Exam 8: Controlling Information Systems: Introduction to Pervasive Controls

The functions of the ______________________________ commonly include assigning passwords and making sure the IT organization is secure from physical threats.

A clerk receives checks and customer receipts in the mail. He endorses the checks, fills out the deposit slip, and posts the checks to the cash receipts events data. The clerk is exercising which functions?

Segregation of duties consists of separating the four functions of authorizing events, ______________________________ events, ______________________________ events, and safeguarding the resources resulting from consummating the events.

Program change controls provide assurance that all modifications to programs are authorized and documented, and that the changes are completed, tested, and properly implemented.

The IS function of quality assurance conducts reviews to ensure the attainment of IT objectives.

A data replication strategy where all data changes are data stamped and saved to secondary systems as the changes are happening is called:

Copies of important stored data, programs, and documentation made periodically are called ______________________________.

The ______________________________ is charged with safeguarding the IT organization.

Which of the following is not a strategic planning process?

COBIT 5 has two main components: five _____________ and seven ________________.

Individual departments coordinate the organizational and IT strategic planning processes and reviews and approves the strategic IT plan.

Antivirus is a technique to protect one network from another "untrusted" network.

The four events-processing functions that constitute the segregation of duties control plan are: Required: Below is a list of ten events-processing activities, five relating to the cycle of activities involved in processing a sales event and seven relating to the cycle for a purchase event. Classify each of the twelve activities into one of the four functional categories listed above by placing the letter A, B, C, or D on the answer line to the left of each number. You should use only one letter for each of the answers.

The information systems function is synonymous with the accounting function.

The ______________________________ documentation portion of application documentation provides an overall description of the application, including the system's purpose; an overview of system procedures; and sample source documents, outputs, and reports.

Intrusion-prevention systems (IPS) actively block unauthorized traffic using rules specified by the organization.

Which of the following is not one of COBIT's four broad IT control process domains?

A fidelity bond indemnifies a company in case it suffers losses from defalcations committed by its employees.

______________________________ is the intentional unauthorized access of an organization's computer system, accomplished by bypassing the system's access security controls.

In an information systems organization, which of the following reporting relationships makes the least sense?