FINAL COMPI, Assessment 4, AIS Exam #3 (CH. 13-15), AIS Final Exam questions
strategy map
A one-page representation of the firm's strategic priorities and the cause-and-effect linkages among those strategic priorities
Which of the following is an example of natural language processing?
A product which reads contracts and helps accountants with revenue recognition
c
A programming error causes the sale of an inventory item to be added to the quantity on hand attribute in the inventory master data. Which control goal was not achieved? a. ensure update completeness b. ensure input accuracy c. ensure update accuracy d. ensure input completeness
Which of the following best describes the skill sets used in data analytics?
Acquiring/cleansing data; Creating data structures/models; Mining/analyzing data.
Which of the following statements regarding the purposes of an operating system is correct? To control the flow of multiprogramming and tasks of scheduling in the computer. To ensure the integrity of a system. To allocate computer resources to users and applications. All of the choices are correct.
All are correct
What can users do with Tableau? Create calculated fields Build relationships between data sources All of the answers are correct Create data visualizations
All of the answers are correct
An auditor should be most concerned about which of the following when reviewing the risks of a company's wireless network: Availability. Integrity. All of the choices are correct. Confidentiality.
All of the choices are correct.
Power BI can source data from all of the following except? Power BI datasets Microsoft Excel All of the following are sources Text files
All of the following are sources
Which of the following is not a useful control procedure to control access to system outputs?
Allowing visitors to move through the building without supervision
Ethical principals are derived from all of the following except: A. Personal attitudes on issues of right and wrong. B. Cost benefit analysis. C. Cultural values. D. Societal traditions.
B. Cost benefit analysis
a
Before a complete input screen is recorded the data entry clerk is asked if the data should be accepted. This is which control plan? a. Online prompting b. Mathematical accuracy check c. Preformatted screen d. Confirm input acceptance
Which of the following is not one of the skill sets often associated with data analytics? A. Mining and analyzing data. B. Creating data structures and models. C. Normalizing data structures. D. Bifurcating data
Bifurcating data
COBIT framework takes the view that all IT processes should provide clear links between all of the following except: A. IT processes. B. IT controls. C. IT components. D. IT governance requirements
C. IT components
Which of the following is not a component of internal control as defined by COSO? A. Control environment. B. Control activities. C. Inherent risk D. Monitoring.
C. Inherent risk
Which of the following provides the advantage of incorporating other widely accepted standards and frameworks? ITIL. COSO 2013. COBIT 2019. ISO 27000.
COBIT 2019
A customer failed to include her account number on her check, and the accounts receivable clerk credited her payment to a different customer with the same last name. Which control could have been used to most effectively to prevent this error?
Closed-loop verification
Which of the following describes the primary goals of the CIA approach to information security management?
Confidentiality, Integrity, Availability.
Which type of blockchain would a corporation and their key supplier set up to facilitate transactions?
Consortium
Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system
D. Independently verify the transactions
Which of the following statements is most accurate with regard to business continuity management (BCM) and disaster recovery planning (DRP)?
DRP is an important component of BCM
a
Data redundancy: a. Occurs when data is stored in multiple locations b. Is eliminated by using the application approach c. Reduces labor and storage costs d. Improves consistency between applications
Which of the following is not an example of data questions which arise during the second step of the AMPS model, mastering the data?
Data serviceability.
Which of the following best summarizes the two key limiting factors for business systems when dealing with Big Data?
Data storage capacity and processing power
Which of the following does not represent a viable data backup method?
Disaster recovery plan
An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?
Disaster recovery plan.
Which of the following is considered an application input control?
Edit check.
Which of the following describes one weakness of encryption?
Encrypted packets cannot be examined by a firewall.
CAATs are commonly used in all of the following situations except: Transaction testing. Operating system vulnerability assessments. Network penetration testing. Encryption testing.
Encryption testing.
Powerpoint Is the most relevant data visualization tool
F
A RAID array implemented in a data center is an example of which of the following?
Fault tolerance.
Which of the following would not help create a appropriate question in the AMPS model? Narrowing the scope of the question. Ensuring the data has integrity. Knowledge of business processes. Making the statement succinct.
Knowledge of business processes.
Which of the following describes a group of computers that connects the internal users of a company distributed over an office building? LAN. Decentralized network. Internet. Virtual private network (VPN).
LAN
A wholesaling firm has a computerized billing system. Because of a clerical error while entering information from the sales order, one of its customers was billed for only three of the four line items ordered and received. Which of the following controls could have prevented, or resulted in prompt detection and correction, of this situation?
Matching line control counts produced by the computer with predetermined line control counts.
Which of the following is the best description of neural networks?
Mathematical models than convert inputs to outputs/predictions
Tableau can source data from all of the following except?
Microsoft Power Point
Which of the following items is one of the eight components of COSO's enterprise risk management 2004 framework?
Monitoring
The use of data analytics will likely result in significant changes to clients' expectations of their auditors. Which of the following is most likely not one of those expected changes?
More time spent gathering and testing data
Which of the following is a corrective control designed to fix vulnerabilities?
Patch management
Which of the following is a detective control?
Penetration testing
The maximum amount of time between backups is determined by a company's
Recovery point objective (RPO)
In general, the goal of information security management is to protect all of the following except:
Redundancy
b
Running an applications approach to sales and inventory programs leads to: a. A central database b. Data redundancy c. Higher efficiencies d. Reports that are easier to query
what are examples of enterprise IT?
SCM software, customer relationship management software
What is the first step to prepare Excel data?
Select insert>Table
. Data analytics are likely to play a significant role in future audit activities
T
Excel supports data presentation.
T
a
The ERM framework addresses four categories of management objectives. Which category of concerns laws and regulations? a. Compliance b. Operations c. Reporting d. Strategic
a
The _____ module of the SAP system handles payroll processing a. Human resources b. Controlling and profitability analysis c. Financial accounting d. Customer relationship management
c
The ability of more than one individual to come to the same measurement is known as a. accuracy b. completeness c. verifiability d. comparability
c
This logs and monitors who is on or trying to access an organization's network. a. Blometrics b. Electronic vaulting c. Intrusion detection systems (IDS) d. Firewall
How do data analysts use confusion matrices?
To understand a model's prediction results
c
_______ can consist of many computers and related equipment connected together via a network. a. PCs b. Servers c. LAN d. Firewall
1. Which of the following is a password security weakness? A. Users are assigned passwords when accounts are created, but do not change them. B. Users have accounts on several systems with different passwords. C. Users write down their passwords on a note paper, and carry it with them. D. Users select passwords that are not part of an online password dictionary.
a
1. Which of the following is not a balanced scorecard perspective? A. Stakeholder B. Financial C. Business process D. Customer
a
intangible IT investments can be summarized as the employees _____ to use the technology effectively
abilities
8. Which of the following should an analyst not do when on the second step of the AMPS model, mastering the data?
analyze the data
1. A disaster recovery approach should include which of the following elements? A. Encryption. B. Firewalls. C. Regular backups. D. Surge protectors.
c
37. Which of the following is a component of a PERT chart? A. Timeline. B. Gateway. C. Node. D. Bar.
c
Which of the following items is one of the eight components of COSO's enterprise risk management 2004 framework? a. operations b. reporting c. monitoring d. compliance
c. monitoring
IT projects often require large amounts of ______ and capital resources are limited for firms
capital
data warehouse
centralized collection of firm-wide data for a relatively long period of time
To prevent invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as:
check digit verification
All of the following controls for online entry of a sales order would be useful except
check digit verification on the dollar amount of the order.
confidentiality
communication cannot be read by unauthorized users parties
operational controls examples
define and document the security roles produce terms and conditions of employment conduct appropriate awareness training on wireless networks and providing regular updates n organizational policies & procedures
learning and growth perspective
describes the firm's objectives for improvements in tangible and intangible infrastructure
integrity
detect any intentional or unintentional changes to the data during transmission
If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is
effective
integrated test facility
enables test data to be continually evaluated during the normal operation of a system
computer-assisted audit techniques enable auditors to gather and analyze audit _____ to est the adequacy and reliability of financial information and internal controls in a computerized environment
evidence
organizational capital
investment in creating a unique corporate identity and culture - ensuring that employees know and are aligned with the organizations strategic objectives
information capital
investment in information - ensuring required access to information and the ability to communicate
security controls for wireless networks can be categorized into 3 groups:
management, operational, and technical controls
An online bank teller system permitted withdrawals from inactive accounts. The best control for denying such a withdrawal is a
master file lookup
benefits of using wireless technology
mobility: convenient online access without a physical network using cables for connection rapid deployment: time saving on implementing networks because of reduction in using physical cables flexibility and scalability: freely setting up or removing wireless networks at different locations
Confidentiality focuses on protecting
product costing information.
VPN devices
stations, access points
the _____ _____ technique uses a set of input data to validate system integrity in auditing the system. when creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system
test data
data mining
the process of searching for patterns in the data and analyzing these patterns for decision making
Segregation of duties reduces the risk of errors and irregularities in accounting records.
T
Smart contracts may be an opportunity for auditors as they contain business rules.
T
The chief executive officer is ultimately responsible for enterprise risk management.
T
The cost of a false prediction is important to data analysts
T
The fraud triangle includes incentive, opportunity and an attitude to rationalize the fraud
T
The goal of information security management is to maintain confidentiality, integrity and availability of a firm's information.
T
Which of the following is an example of using the test data technique? Create a statistical data sample. Embed an audit module in the source system. Input both valid and invalid transactions. Reprocessing actual data.
Input both valid and invalid transactions.
Which of the following best represents the virtuous cycle of machine learning?
Input customer purchase data→Learn pattern→Predict future purchases
b
Inputting a range of number comprising a batch and then inputting each serially numbered document is characteristic of the control plan called: a. Cumulative sequence check b. Batch sequence check c. Suspense file of missing numbers d. Computer agreement of batch totals
Blockchain was built to minimize the use of:
Intermediaries
c
Internet market exchanges: a. Restrict those that can participate b. Eliminate the need for credit and background checks c. Bring together buyers and sellers in the same industry d. Are approved by the Federal Trade Commission (FTC)
A Public Key Infrastructure (PKI) provides the ability to do which of the following?
Issue, maintain, and revoke digital certificates.
What must first be added to the page when creating a visualization in Power BI?
Table
Which visualization tool creates dashboards and stories?
Tableau
Which type of chart is best to show a persons' weight over time?
Line chart
LAN is the abbreviation for: Large Area Network. Longitudinal Analogue Network. Low Analytical Nets. Local Area Network.
Local Area Network
Which type of chart is best for categorical data?
Vertical bar
a
Software that builds and maintains an organization's customer-related database is known as a. customer relationship management (CRM) software b. Customer self service (CSS) software c. Sales force automation (SFA) software d. Supply chain management (SCM) software
d
Software that manages the interactions with the organization's that supply the goods and services to an enterprise is known as a. Customer relationship management (CRM) software b. Customer self service (CSS) software c. Sales force automation (SFA) software d. Supplier relationship management (SRM) software
When a bank has an input file of FICO scores and uses machine learning to help predict credit losses for each customer, they are likely using which type of learning?
Supervised learning
, Datasets that are too large and complex for businesses' existing systems utilizing traditional capabilities are referred to as big data.
T
A Certificate Authority (CA) issues digital certificates to bond the subscriber with a public key and a private key.
T
A benefit of blockchain is the lowered cost of processing transactions.
T
A common step in preparing data for visualization is setting relationships among tables
T
A firm must establish control policies, procedures, and practices that ensure the firm's business objectives are achieved and its risk mitigation strategies are carried out.
T
A use case for blockchain may exist wherever there is a significant cross-organization workflow
T
A wireless network is comprised of access points and stations. Access points logically connect stations to a firm's network.
T
Accountants increasingly participate in designing internal controls and improving business and IT processes in a database environment.
T
Which of the following combinations of credentials is an example of multimodal authentication?
Voice recognition and fingerprint reader
An Integrated test facility (ITF) is an automated technique that enables test data to be continually evaluated during the normal operation of a system.
T
An embedded audit module is a programmed audit module that is added to the system under review.
T
A Trojan Horse is a self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
F
A Virtual private network (VPN) is a private network, provided by a third party, for exchanging information through a high capacity connection.
F
A company's audit committee is solely responsible for fraud risk assessments
F
A company's audit committee is solely responsible for fraud risk assessments.
F
A data warehouse is for daily operations and often includes data for the current fiscal year only.
F
According to the Sarbanes-Oxley Act of 2002, it is the responsibility of the Board of Directors to establish and maintain the effectiveness of internal control.
F
According to the results of the PWC's 18th Annual Global CEO Survey, CEO's aren't yet ready to place a high value on data analytics.
F
Asymmetric-key encryption is suitable for encrypting large data sets or messages.
F
Blockchain is a highly regulated technology.
F
COBIT 5.0 defines "governance" as the responsibility of management to ensure that the organization's objectives are achieved by evaluating stakeholder needs, setting direction through decision making, and monitoring performance.
F
Computer-assisted audit techniques (CAAT) are often used when auditing a company's IT infrastructure.
F
Consortium blockchain has no access restrictions in relation to viewing or participating in the blockchain network.
F
Data analytics can provide deep insight into financial data, but is not particularly useful when evaluating non-financial data such as social media.
F
Data analytics is used to publish historical information.
F
Data visualization presents data in tables
F
Data visualizations presents UML class diagrams
F
Disaster recovery planning and business continuity management are unrelated
F
Disaster recovery planning and business continuity management are unrelated.
F
During the second stage of the AMPS model a business analyst would likely only gather data meeting Audit Data Standards
F
During the second stage of the AMPS model a business analyst would likely only gather data meeting Audit Data Standards.
F
Given the requirement of the Sarbanes-Oxley Act of 2002 (SOX), the Public Company Accounting Oversight Board (PCAOB) established the Securities and Exchange Commission (SEC) to provide independent oversight of public accounting firms.
F
Internal controls guarantee the accuracy and reliability of accounting records.
F
Machine learning requires less data than general Artificial Intelligence
F
Processing controls are IT general controls.
F
Public Company Accounting Oversight Board (PCAOB) encourages auditors to start from the basic/bottom of financial transaction records to identify the key controls.
F
Spam is a self-replicating program that runs and spreads by modifying other programs or files
F
The Generally Accepted Auditing Standards (GAAS) issued by PCAOB provide guidelines for conducting an IS/IT audit.
F
The data in a data warehouse are updated when transactions are processed.
F
The goal of information security management is to enhance the confidence, integrity and authority (CIA) of a firm's information.
F
The key difference between artificial intelligence applications and machine learning is that machine learning involves the computer learning from specific instructions versus experience
F
The risk of a company's internal auditing processes failing to catch the misstated dollar amount of revenue on the company's income statement is classified as inherent risk.
F
The symmetric-key encryption method is used to authenticate users
F
When creating a data visualization the analyst should never create new fields.
F
Which of the following risks can be minimized by requiring all employees accessing the information system to use passwords?
Firewall vulnerability
Which of the following is not one of the reasons auditors should consider the use of CAATs? A. GAAP stipulates that audits should be performed using tools and techniques appropriate to the evidence being reviewed. B. The IIA professional practices state that auditor must consider the use of technology-based auditing tools when conducting audits. C. GAAS requires auditors to gather sufficient and appropriate evidence in the course of audit field work. D. ISACA standards require IS auditors to obtain sufficient, reliable, and relevant evidence, and should perform appropriate analysis of this evidence.
GAAP stipulates that audits should be performed using tools and techniques appropriate to the evidence being reviewed.
one widely used tool in a auditing a system is generalized audit software (GAS). GAS is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis. describe GAS
GAS provides auditors with an independent means to gain access to various types of data for analysis
ACL and IDEA are two prominent examples of which of the following?
GAS.
b
Generally, which of the following is NOT one of the three roles an accountant typically fills in relation to the AIS? a. Designer b. Programmer c. User d. Auditor
A process that takes plaintext of any length and transforms it into a short code.
Hashing
Which type of chart is best to describe exam results for a class?
Histogram
In addition to focusing on controls, COBIT 2019 expands its scope by incorporating which of the following broad perspectives?
How IT brings value to the firm.
Which of the following procedures is most important to include in the disaster recovery plan for an information technology department?
Identification of critical applications
Artificial neural networks are the engines of machine learning
T
COBIT (Control Objectives for Information and related Technology) is a generally accepted framework for IT governance in the U.S.
T
Data analytics are likely to play a significant role in future audit activities.
T
Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a company.
T
Data mining is the process of searching for patterns in the data in a data warehouse and to analyze the patterns for decision making.
T
Data visualization must create or reinforce knowledge.
T
Data visualizations must create or reinforce knowledge
T
Datasets that are too large and complex for businesses' existing systems utilizing traditional capabilities are refered to as big data
T
Firewalls are security systems comprised of hardware and software that is built using routers, servers, and a variety of software.
T
In a computerized environment, internal controls can be categorized as general controls and application controls
T
Internal controls help safeguard an organization's assets.
T
b
In a logical DFD for a B/AR/CR process, which of the following data --- would you expect to interact with a process called "manage customer accounts"? a. Inventory master data b. Accounts receivable master data c. Sales event data d. Cash receipts event data
d
In a physical data flow diagram (DFD), this is something within the system that transforms data. a. Data flow b. Data store c. External entity d. Internal entity
b
In a purchasing process, once requirements are determined and a vendor selected, the next step is: a. The purchase requisition b. The purchase order c. Receive goods and services d. A vendor acknowledgement
c
In batch processing, business event data are collected and processed a. As soon as possible b. One at a time c. In groups d. Using OLRT systems
c
In contrast to the managerial reporting process, the financial reporting process prepares all of the following financial statements except: a. The balance sheet b. The income statement c. The standard costing variance report d. The statement of owner equity
b
In the control matrix, the rows represent: a. Control goals of the operations process b. Recommended control plans including both present and missing controls c. Control goals of the information process d. Control goals of the management process
Which of the following statements is true?
Incremental daily backups are faster to perform than differential daily backups, but restoration is slower and more complex.
b
Information processing activities include: a. Only automated activities b. Activities that retrieve, transform, and file data c. The sending of data between entities d. Operational activities
The ISO 27000 Series of standards are designed to address which of the following?
Information security issues.
One type of fault tolerance is using redundant units to provide a system the ability to continue functioning when part of the system fails.
T
Parallel simulation attempts to simulate the firm's key features or processes.
T
What Microsoft tool would most likely be used to create a complex visualization using a large amount of data?
Power BI
availability
devices and individuals can access a network and its resources whenever needed
Which type of question would accountants most likely use data analytics to answer?
Collectability of loans receivable
a
An account in the chart of accounts has the number 7111. Which of the following does the 7 likely represent? a. Revenues b. Sales region c. Merchandise sales d. Golf merchandise sales
. Data analytics professionals estimate that they spend how much of their time cleaning data in order to perform analysis on it?
50-90%
a
A clerk receives checks and customer receipts in the mall. He endorses the checks, fills out the deposit slip and posts the checks to the cash receipts events data. The clerk is exercising which functions? a. Recording and executing events b. Authorizing and executing events c. Recording and authorizing events d. Safeguarding of resources and authorizing events
c
A company uses a 7-digit number to identify customers. For example, the customer 1532789 indicates the following information: Digit 1-2, state, 15 = Georgia Digit 3, type of organization, 3 = government agency Digit 4, credit terms, 2 = 2/10, n/30 Digits 5-7, unique customer Identifier, 789 This type of coding scheme is: a. Hierarchical b. Block c. Significant digit d. Sequential
a
A control goal that is a measure of success in meeting a set of established goals is called: a. Effectiveness b. Monitoring c. Efficiency d. Risk
b
A control plan that is designed to detect a fraud by having one employee periodically do the job of another employee is called: a. Segregation of duties b. Forced vacations c. Periodic audits d. Management control
b
A control report generated by a system that shows data about transactions that were accepted or rejected during a transaction processing step is called a(n): a. Violation report b. Exception and summary report c. Variance report d. Program change log
a
A disadvantage of periodic mode systems is a. Online master data are only up to data right after the processing has been completed b. It is more expensive to operate than immediate mode system c. Query capability always exists to extract up-to-date data d. Data is updated after every transaction
What could result from the failure to audit and terminate unused accounts in a timely manner?
A disgruntled employee may tamper with company applications
c
A document that is used when filling a sales order to authorize the movement of goods from a warehouse to shipping is called a: a. Shipping order b. Packing slip c. Picking ticket d. Blind authorization
a
A form of fraud in which the payments made by open customer are systematically applied to the account of another is called: a. Lapping b. Malfeasance c. Pre-posting d. Knitting
One of the largest challenges across the accounting industry for auditing firms which use blockchain is:
A gap in skillset
Asymmetric-key encryption uses which of the following techniques to allow users to communicate securely?
A public key and a private key
a
A relation that is in _____ form contains repeating attributes within each row or record a. Unnormalized b. First normal (1NF) c. Second normal (2NF) d. Third normal (3NF)
d
A remittance advice generally would be recorded in which of the following pairs of data stores? a. Customer master data and accounts receivable master data b. Sales event data and accounts receivable master data c. Accounts receivable adjustments data and accounts receivable master data d. Cash receipts data & accounts receivable master data
b
A system that supports constantly up-to-date reporting of data is a. Online transaction entry (OLTE) b. Online real-time (OLRT) c. Online transaction data (OLTD) d. Electronic document management
b
A warehouse clerk manually completing an order document and forwarding it to purchasing for approval is an example of: a. Authorizing events b. Executing events c. Recording events d. Safeguarding resources
Which of the following statement is correct regarding internal control?
An inherent limitation to internal control is the fact that controls can be circumvented by management override
. According to the results of the PWC's 18th Annual Global CEO Survey, CEO's aren't yet ready to place a high value on data analytics
F
Which of the following is a set of standards created by the AICPA for data files and fields in order to support external audits?
Audit Data Standards (ADS).
Which of the following approaches and/or tools are not typically used as part of a CAAT approach to auditing? Audit calculation engine (ACE). Integrated testing facility (ITF). Embedded audit module (EAM). Generalized audit software (GAS).
Audit calculation engine (ACE)
1. Data analytics is used to publish historical information
F
Which of the following is not one of the skill sets often associated with data analytics?
Bifurcating data.
Which of the following does not describe characteristics of the AMPS model?
Binary
Which of the following does not describe characteristics of the AMPS model? Iterative Can lead to asking deeper questions Binary Leaves the decision maker more knowledgeable
Binary
This control protects records from errors that occur when two or more users attempt to update the same record simultaneously.
Concurrent update controls
Which of the following is not a management control for wireless networks? Conducting risk assessment on a regular basis. Assigning roles and responsibilities of employees for access control. Conducting appropriate awareness training on wireless networks. Creating policies and procedures.
Conducting appropriate awareness training on wireless networks
Which of the following is not a management control for wireless networks? Conducting risk assessment on a regular basis. Creating policies and procedures. Conducting appropriate awareness training on wireless networks. Assigning roles and responsibilities of employees for access control.
Conducting appropriate awareness training on wireless networks
Encryption is a control that changes plain text into which of the following?
Cyphertext.
Which of the following is not a common element of performing and sharing data analysis amongst visualization tools?
Create data
Raw data often must be scrubbed to remove extraneous data and other noise in order to become useful. This technique is known as:
Extract, Transform, and Load.
Which statement best describes data visualization?
Data visualization is one way we share the story
Artificial Intelligence can include all of the following except: Database programming. Language translation. Logical thinking. Visual perception.
Database programming.
Which of the following describes the recommended prerequisites for managing vulnerabilities?
Determine the main objective of vulnerability management, and assign roles and responsibilities
Which type of analysis assists with understanding why something happened during the third step of the AMPS model, performing the analysis?
Diagnostic
An electronic document that certifies the identity of the owner of a particular public key.
Digital certificate
A company's new time clock process requires hourly employees to select an identification number and then choose the clock-in or clock-out button. A video camera captures an image of the employee using the system. Which of the following exposures can the new system be expected to change the least?
Errors in employees' overtime computation
The IT Infrastructure Library (ITIL) is considered a de facto standard in which of the following regions?
Europe
Which type of chart would best show outbreaks of the flu by region?
Map
There are "white hat" hackers and "black hat" hackers. Cowboy451 was one of the "black hat" hackers. He had researched an exploit and determined that he could penetrate the target system, download a file containing valuable data, and cover his tracks in eight minutes. Six minutes into the attack he was locked out of the system. Using the notation of the time-based model of security, which of the following must be true?
P>6
A well-known hacker, Jason Miklin, started his own computer security consulting business shortly after being released from prison. Many companies pay him to attempt to gain unauthorized access to their network. If he is successful, he offers advice as to how to design and implement better controls. What is the name of the testing for which the hacker is being paid?
Penetration testing
c
Performance reports to various cost center, profit center, and investment center managers are usually sent by? a. The controller b. The treasurer c. The managerial reporting officer d. The budgeting department
What type of tables does Excel use to create data visualization?
Pivot Tables
Which type of analysis assists with defining how to optimize performance based on a potential constraint?
Prescriptive
Which type of blockchain would an accounting department of a large international firm set up to track control testing?
Private
Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information?
Providing free credit report monitoring for customers
Which type of blockchain offers economic reward for the computational proof of work in mining?
Public
A disaster recovery approach should include which of the following elements?
Regular backups.
Which of the following best illustrates the use of multifactor authentication?
Requiring the use od a smart card and a password
Which one of the following is not an example of machine learning assisting in an audit?
Reviewing organization charts
To be considered blockchain a technology must have all of the following except
Rewardability.
The encryption technique that requires two keys, a public key that is available to anyone for encrypting messages and a private key that is known only to the recipient for decrypting messages, is
Rivest, Shamir, and Adelman (RSA).
When an accounting team automates account reconciliation this is an example of:
Robotic process automation
For businesses considering a cloud computing solution, which of the following should they ask the cloud vendor to provide before entering into a contract for critical business operations?
SOC 2 Report
virtual private network
Securely connects a firm's WANs by sending/receiving encrypted packets via virtual connections over the public Internet to distant offices, salespeople, and business partners
Which of the following is not a benefit of using wireless technology?
Security
Which of the following is not a benefit of using wireless technology? Security. Flexibility and Scalability. Mobility. Rapid deployment.
Security
One of the ten Generally Accepted Privacy Principles concerns security. According to GAPP, what is the nature of the relationship between security and privacy?
Security is a necessary, but not sufficient, precondition to effective privacy
Which of the following is not a use of generalized audit software (GAS)? Control testing. Security testing. Substantive testing. Transaction data analysis.
Security testing.
What is the first step to get data when using Tableau?
Select File>New
Which of the following is an activity performed as part of data visualization? Creating a value chain Selecting the data visualization tool Asking the data visualization tool Asking the appropriate questions Addressing privacy concerns
Selecting the data visualization tool
Which of the following is not one of the key COBIT 2019 principles for governance and management of enterprise IT? Enabling a holistic approach. Separating management from shareholders. Applying an integrated framework. Meeting stakeholder needs.
Separating management from shareholders
c
The Sarbanes-Oxley Act of 2002 dramatically changed the daily work of financial accountants and auditors because it a. Expanded the scope of the audit beyond financial information b. Required that organizations work with their auditors to design systems of internal control c. Required that external auditors report on the effectiveness of an organization system of internal control d. Expand the opportunities for auditors to engage in consulting activities with their audit clients
a
The ______ database model works well for simple data structures, but falls apart quickly when the data becomes more complex. a. Hierarchical b. Relational c. Network d. Object-oriented
d
The ______ is a compilation of open purchase orders and includes the status of each item on order. a. Accounts payable master data b. Vendor master data c. Vouchers payable master data d. Purchase order master data
c
The accounts receivable system typically used by utilities is the: a. Pre-billing system b. Open-item system c. Balance-forward system d. Post-billing system
What is the man-in-the-middle threat for wireless LANs?
The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.
man-in-the-middle
The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.
message modification
The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it
masquerading
The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network
rogue access points
The attacker sets up an unsecured wireless network near the enterprise with an identical name and intercepts any messages sent by unsuspecting users that log onto it
a
The billing system in which the invoice is prepared after the goods have been shipped and the sales order notification has been matched to shipping's billing notification is called a(n): a. Post-billing system b. Open item system c. Pre-billing system d. Balance-forward system
c
The central repository for all the date related to the enterprise's business activities and resources a. information system b. management information system c. enterprise database d. strategic planning
d
The coding system that is most understandable by human information processors is: a. Serial coding b. Hierarchical coding c. Block coding d. Mnemonic coding
a
The columns in a control matrix contain headings listing the business process: a. Control goals b. Control plans c. Control environment d. Control procedures
b
The control plan preformatted screens in directed primarily toward achieving the information process control goal of ensuring: a. Sales order input validity b. sales order input accuracy c. sales order input completeness d. sales order update completeness
b
The controlled access to data, programs, and documentation is a principal responsibility of which of the following functions? a. Data control b. Data librarian c. Recording events d. Computer operator
b
The general term for software that connects third-party modules to ERP systems is known as a. Dreamweaver b. Middleware c. Microsoft d. NetWeaver
b
The general ledger master data does not contain: a. Adjusting entry data b. Customer number c. Business event transaction d. Source code field
c
The model that logically organizes data into two-dimensional tables is the: a. Hierarchical database model b. Network database model c. Relational database model d. Object-oriented model
c
The most dominant player in the ERP market for large companies is a. Oracle b. Sage c. SAP d. Microsoft
Which of the following is an example of the kind of batch total called a hash total?
The sum of the purchase order number field in a set of purchase orders
d
These are relatively permanent portions of master data a. Business event data b. Data maintenance c. Master data d. Standing data
Which of the following best describes why firms choose to create codes of ethics?
They allow firms to create a formal set of expectations for employees who may have different sets of personal values.
b
This component of the ERM framework concerns the entirety of enterprise risk management and is accomplished through ongoing management activities, separate evaluations, or both. a. Control activities b. Monitoring c. Objective setting d. Risk response
a
This framework was issued in 1996 (and updated in 2007) by the Information Systems Audit and Control Association (ISACA) because of the influence of IT over information systems, financial reporting and auditing. a. COBIT b. COSO c. ERM d. All of the above
Which of the following is not one of the common techniques for information security risks and attacks? A. Spam. B. Botnet. C. TraceRT. D. Social Engineering.
TraceRT.
If a machine is attempting to reduce the dimensions in a dataset it is using:
Unsupervised learning
When a client's accounts payable computer system was relocated, the administrator provided support through a virtual privat network (VPN) connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?
User accounts are not removed upon termination of employees
a framework intended to help managers create business value from IT investments is called
Val IT
A company's labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. Which of the following data processing input controls appears to be missing?
Validity test
a
When the sales-related data are captured in the sales order department and then the information flows to the managers housed in the marketing department, it is an example of a: a. Vertical information flow b. Horizontal information flow c. Both vertical and horizontal information flow d. Neither vertical nor horizontal information flow
d
Which component of the ERM framework is best described here: Management selects whether to avoid, accept, reduce, or share risk; developing a set of actions to allign risks with the entity's risk tolerances and risk appetite. a. Control activities b. Event identification c. Risk assessment d. Risk response
IT governance over operating systems includes establishing proper policies and procedures. These policies and procedures over operating systems should cover all of the following except: Which actions users can take. Which resources users can use. Who can access the operating system. Which computing hardware to use.
Which computing hardware to use
IT governance over operating systems includes establishing proper policies and procedures. These policies and procedures over operating systems should cover all of the following except: Which actions users can take. Who can access the operating system. Which resources users can use. Which computing hardware to use.
Which computing hardware to use.
b
Which data flow diagram (DFD) symbol is portrayed by two parallel lines? a. Data Flow b. Data Store c. External entity d. Internal entity or process
d
Which of the following data is least likely to be stored in the customer master data? a. customer number b. billing address c. ship-to address d. open invoices
c
Which of the following individuals should possess the greatest knowledge of GAAP? a. Managerial reporting officer b. Budgeting department manager c. Financial reporting officer d. Managerial reporting officer
a
Which of the following is a control plan in which the source document is designed to make it easier to input data from the document? a. Document design b. Written approval c. Preformatted screens d. Online prompting
c
Which of the following is not a cost element as part of the inventory carrying costs? a. Insurance costs b. Property taxes c. Purchase order preparation costs d. Storage costs
b
Which of the following normally would trigger the billing process in a B/AR/CR process? a. Remittance advice b. Shipping notice c. Picking ticket d. Customer acknowledgement
a
Which of the following process bubbles would you not expect to see in the purchasing process - Level 0 diagram? a. Make payment b. Order goods and services c. Receive goods and services d. Determine requirements
b
Which of the following techniques has the reorder point based on each inventory item's sales rate? a. Cyclical reordering b. Reorder points (ROP) analysis c. ABC analysis d. EOQ analysis
d
Which of the following types of batch totals is likely to be most effective in ensuring the control goal of input accuracy? a. Line counts b. Document/record counts c. Item counts d. Hash totals
d
Which of these represents a comprehensive picture of management, operations, and information systems? a. Context diagram b. Logical DFD c. Physical DFD d. Systems flowchart
b
Which type of data flow diagram specifies where, how, and by whom a system's processes are performed? a. Context diagram b. Physical DFD c. Logical DFD d. Systems flowchart
a
Which type of supply chain collaboration methods includes the vendor obtaining the buyer's current sales, demand, and replenishing the buyer's inventory? a. Continuous replenishment (CRP) of vendor managed inventory (VMI) b. Collaborative forecasting and replenishment (CFAR) c. Collaborative planning, forecasting and replenishment (CPFR) d. None of the above
Which of the following is an example of an appropriate question to begin analyzing a business problem?
Why is our newest product not selling as expected in Kentucky?
d
With companies facing global competition, firms are recognizing that their most important asset is: a. Inventory b. Employees c. Cash d. A happy customer
Which of the following tool advancements has made continuous auditing more feasible? VPN. XBRL. OLAP. COBIT.
XBRL
relevant technologies in performing continuous auditing
XML and XBRL data analytics/data mining CAATs
41. Which of the following is not one of the common techniques for information security risks and attacks? A. Spam. B. Botnet. C. TraceRT. D. Social Engineering.
c
c
_________ application can handle both B2B and B2C business transactions a. Customer relationship management b. Buy-side c. Sell-side d. E-business
1. In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator? A. Managing remote access. B. Developing application programs. C. Reviewing security policy. Installing operating system upgrades
a
1. Which of the following does not represent a viable data backup method? A. Disaster recovery plan B. Redundant arrays of independent drives C. Virtualization D. Cloud computing
a
1. Which of the following is least likely to be considered a component of a computer network? A. Application programs. B. Computers. C. Servers. D. Routers.
a
1. Which of the following is not a direct operating cost of an IT initiative? A. End-user data management B. Ongoing hardware replacement C. Software upgrades D. Hardware disposal
a
1. Which of the following is not a reason that large IT projects require economic justification? A. IT is a commodity, every firm makes IT investments B. IT investments require large amounts of capital C. Capital resources are limited D. Major IT projects can affect substantial portions of the organization
a
1. Which of the following is not a step in the balanced scorecard management process? A. Invest B. Translate C. Monitor D. Adapt
a
1. Which of the following is not an example of Enterprise IT? A. Spreadsheet financial applications B. Business intelligence systems C. CRM systems D. ERP systems
a
1. Which of the following is not an organizational capability directly supported by Enterprise IT? A. Process definition B. Process integration C. Customer service D. Transaction automation
a
1. Which of the following passwords would be most difficult to crack? A. Go2Ca!ifornia4fun B. language C. jennyjenny D. pass56word
a
1. Which of the following strategies will a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system? A. Continuous monitoring and analysis of transaction processing with an embedded audit module. B. Increased reliance on internal control activities that emphasize the segregation of duties. C. Verification of encrypted digital certificates used to monitor the authorization of transactions. Extensive testing of firewall boundaries that restrict the recording of outside network traffic
a
21. In addition to technology, which of the following is required in order that a firm may achieve desired business process improvements for its IT invesment? A. Other enabling (complementary) changes. B. Software configuration. C. The Balanced Scorecard and associated strategy map. D. Business Intelligence.
a
21. In this chapter, project management is defined as: a. The process of carrying out the systems development life cycle to achieve an intended outcome. b. Making sure all of the inputs are available to complete the project. c. Writing the software code for the entire project. d. Managing the project through the implementation phase.
a
21. The economic justification process for a new IT initiative includes all of the following except: A. Allocate funds for the recommended option. B. Evaluate potential costs, benefits, and risks for each option. C. Identify potential solutions. D. Develop value propositions for each option. E. Assess the business requirements.
a
21. Which of the following would not be considered an indirect operating cost for an IT initiative? A. End user data entry. B. User self-training. C. User peer support. D. End user data management.
a
21. Which phase of the systems development life cycle includes transforming the plan from the design phase into an actual, functioning system: a. Implementation Phase b. Maintenance phase c. Analysis phase d. Design Phase
a
37. According to Fred Davis' model on the use of new systems, users' intentions regarding the use of new systems are a direct result of which factors? A. Perceived usefulness of the new system; Perceived ease of use of the new system. B. Whether use of the new system is voluntary or mandatory; How easy the new system is to use. C. How much experience the user has with technology; Social pressures to use certain technologies. The gender of the user; How much the new system helps the user complete work-related tasks.
a
37. Which of the following best describes why project management is so important for IT projects? A. Because IT projects frequently are canceled, late, or don't deliver the intended benefits. B. Because project consulting is a large and growing industry. C. Because the technology acceptance model depends on strong project management. D. Because PERT charts are created by project management.
a
37. Which of the following control frameworks most closely corresponds to the phases of the SDLC? A. COBIT. B. COSO 2014. C. COSO ERM. D. ISO 27000.
a
41. IT governance over operating systems includes establishing proper policies and procedures. These policies and procedures over operating systems should cover all of the following except: A. Which computing hardware to use. B. Who can access the operating system. C. Which actions users can take. D. Which resources users can use.
a
41. Which of the following best describes continuous auditing? A. Audit-related activities are peformed throughout the period under review. B. The full audit team remains on the client site for the entire fiscal year. C. The database extracts every 10th transaction and flags it for audit review. D. Auditors can generate greater fees by increasing the amount of manual testing performed for the client.
a
41. Which of the following statements is most accurate with regard to business continuity management (BCM) and disaster recovery planning (DRP)? A. DRP is an important component of BCM. B. BCM and DRP should be considered independently of each other. C. BCM is an important component of DRP. D. DRP should be considered as optional, while BCM should be considered as necessary.
a
41. Which of the following statements is true regarding risk management and vulnerability management? A. They both have the objective of reducing the likelihood that detrimental events occur. B. Risk management is often conducted using an IT asset-based approach. C. Vulnerability management is more complex and strategic. D. Both approaches involve processes that typically take many months or years to complete.
a
technical controls examples
a firm should immediately change the default configuration of all access points that have been deployed all access points should be configured with encryption to maintain confidentiality and data integrity
local area network
a group of computers, printers, and other deices connected to the same network that covers a limited geographic range
41. Which of the following is not one of the main components of vulnerability management and assessment? A. Identification. B. Remediation. C. Internalization. D. Maintenance.
c
embedded audit module
a programmed audit module that is added to the system under review
Which of the following best describes the AICPA's Audit Data Standards (ADS)?
a set of standards for data files in fields designed to support external audits
in our electronic world, all or most accounting records are store in a database. a database is:
a shared collection of logically related data that meets the information needs of a firm
Max Bignell took a call from a client. "Max, I need to interact online and real time with our affiliate in India, and I want to make sure that our communications aren't intercepted. What do you suggest?" Max responded "The best solution will be to implement
a virtual private network."
accounting-based measures _____ the success of the firms investments in learning and growth, process performance, and ability to deliver value to customers
confirm
switches
an intelligent device that provides a path for connections of hosts in a LAN direct data packets based on media access controls addresses
financial perspective
confirms the success of the firms investments and its ability to deliver value to customers
hubs
containing multiple ports broadcasting data packets
four major questions
are we doing the right things? are we doing them the right way? are we getting them done well? are we getting the benefits?
management controls examples
assigning roles and responsibilities creating policies and procedures conducting risk assessment on a regular basis
parallel simulation
attempts to simulate the firm's key features or processes
black-box approach in auditing systems
auditing around the computer
When new employees are hired by Folding Squid Technologies, they are assigned user names and appropriate permissions are entered into the information system's access control matrix. This is an example of a(an)
authorization control.
Restricting access of users to specific portions of the system as well as specific tasks, is
authorization.
The term "computer-assisted reporting" refers to any ______ audit techniques that can be used by an auditor to perform audits or achieve audit objectives
automated
1. An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing? A. Data restoration plan. B. Disaster recovery plan. C. System security policy. D. System hardware policy.
b
1. LAN is the abbreviation for A. Large Area Network. B. Local Area Network. C. Longitudinal Analogue Network. Low Analytical Nets
b
1. The results of a generalized audit software simulation of the aging of accounts receivable revealed substantial differences in the aging contribution, even though grand totals reconciled. Which of the following should the IS auditor do first to resolve the discrepancy? A. Recreate the test, using different software. B. List a sample of actual data to verify the accuracy of the test program. C. Ignore the discrepancy because the grand totals reconcile and instruct the controller to correct the program. D. Create test transactions and run test data on both the production and simulation program.
b
1. To prevent invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as: A. A validation check. B. check digit verification C. A dependency check. D. A format check.
b
1. What is the primary objective of data security controls? A. To establish a framework for controlling the design, security, and use of computer programs throughout an organization. B. To ensure that data storage media are subject to authorization prior to access, change, or destruction. C. To formalize standard, rules, and procedures to ensure the organization's control are properly executed. D. To monitor the use of system software to prevent unauthorized access to system software and computer programs.
b
1. When computer programs or files can be accessed from terminals, users should be required to enter a(n) A. Parity check. B. Password as a personal identification code. C. Check digit. D. Echo check.
b
1. Which of the following controls would most likely assure that a company can reconstruct its financial records? A. Security controls such as firewalls B. Backup data are tested and stored safely C. Personnel understand the data very well D. Paper records
b
1. Which of the following describes a group of computers that connects the internal users of a company distributed over an office building? A. Internet B. LAN C. Virtual private network (VPN) D. Decentralized network
b
1. Which of the following is an example of solution risk? A. The solution is not aligned with the company's strategy. B. The solution will not generate projected benefits. C. The solution will be delayed. D. Employees are unwilling to make the necessary changes.
b
1. Which of the following is not a direct acquisition cost of an IT initiative? A. Cost of hardware B. Cost of business disruption C. Cost of project management D. Cost of software development
b
1. Which of the following is not a general type of business process found on generic strategy maps? A. Innovation processes B. Administrative processes C. Operations management processes D. Customer management processes
b
1. Which of the following is not a potential benefit of an IT investment? A. Revenue enhancement B. Revenue savings C. Cost avoidance D. Revenue protection
b
related management activity
control monitoring enterprise risk management
1. Which of the following is the best description of the Link to Operations step in the balanced scorecard management process? A. The company establishes objectives, measures, targets, and initiatives. B. The company prepares operating budgets and prioritizes business process improvements. C. The company evaluates the effectiveness of its strategy. The company examines the competitive environment
b
1. Which of the following is the least effective approach to quantifying expected benefits of an IT project? A. Find out what other firms experienced in similar situations B. Review options with the hardware vendor C. Consult with experts D. Use simulation software
b
1. Which of the following outcomes is a likely benefit of information technology used for internal control? A. Processing of unusual or nonrecurring transactions. B. Enhanced timeliness of information. C. Potential loss of data.
b
1. Which of the following statements about switches is correct? A. A hub is smarter than Switch. B. Switches provide more security protections than hubs do for a company's internal network. C. Switches are widely used in WANs. A Switch contains multiple ports
b
1. Which of the following statements is not correct? A. The IP address of a desktop computer often changes B. The MAC address of a desktop computer often changes C. The IP address of a Web server does not change D. Each hardware device must have a MAC address
b
1. Which of the following statements regarding authentication in conducting e-business is incorrect? A. It is a process that establishes the origin of information or determines the identity of a user, process, or device. B. One key is used for encryption and decryption purposes in the authentication process. C. Successful authentication can prevent repudiation in electronic transactions. D. We need to use asymmetric-key encryption to authenticate the sender of a document or data set.
b
1. Why do Certificate Authority (CA) play an important role in a company's information security management? A. Using a CA is required by SOX in managing information security. B. Most companies use CA to manage their employees' public keys. C. CA creates and maintains both the public and private keys for a company's employees. D. None of the above is correct.
b
1. Within a WAN, a router would perform which of the following functions? A. Provide the communication within the network B. Select network pathways within a network for the flow of data packets. C. Amplify and rebroadcast signals in a network D. Forward data packets to their internal network destination
b
21. A project sponsor is generally defined as: a. A senior executive that will sponsor, or pay for, the project. b. A senior executive in the company who takes responsibility for the success of the project. c. The CEO of the company that likes technology. The system's primary user
b
21. In 2009, _____ % of IT projects failed or were challenged. a. 82% b. 68% c. 49% d. 35%
b
21. Organizations have developed techniques for evaluating IT projects for several reasons. Which of the following is not one of those reasons? A. Selecting one investment often means forgoing other potentially value-increasing investments. B. IT projects often require new sets of skills, which may not be readily available, or may be cost-prohibitive to build. C. IT projects often require large amounts of capital, and for most firms, capital resources are limited. D. IT projects often involve changes in business processes that will affect substantial portions of the organization.
b
21. PERT and Gantt charts primarily address the triple constraint of: a. Technical issues b. Time c. Cost d. Scope
b
21. The 15-15 Rule states that if a project is more than 15 percent over budget or 15 percent off the desired schedule, it will: a. Likely only have 15% of the desired benefits b. Likely never recoup the time or cost necessary to be considered successful. c. Have a small likelihood of ever being adopted by system users. d. Likely be cancelled by the project sponsor.
b
21. The IFAC suggested ten core principles of effective information technology planning. Which of these are not one of those ten core principles? a. Alignment b. Unbiased c. Measurable Performance d. Achievability
b
21. The IFAC suggested ten core principles of effective information technology planning. Which of these are not one of those ten core principles? a. Relevant Timeframe b. Timeliness c. Measurable Performance d. Benefits Realization
b
21. The International Federation of Accountants recommends that the business case for IT investments should answer which of the following questions? A. Will this project require new skills? B. What are the risks of not doing the project? C. Is this project possible? D. Are competitors undertaking similar projects?
b
21. The Technology Acceptance Model predicts: a. Whether a new system is needed b. Whether the system will be adopted. c. When and how the system will be modified to induce acceptance. d. Which type of smart phone will be more successful in the marketplace?
b
21. The final phase of the systems development life cycle is the a. Analysis phase b. Maintenance phase c. Design Phase d. Implementation Phase
b
21. The triple constraint of project management includes the constraint of: a. Technical issues b. Time c. Adoption d. Usability
b
21. When considering the sensitivity of estimates used to evaluate IT initiatives, which of the following are you likely to do? A. Use multiple metrics to evaluate each IT initiative. B. Test the impact of changes in assumptions on the various financial metrics. C. Consider which groups in the organization will benefit. Develop exact quantifications of costs and benefits
b
21. Which of the following is the formula for payback period? A. Increased cash flow per period / initial investment. B. Initial investment / increased cash flow per period. C. CFt / (1 + r)t (Average annual income from IT initiative) / (Total IT initiative investment cost
b
26. Val IT is similar to the Balanced Scorecard in what sense? A. It is linked closely to the use of strategy maps. B. It requires firms to define value in terms of the firms' strategic objectives. C. IT governance is a key focus area. D. The VAL IT plan should fit on one page.
b
26. Which of the following is not a typical activity a firm will undertake when linking the Balanced Scorecard to operations? A. Prioritize business process improvements. B. Develop capital and other long-term budgets. C. Develop key performance indicators. D. Establish necessary IT systems.
b
26. Which of the following is not one of the types of business processes that should be considered, according to Kaplan and Norton, when considering the Process Perspective of the Balanced Scorecard? A. Customer management processes. B. Business continuity processes. C. Operations management processes. D. Regulatory and social processes. E. Innovation processes.
b
26. Which of the following is the best reason for a firm to use a strategy map? A. It identifies which products should be developed and marketed. B. It allows firms to assess and prioritize gaps between current and desired performance levels. C. It allows firms to evaluate past financial results as the end result of activity in the other Balanced Scorecard perspectives. D. Developing a strategy map allows a firm's executives to go on a weekend retreat, which enhances the trust and bonds between the executive team members.
b
37. In AIS, managing and carrying out the systems development life cycle to achieve an intended outcome is called: A. Life cycle development. B. Project management. C. Executive sponsorship. D. System analysis.
b
37. Scope creep is best described as which of the following? A. The overall size of the project. B. Increases to a project's requirements after the project has started. C. A shady looking person in charge of the scope. D. The gradual completion of project tasks, eventually resulting in the end of the project.
b
37. Which of the following approaches is recommended to help users view a new system as easy to use? A. Provide extensive training just after the system goes into production throughout the organization. B. Show the look and feel of the new system (i.e., sample computer screens, reports, etc.) well before the new system is developed in order to help users feel comfortable with it. C. Develop a detailed specification of the features the new system will have. Make sure all user requests are addressed as enhancements to the system in its maintenance phase
b
37. Which of the following best describes the core principal of accountability in the SDLC? A. Ensuring the presence of a verifiable audit trail in the new system. B. Ensuring that identification of the people responsible for implementing the IT plan is explicitly clear. C. Ensuring that account balances faithfully represent the underlying transactions in the new system. D. Ensuring that the chart of accounts in the new system conforms to GAAP.
b
41. ACL and IDEA are two prominent examples of which of the following? A. ITF. B. GAS. C. EAM. D. DBMS.
b
41. Both ISACA and the GTAG define define vulnerability. Which of the following does not represent one of these definitions? A. The nature of IT resources that can be exploited by a threat to cause damage. B. An intruder's attempts to exploit weaknesses in IT resources. C. Weaknesses or exposures in IT assets that may lead to business, compliance, or security risk. D. All of the other items represent the definitions of vulnerability stated by ISACA and the GTAG.
b
41. One control objective for an operating system is that it must be protected from itself. Which of the following statements best explains this concept? A. The operating system should be able to gracefully terminate activities, and later recover to its previous state. B. No operating system module should be allowed to corrupt or destroy another operating system module. C. User applications must not be allowed to gain control of or damage the operating system. D. The operating system must be able to prevent unauthorized users from accessing, corrupting, or destroying other users' data.
b
41. Which of the following best illustrates the use of multifactor authentication? A. Requiring password changes every 30, 60, or 90 days. B. Requiring the use of a smart card and a password. C. Requiring the use of upper case, lower case, numeric, and special characters for a password. D. The use of a fingerprint scanner for access to a device.
b
41. Which of the following describes the primary goals of the CIA approach to information security management? A. Controls, Innovation, Analysis. B. Confidentiality, Integrity, Availability. C. Convenience, Integrity, Awareness. D. Confidentiality, Innovation, Availability.
b
41. Which of the following describes the recommended prerequisites for managing vulnerabilities? A. Implement the COSO ERM framework, and identify key vulnerabilities. B. Determine the main objective of vulnerability management, and assign roles and responsibilities. C. Identify the key vulnerabilities, and implement appropriate controls to minimize the vulnerabilities. D. Implement suitable controls, and assess those controls for potential vulnerabilities.
b
41. Which of the following is not considered one of the primary CAAT approaches? A. The black-box approach. B. Encryption testing. C. Auditing through the computer. D. The white-box approach.
b
41. Which of the following is not one of the categories of security controls for wireless networks? A. Operational controls. B. Application controls. C. Management controls. D. Technical controls.
b
41. Which of the following is not one of the reasons auditors should consider the use of CAATs? A. ISACA standards require IS auditors to obtain sufficient, reliable, and relevant evidence, and should perform appropriate analysis of this evidence. B. GAAP stipulates that audits should be performed using tools and techniques appropriate to the evidence being reviewed. C. The IIA professional practices state that auditor must consider the use of technology-based auditing tools when conducting audits. D. GAAS requires auditors to gather sufficient and appropriate evidence in the course of audit field work.
b
41. Which of the following tools is typically used in data mining? A. COBIT. B. OLAP. C. REA. D. DBA.
b
41. Which of the following would most likely be used for a secure initial logon process? A. Symmetric-key encryption. B. Assymetric-key encryption. C. Dual-handshake encryption. D. 56-bit encryption.
b
21. The IFAC suggested ten core principles of effective information technology planning. Which of these are not one of those ten core principles? a. Relevant Scope b. Reassessment c. Reliability d. Benefits Realization
c
41. Which of the following is not one of the benefits of using a wireless network? A. Flexibility and scalability. B. Mobility. C. Greater security. Rapid deployment
c
1. Bacchus, Inc. is a large multinational corporation with various business units around the world. After a fire destroyed the corporation headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery? A. Daily backup. B. Network security. C. Business continuity. D. Backup power.
c
1. What is data mining? A. A particular attribute of information. B. A common term for the representation of multidimensional data. C. The process of analyzing data to extract information that is not affected by the raw data alone. None of the above is correct
c
1. When client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk? A. User passwords are not required to the in alpha-numeric format. B. Management procedures for user accounts are not documented. C. User accounts are not removed upon termination of employees. D. Security logs are not periodically reviewed for violations.
c
1. Which of the following is not a management control for wireless networks? A. Assigning roles and responsibilities of employees for access control B. Conducting risk assessment on a regular basis C. Conducting appropriate awareness training on wireless networks D. Creating policies and procedures
c
1. Which of the following is not a value proposition characteristic expected to influence customer value? A. Product attributes B. Image C. Innovation D. Relationship
c
1. Which of the following is not included in Information Capital as described in the balanced scorecard learning and growth perspective? A. IT Infrastructure B. Employees' abilities to use technology C. Intangible assets D. Applications
c
1. Which of the following is the best approach to mitigate alignment risk? A. Assure top management support B. Conduct training and provide incentives C. Use the balanced scorecard framework D. Use sensitivity analysis
c
1. Which of the following is the best reason that companies find it hard to assess the benefit of IT investments? A. Difficult to assess costs B. Difficult to tie IT investments to company strategy C. IT investments become embedded in business processes D. None of the above
c
1. Which of the following statements regarding the black-box approach for systems auditing is correct? A. The auditors need to gain detailed knowledge of the systems' internal logic B. The black-box approach could be adequate when automated systems applications are complicated C. The auditors first calculate expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results. D. All of the above are correct
c
1. Which of the statements regarding a data warehouse is incorrect? A. It is a centralized collection of firm-wide data B. The purpose of a data warehouse is to provide a rich data set for management to identify patterns and to examine trends of business events C. Includes data for the current fiscal year only D. The data in a data warehouse is pulled from each of the operational databases periodically
c
21. Acquisition costs for an IT initiative include all of the following except: A. Software licenses. B. Training. C. Maintenance fees. D. Project management.
c
21. After identifying the relevant risks associated with an IT initiative, which of the following is not something that the project team should consider regarding each risk? A. The financial impact of the risk scenario occurring. B. The probability of the risk scenario occurring. C. The potential benefits of the risk scenario occuring. D. The cost of mitigating the risk.
c
21. Benefits of IT initiatives should be measured in comparison to which of the following? A. The amount of information available. B. Current inputs of the existing IT processes. C. Revenues and costs that will occur without implementing the initiative. Non-financial aspects of the project
c
21. For a firm considering AIS and IT initiatives, accountants can play an important role in which of the following ways? A. Auditing the financial statement reports created by the new system. B. Implementing the controls in the new technology. C. Developing and reviewing the business case for the initiatives. D. Entering transactions into the new system.
c
21. IDC estimates that what percent of IT spending is in the form of capital expenditures? A. 25%. B. 40%. C. 70%. D. 95%.
c
21. The Sarbanes-Oxley Act's 404 Reports require management and auditors to report on a. The current financial condition of the firm and perceived threats to its financial condition. b. The academic background and experience of the company's accounting leadership c. The effectiveness of the internal controls of the company's accounting information system. d. The quality of the project management planning.
c
21. Which of the following is a key advantage of the Net Present Value metric for evaluating an IT initiative? A. It relates estimates using accrual accounting. B. It is easy to calculate. C. It considers the time value of money. It is sensitive to the discount rate applied
c
21. Which phase of the systems development life cycle would describe in detail the desired features of the system? a. Analysis phase b. Planning phase c. Design Phase d. Implementation Phase
c
26. All of the following are considered potential benefits of enterprise IT except: A. Customer service. B. Transaction automation. C. Execution of discrete tasks. D. Process integration. E. Performance monitoring and decision support.
c
26. Experts agree that the most common reason firms don't realize value from their IT investments is that they do not have a structured plan. According to these same experts, what is the 2nd most common reason? A. Unwillingness to adopt the new technology. B. Overestimating potential benefits. C. Lack of knowledge of how to begin. D. The new technology does not work properly.
c
26. The value of an IT investment can be dependent on whether complementary capabilities exist within the firm. Which of the following is not one of the required complementary capabilities? A. Skilled workers. B. The ability to work in a team environment. C. The ability to query a database. D. The design of work processes.
c
26. Val IT distinguishes among several main categories of firm initiatives. Which of the following is not one of those categories? A. Portfolios. B. Programs. C. Plans. D. Projects.
c
26. Which of the following best describes how using structured strategic management processes such as the Balanced Scorecard can have an impact on companies? A. Allows firms to more accurately estimate the cost of implementing new technologies. B. Enhances the efficiency and speed of supply chain transactions. C. Helps tie the use of supporting technologies to successful performance. Allows executives to have a dashboard view of key performance metrics
c
26. Which of the following best explains the cause-and-effect relationships portrayed by the Balanced Scorecard? A. Improvements in the Process perspective leads to improvements in the Learning & Growth perspective. B. Improvements in the Learning & Growth and Customer perspectives lead to improvements in the Process perspective. C. Improvements in areas related to Customer and Process perspectives lead to improvements in the Financial perspective. D. Improvements in the Financial and Process perspectives lead to improvements in the Customer perspective. AACSB: Analytical Thinking
c
26. Which of the following best represents the sequence of steps in the Balanced Scorecard management process? A. Plan, Design, Implement, Maintain, Adjust. B. Strategize, Develop, Measure, Report, React. C. Formulate, Translate, Link to Operations, Monitor, Adapt. D. Analyze, Plan, Develop Strategy Map, Measure, Adapt.
c
26. Which of the following is not considered a component of information capital? A. Applications. B. Computing hardware. C. Supervision. Infrastructure
c
26. Which of the following is not one of the Val IT implementation steps? A. Assess the organization's readiness to undertake IT business value management. B. Recognize problems with prior IT investments. C. Develop a technology portfolio plan. D. Take action. E. Define characteristics of the ideal future state.
c
37. Walmart's implementation of a new SAP system in the UK resulted in which of the following? A. A catastrophic system failure that cost lives and millions of pounds in losses. B. A successful implementation of SAP that they hope to expand to other areas of the company soon. C. A successful pilot test of the system that led to a successful global rollout of SAP. D. An expensive system failure that required Walmart to start over from scratch.
c
37. Which of the following best describes the planning phase of the systems development life cycle? A. Plan the detailed steps that will take place during the implementation phase. B. Systems analysts outline all features required in the new system, including screen layouts and business process diagrams. C. Summarize the business needs of the company with a high-level view of the project. D. The business determines its information needs and designs the system to meet those needs.
c
37. Which of the following does not describe the project manager in an IT project? A. The project manager is the lead member of the project team, and is responsible for the project. B. The project manager should coordinate the entire project. C. The project manager advocates for the project to company management and outside entities. The project manager analyzes the project charter with respect to project objectives and requirements
c
41. A RAID array implemented in a data center is an example of which of the following? A. Virtualization. B. Uninterruptible power supply. C. Fault tolerance. D. SOC 3.
c
41. Accounting professionals should understand database systems for all of the following reasons except: A. Accountants have a strong understanding of risks, controls and business processes. B. Accountants increasingly participate in creating internal control systems. C. Accountants typically manage organizations' operational databases. D. Accountants frequently help improve business and IT processes.
c
41. Asymmetric-key encryption uses which of the following techniques to allow users to communicate securely? A. A message digest. B. A 16-bit encryption key. C. A public key and a private key. D. A digital signature.
c
41. CAATs are commonly used in all of the following situations except: A. Transaction testing. B. Network penetration testing. C. Encryption testing. Operating system vulnerability assessments
c
41. Which of the following approaches and/or tools are not typically used as part of a CAAT approach to auditing? A. Integrated testing facility (ITF). B. Generalized audit software (GAS). C. Audit calculation engine (ACE). Embedded audit module (EAM).
c
41. Which of the following uses best describes the use of a VPN? A. Connect computers, printers, and file servers in an office building. B. Lease dedicated communication lines to guarantee connection performance between remote office locations. C. Allow employees traveling for business to connect to home office computing resources. Allocates computing resources among multiple processors and operating systems
c
compared to other types of IT, enterprise IT provides more capabilities but also requires more _____ resources to achieve potential benefits
complementary
the value of IT can depend on the existence of ______ organizational capabilities
complementary
process performance is measured by
cost quality time
process performance can be measured generally in terms of:
cost time quality throughput
general objectives of customer management processes
customer acquisition customer selection customer retention
1. An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except: A. Password management. B. Data encryption C. Digital certificates. Batch processing
d
1. Common IT techniques that are needed to implement continuous auditing include A. Data warehouse and data mining B. Transaction logging and query tools C. Computer-assisted audit techniques. D. All of the above.
d
1. Select a correct statement regarding encryption methods? A. To use symmetric-key encryption, each user needs two different keys. B. Most companies prefer using symmetric-key encryption than asymmetric-key encryption method. C. Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority. D. When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods.
d
1. The masquerading threat for wireless LANs is: A. The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data B. The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it C. The attacker passively monitors wireless networks for data, including authentication credentials D. The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network
d
1. The purpose of a company's firewall is to: A. Guard against spoofing B. Filter packets C. Deny computer hackers access to sensitive data All of the above
d
1. What is the man-in-the-middle threat for wireless LANs? A. The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network B. The attacker passively monitors wireless networks for data, including authentication credentials C. The attacker steals or makes unauthorized use of a service D. The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.
d
1. What is the test data technique? A. It uses a set of input data to validate system integrity. B. It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system C. It is an automated technique that enables test data to be continually evaluated during the normal operation of a system D. A and B are correct E. None of the above is correct
d
1. Which of the following is an example of project risk? A. The technology will not work as expected. B. The IT project is not aligned with the company's strategy. C. The financial benefits may not be delivered. D. The IT project may exceed budget.
d
1. Which of the following is not a benefit of using wireless technology? A. Mobility B. Rapid deployment C. Flexibility and Scalability D. Security
d
1. Which of the following is not a major consideration when assessing business requirements for IT initiatives? A. Complementary business process changes B. Potential technological solutions C. Gaps in performance indicated by the strategy map D. Project risks
d
1. Which of the following is not a question that businesses should answer before making major IT investments? A. What key business issues does it address? B. What are the risks of doing the project? C. How will success be measured? D. None of the above
d
1. Which of the following is not a use of CAATs in auditing? A. Test of details of transactions and balances B. Analytical review procedures C. Fraud examination D. Produce terms and conditions of employment
d
1. Which of the following is not an approach used for online analytical processing (OLAP). A. Exception reports B. What-if simulations C. Consolidation D. Data mining
d
1. Which of the following is the best description of the balanced scorecard? A. A strategic planning and management system B. A performance measurement framework C. A formal, structured approach to link IT investment to business performance All are descriptions of the balanced scorecard
d
1. Which of the following is the primary reason that many auditors hesitate to use embedded audit modules? A. Embedded audit modules cannot be protected from computer viruses. B. Auditors are required to monitor embedded audit modules continuously to obtain valid results. C. Embedded audit modules can easily be modified through management tampering. D. Auditors are required to be involved in the system design of the application to be monitored.
d
1. Which of the following security controls would best prevent unauthorized access to a firm's internal network? A. Use of a screen saver with a password. B. Use of a firewall. C. Encryption of data files. D. Automatic log-off of inactive users.
d
1. Which of the following statement present an example of a general control for a computerized system? A. Limiting entry of sales transactions to only valid credit customers. B. Creating hash totals from social security number for the weekly payroll C. Restricting entry of accounts payable transactions to only authorized users. Restricting access to the computer center by use of biometric devices
d
1. Which of the following statements about asymmetric-key encryption is correct? A. When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties. B. Employees in the same company share the same public key. C. Most companies would like to manage the private keys for their employees. D. Most companies would like to use a Certificate Authority to manage the public keys of their employees. E. Two of the above are correct.
d
1. Which of the following statements about firewalls is wrong? A. A firewall is a security system comprised of hardware and software that is built using routers, servers, and a variety of software B. A firewall allows individuals on the corporate network to send and receive data packets from the Internet C. A firewall can filter through packets coming from outside networks to prevent unauthorized access D. A firewall connects different LANs, software-based intelligent devices, and examines IP addresses
d
1. Which of the following statements is incorrect about digital signatures? A. A digital signature can ensure data integrity. B. A digital signature also authenticates the document creator. C. A digital signature is an encrypted message digest. D. A digital signature is a message digest encrypted using the document creator's public key.
d
1. Which of the following statements is incorrect? A. A fraud prevention program starts with a fraud risk assessment across the entire firm B. The audit committee typically has an oversight role in risk assessment process C. Communicating a firm's policy file to employees is one of the most important responsibilities of management D. A fraud prevention program should include an evaluation on the efficiency of business processes.
d
1. Which of the following statements is wrong regarding continuous audit? A. Continuous audit is used to perform audit-related activities on a continuous basis B. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance C. Technology plays a key role in continuous audit in analyzing trends and patterns of transactions, identifying exceptions and anomalies, and testing controls D. Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis
d
1. Which of the following statements regarding the purposes of an operating system is correct? A. To ensure the integrity of a system B. To control the flow of multiprogramming and tasks of scheduling in the computer C. To allocate computer resources to users and applications D. All of the above are correct
d
1. Which statements are incorrect about virtual private network (VPN)? A. It is a way to use the public telecommunication infrastructure in providing secure access to an organization's network. B. It enables the employees to work remotely by accessing their firm's network securely using the Internet C. The packets sent through VPN are encrypted and with authentication technology. D. The expensive cost is one major disadvantage of VPN.
d
1. Why would companies want to use digital signatures when conducting e-business? A. They are cheap. B. They are always the same so it can be verified easily. C. They are more convenient than requiring a real signature. They can authenticate the document sender and maintain data integrity
d
21. The 100% rule suggests that before a PERT chart is done, a project manager must: a. Make sure 100% of the project is funded. b. Make sure the project team is devoted solely or 100%, to this project. c. Make sure that each person on the project team got 100% on their project management final exam. d. Make sure 100% of the project tasks are defined.
d
21. The critical path in a PERT chart represents: a. The tasks that must be completed without errors. b. The path of processes that is critical for system adoption. c. The most important tasks of the whole project d. The longest path of tasks needed for project completion.
d
21. Which of the following risks considers the possibility that the new IT system will not be implemented on time or within budget? A. Solution risk. B. Change risk. C. Alignment risk. D. Project risk.
d
26. The Val IT framework best aligns with and complements which of the following? A. The REA model. B. The COSO 2013 internal control framework. C. The Balanced Scorecard. The COBIT 5 framework
d
26. Which of the following best describes a strategy map? A. A strategy map is a categorized list of a firms strategic objectives, critical success factors (CSFs), and key performance indicators (KPIs). B. A strategy map is a collection of all a firm's activity and structure model diagrams. C. A strategy map is a visual representation of a firm's current and planned geographic operations and markets. D. A strategy map is a one-page representation of a firm's strategic priorities and the cause-and-effect linkages among them.
d
37. In 1989, Fred Davis proposed a model which predicts the use of new systems. What is the name of this model? A. System Use Model. B. Unified Theory on the Acceptance and Use of Technology. C. Individual Technology Efficacy Model. D. Technology Acceptance Model.
d
37. The modern concept of project management began with which of the following? A. The Western Electric Hawthorne Plant study. B. Ford's Model T assembly line. C. Six Sigma management theory. D. The Manhattan Project.
d
37. Which of the following best describes the implementation phase of the systems development life cycle? A. Detailed specifications are laid out for the new system, including screen layouts and business process diagrams. B. Upgrades to the operational system are installed and tested. C. The company conducts a variety of feasibility studies on the new system. The new system is developed, tested, and placed into production
d
37. Which of the following situations is not the result of a weakness in or lack of internal controls? A. Financial statements are misstated because individuals were able to update financial information beyond that needed to perform their job functions. B. A sales order is placed on back-order, but is never filled or canceled. C. Earnings per share are misstated due to a spreadsheet error. The vendor bills an amount different than the amount entered on the purchase order
d
41. A Public Key Infrastructure (PKI) provides the ability to do which of the following? A. Encrypt messages using a private key. B. Enable debit and credit card transactions. C. Read plaintext. D. Issue, maintain, and revoke digital certificates.
d
41. Encryption is a control that changes plain text into which of the following? A. Cyberspace. B. Cryptext. C. Mnemonic code. Cyphertext
d
41. For businesses considering a cloud computing solution, which of the following should they ask the cloud vendor to provide before entering into a contract for critical business operations? A. FASB 51 Report. B. SOC 1 Report. C. SAS 3 Report. SOC 2 Report
d
41. Which of the following best describes a data warehouse? A. Users typically post operational transactions directly to the data warehouse. B. Data warehouses contain real-time data. C. A data warehouse typically hold no more than one year's worth of data. D. A data warehouse contains nonvolatile data.
d
41. Which of the following groups is responsible for conducting fraud risk assessment for an organization? A. The External Auditor. B. The Audit Committee. C. The Internal Audit group. D. Management.
d
41. Which of the following is not considered an advantage of using a continuous auditing approach? A. Transactions can be tested and analyzed closer in time to when they actually occur. B. Better compliance with laws and regulations. C. It can reduce the effort required for routine testing. D. It can be costly and time consuming to set up continuous auditing processes.
d
21. Which of the following is not one of the potential approaches to quantifying the expected benefits of IT initiatives? A. Real option theory. B. Simulation. C. External benchmarks. D. Expert opinion. E. Performance futures theory.
e
the balance scorecard describes performance from four perspectives
financial learning & growth customer process
WAN devices
firewalls, routers
related audit activity
fraud/abuse examination financial attest control assurance
the three categories of information technology are
function enterprise network
Modifying default configurations to turn off unnecessary programs and features to improve security is called
hardening.
A facility that contains all the computing equipment the organization needs to perform its essential business activities is known as a
hot site.
Encryption has a remarkably long and varied history. The invention of writing was apparently soon followed by a desire to conceal messages. One of the earliest methods, attributed to an ancient Roman emperor, was the simple substitution of numbers for letters, for example A = 1, B = 2, etc. This is an example of
symmetric key encryption
in the learning and growth perspective, the organization sets goals to ensure that it is strategically ready to continuously _____ its process performance
improve
The use of message encryption software
increases system overhead
human capital
investment in people - ensuring the right people with the right skills are available
Multi-factor authentication
involves the use of two or more basic authentication methods.
According to the Trust Services Framework, the reliability principle of integrity is achieved when the system produces data that
is complete, accurate, and valid.
what is the white-box approach?
it requires auditors to understand the internal logic of the system/application being tested auditors need to create test cases to verify specific logic and controls in a system
after developing a strategy map, companies then plan, implement, and monitor performance using the balanced scorecard _____ process
management
management controls are security controls that focus on _____ of risk and information system security
management
the _____ system is the most important system software because it performs the tasks that enables a computer to operate
operating
compare and contrast data warehouses and operational databases
operational databases are updated as transactions are processed and data warehouses are not
process perspectives
operations management customer management innovation regulatory and social
local area network (LAN) devices include hubs and switches. from a security perspective, _____ provide a significant improvement over _____
switches, hubs
under the _____ simulation approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results to audit the system
parallel
a strategy map allows firms to assess and prioritize gaps between their current and desired ______ levels
performance
the balanced scorecard is a ______ framework that allows managers to measure the firms performance from multiple perspectives that follow from the firm's mission, strategy, and objectives
performance measurement
function IT
performs a single function, such as enhancing worker productivity for standalone tasks
executives should analyze each proposed IT investment as part of a _____ of potential investments
portfolio
Which type of analysis assists with understanding what is happening right now?
prescriptive
attributes of a firm product relevant to the firms value proposition?
price quality selection
the ______ perspective describes that firms objectives for its business processes so that firm operates efficiently while also delivering products and services that meet its customers' requirements
process
after implementing enterprise IT, organizations have difficulty assessing its benefits because it becomes embedded in one or more organizational ______
processes
Duran Company is a manufacturer of men's shirts. It distributes weekly sales reports to each sales manager. The quantity 2R5 appeared in the quantity sold column for one of the items on the report for one of the sales managers. The most likely explanation for what has occurred is that the
program did not contain a data checking routine for input data.
the operating system must achieve fundamental control objectives to consistently and reliably perform its functions. what are the control objectives of the OS?
protect itself from users protect itself from each other protect itself from themselves be protected from itself be protected from its environment
companies generally strive to lower process costs, lower cycle times, improve process _____, and increase process throughout
quality
Assigning passwords to computer users is a control to prevent unauthorized access. Because a password doesn't conclusively identify a specific individual, it must be safeguarded from theft. A method used to protect passwords is to
require a minimum retention period
access control
restrict the rights of devices or individuals to access a network or resource within a network
data governance is the convergence of:
risk management data data quality, data management, data policies business process management data
LAN devices
switches, hubs
auditors an use computer-assisted audit techniques in which areas?
test of details of transactions and balances compliance tests of IT general and application controls analytical review procedures
continuous auditing
testing in continuous audits often consists of continuous controls monitoring and continuous data assurance continuous auditing is to perform audit-related activities on a continuous basis technology plays a key role in analyzing trends and patterns of transactions, identifying exceptions and anomalies, and testing controls
message replay
the attacker passively monitors transmissions via wireless networks and retransmits messages, acting as if the attacker was a legitimate user
traffic analysis
the attacker passively monitors transmissions via wireless networks to identify communication patterns and participants
eavesdropping
the attacker passively monitors wireless networks for data, including authentication credentials
misappropriation
the attacker steals or makes unauthorized use of a service
data governance
the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a firm
On March 3, 2019, a laptop computer belonging to Folding Squid Technology was stolen from the trunk of Erica Zink's car while she was attending a conference in Cleveland, Ohio. After reporting the theft, Erica considered the implications of the theft for the company's network security and concluded there was nothing to worry about because
the data stored on the computer was encrypted.
The online data entry control called preformatting is
the display of a document with blanks for data items to be entered by the person entering the data.
customer perspective
the value proposition differentiates from the competition
identify the main purposes for a wide area network (WAN)
to link various sites within the firm to provide remote access to employees or customers to provide corporate access to the internet
true or false: most threats with regard to wireless networks typically involve an attacker with access to the radio link between a station and an access point, or between two stations
true
how can a business make a wide area network? (WAN)
use dedicated leased lines use a virtual private network
test data technique
uses a set of input data to validate system integrity