Question 1

Explain the concept of discretionary access privileges.

Accepted Answer

In centralized systems,a system administ

Question 2

Describe one benefit of using a call-back device.

Accepted Answer

Access to the system is achieved when th

Question 3

The operating system performs all of the following tasks except

Accepted Answer

A)  translates third-generation languages into machine language 
B)  assigns memory to applications 
C)  authorizes user access 
D)  schedules job processing 
A)  translates third-generation languages into machine language 
B)  assigns memory to applications 
C)  authorizes user access 
D)  schedules job processing

Question 4

An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an)

Accepted Answer

A)  operating system. 
B)  database management system. 
C)  utility system 
D)  facility system. 
E)  object system. 
A)  operating system. 
B)  database management system. 
C)  utility system 
D)  facility system. 
E)  object system.

Question 5

Which is not a biometric device?

Accepted Answer

A)  password 
B)  retina prints 
C)  voice prints 
D)  signature characteristics 
A)  password 
B)  retina prints 
C)  voice prints 
D)  signature characteristics

Question 6

A software program that allows access to a system without going through the normal logon procedures is called a

Accepted Answer

A)  logic bomb 
B)  Trojan horse 
C)  worm 
D)  back door 
A)  logic bomb 
B)  Trojan horse 
C)  worm 
D)  back door

Question 7

What is deep packet inspection?

Accepted Answer

DPI is a technique that search

Question 8

What is event monitoring?

Accepted Answer

Event monitoring summarizes key activiti

Question 9

Access controls protect databases against destruction,loss or misuse through unauthorized access.

Accepted Answer

A) True 
 B)False

Question 10

The database management system controls access to program files.

Accepted Answer

A) True 
 B)False

Question 11

Which of the following is considered an unintentional threat to the integrity of the operating system?

Accepted Answer

A)  a hacker gaining access to the system because of a security flaw 
B)  a hardware flaw that causes the system to crash 
C)  a virus that formats the hard drive 
D)  the systems programmer accessing individual user files 
A)  a hacker gaining access to the system because of a security flaw 
B)  a hardware flaw that causes the system to crash 
C)  a virus that formats the hard drive 
D)  the systems programmer accessing individual user files

Question 12

All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except

Accepted Answer

A)  verifying that only authorized software is used on company computers 
B)  reviewing system maintenance records 
C)  confirming that antivirus software is in use 
D)  examining the password policy including a review of the authority table 
A)  verifying that only authorized software is used on company computers 
B)  reviewing system maintenance records 
C)  confirming that antivirus software is in use 
D)  examining the password policy including a review of the authority table

Question 13

One purpose of a database system is the easy sharing of data.But this ease of sharing can also jeopardize security.Discuss at least three forms of access control designed to reduce this risk.

Accepted Answer

Many types of access control are possibl

Question 14

Explain how smurf attacks can be controlled.

Accepted Answer

The targeted organization can

Question 15

Many techniques exist to reduce the likelihood and effects of data communication hardware failure.One of these is

Accepted Answer

A)  hardware access procedures 
B)  antivirus software 
C)  parity checks 
D)  data encryption 
A)  hardware access procedures 
B)  antivirus software 
C)  parity checks 
D)  data encryption

Question 16

When creating and controlling backups for a sequential batch system,

Accepted Answer

A)  the number of backup versions retained depends on the amount of data in the file 
B)  off-site backups are not required 
C)  backup files can never be used for scratch files 
D)  the more significant the data, the greater the number of backup versions 
A)  the number of backup versions retained depends on the amount of data in the file 
B)  off-site backups are not required 
C)  backup files can never be used for scratch files 
D)  the more significant the data, the greater the number of backup versions

Question 17

In a direct access file system

Accepted Answer

A)  backups are created using the grandfather-father-son approach 
B)  processing a transaction file against a maser file creates a backup file 
C)  files are backed up immediately before an update run 
D)  if the master file is destroyed, it cannot be reconstructed 
A)  backups are created using the grandfather-father-son approach 
B)  processing a transaction file against a maser file creates a backup file 
C)  files are backed up immediately before an update run 
D)  if the master file is destroyed, it cannot be reconstructed

Question 18

Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating subschemas.

Accepted Answer

A) True 
 B)False

Question 19

What are some typical problems with passwords?

Accepted Answer

users failing to remember pass

Question 20

When auditors examine and test the call-back feature,they are testing which audit objective?

Accepted Answer

A)  incompatible functions have been segregated 
B)  application programs are protected from unauthorized access 
C)  physical security measures are adequate to protect the organization from natural disaster 
D)  illegal access to the system is prevented and detected 
A)  incompatible functions have been segregated 
B)  application programs are protected from unauthorized access 
C)  physical security measures are adequate to protect the organization from natural disaster 
D)  illegal access to the system is prevented and detected

Explain the concept of discretionary access privileges.

Describe one benefit of using a call-back device.

The operating system performs all of the following tasks except

An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an)

Which is not a biometric device?

A software program that allows access to a system without going through the normal logon procedures is called a

What is deep packet inspection?

What is event monitoring?

Access controls protect databases against destruction,loss or misuse through unauthorized access.

The database management system controls access to program files.

Which of the following is considered an unintentional threat to the integrity of the operating system?

All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except

One purpose of a database system is the easy sharing of data.But this ease of sharing can also jeopardize security.Discuss at least three forms of access control designed to reduce this risk.

Explain how smurf attacks can be controlled.

Many techniques exist to reduce the likelihood and effects of data communication hardware failure.One of these is

When creating and controlling backups for a sequential batch system,

In a direct access file system

Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating subschemas.

What are some typical problems with passwords?

When auditors examine and test the call-back feature,they are testing which audit objective?

The Information System: An Accountant’s Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

General Ledger, Financial Reporting, and Management Reporting Systems

Database Management Systems

The REA Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls : Sarbanes-Oxley and IT Governance

IT Controls : Systems Development Program Changes and Application Controls

Filters

Exam 16: IT Controls : Security and Access

Explain the concept of discretionary access privileges.

Describe one benefit of using a call-back device.

The operating system performs all of the following tasks except

An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an)

Which is not a biometric device?

A software program that allows access to a system without going through the normal logon procedures is called a

What is deep packet inspection?

What is event monitoring?

Access controls protect databases against destruction,loss or misuse through unauthorized access.

The database management system controls access to program files.

Which of the following is considered an unintentional threat to the integrity of the operating system?

All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except

One purpose of a database system is the easy sharing of data.But this ease of sharing can also jeopardize security.Discuss at least three forms of access control designed to reduce this risk.

Explain how smurf attacks can be controlled.

Many techniques exist to reduce the likelihood and effects of data communication hardware failure.One of these is

When creating and controlling backups for a sequential batch system,

In a direct access file system

Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating subschemas.

What are some typical problems with passwords?

When auditors examine and test the call-back feature,they are testing which audit objective?

The Information System: An Accountant’s Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

General Ledger, Financial Reporting, and Management Reporting Systems

Database Management Systems

The REA Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls : Sarbanes-Oxley and IT Governance

IT Controls : Systems Development Program Changes and Application Controls

Filters