Exam 8: Controlling Information Systems: Introduction to Pervasive Controls

A small organization that does not have enough personnel to adequately segregate duties must rely on alternative controls, commonly called ______________________________.

____ can consist of many computers and related equipment connected together via a network.

Systems documentation provides an overall description of the application, including the system's purpose; an overview of system procedures; and sample source documents, outputs, and reports.

Specifications for availability, reliability, performance, capacity for growth, levels of user support, disaster recovery, security, minimal system functionality, and service charges are included in:

With the data replication strategy known as ______________________________ all data changes are data stamped and saved to secondary systems as the changes are happening.

The chief information officer (CIO) prioritizes and selects IT projects and resources.

Which of the following control plans is not a retention control plan?

The WebTrust family of services offers best practices and e-business solutions related exclusively to B2B electronic commerce.

Which of the following statements related to denial of service attacks is false?

All of the following are components of a backup and recovery strategy except:

The first list below contains 10 control plans discussed in Chapter 8. The second list describes 10 system failures that have control implications. Required: On the answer line to the left of each system failure, insert the capital letter from the first list of the best control plan to prevent the system failure from occurring. If you can't find a control that will prevent the failure, then choose a detective or a corrective plan. A letter should be used only once.

Data encryption is a process that codes data to make it readable to human eye.

This IT function's key control concern is that organization and IT strategic objectives are misaligned:

Which of the following statements is true?

COBIT 5:

The controlled access to data, programs, and documentation is a principal responsibility of which of the following functions?

Application controls restrict access to data, programs, and documentation.

The control concern that there will be a high risk of data conversion errors relates primarily to which of the following information systems functions?

Within the data center, the data control group is responsible for routing all work into and out of the data center, correcting errors, and monitoring error correction.

Segregation of duties consists of separating the four functions of authorizing events, executing events, recording events, and safeguarding the resources resulting from consummating the events.