Question 1

Audit objectives for communications controls include all of the following except

Accepted Answer

A)  detection and correction of message loss due to equipment failure 
B)  prevention and detection of illegal access to communication channels 
C)  procedures that render intercepted messages useless 
D)  all of the above 
A)  detection and correction of message loss due to equipment failure 
B)  prevention and detection of illegal access to communication channels 
C)  procedures that render intercepted messages useless 
D)  all of the above D

Question 2

A software program that replicates itself in areas of idle memory until the system fails is called a

Accepted Answer

A)  Trojan horse 
B)  Worm 
C)  logic bomb 
D)  none of the above 
A)  Trojan horse 
B)  Worm 
C)  logic bomb 
D)  none of the above B

Question 3

What are the three security objectives of audit trails? Explain.

Accepted Answer

Audit trails support system security objectives in three ways. By detecting unauthorized access to the system, the audit trail protects the system from outsiders trying to breach system controls. By monitoring system performance, changes in the system may be detected. The audit trail can also contribute to reconstructing events such as system failures, security breaches, and processing errors. In addition, the ability to monitor user activity can support increased personal accountability.

Question 4

Explain how smurf attacks can be controlled.

Accepted Answer

The targeted organization can

Question 5

Which of the following is not an access control in a database system?

Accepted Answer

A)  antivirus software 
B)  database authorization table 
C)  passwords 
D)  voice prints 
A)  antivirus software 
B)  database authorization table 
C)  passwords 
D)  voice prints

Question 6

All of the following tests of controls will provide evidence that access to the data files is limited except

Accepted Answer

A)  inspecting biometric controls 
B)  reconciling program version numbers 
C)  comparing job descriptions with access privileges stored in the authority table 
D)  attempting to retrieve unauthorized data via inference queries 
A)  inspecting biometric controls 
B)  reconciling program version numbers 
C)  comparing job descriptions with access privileges stored in the authority table 
D)  attempting to retrieve unauthorized data via inference queries

Question 7

What are biometric devices?

Accepted Answer

Biometric devices measure various person

Question 8

Which method is most likely to detect unauthorized access to the system?

Accepted Answer

A)  message transaction log 
B)  data encryption standard 
C)  vertical parity check 
D)  request-response technique 
A)  message transaction log 
B)  data encryption standard 
C)  vertical parity check 
D)  request-response technique

Question 9

Explain how SYN Flood attacks can be controlled.

Accepted Answer

Two things can be done:
First, Internet

Question 10

Which of the following deal with transaction legitimacy?

Accepted Answer

A)  transaction authorization and validation 
B)  access controls 
C)  EDI audit trail 
D)  all of the above 
A)  transaction authorization and validation 
B)  access controls 
C)  EDI audit trail 
D)  all of the above

Question 11

A firewall is a hardware partition designed to protect networks from power surges.

Accepted Answer

A) True 
 B)False

Question 12

All of the following techniques are used to validate electronic data interchange transactions except

Accepted Answer

A)  value added networks can compare passwords to a valid customer file before message transmission 
B)  prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database 
C)  the recipient's application software can validate the password prior to processing 
D)  the recipient's application software can validate the password after the transaction has been processed 
A)  value added networks can compare passwords to a valid customer file before message transmission 
B)  prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database 
C)  the recipient's application software can validate the password prior to processing 
D)  the recipient's application software can validate the password after the transaction has been processed

Question 13

Which of the following is not a test of access controls?

Accepted Answer

A)  biometric controls 
B)  encryption controls 
C)  backup controls 
D)  inference controls 
A)  biometric controls 
B)  encryption controls 
C)  backup controls 
D)  inference controls

Question 14

Describe one benefit of using a call-back device.

Accepted Answer

Access to the system is achieved when th

Question 15

Describe three ways in which IPS can be used to protect against DDoS Attacks?

Accepted Answer

1) IPS cam work inline with a firewall a

Question 16

Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host's network using a technique called

Accepted Answer

A)  spoofing. 
B)  spooling. 
C)  dual-homed. 
D)  screening. 
A)  spoofing. 
B)  spooling. 
C)  dual-homed. 
D)  screening.

Question 17

Firewalls are

Accepted Answer

A)  special materials used to insulate computer facilities 
B)  a system that enforces access control between two networks 
C)  special software used to screen Internet access 
D)  none of the above 
A)  special materials used to insulate computer facilities 
B)  a system that enforces access control between two networks 
C)  special software used to screen Internet access 
D)  none of the above

Question 18

Which of the following is not a basic database backup and recovery feature?

Accepted Answer

A)  checkpoint 
B)  backup database 
C)  transaction log 
D)  database authority table 
A)  checkpoint 
B)  backup database 
C)  transaction log 
D)  database authority table

Question 19

A formal log-on procedure is the operating system's last line of defense against unauthorized access.

Accepted Answer

A) True 
 B)False

Question 20

Describe two ways that passwords are used to authorize and validate messages in the electronic data interchange environment.

Accepted Answer

value-added networks use passwords to de

Audit objectives for communications controls include all of the following except

A software program that replicates itself in areas of idle memory until the system fails is called a

What are the three security objectives of audit trails? Explain.

Explain how smurf attacks can be controlled.

Which of the following is not an access control in a database system?

All of the following tests of controls will provide evidence that access to the data files is limited except

What are biometric devices?

Which method is most likely to detect unauthorized access to the system?

Explain how SYN Flood attacks can be controlled.

Which of the following deal with transaction legitimacy?

A firewall is a hardware partition designed to protect networks from power surges.

All of the following techniques are used to validate electronic data interchange transactions except

Which of the following is not a test of access controls?

Describe one benefit of using a call-back device.

Describe three ways in which IPS can be used to protect against DDoS Attacks?

Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host's network using a technique called

Firewalls are

Which of the following is not a basic database backup and recovery feature?

A formal log-on procedure is the operating system's last line of defense against unauthorized access.

Describe two ways that passwords are used to authorize and validate messages in the electronic data interchange environment.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part I: Sarbanes-Oxley and It Governance

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters

Exam 16: IT Controls Part II: Security and Access

Audit objectives for communications controls include all of the following except

A software program that replicates itself in areas of idle memory until the system fails is called a

What are the three security objectives of audit trails? Explain.

Explain how smurf attacks can be controlled.

Which of the following is not an access control in a database system?

All of the following tests of controls will provide evidence that access to the data files is limited except

What are biometric devices?

Which method is most likely to detect unauthorized access to the system?

Explain how SYN Flood attacks can be controlled.

Which of the following deal with transaction legitimacy?

A firewall is a hardware partition designed to protect networks from power surges.

All of the following techniques are used to validate electronic data interchange transactions except

Which of the following is not a test of access controls?

Describe one benefit of using a call-back device.

Describe three ways in which IPS can be used to protect against DDoS Attacks?

Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host's network using a technique called

Firewalls are

Which of the following is not a basic database backup and recovery feature?

A formal log-on procedure is the operating system's last line of defense against unauthorized access.

Describe two ways that passwords are used to authorize and validate messages in the electronic data interchange environment.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part I: Sarbanes-Oxley and It Governance

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters