Question 1

Describe two tests of controls that would provide evidence that the database management system is protected against unauthorized access attempts.

Accepted Answer

compare job descriptions with authority

Question 2

Viruses rarely attach themselves to executable files.

Accepted Answer

A) True 
 B)False

Question 3

What is event monitoring?

Accepted Answer

Event monitoring summarizes key activiti

Question 4

A worm is software program that replicates itself in areas of idle memory until the system fails.

Accepted Answer

A) True 
 B)False

Question 5

Operating system controls are of interest to system professionals but should not concern accountants and auditors.

Accepted Answer

A) True 
 B)False

Question 6

In determining whether a system is adequately protected from attacks by computer viruses, all of the following policies are relevant except

Accepted Answer

A)  the policy on the purchase of software only from reputable vendors 
B)  the policy that all software upgrades are checked for viruses before they are implemented 
C)  the policy that current versions of antivirus software should be available to all users 
D)  the policy that permits users to take files home to work on them 
A)  the policy on the purchase of software only from reputable vendors 
B)  the policy that all software upgrades are checked for viruses before they are implemented 
C)  the policy that current versions of antivirus software should be available to all users 
D)  the policy that permits users to take files home to work on them

Question 7

In a computerized environment, the audit trail log must be printed onto paper documents.

Accepted Answer

A) True 
 B)False

Question 8

A formal log-on procedure is the operating system's first line of defense. Explain how this works.

Accepted Answer

When the user logs on, he or she is pres

Question 9

Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages.

Accepted Answer

In the Private Encryption Standard appro

Question 10

Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual keystrokes and event-oriented logs.

Accepted Answer

A) True 
 B)False

Question 11

All of the following will reduce the exposure to computer viruses except

Accepted Answer

A)  install antivirus software 
B)  install factory-sealed application software 
C)  assign and control user passwords 
D)  install public-domain software from reputable bulletin boards 
A)  install antivirus software 
B)  install factory-sealed application software 
C)  assign and control user passwords 
D)  install public-domain software from reputable bulletin boards

Question 12

The request-response technique should detect if a data communication transmission has been diverted.

Accepted Answer

A) True 
 B)False

Question 13

Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all of the following except

Accepted Answer

A)  failure to change passwords on a regular basis 
B)  using obscure passwords unknown to others 
C)  recording passwords in obvious places 
D)  selecting passwords that can be easily detected by computer criminals 
A)  failure to change passwords on a regular basis 
B)  using obscure passwords unknown to others 
C)  recording passwords in obvious places 
D)  selecting passwords that can be easily detected by computer criminals

Question 14

The checkpoint feature

Accepted Answer

A)  makes a periodic backup of the entire database 
B)  uses logs and backup files to restart the system after failure 
C)  suspends all data processing wile the system reconciles the transaction log against the database 
D)  provides an audit trail of all processed transactions 
A)  makes a periodic backup of the entire database 
B)  uses logs and backup files to restart the system after failure 
C)  suspends all data processing wile the system reconciles the transaction log against the database 
D)  provides an audit trail of all processed transactions

Question 15

In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?

Accepted Answer

A)  all EDI transactions are authorized 
B)  unauthorized trading partners cannot gain access to database records 
C)  authorized trading partners have access only to approved data 
D)  a complete audit trail is maintained 
A)  all EDI transactions are authorized 
B)  unauthorized trading partners cannot gain access to database records 
C)  authorized trading partners have access only to approved data 
D)  a complete audit trail is maintained

Question 16

What are some typical problems with passwords?

Accepted Answer

users failing to remember pass

Question 17

Electronic data interchange customers may be given access to the vendor's data files.

Accepted Answer

A) True 
 B)False

Question 18

What can be done to defeat a DDoS Attack?

Accepted Answer

Intrusion Prevention Systems (

Question 19

Discuss three techniques for breaching operating system controls.

Accepted Answer

Browsing involves searching through area

Question 20

List three methods of controlling unauthorized access to telecommunication messages.

Accepted Answer

call-back devices, data encryp

Describe two tests of controls that would provide evidence that the database management system is protected against unauthorized access attempts.

Viruses rarely attach themselves to executable files.

What is event monitoring?

A worm is software program that replicates itself in areas of idle memory until the system fails.

Operating system controls are of interest to system professionals but should not concern accountants and auditors.

In determining whether a system is adequately protected from attacks by computer viruses, all of the following policies are relevant except

In a computerized environment, the audit trail log must be printed onto paper documents.

A formal log-on procedure is the operating system's first line of defense. Explain how this works.

Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages.

Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual keystrokes and event-oriented logs.

All of the following will reduce the exposure to computer viruses except

The request-response technique should detect if a data communication transmission has been diverted.

Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all of the following except

The checkpoint feature

In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?

What are some typical problems with passwords?

Electronic data interchange customers may be given access to the vendor's data files.

What can be done to defeat a DDoS Attack?

Discuss three techniques for breaching operating system controls.

List three methods of controlling unauthorized access to telecommunication messages.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part I: Sarbanes-Oxley and It Governance

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters

Exam 16: IT Controls Part II: Security and Access

Describe two tests of controls that would provide evidence that the database management system is protected against unauthorized access attempts.

Viruses rarely attach themselves to executable files.

What is event monitoring?

A worm is software program that replicates itself in areas of idle memory until the system fails.

Operating system controls are of interest to system professionals but should not concern accountants and auditors.

In determining whether a system is adequately protected from attacks by computer viruses, all of the following policies are relevant except

In a computerized environment, the audit trail log must be printed onto paper documents.

A formal log-on procedure is the operating system's first line of defense. Explain how this works.

Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages.

Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual keystrokes and event-oriented logs.

All of the following will reduce the exposure to computer viruses except

The request-response technique should detect if a data communication transmission has been diverted.

Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all of the following except

The checkpoint feature

In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?

What are some typical problems with passwords?

Electronic data interchange customers may be given access to the vendor's data files.

What can be done to defeat a DDoS Attack?

Discuss three techniques for breaching operating system controls.

List three methods of controlling unauthorized access to telecommunication messages.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part I: Sarbanes-Oxley and It Governance

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters