AIS Chapter 2
The potential for hardware and software incompatibility among users
A disadvantage of distributed data processing is A. the increased time between job request and job completion B. the potential for hardware and software incompatibility among users C. the disruption caused when the mainframe goes down D. that users are not likely to be involved E. none of the above are disadvantages
Unauthorized Access
Adequate backups will protect against all of the following except A. natural disasters such as fires B. unauthorized access C. data corruption caused by program errors D. system crashes
system interdependency
All of the following are control risks associated with the distributed data processing structure except A. lack of separation of duties B. system incompatibilities C. system interdependency D. lack of documentation standard
an elaborate water sprinkler system
All of the following are recommended features of a fire protection system for a computer center except A. clearly marked exits B. an elaborate water sprinkler system C. manual fire extinguishers in strategic locations D. automatic and manual alarms in strategic location
verification of the second site backup location
All of the following tests of controls will provide evidence about the physical security of the computer center except A. review of fire marshal records B. review of the test of the backup power supply C. verification of the second site backup location D. observation of procedures surrounding visitor access to the computer center
the initial recovery period is very quick
An advantage of a recovery operations center is that A. this is an inexpensive solution B. the initial recovery period is very quick C. the company has sole control over the administration of the center D. none of the above are advantages of the recovery operations center
Internally provided backup
In general which of the following disaster recovery techniques has the least risk associated with it? A. empty shell B. ROC C. internally provided backup D. they are all equally risky
all of the above
Segregation of duties in the IT environment includes A. Separating the programmer form the computer operator B. Separating News systems development from program maintenance C. Separating the DBA from systems development D. All of the above E. only a and b
allows programmers access to make unauthorized changes to applications during execution
Systems development is separated from data processing activities because failure to do so A. weakens database access security B. allows programmers access to make unauthorized changes to applications during execution C. results in inadequate documentation D. results in master files being inadvertently erased
Systems development
The following are examples of commodity assets except: A. Network management B. Data Center Operations C. Systems development D. Server maintenance E. All are commodity assets
Mutual Aid Pact
Which of the following disaster recovery techniques may be least effective in the case of a disaster? A. Empty Shell B. Mutual Aid Pact C. internally provided backup D. they are equally beneficial
Empty Shell
Which of the following disaster recovery techniques may be least effective in the case of a wide-spread natural disaster? A. empty shell B. internally provided backup C. ROC D. they are all equally beneficial
All of the above are control concerns
Which of the following is NOT a control concern in a distributed data processing environment? A. Redundancy B. Hiring qualified professionals C. Incompatibility D. Lack of standards E. All of the above are control concerns
The service provider prepares a separate SSAE 16 report tailored to the needs of each of its client firms, upon which the client auditors rely
Which of the following is NOT true about the SSAE report? A. It is a third-party attestation report B. It replaced statement on auditing standards no 70 (SAS 70) C. The service provider prepares a separate SSAE 16 report tailored to the needs of each of its client firms, upon which the client auditors rely D. When using the carve-out method, service provider management would exclude the subservice organization's relevant controls E. All of the above are true
RAID
Which of the following is a feature of fault tolerance control? A. interruptible power supplies B. RAID C. DDP D. MDP
computer services function
Which of the following is not an essential feature of a disaster recovery plan? A. off-site storage of backups B. computer services function C. second site backup D. critical applications identified
Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients
Which of the following is not true? A. Large-scale IT outsourcing involves transferring specific assets to a vendor B. Specific assets, while valuable to the client, are of little value to the vendor C. Once an organization outsources its specific assets, it may not be able to return to its pre-outsource state. D. Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients
The SSAE 16 report, which is prepared by the outsourcer's auditor, attests to the adequacy of the vendor's internal controls
Which of the following is not true? A. Management may outsource their organizations' IT functions, but they cannot outsource their management responsibilities for internal control. B. Section 404 requires the explicit testing of outsourced controls. C. The SSAE 16 report, which is prepared by the outsourcer's auditor, attests to the adequacy of the vendor's internal controls. D. Auditors issue two types of SSAE 16 reports: Type I report and Type II report.
Core competency theory argues that an organization should focus exclusively on its core business competencies
Which of the following is true? A. Core competency theory argues that an organization should outsource core assets B. Core competency theory argues that an organization should focus exclusively on its core business competencies C. Core competency theory argues that an organization should not outsource commodity assets D. Core competency theory argues that an organization should retain specific assets in-house E. None of the above statements are correct
None of the above
Which of the following would strengthen organizational control in a centralized data processing environment? A. requiring the user departments to specify the general control standards necessary for processing transactions B. requiring that requests and instructions for data processing services be submitted directly to the computer operator in the data center C. Having the database administrator report to the systems development manager D. assigning maintenance responsibility to the original system designer who best knows its logic E. None of the above
