P. 1
Chapter 16IT Controls Part II

Chapter 16IT Controls Part II

|Views: 310|Likes:
Published by Chene Soriano
PPT for Controls.. Introduction for COntrol in the IT environment.
PPT for Controls.. Introduction for COntrol in the IT environment.

More info:

Published by: Chene Soriano on Jul 29, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/15/2015

pdf

text

original

Chapter 16IT Controls Part II: Security and Access TRUE/FALSE 1.

In a computerized environment, the audit trail log must be printed onto paper documents. ANS: F PTS: 1 2. Disguising message packets to look as if they came from another user and to gain access to the hosts network is called spooling. ANS: F PTS: 1 3. A formal log-on procedure is the operating systems last line of defense against unauthorized access. ANS: F PTS: 1 4. Computer viruses usually spread throughout the system before being detected. ANS: T PTS: 1 5. A worm is software program that replicates itself in areas of idle memory until the system fails. ANS: T PTS: 1 6. Viruses rarely attach themselves to executable files. ANS: F PTS: 1 7. Subschemas are used to authorize user access privileges to specific data elements. ANS: F PTS: 1 8. A recovery module suspends all data processing while the system reconciles its journal files against the database. ANS: F PTS: 1 9. The database management system controls access to program files. ANS: F PTS: 1 10. Operating system controls are of interest to system professionals but should not concern accountants and auditors. ANS: F PTS: 1 11. The most frequent victims of program viruses are microcomputers. ANS: T PTS: 1 12. Access controls protect databases against destruction, loss or misuse through unauthorized access. ANS: T PTS: 1 13. Operating system integrity is not of concern to accountants because only hardware risks are involved. ANS: F PTS: 1

14. ANS: T PTS: 1 15. Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating subschemas. The message authentication code is calculated by the sender and the receiver of a data transmission. ANS: F PTS: 1 20. ANS: T PTS: 1 25. ANS: F PTS: 1 24. Electronic data interchange customers may be given access to the vendor's data files. ANS: T PTS: 1 19. ANS: T PTS: 1 23. ANS: T PTS: 1 16. The audit trail for electronic data interchange transactions is stored on magnetic media. A firewall is a hardware partition designed to protect networks from power surges. A value added network can detect and reject transactions by unauthorized trading partners. The operating system performs all of the following tasks except . In a telecommunications environment. line errors can be detected by using an echo check. ANS: T PTS: 1 21. transaction logs are permanent records of transactions. The request-response technique should detect if a data communication transmission has been diverted. ANS: T PTS: 1 22. ANS: T PTS: 1 MULTIPLE CHOICE 1. Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual keystrokes and event-oriented logs. Firewalls are special materials used to insulate computer facilities ANS: F PTS: 1 17. Electronic data interchange translation software interfaces with the sending firm and the value added network. To preserve audit trails in a computerized environment. ANS: T PTS: 1 18.

logic bomb b. Which of the following is considered an unintentional threat to the integrity of the operating system? a. install antivirus software b. Trojan horse b. worm c. assign and control user passwords d. schedules job processing ANS: C PTS: 1 2. Trojan horse c. authorizes user access d. the systems programmer accessing individual user files ANS: B PTS: 1 3. A software program that replicates itself in areas of idle memory until the system fails is called a a. worm d. none of the above ANS: B PTS: 1 4. staggered backup approach . a hardware flaw that causes the system to crash c. logic bomb d. grandparent-parent-child approach b. assigns memory to applications c. a hacker gaining access to the system because of a security flaw b.a. Which backup technique is most appropriate for sequential batch systems? a. A software program that allows access to a system without going through the normal logon procedures is called a a. a virus that formats the hard drive d. translates third-generation languages into machine language b. All of the following will reduce the exposure to computer viruses except a. install public-domain software from reputable bulletin boards ANS: D PTS: 1 6. back door ANS: D PTS: 1 5. install factory-sealed application software c.

passwords d. ANS: A PTS: 1 9. database authorization table c. the more significant the data. voice prints d. dual-homed. password b. processing a transaction file against a maser file creates a backup file c. the number of backup versions retained depends on the amount of data in the file b. files are backed up immediately before an update run d. backup files can never be used for scratch files d. the greater the number of backup versions ANS: D PTS: 1 8. intermittent backup ANS: A PTS: 1 7. remote site. a. spoofing.c. off-site backups are not required c. c. Which of the following is not an access control in a database system? a. d. backups are created using the grandfather-father-son approach b. signature characteristics ANS: A PTS: 1 . Which is not a biometric device? a. it cannot be reconstructed ANS: C PTS: 1 10. retina prints c. voice prints ANS: A PTS: 1 11. Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the hosts network using a technique called a. spooling. direct backup d. b. antivirus software b. When creating and controlling backups for a sequential batch system. screening. In a direct access file system a. if the master file is destroyed.

All of the following are objectives of operating system control except a. protesting users from each other c. echo check b. echo check b. Which control will not reduce the likelihood of data loss due to a line error? a. reduce the need for other forms of security d. promote personal accountability ANS: C PTS: 1 16. Audit trails cannot be used to a. horizontal parity bit ANS: B PTS: 1 17. using obscure passwords unknown to others c. Which of the following is not a basic database backup and recovery feature? a. Passwords are secret codes that users enter to gain access to systems. facilitate reconstruction of events c. database authority table ANS: D PTS: 1 13. Security can be compromised by all of the following except a. protecting the environment from users ANS: D PTS: 1 14. recording passwords in obvious places d. failure to change passwords on a regular basis b.12. selecting passwords that can be easily detected by computer criminals ANS: B PTS: 1 15. protecting the OS from users b. transaction log d. Which method will render useless data captured by unauthorized receivers? a. backup database c. public key encryption d. vertical parity bit d. encryption c. parity bit c. message sequencing . checkpoint b. protecting users from themselves d. detect unauthorized access to systems b.

All of the following techniques are used to validate electronic data interchange transactions except a. the vendor's price list file b. none of the above ANS: A PTS: 1 21. message transaction log b. data encryption standard c. In an electronic data interchange environment. request-response technique ANS: A PTS: 1 19. customers routinely access a.ANS: C PTS: 1 18. reviewing system maintenance records c. confirming that antivirus software is in use d. examining the password policy including a review of the authority table ANS: B PTS: 1 22. ensuring that authorized users access only those files they need to perform their . Audit objectives for the database management system include all of the following except a. Which method is most likely to detect unauthorized access to the system? a. the vendor's open purchase order file d. value added networks can compare passwords to a valid customer file before message transmission b. the vendor's accounts payable file c. verifying that the security group monitors and reports on fault tolerance violations b. the recipient's application software can validate the password prior to processing d. verifying that only authorized software is used on company computers b. confirming that backup procedures are adequate c. vertical parity check d. the translation software of the receiving company can compare the password against a validation file in the firm's database c. All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except a. the recipient's application software can validate the password after the transaction has been processed ANS: D PTS: 1 20. prior to converting the message.

a complete audit trail is maintained ANS: C PTS: 1 27. reconciling program version numbers c. when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table. all of the above ANS: D PTS: 1 25. All of the following tests of controls will provide evidence that access to the data files is limited except a. the auditor is testing which audit objective? a. all EDI transactions are authorized . verifying that unauthorized users cannot access data files ANS: A PTS: 1 23. authorized trading partners have access only to approved data d. comparing job descriptions with access privileges stored in the authority table d. When auditors examine and test the call-back feature. attempting to retrieve unauthorized data via inference queries ANS: B PTS: 1 24. incompatible functions have been segregated b. application programs are protected from unauthorized access c. detection and correction of message loss due to equipment failure b.duties d. physical security measures are adequate to protect the organization from natural disaster d. Audit objectives for communications controls include all of the following except a. unauthorized trading partners cannot gain access to database records c. In an electronic data interchange (EDI) environment. prevention and detection of illegal access to communication channels c. inspecting biometric controls b. procedures that render intercepted messages useless d. all EDI transactions are authorized b. Audit objectives in the electronic data interchange (EDI) environment include all of the following except a. they are testing which audit objective? a. illegal access to the system is prevented and detected ANS: D PTS: 1 26.

customers routinely a. the audit trail a. is an electronic log of all transactions received. is a printout of all incoming and outgoing transactions b. backup controls d. access the vendor's open purchase order file with read-only authority ANS: C PTS: 1 31. a complete audit trail of EDI transactions is maintained d. all of the following policies are relevant except a. access the vendor's accounts receivable file with read/write authority b. All of the following are designed to control exposures from subversive threats except a. and processed by the system c. the policy that all software upgrades are checked for viruses before they are implemented c. biometric controls b. access the vendor's inventory file with read-only authority d. access the vendor's price list file with read/write authority c. one-time passwords c. the policy that current versions of antivirus software should be available to all users d. encryption controls c. the policy on the purchase of software only from reputable vendors b. In determining whether a system is adequately protected from attacks by computer viruses. backup procedures are in place and functioning properly ANS: D PTS: 1 28. In an electronic data interchange environment. is a computer resource authority table d.b. field interrogation . the policy that permits users to take files home to work on them ANS: D PTS: 1 29. firewalls b. In an electronic data interchange environment. unauthorized trading partners cannot gain access to database records c. consists of pointers and indexes within the database ANS: B PTS: 1 2011 32. Which of the following is not a test of access controls? a. translated. inference controls ANS: C PTS: 1 30.

hardware access procedures b. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an) a. facility system. special materials used to insulate computer facilities b. data encryption ANS: C PTS: 1 33. utility system d. special software used to screen Internet access d. The database attributes that individual users have permission to access are defined in a. d. a system that enforces access control between two networks c. b. Firewalls are a. EDI audit trail d. database schema. e. data encryption ANS: C PTS: 1 34. antivirus software c. ANS: D PTS: 1 37. c. user view. none of the above ANS: B PTS: 1 36. access controls c. user manual. c. operating system. b. Which of the following deal with transaction legitimacy? a. . Many techniques exist to reduce the likelihood and effects of data communication hardware failure. One of these is a. parity checks d. operating system. transaction authorization and validation b. database management system. all of the above ANS: D PTS: 1 35.d. application listing.

Advance encryption standard (AES) is a. A distributed denial of service attack is so named because it is capable of attacking many victims simultaneously who are distributed across the internet. e. Transmitting numerous SYN packets to a targeted receiver. b. a 128-bit public key encryption technique d. object system. but NOT responding to an ACK. c. none of the above ANS: E PTS: 1 39.e.S. a ping attack. ANS: A PTS: 1 40. is a. b. An Intrusion prevention system works in parallel with a firewall at the perimeter of the network to act as a filer that removes malicious packets from the flow before they can affect servers and networks. Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate the contents of message packets. None of the above are true statements. a smurf attack. government standard ANS: B PTS: 1 . a 256-bit public encryption technique that has become a U. IP Spoofing. c. Which of the following is true? a. d. a 128-bit private key encryption technique c. an ACK echo attack d. ANS: A PTS: 1 38. a 64 -bit private key encryption technique b.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->