Whether key controls are in place to protect assets and information resources B) If the system addresses corporate customer requirements C) Whether the system can meet the performance goals (time and resources) D) Whether owners have been identified who will be responsible for the process
A) Whether key controls are in place to protect assets and information resources
Functional acknowledgements are used: A) as an audit trail for electronic data interchange (EDI) transactions B. to functionally describe the IS department C. to document user roles and responsibilities D. as a functional description of application software
A) as an audit trail for electronic data interchange (EDI) transactions
Which encryption method is also called the 2-key method? A) asymmetric cryptography B) digital envelope C) symmetric cryptography D) substitution cypher
A) asymmetric cryptography
The three objectives of information security include A) confidentiality, integrity, and availability B) responsibility, integrity, and availability C) confidentiality, protection, and continuity D) protection, responsibility, and continuity
A) confidentiality, integrity, and availability
Which of the activities are performed in the design phase of the SDLC? A) create new system models based on user requirements B) define the opportunity the new system will address C) collect user requirements D) develop test plans
A) create new system models based on user requirements
Which routing device connects the enterprise's intranet to the Internet? A) gateway B) router C) A and C D) bridge
A) gateway
Systems design follows the "top-down approach". This means A) going from the general to the specific B) beginning with the needs and desires of top management and then considering other users' needs down to the "factory-floor" level C) going from specific program code to general descriptions of the system D) starting with a central computer system and then implementing systems for individual departments
A) going from the general to the specific
The type of firewall that keeps track of the destination IP address of each packet that leaves the internal network is called: A) stateful inspection firewall B) application firewall C) router packet filtering firewall D) DMZ
A) stateful inspection firewall
The SSL protocol addresses the confidentiality and the integrity of a message through A) symmetric encryption B) digital signature certificates C) message authentication code D) hash function
A) symmetric encryption
Normally, it would be essential to involve which of the following stakeholders in the initiation stage of a project? A) system owners B) system designers C) system builders D) system users
A) system owners
Which of the following is a strong password? A) sky&CAT B) 2s&Ytc8x C) DOG&bone D) ABC123
B) 2s&Ytc8x
What percent of breaches were aided by significant errors? A) 87% B) 67% C) 45% D) 78%
B) 67%
What is a denial-of-service attack? A) A hacker defaces a company's Web site B) A hacker overloads the enterprise's bandwidth, effectively shutting down the Web site C) A hacker tracks customer transactions and steals customer payments or redirect goods to a different shipping address D) A hacker uses the e-commerce client application to access the enterprise's financial system for fraudulent purposes
B) A hacker overloads the enterprise's bandwidth, effectively shutting down the Web site
Which phase in the SDLC typically takes the longest? A) Buy/Build B) Deploy C) Design D) Plan
B) Deploy
It translates human-readable computer hostnames into the IP addresses that networking equipment needs for delivering information. A) eXtensible Markup Language B) Domain Name Server C) Uniform Resource Locator D) Electronic Data Interchange
B) Domain Name Server
Which legislation requires each federal agency to develop, document, and implement an agency-wide information security program? A) Federal Privacy Act of 1974 B) Federal Information Security Management Act of 2002 (FISMA) C) Computer Fraud and Abuse Act D) Employee Privacy Issues
B) Federal Information Security Management Act of 2002 (FISMA)
What is one advantage of using a baseline module? A) It decreases the testing time frame B) It reduces the opportunity for design errors C) It reduces user requirements D) It increases the build time frame
B) It reduces the opportunity for design errors
Which of the following provides the GREATEST assurance of message authenticity? A) The message digest and the message are encrypted using the secret key B) The message digest is encrypted using the sender's private key C) The message digest is derived mathematically from the message being sent D) The sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority
B) The message digest is encrypted using the sender's private key
Which of the following is not a goal of developing an overall systems plan and strategy? A) Duplication and wasted effort will be minimized B) The systems analysis phase will be minimized in favor of design and implementation when budget constraints are present C) Systems development in the organization will be consistent with the overall strategic plan of the organization D) Resources will be targeted to the subsystems where the needs are greatest
B) The systems analysis phase will be minimized in favor of design and implementation when budget constraints are present
Which stage of the ABC methodology of software development focuses on the features common to most accounting systems? A) analysis stage B) baseline stage C) customization stage D) design stage
B) baseline stage
Which authentication method involves analyzing the user's retina? A) token device B) biometrics C) single sign-on D) dynamic password
B) biometrics
An organization is using symmetric encryption. Which of the following would be a valid reason for moving to asymmetric encryption? Symmetric encryption A) provides authenticity B) can cause key management to be difficult C) requires a relatively simple algorithm D) is faster than asymmetric encryption
B) can cause key management to be difficult
An agreement or conspiracy among two or more people to commit fraud is known as A) misrepresentation B) collusion C) misappropriation D) embezzlement
B) collusion
Botnets are normally used for which of the following? A) continuity planning B) denial of service attacks C) grid computing D) cloud computing
B) denial of service attacks
Which phase of the SDLC involves users entering data into the new system? A) install B) deploy C) build D) design
B) deploy
The sender of a public key would be authenticated by a: A) registration authority. B) digital certificate. C) digital signature. D) certificate authority.
B) digital certificate.
The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to A) provide user authentication B) ensure availability of data C) achieve performance improvement D) ensure the confidentiality of data
B) ensure availability of data
Since many personal computer users do not properly back up their files, a system that centralizes the backup process is essential. A backup of all files on a given disk is known as a(n) A) incremental backup B) full backup C) differential backup D) emergency backup
B) full backup
Which access control threat are programs or devices that examine traffic on the enterprise network? A) identity theft B) network sniffer C) password attack D) spoofing at log-on
B) network sniffer
The project schedule is defined in which phase of the SDLC? A) analysis B) plan C) build D) design
B) plan
The purpose of a deadman door controlling access to a computer facility is PRIMARILY to A) starve a fire of oxygen B) prevent piggybacking C) prevent an excessively rapid entry to, or exit from, the facility D) prevent toxic gases from entering the data center
B) prevent piggybacking
Which of the following would BEST help to prioritize project activities and determine the timeline for a project? A) function point analysis (FPA) B) program evaluation review technique (PERT) C) a Gantt chart D) earned value analysis (EVA)
B) program evaluation review technique (PERT)
An organization is implementing an enterprise resource planning (ERP) application to meet its business objectives. Of the following, who is PRIMARILY responsible for overseeing the project in order to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results? A) system development project team (SDPT) B) project steering committee C) user project team (UPT) D) project sponsor
B) project steering committee
In the private sector, data with this classification requires higher than normal security measures to ensure data integrity and security. A) public B) sensitive C) confidential D) private
B) sensitive
A hacker could obtain passwords without the use of computer tools or programs through the technique of A) trojan horses B) social engineering C) backdoors D) sniffers
B) social engineering
In the preparation of design specifications, which of the following activities is undertaken after all of the others have been completed? A) designing management reports B) specifying inputs C) database design D) specifying processing steps
B) specifying inputs
Which encryption method replaces a letter of the alphabet for another letter of the alphabet? A) symmetric cryptography B) substitution cypher C) digital envelope D) asymmetric cryptography
B) substitution cypher
When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST? A) the project budget B) the critical path for the project C) the personnel assigned to other tasks D) the length of the remaining tasks
B) the critical path for the project
What percent of breaches came from within a corporation? A) 35% B) 68% C) 20% D) 50%
C) 20%
The waterfall methodology of software development has how many basic steps? A) 9 B) 7 C) 5 D) 12
C) 5
Which of the following satisfies a two-factor user authentication? A) Iris scanning plus fingerprint scanning B) Terminal ID plus global positioning system (GPS) C) A smart card requiring the user's PIN D) User ID along with password
C) A smart card requiring the user's PIN
Which type of malware consists of tiny pieces of programming code that install themselves on the infected computer called a Zombie? A) Trojan Horses B) Logic Bombs C) Bots D) Worms
C) Bots
Based on the system analysis, new system models are designed including the following except A) business process models B) people models C) COSO models D) database models
C) COSO models
In the government sector, unauthorized disclosure of data with this classification might be harmful to national security. A) Sensitive But Unclassified B) Top Secret C) Confidential D) Secret
C) Confidential
Which of the following is the most reliable sender authentication method? A) Digital signatures B) Asymmetric cryptography C) Digital certificates D) Message authentication code
C) Digital certificates
Which of the following ensures a sender's authenticity and an e-mail's confidentiality? A) Encrypting the hash of the message with the sender's private key and thereafter encrypting the hash of the message with the receiver's public key B) The sender digitally signing the message and thereafter encrypting the hash of the message with the sender's private key C) Encrypting the hash of the message with the sender's private key and thereafter encrypting the message with the receiver's public key D) Encrypting the message with the sender's private key and encrypting the message hash with the receiver's public key
C) Encrypting the hash of the message with the sender's private key and thereafter encrypting the message with the receiver's public key
Which legislation requires financial institutions to provide customers with privacy notices and prohibits the institutions from sharing customer information with nonaffiliated third parties? A) Federal Privacy Act of 1974 B) Sarbanes-Oxley C) Gramm-Leach-Bliley Act D) Computer Security Act of 1987
C) Gramm-Leach-Bliley Act
Which of the following is a benefit of using the ABC methodology of software development? A) The ABC approach incorporates the COSO framework B) The ABC approach is in compliance with SOX regulations. C) The ABC approach is flexible to meet the varying needs of the enterprise through customization D) A and C
C) The ABC approach is flexible to meet the varying needs of the enterprise through
In an online banking application, which of the following would BEST protect against identity theft? A) Encryption of personal password B) Restricting the user to a specific terminal C) Two-factor authentication D) Periodic review of access logs
C) Two-factor authentication
What does the system development life cycle define? A) When to perform the steps B) How to perform the steps C) What steps to complete D) Where to complete the steps
C) What steps to complete
A long variable-length string can be converted into a short fixed-length string by using A) secret-key encryption B) public-key encryption C) a hashing function D) a digital time-stamping service
C) a hashing function
What is a microcomputer? A) a computer with moderate computing power B) a powerful, high-speed computer used for complex numerical calculations C) a personal computer or laptop D) a smart phone
C) a personal computer or laptop
Operations security refers to A) security for telecommunications, networks, and the Internet B) the physical security of information technology components, such as hardware and software C) activities and procedures required to keep information technology running securely D) security for access to the enterprise system, including computers, networks, routers, and databases
C) activities and procedures required to keep information technology running securely
Digital IDs are issued by A) E-business B) web browser C) certificate authority D) registration authority
C) certificate authority
A commercial disaster recovery site that provides air conditioning, wiring, and plumbing but does not contain any IT equipment is called A) warm site B) hot site C) cold site D) internal site
C) cold site
Which phase of the SDLC involves users entering data into the new system? A) install B) design C) deploy D) build
C) deploy
Which of the following is the BEST method for preventing the leakage of confidential information in a laptop computer? A) use a biometric authentication device B) use two-factor authentication to logon to the notebook C) encrypt the hard disk with the owner's public key D) enable the boot password (hardware-based password)
C) encrypt the hard disk with the owner's public key
The FIRST step in a successful attack to a system would be A) denying services B) evading detection C) gathering information D) gaining access
C) gathering information
A flying-start site A) is the most commonly adopted option for companies with disaster recovery plans. B) usually cannot be made operational within 24 hours. C) involves mirroring of transactions at the primary site, followed by transmission of data to the backup site. D) is arranged through a service bureau.
C) involves mirroring of transactions at the primary site, followed by transmission of data to the backup site.
IT security management responsibility includes A) developing contingency plans for virus attacks B) input/output controls C) maintaining security devices and software D) training to all employees to inform and educate them regarding security policies and procedures
C) maintaining security devices and software
Which of the following is not part of cyber forensics? A) examining evidence of cybercrime B) preserving evidence of cybercrime C) prevent cybercrime D) collecting evidence of cybercrime
C) prevent cybercrime
What is the purpose of installing firewalls on bridges, routers, and gateways? A) ensuring unauthorized access to the network B) preventing data from moving too quickly over the network C) preventing unauthorized access to the network D) detecting unauthorized access to the network
C) preventing unauthorized access to the network
In IT architecture security, what is not part of the software application ring? A) web browsers B) word processing applications C) relational database management system D) accounting software
C) relational database management system
Which of the following is a technique that could be used to capture network user passwords? A) spoofing B) data destruction C) sniffing D) encryption
C) sniffing
What percentage of breaches in the financial services industry were tied to organized crime? A) 34% B) 84% C) 66% D) 90%
D) 90%
Which of the following is the MOST reliable form of single factor personal identification? A) Smart card B) Password C) Photo identification D) Iris scan
D) Iris scan
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to-consumer transactions via the Internet? A) Customers are widely dispersed geographically, but the certificate authorities are not B) Customers can make their transactions from any computer or mobile device C) The certificate authority has several data processing subcenters to administer certificates D) The organization is the owner of the certificate authority
D) The organization is the owner of the certificate authority
Which of the following is an advantage of the waterfall methodology of software development over the prototyping methodology? A) longer testing time frame B) greater user input during the design phase C) smaller design time frame D) all user requirements are defined at the beginning of the project
D) all user requirements are defined at the beginning of the project
A company which specalizes in processing the data of other companies, but not its own, is a A) flying-start site B) emergency response center C) commercial vendor of disaster services D) computer service bureau
D) computer service bureau
A honeypot is used to A) distract hackers B) store the company web site C) catch hackers D) distract and catch hackers
D) distract and catch hackers
Which network protocol (software) allows the enterprise network to connect to the network of vendors and suppliers through proprietary lines? A) transport control protocol (TCP) B) internet protocol (IP) C) ethernet protocol D) electronic data interchange (EDI)
D) electronic data interchange (EDI)
Which network protocol (software) is commonly used to connect computers to create a LAN? A) electronic data interchange (EDI) B) internet protocol (IP) C) transport control protocol (TCP) D) ethernet protocol
D) ethernet protocol
Cybercrimes are crimes connected to what? A) electronic transfer of funds B) the financial services industry C) electronic payments D) information assets and IT
D) information assets and IT
The Weapons Testing Laboratory is implementing a new computer system. It desires to use the safest final system testing approach. It should choose A) the direct approach B) the cutoff approach C) modular conversion D) parallel operation
D) parallel operation
An interactive approach using prototypes is called A) object oriented design B) waterfall development C) service-oriented development D) rapid application development
D) rapid application development
An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that A) a backup server be available to run ETCS operations with up-to-date data B) a backup server be loaded with all the relevant software and data C) the systems staff of the organization be trained to handle any event D) source code of the ETCS application be placed in escrow
D) source code of the ETCS application be placed in escrow
When identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those A) whose sum of activity time is the shortest. B) that give the longest possible completion time. C) whose sum of slack time is the shortest. D) that have zero slack time.
D) that have zero slack time.
In public key infrastructure (PKI), a registration authority: A) digitally signs a message to achieve nonrepudiation of the signed message. B) registers signed messages to protect them from future repudiation C) issues the certificate after the required attributes are verified and they keys are generated D) verifies information supplied by the subject requesting a certificate
D) verifies information supplied by the subject requesting a certificate
Database developers design and write the software for applications, such as accounting software. - True - False
False
For most enterprises it is more cost-effective to hire programmers to write custom software programs for all of their accounting functions. - True - False
False
In the prototyping methodology of software development, all the user requirements are gathered and analyzed before the product is built. - True - False
False
Initial project feasibility analysis is usually summarized in a one-page document consisting of three sections: Issue/Opportunity, Rationale, and Cost. - True - False
False
One activity included in the analysis phase of SDLC is developing budgets. - True - False
False
Requirement analysis involves collecting current system models consisting of database models, business process models, and people models. - True - False
False
System development life cycle is the order and timing of when the SDLC phases are completed. - True - False
False
The plan phase of a SDLC involves designing new system models to satisfy user requirements, either by creating a new model or by modifying existing models. - True - False
False
The waterfall methodology of software development consists of two stages: Baseline and Customization. - True - False
False
Accounting professionals are often the end users of the accounting system. - True - False
True
Database modeling consists of preparing a pictorial representation of the accounting database. - True - False
True
Design feasibility includes operational, economic, technical, schedule, cultural, and risk feasibility of the proposed IT architecture for the new system. - True - False
True
The SDLC provides a common language for communicating with programmers, system analysts, database administrators, and other IT professionals engaged in accounting system development. - True - False
True
The main reasons for project failure relate to activities that were not properly addressed in the first phase of the SDLC, the planning of the new system project. - True - False
True
The system development life cycle lists what steps to complete. - True - False
True
When a system can no longer be maintained, no longer satisfies enterprise requirments, or fails to address new opportunities, it will be replaced with a new system, and a new system development life cycle begins. - True - False
True
