Exam 13: Monitoring and Auditing Ais

The masquerading threat for wireless LANs is: A. The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data B. The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it C. The attacker passively monitors wireless networks for data, including authentication credentials D. The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network

A virtual private network (VPN) is a private network, provided by a third party, for exchanging information through a high capacity connection.

What is the test data technique? A. It uses a set of input data to validate system integrity. B. It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system C. It is an automated technique that enables test data to be continually evaluated during the normal operation of a system D. A and B are correct E. None of the above is correct

Which of the following is not an approach used for online analytical processing (OLAP). A. Exception reports B. What-if simulations C. Consolidation D. Data mining

An integrated test facility (ITF) is an automated technique that enables test data to be continually evaluated during the normal operation of a system.

Which of the following statements is wrong regarding continuous audit? A. Continuous audit is used to perform audit-related activities on a continuous basis B. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance C. Technology plays a key role in continuous audit in analyzing trends and patterns of transactions, identifying exceptions and anomalies, and testing controls D. Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis

The Generally Accepted Auditing Standards (GAAS) issued by PCAOB provide guidelines for conducting an IS/IT audit.

Which of the following statements regarding the black-box approach for systems auditing is correct? A. The auditors need to gain detailed knowledge of the systems' internal logic B. The black-box approach could be adequate when automated systems applications are complicated C. The auditors first calculate expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results. D. All of the above are correct

Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a company.

Which of the following is not considered an advantage of using a continuous auditing approach? A. Transactions can be tested and analyzed closer in time to when they actually occur. B. Better compliance with laws and regulations. C. It can reduce the effort required for routine testing. D. It can be costly and time consuming to set up continuous auditing processes.

An embedded audit module is a programmed audit module that is added to the system under review.

Which of the following best describes continuous auditing? A. Audit-related activities are peformed throughout the period under review. B. The full audit team remains on the client site for the entire fiscal year. C. The database extracts every 10^th transaction and flags it for audit review. D. Auditors can generate greater fees by increasing the amount of manual testing performed for the client.

Which of the following approaches and/or tools are not typically used as part of a CAAT approach to auditing? A. Integrated testing facility (ITF). B. Generalized audit software (GAS). C. Audit calculation engine (ACE). D. Embedded audit module (EAM).

Which of the following statements about switches is correct? A. A hub is smarter than Switch. B. Switches provide more security protections than hubs do for a company's internal network. C. Switches are widely used in WANs. D. A Switch contains multiple ports.

What is data mining? A. A particular attribute of information. B. A common term for the representation of multidimensional data. C. The process of analyzing data to extract information that is not affected by the raw data alone. D. None of the above is correct.

LAN is the abbreviation for A. Large Area Network. B. Local Area Network. C. Longitudinal Analogue Network. D. Low Analytical Nets.

Which of the following is not a management control for wireless networks? A. Assigning roles and responsibilities of employees for access control B. Conducting risk assessment on a regular basis C. Conducting appropriate awareness training on wireless networks D. Creating policies and procedures

Which of the following statements about firewalls is wrong? A. A firewall is a security system comprised of hardware and software that is built using routers, servers, and a variety of software B. A firewall allows individuals on the corporate network to send and receive data packets from the Internet C. A firewall can filter through packets coming from outside networks to prevent unauthorized access D. A firewall connects different LANs, software-based intelligent devices, and examines IP addresses

The data in a data warehouse are updated when transactions are processed.

What is the man-in-the-middle threat for wireless LANs? A. The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network B. The attacker passively monitors wireless networks for data, including authentication credentials C. The attacker steals or makes unauthorized use of a service D. The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.