Question 1

In order to master risks and controls and how they fit together, which of the following is NOT one of the areas to fully understand?

Accepted Answer

A) The accounting information system 
B) The description of the general and application controls that should exist in IT system 
C) The type and nature of risks in IT systems 
D) The recognition of how controls can be used to reduce risk

Question 2

Large-scale IT systems should be protected by physical access controls.Which of the following is not listed as one of those controls?

Accepted Answer

A) Limited access to computer rooms 
B) Video surveillance equipment 
C) Locked storage of backup data 
D) Encryption of passwords

Question 3

Risks associated with public cloud computing include all of the following, except:

Accepted Answer

A) Security 
B) Availability 
C) Processing Integrity 
D) Scalability

Question 4

A new technology that is used to authenticate users is one that plugs into the USB port and eliminates the need for a card reader.This item is called a:

Accepted Answer

A) Biometric reader 
B) Smart card 
C) USB smart key 
D) Security token

Question 5

This type of input check ensures that the batch of transactions is sorted in order, but does not help to find the missing transactions.

Accepted Answer

A) Completeness Check 
B) Range Check 
C) Self-checking Digit Check 
D) Sequence Check

Question 6

Examples of Business Continuity include all of the following except:

Accepted Answer

A) Disaster Recovery Plan 
B) Backup Data 
C) Environmental Backup Recovery Plan 
D) Offsite Backup

Question 7

The software that controls the basic input and output activities of the computer are called:

Accepted Answer

A) Operating System 
B) Application software 
C) Data Base Management System 
D) Electronic Data Interchange

Question 8

Which programmed input validation check determines whether the appropriate type of data, either alphabetic or numeric, was entered?

Accepted Answer

A) Completeness check 
B) Validity check 
C) Reasonableness check 
D) Field check

Question 9

The IT Governance Committee has several important responsibilities.Which of the following is not normally one of those responsibilities?

Accepted Answer

A) Align IT investments to business strategies 
B) Oversee and prioritize changes to IT systems 
C) Develop, monitor, and review security procedures 
D) Investing excess IT funds in long-term investments

Question 10

The risk that an unauthorized user would shut down systems within the IT system is a(n):

Accepted Answer

A) Security risk 
B) Availability risk 
C) Processing integrity risk 
D) Confidentiality risk

Question 11

The software that accomplishes end user tasks such as work processing, spreadsheets, and accounting functions is called:

Accepted Answer

A) Operating software 
B) Database software 
C) Application software 
D) Management software

Question 12

The process of proactively examining the IT system for weaknesses that can be exploited by hackers, viruses, or malicious employees is called:

Accepted Answer

A) Intrusion detection 
B) Virus management 
C) Vulnerability assessment 
D) Penetration testing

Question 13

Nonrepudiation means that:

Accepted Answer

A) A user is not authorized to change configuration settings. 
B) A user is not allowed access to the authority tables. 
C) A user can prevent the unauthorized flow of data in both directions. 
D) A user cannot deny any particular act that he or she did on the IT system.

Question 14

This encryption method, used with wireless network equipment, is symmetric in that both the sending and receiving network nodes must use the same encryption key.It has been proven to be susceptible to hacking.

Accepted Answer

A) Wired Equivalency Privacy (WEP) 
B) Wired Encryption Policy (WEP) 
C) Wireless Protection Access (WP
A)  
D) Wired Privacy Authentication (WP
A)

Question 15

The IT system includes this type of table for software, hardware, and application programs that contain the appropriate set-up and security settings.

Accepted Answer

A) Configuration table 
B) Authentication table 
C) User table 
D) Authority table

Question 16

AICPA Trust Principles describe five categories of IT risks and controls.Which of these five categories would be described by the statement, "The system is protected against unauthorized access"?

Accepted Answer

A) Security 
B) Confidentiality 
C) Processing integrity 
D) Availability

Question 17

This form of encryption uses a single encryption key that must be used to encrypt data and also to decode the encrypted data.

Accepted Answer

A) Multiple encryption 
B) Public key encryption 
C) Wired encryption 
D) Symmetric encryption

Question 18

Which programmed input validation check compares the value in a field with related fields which determine whether the value is appropriate?

Accepted Answer

A) Completeness check 
B) Validity check 
C) Reasonableness check . 
D) Completeness check.

Question 19

In entering client contact information in the computerized database of a telemarketing business, a clerk erroneously entered nonexistent area codes for a block of new clients.This error rendered the block of contacts useless to the company.Which of the following would most likely have led to discovery of this error into the company's computerized system?

Accepted Answer

A) Limit check 
B) Validity check 
C) Sequence check 
D) Record count

Question 20

Which of the following URL's would indicate that the site is using browser software that encrypts data transferred to the website?

Accepted Answer

A) shttp://misu 
B) https://misu 
C) http://smisus 
D) http.s://smisus

Exam 4: Internal Controls and Risks in IT Systems