Question 1

Explain the concept of discretionary access privileges.

Accepted Answer

In centralized systems,a system administrator usually determines who is granted access to specific resources and maintains the access control list.In distributed systems,however,resources may be controlled (owned)by end users.Resource owners in this setting may be granted discretionary access privileges,which allow them to grant access privileges to other users.For example,the controller,who is the owner of the general ledger,may grant read-only privileges to a manager in the budgeting department.The accounts payable manager,however,may be granted both read and write permissions to the ledger.Any attempt by the budgeting manager to add,delete,or change the general ledger will be denied.The use of discretionary access control needs to be closely supervised to prevent security breaches because of its liberal use.

Question 2

What is a user-defined procedure?

Accepted Answer

A user-defined procedure allows the user to create a personal security program or routine to provide more positive user identification than a password can.For example,in addition to a password,the security procedure asks a series of personal questions (such as the user's mother's maiden name),which only the legitimate user is likely to know.

Question 3

All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except

Accepted Answer

A) verifying that only authorized software is used on company computers 
B) reviewing system maintenance records 
C) confirming that antivirus software is in use 
D) examining the password policy including a review of the authority table 
A) verifying that only authorized software is used on company computers 
B) reviewing system maintenance records 
C) confirming that antivirus software is in use 
D) examining the password policy including a review of the authority table B

Question 4

What can be done to defeat a DDoS attack?

Accepted Answer

Intrusion prevention systems (

Question 5

Audit trails cannot be used to

Accepted Answer

A) detect unauthorized access to systems 
B) facilitate reconstruction of events 
C) reduce the need for other forms of security 
D) promote personal accountability 
A) detect unauthorized access to systems 
B) facilitate reconstruction of events 
C) reduce the need for other forms of security 
D) promote personal accountability

Question 6

Operating system integrity is not of concern to accountants because only hardware risks are involved.

Accepted Answer

A) True 
 B)False

Question 7

Which of the following deal with transaction legitimacy?

Accepted Answer

A) transaction authorization and validation 
B) access controls 
C) EDI audit trail 
D) all of the above 
A) transaction authorization and validation 
B) access controls 
C) EDI audit trail 
D) all of the above

Question 8

The message authentication code is calculated by the sender and the receiver of a data transmission.

Accepted Answer

A) True 
 B)False

Question 9

Contrast the private encryption standard approach with the public key encryption approach to controlling access to telecommunication messages.

Accepted Answer

In the private encryption standard appro

Question 10

What are the auditor's concerns in testing EDI controls?

Accepted Answer

When testing EDI controls,the auditor's

Question 11

In an electronic data interchange environment,the audit trail

Accepted Answer

A) is a printout of all incoming and outgoing transactions 
B) is an electronic log of all transactions received, translated, and processed by the system 
C) is a computer resource authority table 
D) consists of pointers and indexes within the database 
A) is a printout of all incoming and outgoing transactions 
B) is an electronic log of all transactions received, translated, and processed by the system 
C) is a computer resource authority table 
D) consists of pointers and indexes within the database

Question 12

The operating system performs all of the following tasks except

Accepted Answer

A) translates third-generation languages into machine language 
B) assigns memory to applications 
C) authorizes user access 
D) schedules job processing 
A) translates third-generation languages into machine language 
B) assigns memory to applications 
C) authorizes user access 
D) schedules job processing

Question 13

Explain how smurf attacks can be controlled.

Accepted Answer

The targeted organization can

Question 14

Examining programmer authority tables for information about who has access to data definition language commands will provide evidence about who is responsible for creating subschemas.

Accepted Answer

A) True 
 B)False

Question 15

Passwords are secret codes that users enter to gain access to systems.Security can be compromised by all of the following except

Accepted Answer

A) failure to change passwords on a regular basis 
B) using obscure passwords unknown to others 
C) recording passwords in obvious places 
D) selecting passwords that can be easily detected by computer criminals 
A) failure to change passwords on a regular basis 
B) using obscure passwords unknown to others 
C) recording passwords in obvious places 
D) selecting passwords that can be easily detected by computer criminals

Question 16

Describe one benefit of using a call-back device.

Accepted Answer

Access to the system is achieved when th

Question 17

All of the following are objectives of operating system control except

Accepted Answer

A) protecting the OS from users 
B) protesting users from each other 
C) protecting users from themselves 
D) protecting the environment from users 
A) protecting the OS from users 
B) protesting users from each other 
C) protecting users from themselves 
D) protecting the environment from users

Question 18

Which method will render useless data captured by unauthorized receivers?

Accepted Answer

A) echo check 
B) parity bit 
C) public key encryption 
D) message sequencing 
A) echo check 
B) parity bit 
C) public key encryption 
D) message sequencing

Question 19

What is deep packet inspection?

Accepted Answer

DPI is a technique that search

Question 20

In a computerized environment,the audit trail log must be printed onto paper documents.

Accepted Answer

A) True 
 B)False

Explain the concept of discretionary access privileges.

What is a user-defined procedure?

All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except

What can be done to defeat a DDoS attack?

Audit trails cannot be used to

Operating system integrity is not of concern to accountants because only hardware risks are involved.

Which of the following deal with transaction legitimacy?

The message authentication code is calculated by the sender and the receiver of a data transmission.

Contrast the private encryption standard approach with the public key encryption approach to controlling access to telecommunication messages.

What are the auditor's concerns in testing EDI controls?

In an electronic data interchange environment,the audit trail

The operating system performs all of the following tasks except

Explain how smurf attacks can be controlled.

Examining programmer authority tables for information about who has access to data definition language commands will provide evidence about who is responsible for creating subschemas.

Passwords are secret codes that users enter to gain access to systems.Security can be compromised by all of the following except

Describe one benefit of using a call-back device.

All of the following are objectives of operating system control except

Which method will render useless data captured by unauthorized receivers?

What is deep packet inspection?

In a computerized environment,the audit trail log must be printed onto paper documents.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics,fraud,and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting,and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Auditing It Controls Part I: Sarbanes-Oxley and It Governance

Auditing It Controls Part III: Systems Development, program Changes, and Application Auditing

Filters

Exam 15: Auditing It Controls Part II: Security and Access

Explain the concept of discretionary access privileges.

What is a user-defined procedure?

All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except

What can be done to defeat a DDoS attack?

Audit trails cannot be used to

Operating system integrity is not of concern to accountants because only hardware risks are involved.

Which of the following deal with transaction legitimacy?

The message authentication code is calculated by the sender and the receiver of a data transmission.

Contrast the private encryption standard approach with the public key encryption approach to controlling access to telecommunication messages.

What are the auditor's concerns in testing EDI controls?

In an electronic data interchange environment,the audit trail

The operating system performs all of the following tasks except

Explain how smurf attacks can be controlled.

Examining programmer authority tables for information about who has access to data definition language commands will provide evidence about who is responsible for creating subschemas.

Passwords are secret codes that users enter to gain access to systems.Security can be compromised by all of the following except

Describe one benefit of using a call-back device.

All of the following are objectives of operating system control except

Which method will render useless data captured by unauthorized receivers?

What is deep packet inspection?

In a computerized environment,the audit trail log must be printed onto paper documents.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics,fraud,and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting,and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Auditing It Controls Part I: Sarbanes-Oxley and It Governance

Auditing It Controls Part III: Systems Development, program Changes, and Application Auditing

Filters