Question 1

Combining the functions of authorizing and executing events is a violation of the organizational control plan known as segregation of duties.

Accepted Answer

A) True 
 B)False  True

Question 2

Which of the following is not one of COBIT's four broad IT control process domains?

Accepted Answer

A)  plan and organize
B)  acquire and implement
C)  repair and replace
D)  monitor and evaluate C

Question 3

Forced vacations is a policy of requiring an employee to take leave from the job and substituting another employee in his or her place.

Accepted Answer

A) True 
 B)False  True

Question 4

As an IT resource, applications are automated systems and manual procedures that process information.

Accepted Answer

A) True 
 B)False

Question 5

The operations run manual describes user procedures for an application and assists the user in preparing inputs and using outputs.

Accepted Answer

A) True 
 B)False

Question 6

The information systems function ______________________________ provides efficient and effective operation of the computer equipment by performing tasks such as mounting tapes, disks, and other media and monitoring equipment operation.

Accepted Answer

The answer of The information systems function ______________________________ provides efficient...

Question 7

The functions of the security officer commonly include assigning passwords and working with human resources to ensure proper interview practices are conducted during the hiring process.

Accepted Answer

A) True 
 B)False

Question 8

All of the following are components of a backup and recovery strategy except:

Accepted Answer

A)  echo checking
B)  mirror site
C)  electronic vaulting
D)  hot site

Question 9

In an information systems organization structure, the three functions that might logically report directly to the CIO would be:

Accepted Answer

A)  systems development, technical services, and data center
B)  systems development, database administration, and data center
C)  systems development, technical services, and data librarian
D)  applications programming, technical services, and data center

Question 10

A small organization that does not have enough personnel to adequately segregate duties must rely on alternative controls, commonly called resource controls.

Accepted Answer

A) True 
 B)False

Question 11

Which of the following controls restrict access to programs, data, and documentation?

Accepted Answer

A)  library controls
B)  password controls
C)  authentication controls
D)  program change controls

Question 12

The disaster recovery strategy known as a(n) ____________________ is a fully equipped data center that is made available on a standby basis to client companies for a monthly subscriber's fee.

Accepted Answer

The answer of The disaster recovery strategy known as a(n)...

Question 13

An intrusion-detection systems (IDS) logs and monitors who is on or trying to access the network.

Accepted Answer

A) True 
 B)False

Question 14

Protecting resources against environmental hazards might include all of the following control plans except:

Accepted Answer

A)  fire alarms and smoke detectors
B)  waterproof ceilings
C)  voltage regulators
D)  rotation of duties

Question 15

The department or function that develops and operates an organization's information systems is often called the:

Accepted Answer

A)  information systems organization
B)  computer operations department
C)  Controller's office
D)  computer technology branch

Question 16

The ____________________ documentation provides an overall description of the application, including the system's purpose; an overview of system procedures; and sample source documents, outputs, and reports.

Accepted Answer

The answer of The ____________________ documentation provides an overall description...

Question 17

Threat monitoring is a technique to protect one network from another "untrusted" network.

Accepted Answer

A) True 
 B)False

Question 18

In a ___________________________________ a web site is overwhelmed by an intentional onslaught of thousands of simultaneous messages, making it impossible for the attacked site to engage in its normal activities.

Accepted Answer

The answer of In a ___________________________________ a web site is...

Question 19

Which of the following personnel security control plans is corrective in nature as opposed to being a preventive or detective control plan?

Accepted Answer

A)  rotation of duties
B)  fidelity bonding
C)  forced vacations
D)  performing scheduled evaluations

Question 20

________________ in an internal control system means assessment by management to determine
whether the control plans in place are continuing to function appropriately over time.

Accepted Answer

The answer of ________________ in an internal control system means...

Exam 8: Controlling Information Systems: Introduction to Pervasive Controls

Combining the functions of authorizing and executing events is a violation of the organizational control plan known as segregation of duties.

Which of the following is not one of COBIT's four broad IT control process domains?

Forced vacations is a policy of requiring an employee to take leave from the job and substituting another employee in his or her place.

As an IT resource, applications are automated systems and manual procedures that process information.

The operations run manual describes user procedures for an application and assists the user in preparing inputs and using outputs.

The information systems function ______________________________ provides efficient and effective operation of the computer equipment by performing tasks such as mounting tapes, disks, and other media and monitoring equipment operation.

The functions of the security officer commonly include assigning passwords and working with human resources to ensure proper interview practices are conducted during the hiring process.

All of the following are components of a backup and recovery strategy except:

In an information systems organization structure, the three functions that might logically report directly to the CIO would be:

A small organization that does not have enough personnel to adequately segregate duties must rely on alternative controls, commonly called resource controls.

Which of the following controls restrict access to programs, data, and documentation?

The disaster recovery strategy known as a(n) ____________________ is a fully equipped data center that is made available on a standby basis to client companies for a monthly subscriber's fee.

An intrusion-detection systems (IDS) logs and monitors who is on or trying to access the network.

Protecting resources against environmental hazards might include all of the following control plans except:

The department or function that develops and operates an organization's information systems is often called the:

The ____________________ documentation provides an overall description of the application, including the system's purpose; an overview of system procedures; and sample source documents, outputs, and reports.

Threat monitoring is a technique to protect one network from another "untrusted" network.

In a ___________________________________ a web site is overwhelmed by an intentional onslaught of thousands of simultaneous messages, making it impossible for the attacked site to engage in its normal activities.

Which of the following personnel security control plans is corrective in nature as opposed to being a preventive or detective control plan?

________________ in an internal control system means assessment by management to determine whether the control plans in place are continuing to function appropriately over time.