Question 1

This type of control is intended to ensure the accuracy and completeness of processing that occurs in accounting applications:

Accepted Answer

A) Input Controls 
B) Internal Controls 
C) Processing Controls 
D) Output Controls 
A) Input Controls 
B) Internal Controls 
C) Processing Controls 
D) Output Controls

Question 2

The procedures to collect and prepare source documents are termed:

Accepted Answer

A) Input validation procedures 
B) Form authorization procedures 
C) Data preparation procedures 
D) Document retention procedures 
A) Input validation procedures 
B) Form authorization procedures 
C) Data preparation procedures 
D) Document retention procedures

Question 3

To avoid the risks associated with a public cloud, many companies establish their own computing cloud structure.The cloud is developed, owned, maintained, and used by the user company.This cloud is referred to as:

Accepted Answer

A) Company cloud 
B) User cloud 
C) Private cloud 
D) Internal cloud 
A) Company cloud 
B) User cloud 
C) Private cloud 
D) Internal cloud

Question 4

A process or procedure in an IT system to ensure that the person accessing the IT system is valid and authorized is called:

Accepted Answer

A) Hacking and other network break-ins 
B) Physical environment and physical security 
C) Authentication of users and limiting unauthorized access 
D) Organizational structure 
A) Hacking and other network break-ins 
B) Physical environment and physical security 
C) Authentication of users and limiting unauthorized access 
D) Organizational structure

Question 5

Management of an internet retail company is concerned about the possibility of computer data eavesdropping and wiretapping, and wants to maintain the confidentiality of its information as it is transmitted.The company should make use of:

Accepted Answer

A) Data encryption 
B) Redundant servers 
C) Input controls 
D) Password codes 
A) Data encryption 
B) Redundant servers 
C) Input controls 
D) Password codes

Question 6

A self-replicating piece of program code that can attach itself to other programs and data and perform malicious actions is referred to as a(n):

Accepted Answer

A) Worm 
B) Encryption 
C) Virus 
D) Infection 
A) Worm 
B) Encryption 
C) Virus 
D) Infection

Question 7

The data preparation procedures are to be well-defined so that employees will be sure of:

Accepted Answer

A) Which forms to use 
B) When to use them 
C) Where to route them 
D) All of the above 
A) Which forms to use 
B) When to use them 
C) Where to route them 
D) All of the above

Question 8

Which of the following is NOT one of the rules for the effective use of passwords?

Accepted Answer

A) Passwords should not be case sensitive 
B) Passwords should be at least 8 characters in length 
C) Passwords should contain at least one nonalphanumeric character. 
D) Password should be changed every 90 days. 
A) Passwords should not be case sensitive 
B) Passwords should be at least 8 characters in length 
C) Passwords should contain at least one nonalphanumeric character. 
D) Password should be changed every 90 days.

Question 9

A proactive program for considering risks to the business continuation and the development of plans and procedures to reduce those risks is referred to as:

Accepted Answer

A) Redundant business planning 
B) Business continuity planning 
C) Unnecessary in the current safe environments 
D) Emergency backup power 
A) Redundant business planning 
B) Business continuity planning 
C) Unnecessary in the current safe environments 
D) Emergency backup power

Question 10

This type of software should be used to avoid destruction of data programs and to maintain operation of the IT system.It continually scans the system for viruses and worms and either deletes or quarantines them.

Accepted Answer

A) Penicillin Software 
B) Antivirus Software 
C) Infection Software 
D) Internet Software 
A) Penicillin Software 
B) Antivirus Software 
C) Infection Software 
D) Internet Software

Question 11

Two or more computer network or data servers that can run identical processes or maintain the same data are called:

Accepted Answer

A) Emergency power supply 
B) Uninterruptible power 
C) Redundant servers 
D) Business continuity planning 
A) Emergency power supply 
B) Uninterruptible power 
C) Redundant servers 
D) Business continuity planning

Question 12

An IT governance committee has several responsibilities.Which of the following is least likely to be a responsibility of the IT governance committee?

Accepted Answer

A) Develop and maintain the database and ensure adequate controls over the database. 
B) Develop, monitor, and review security policies. 
C) Oversee and prioritize changes to IT systems. 
D) Align IT investments to business strategy. 
A) Develop and maintain the database and ensure adequate controls over the database. 
B) Develop, monitor, and review security policies. 
C) Oversee and prioritize changes to IT systems. 
D) Align IT investments to business strategy.

Question 13

All of the following are general controls except for:

Accepted Answer

A) Passwords 
B) Physical hardware controls 
C) Software controls 
D) Inventory controls 
A) Passwords 
B) Physical hardware controls 
C) Software controls 
D) Inventory controls

Question 14

This should be established for every authorized user and determines each user's access level to hardware, software, and data according to the individual's job responsibilities.

Accepted Answer

A) User profile 
B) User password 
C) User ID 
D) User log 
A) User profile 
B) User password 
C) User ID 
D) User log

Question 15

There are a number of reasons that all access to an IT system be logged.Which of the following is not one of the reasons for the log to be maintained?

Accepted Answer

A) Any login or use abnormalities can be examined in more detail to determine any weaknesses in the login procedures. 
B) A user cannot deny any particular act that he or she did on the system. 
C) To establish nonrepudiation of sales transactions by a customer. 
D) To establish a user profile. 
A) Any login or use abnormalities can be examined in more detail to determine any weaknesses in the login procedures. 
B) A user cannot deny any particular act that he or she did on the system. 
C) To establish nonrepudiation of sales transactions by a customer. 
D) To establish a user profile.

Question 16

This type of input validation check examines a field to ensure that the data entry in the field is valid compared with a preexisting list of acceptable values.

Accepted Answer

A) Field Check 
B) Completeness Check 
C) Validity Check 
D) Range Check 
A) Field Check 
B) Completeness Check 
C) Validity Check 
D) Range Check

Question 17

This table contains a list of valid, authorized users and the access level granted to each one.

Accepted Answer

A) User table 
B) Authority table 
C) Authentication table 
D) Configuration table 
A) User table 
B) Authority table 
C) Authentication table 
D) Configuration table

Question 18

Which programmed input validation makes sure that a value was entered in all of the critical fields?

Accepted Answer

A) Completeness check 
B) Validity check 
C) Reasonableness check 
D) Field check 
A) Completeness check 
B) Validity check 
C) Reasonableness check 
D) Field check

Question 19

Which of the following is not a general control in an IT system:

Accepted Answer

A) Processing controls 
B) Authentication of Users and Limiting Unauthorized Access 
C) Establishment of an Organizational Structure 
D) Physical Security of IT equipment 
A) Processing controls 
B) Authentication of Users and Limiting Unauthorized Access 
C) Establishment of an Organizational Structure 
D) Physical Security of IT equipment

Question 20

Unauthorized access to the operating system would allow the unauthorized user to:

Accepted Answer

A) Browse disk files for sensitive data or passwords 
B) Alter data through the operating system 
C) Alter application programs 
D) All of the above 
A) Browse disk files for sensitive data or passwords 
B) Alter data through the operating system 
C) Alter application programs 
D) All of the above

This type of control is intended to ensure the accuracy and completeness of processing that occurs in accounting applications:

The procedures to collect and prepare source documents are termed:

To avoid the risks associated with a public cloud, many companies establish their own computing cloud structure.The cloud is developed, owned, maintained, and used by the user company.This cloud is referred to as:

A process or procedure in an IT system to ensure that the person accessing the IT system is valid and authorized is called:

Management of an internet retail company is concerned about the possibility of computer data eavesdropping and wiretapping, and wants to maintain the confidentiality of its information as it is transmitted.The company should make use of:

A self-replicating piece of program code that can attach itself to other programs and data and perform malicious actions is referred to as a(n):

The data preparation procedures are to be well-defined so that employees will be sure of:

Which of the following is NOT one of the rules for the effective use of passwords?

A proactive program for considering risks to the business continuation and the development of plans and procedures to reduce those risks is referred to as:

This type of software should be used to avoid destruction of data programs and to maintain operation of the IT system.It continually scans the system for viruses and worms and either deletes or quarantines them.

Two or more computer network or data servers that can run identical processes or maintain the same data are called:

An IT governance committee has several responsibilities.Which of the following is least likely to be a responsibility of the IT governance committee?

All of the following are general controls except for:

This should be established for every authorized user and determines each user's access level to hardware, software, and data according to the individual's job responsibilities.

There are a number of reasons that all access to an IT system be logged.Which of the following is not one of the reasons for the log to be maintained?

This type of input validation check examines a field to ensure that the data entry in the field is valid compared with a preexisting list of acceptable values.

This table contains a list of valid, authorized users and the access level granted to each one.

Which programmed input validation makes sure that a value was entered in all of the critical fields?

Which of the following is not a general control in an IT system:

Unauthorized access to the operating system would allow the unauthorized user to:

Introduction to AIS

Foundational Concepts of the AIS

Fraud, Ethics, and Internal Control

IT Governance

Enterprise Resource Planning ERP Systems

Auditing Information Technology-Based Processes

Revenue and Cash Collection Processes and Controls

Expenditures Processes and Controlspurchases

Expenditures Processes and Controlspayroll and Fixed Assets

Conversion Processes and Controls

Administrative Processes and Controls

Data and Databases

E-Commerce and E-Business

Filters

Exam 4: Internal Controls and Risks in IT Systems

This type of control is intended to ensure the accuracy and completeness of processing that occurs in accounting applications:

The procedures to collect and prepare source documents are termed:

To avoid the risks associated with a public cloud, many companies establish their own computing cloud structure.The cloud is developed, owned, maintained, and used by the user company.This cloud is referred to as:

A process or procedure in an IT system to ensure that the person accessing the IT system is valid and authorized is called:

Management of an internet retail company is concerned about the possibility of computer data eavesdropping and wiretapping, and wants to maintain the confidentiality of its information as it is transmitted.The company should make use of:

A self-replicating piece of program code that can attach itself to other programs and data and perform malicious actions is referred to as a(n):

The data preparation procedures are to be well-defined so that employees will be sure of:

Which of the following is NOT one of the rules for the effective use of passwords?

A proactive program for considering risks to the business continuation and the development of plans and procedures to reduce those risks is referred to as:

This type of software should be used to avoid destruction of data programs and to maintain operation of the IT system.It continually scans the system for viruses and worms and either deletes or quarantines them.

Two or more computer network or data servers that can run identical processes or maintain the same data are called:

An IT governance committee has several responsibilities.Which of the following is least likely to be a responsibility of the IT governance committee?

All of the following are general controls except for:

This should be established for every authorized user and determines each user's access level to hardware, software, and data according to the individual's job responsibilities.

There are a number of reasons that all access to an IT system be logged.Which of the following is not one of the reasons for the log to be maintained?

This type of input validation check examines a field to ensure that the data entry in the field is valid compared with a preexisting list of acceptable values.

This table contains a list of valid, authorized users and the access level granted to each one.

Which programmed input validation makes sure that a value was entered in all of the critical fields?

Which of the following is not a general control in an IT system:

Unauthorized access to the operating system would allow the unauthorized user to:

Introduction to AIS

Foundational Concepts of the AIS

Fraud, Ethics, and Internal Control

IT Governance

Enterprise Resource Planning ERP Systems

Auditing Information Technology-Based Processes

Revenue and Cash Collection Processes and Controls

Expenditures Processes and Controlspurchases

Expenditures Processes and Controlspayroll and Fixed Assets

Conversion Processes and Controls

Administrative Processes and Controls

Data and Databases

E-Commerce and E-Business

Filters