SET 1.

ACCOUNTING 503-Auditing in CIS Environment

ASSIGNMENT

1. Goals of Enterprise Resource Planning (ERP) system include all of the following except a. improved customer service b. improvements of legacy systems c. reduced production time d. increased production 2. Core applications are a. sales and distribution b. business planning c. shop floor control and logistics d. all of the above 3. Data warehousing processes does not include a. modeling data b. condensing data c. extracting data d. transforming data 4. Which of the following is usually not part of an ERP’s core applications? a. On-line Transaction Processing (OLTP) applications b. sales and distribution applications c. business planning applications d. On-line Analytical Processing (OLAP) applications 5. Which of the following is usually not part of an ERP’s OLAP applications? a. logistics b. decision support systems c. ad hoc analysis d. what-if analysis 6. Which of the following statements is least likely to be true about a data warehouse? a. It is constructed for quick searching and ad hoc queries. b. It was an original part of all ERP systems. c. It contains data that are normally extracted periodically from the operating databases. d. It may be deployed by organizations that have not implemented an ERP. 7. Which of the following statements is not true? a. In a typical two-tier client server system, the server handles both application and database duties. b. Client computers are responsible for presenting data to the user and passing user input back to the server. c. In three-tier client server architecture, one tier is for user presentations, one is for database and applications, and the third is for Internet access. d. The database and application functions are separate in the three-tier model. 8. Which statements about data warehousing is not correct? a. The data warehouse should be separate from the operational system. b. Data cleansing is a process of transforming data into standard form. c. Drill-down is a data-mining tool available to users of OLAP. d. Normalization is an requirement of databases included in a data warehouse. 9. Which statement about ERP installation is least accurate? a. For the ERP to be successful, process reengineering must occur.

b. ERP fails because some important business process is not supported. c. When a business is diversified, little is gained from ERP installation. d. The phased-in approach is more suited to diversified businesses. 10. Which statement is true? a. ERPs are infinitely scalable. b. Performance problems usually stem from technical problems, not business process reengineering. c. The better ERP can handle any problems an organization can have. d. ERP systems can be modified using bolt-on software. 11. Auditors of ERP systems a. need not worry about segregation of duties. b. may feel that the data warehouse is too clean and free from errors. c. find independent verification easy. d. need not worry about system access since the ERP determines it. 12. Legacy systems are a. old manual systems that are still in place. b. flat file mainframe systems developed before client-server computing became standard. c. stable database systems after debugging. d. advanced systems without a data warehouse. 13. A data mart is a. another name for a data warehouse. b. a database that provides data to an organization’s customers. c. an enterprise resource planning system. d. a data warehouse created for a single function or department. 14. Most ERPs are based on which network model? a. peer to peer b. client-server c. ring topology d. bus topology 15. On-line transaction processing programs a. are bolt-on programs used with commercially available ERSs. b. are available in two models–two-tier and three-tier. c. handle large numbers of relatively simple transactions. d. allow users to analyze complex data relationships. 16. Supply chain management software a. is typically under the control of external partners in the chain. b. links all of the partners in the chain, including vendors, carriers, third-party firms, and information systems providers. c. cannot be integrated into an overall ERP. d. none of the above 17. The setup of a data warehouse includes a. modeling the data b. extracting data from operational databases c. cleansing the data d. all of the above 18. Extracting data for a data warehouse a. cannot be done from flat files.

summarizing data for ease of extraction c. a control technique intended to prevent unauthorized access from trading partners. transforming data into standard business terms d. Data cleansing involves all of the following except a. focus on output controls such as independent verification because internal processing controls are known to be correct since best practices are used. follows the cleansing of data. The selected system does not adequately meet the adopting firm’s economic growth. to increase the efficiency of data mining processes c.b. reengineering will need to occur. A common reason for ERP failure is that the ERP does not support one or more important business processes of the organization 24. The big-bang approach to ERP implementation is generally riskier than the phased in approach. Implementing companies have found that staff members. c. Closed database architecture is a. e. c. Which statement is LEAST accurate? a. need not review access levels granted to users since these are determined when the system is configured and never change. c. c. Separating the data warehouse from the operations databases occurs for all of the following reasons except a. formatting data from legacy systems 20. a database structure that many of the leading ERPs use to support OLTP applications. requires that the files be out of service. a limitation inherent in traditional information systems that prevents data sharing. To take full advantage of the ERP process. 19. d. are concerned about segregation of duties just as they would be in traditional systems. filtering out or repairing invalid data b.? a. should only involve active files. d. e. Which of the following is NOT as a risk associated with ERP implementation. b. to permit the integration of data from diverse sources 21. b. a data warehouse control that prevents unclean data from entering the warehouse. d. A drop in firm performance after implementation because the firm looks and works differently than it did while using a legacy system. do not have sufficient experience in implementing new systems.. c. Auditors of ERP systems a. ERP’s are too large. b. to integrate legacy system data into a form that permits entity-wide analysis d. Implementing an ERP system has as much to do with changing the way an organization does business than it does with technology. to make the management of the databases more economical b. 23. 22. a technique used to restrict access to data marts. complex. . and generic for them to be well integrated into most company cultures. d. Implementing firms fail to select systems that properly support their business activities. d. b. employed by ERP consulting firms. routinely audit data in the data warehouse because it is know to be clean and free from errors.

which of the following duties needs to be separated? a. systems professionals and their supervisors work at the same physical location 31. focus on output controls such as independent verification to reconcile batch totals. 27. Edwards’s ERP is designed to accept the best practices modules of other vendors. natural disasters such as fires b. data control from data librarian . d. do not view the data warehouse as an audit or control issue at all because financial records are not stored there. permitting access to data by unauthorized individuals d. separating the programmer from the computer operator b. PeopleSoft is the world’s leading supplier of software for information management. need not review access levels granted to users because these are determined when the system is configured and never change. All of the following are issues of computer security except a. data corruption caused by program errors d. Which statement is most correct? a. Auditors of ERP systems a. releasing incorrect data to authorized individuals b. program coding from program operations b.D. 26. b. c. Segregation of duties in the computer-based information system includes a. rapid changes in technology make staffing the systems environment challenging d. SAP is more suited to service industries than manufacturing clients. rapid turnover of systems professionals complicates management's task of assessing the competence and honesty of prospective employees b. c. all of the above duties should be separated 30. program maintenance from program coding d. d. system crashes 32. e. Adequate backups will protect against all of the following except a. SoftBrands provides enterprise software for the hospitality and manufacturing sectors. In a computer-based information system. systems development from data processing b. e. b. Supervision in a computerized environment is more complex than in a manual environment for all of the following reasons except a. preventing management override c. are concerned that managers fail to exercise adequate care in assigning permissions.25. data operations from data librarian c. providing correct data to unauthorized individuals 28. unauthorized access c. data preparation from data control d. Which is the most critical segregation of duties in the centralized computer services function? a. many systems professionals have direct and unrestricted access to the organization's programs and data c. permitting computer operators unlimited access to the computer room c. Oracle evolved from a human resources system. performing independent verifications by the computer operator 29. J. program operations from program maintenance c. need not be concerned about segregation of duties because these systems possess strong computer controls. separating the inventory process from the billing process d.

month-end adjustments b. accounts payable d. mutual aid pact 38. results in master files being inadvertently erased 34. results in inadequate documentation d. weakens database access security b. second site backup d. separate systems development from systems maintenance b. critical applications identified 37. order entry/billing 41. system incompatibilities c. Which organizational structure is most likely to result in good documentation procedures? a. separate database administrator from data processing 35. For most companies. this is an inexpensive solution b. separate systems analysis from application programming c. documentation and blank forms .33. the host site may be unwilling to disrupt its processing needs to process the critical applications of the disaster stricken company b. A cold site backup approach is also known as a. the initial recovery period is very quick c. The least important item to store off-site in case of an emergency is a. recovery operations center c. backups of systems software b. lack of documentation standards 36. which of the following is the least critical application for disaster recovery purposes? a. lack of separation of duties b. internally provided backup b. maintenance of excess hardware capacity d. Which of the following is not an essential feature of a disaster recovery plan? a. All of the following are control risks associated with the distributed data processing structure except a. backups of application software c. the company has sole control over the administration of the center d. An advantage of a recovery operations center is that a. accounts receivable c. empty shell d. separate systems development from data processing d. the control of the shell site is an administrative drain on the company 39. The major disadvantage of an empty shell solution as a second site backup is a. off-site storage of backups b. intense competition for shell resources during a widespread disaster c. none of the above are advantages of the recovery operations center 40. allows programmers access to make unauthorized changes to applications during execution c. Systems development is separated from data processing activities because failure to do so a. computer services function c. system interdependency d.

verification of the second site backup location d. All of the following tests of controls will provide evidence about the physical security of the computer center except a. review of the test of the backup power supply c. The following are examples of specific assets except a. systems operations c. server maintenance 47. highly skilled employees d. Which of the following is true? a. data warehousing c. clearly marked exits b. systems development d. Some companies separate systems analysis from programming/program maintenance. All of the following are control weaknesses that may occur with this organizational structure except a. observation of procedures surrounding visitor access to the computer center 45. results of the latest test of the disaster recovery program 42. systems documentation is inadequate because of pressures to begin coding a new program before documenting the current program b. d. Which of the following is not true? . All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except a. illegal lines of code are hidden among legitimate code and a fraud is covered up for a long period of time c. review of fire marshal records b. application maintenance b. review of the critical applications list d. inspection of the second site backup b. a new systems analyst has difficulty in understanding the logic of the program d. an elaborate water sprinkler system c. inadequate systems documentation is prepared because this provides a sense of job security to the programmer 43. composition of the disaster recovery team 46. manual fire extinguishers in strategic locations d. Core competency theory argues that an organization should retain certain specific non− core assets in-house. Core competency theory argues that an organization should not outsource specific commodity assets. The following are examples of commodity assets except a. b. network management b.d.All of the following are recommended features of a fire protection system for a computer center except a. Core competency theory argues that an organization should focus exclusively on its core business competencies c. 49. automatic and manual alarms in strategic locations 44. Core competency theory argues that an organization should outsource specific core assets. analysis of the fire detection system at the primary site c. server maintenance 48.

they are all equally beneficial 56. section 404 requires the explicit testing of outsourced controls. the increased time between job request and job completion. that users are not likely to be involved. empty shell b. A disadvantage of distributed data processing is a. Which of the following disaster recovery techniques may be least optimal in the case of a disaster? a. The SAS 70 report. Once an organization outsources its specific assets. d. attests to the adequacy of the vendor’s internal controls. Segregation of duties in the computer-based information system includes separating the programmer from the computer operator preventing management override separating the inventory process from the billing process performing independent verifications by the computer operator 53. Which of the following is not true? a. incompatibility d. Management may outsource their organizations’ IT functions. once acquired. 54. b. IT outsourcing may affect incongruence between a firm’s IT strategic planning and its business planning functions. lack of standards 55. it may not be able to return to its pre-outsource state. c. mutual aid pact c. Specific assets. the disruption caused when the mainframe goes down. are of little value to the vendor c. 51. the potential for hardware and software incompatibility among users. c. d. Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report. user satisfaction c. while valuable to the client. Which of the following is not true? a. d. b. internally provided backup d. d. redundancy b. 52. which is prepared by the outsourcer’s auditor. but they cannot outsource their management responsibilities for internal control. When management outsources their organization’s IT functions. Which of the following is NOT a control implication of distributed data processing? a.a. Specific assets are of value to vendors because. Once a client firm has outsourced specific IT assets. b. they also outsource responsibility for internal control. vendors can achieve economies of scale by employing them with other clients 50. interruptible power supplies b. The financial justification for IT outsourcing depends upon the vendor achieving economies of scale. RAID . its performance becomes linked to the vendor’s performance. Large-scale IT outsourcing involves transferring specific assets to a vendor b. Which of the following is a feature of fault tolerance control? a. c.

Which of the following is true? a. worm c. low humidity b. Having the database administrator report to the manager of computer operations. empty shell b. Core competency theory argues that an organization should outsource specific core assets. assigns memory to applications c. d. schedules job processing 62. Core competency theory argues that an organization should focus exclusively on its core business competencies c.c. internally provided backup d. none of the above 64. logic bomb . Trojan horse b. b. high humidity c. d. 60. a hacker gaining access to the system because of a security flaw b. The operating system performs all of the following tasks except a. Which of the following is NOT a potential threat to computer hardware and peripherals? a. Core competency theory argues that an organization should retain certain specific non-core assets in-house. they are all equally risky 58. b. Which of the following is considered an unintentional threat to the integrity of the operating system? a. Which of the following disaster recovery techniques is has the least risk associated with it? a. 61. c. ROC c. A software program that replicates itself in areas of idle memory until the system fails is called a a. Core competency theory argues that an organization should not outsource specific commodity assets. Requiring that requests and instructions for data processing services be submitted directly to the computer operator in the data center. authorizes user access d. Which of the following would strengthen organizational control over a large-scale data processing center? a. Assigning maintenance responsibility to the original system designer who best knows its logic. carbon dioxide fire extinguishers d. a virus that formats the hard drive d. logic bomb d. translates third-generation languages into machine language b. Requiring the user departments to specify the general control standards necessary for processing transactions. water sprinkler fire extinguishers 59. the systems programmer accessing individual user files 63. a hardware flaw that causes the system to crash c. A software program that allows access to a system without going through the normal logon procedures is called a a. DDP MDP 57. d.

Trojan horse c. dual-homed. install factory-sealed application software c. promote personal accountability 71. spooling. encryption c. Audit trails cannot be used to a. protesting users from each other c. failure to change passwords on a regular basis b. protecting users from themselves d. retina prints c. All of the following are objectives of operating system control except a. install public-domain software from reputable bulletin boards 66. facilitate reconstruction of events c. b. Which method is most likely to detect unauthorized access to the system? a. recording passwords in obvious places d. assign and control user passwords d. parity bit c. password b. reduce the need for other forms of security d. Passwords are secret codes that users enter to gain access to systems. message transaction log . public key encryption d. screening. Security can be compromised by all of the following except a. 67. echo check b. detect unauthorized access to systems b. c. voice prints d. All of the following will reduce the exposure to computer viruses except a. worm d. Which is not a biometric device? a. install antivirus software b. echo check b.b. spoofing. signature characteristics 68. Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host’s network using a technique called a. back door 65. protecting the OS from users b. d. protecting the environment from users 69. vertical parity bit d. selecting passwords that can be easily detected by computer criminals 70. horizontal parity bit 72. using obscure passwords unknown to others c. Which method will render useless data captured by unauthorized receivers? a. Which control will not reduce the likelihood of data loss due to a line error? a. message sequencing 73.

reviewing system maintenance records c. the recipient's application software can validate the password prior to processing d. detection and correction of message loss due to equipment failure b. the auditor is testing which audit objective? a. prior to converting the message. all EDI transactions are authorized b. unauthorized trading partners cannot gain access to database records c. procedures that render intercepted messages useless d. prevention and detection of illegal access to communication channels c. they are testing which audit objective? a. all EDI transactions are authorized b. All of the following techniques are used to validate electronic data interchange transactions except a. Audit objectives for communications controls include all of the following except a. none of the above 76. the vendor's open purchase order file d. In determining whether a system is adequately protected from attacks by computer viruses. verifying that only authorized software is used on company computers b. when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table. the vendor's price list file b. unauthorized trading partners cannot gain access to database records c. Audit objectives in the electronic data interchange (EDI) environment include all of the following except a. the translation software of the receiving company can compare the password against a validation file in the firm's database c. When auditors examine and test the call-back feature. backup procedures are in place and functioning properly 81. All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except a. all of the above 78. In an electronic data interchange (EDI) environment. physical security measures are adequate to protect the organization from natural disaster d.b. customers routinely access a. application programs are protected from unauthorized access c. a complete audit trail of EDI transactions is maintained d. value added networks can compare passwords to a valid customer file before message transmission b. confirming that antivirus software is in use d. examining the password policy including a review of the authority table 77. the vendor's accounts payable file c. authorized trading partners have access only to approved data d. In an electronic data interchange environment. vertical parity check d. the recipient's application software can validate the password after the transaction has been processed 75. request-response technique 74. illegal access to the system is prevented and detected 79. incompatible functions have been segregated b. a complete audit trail is maintained 80. data encryption standard c. all of the following policies are relevant except .

special materials used to insulate computer facilities b. b. hardware access procedures b. access the vendor's price list file with read/write authority c. One of these is a. EDI audit trail d. special software used to screen Internet access d. biometric controls b. Which of the following deal with transaction legitimacy? a. In an electronic data interchange environment. In an electronic data interchange environment. transaction authorization and validation b.a. is a printout of all incoming and outgoing transactions b. e. consists of pointers and indexes within the database 85. is an electronic log of all transactions received. facility system. d. utility system d. access controls c. parity checks d. none of the above 89. access the vendor's inventory file with read-only authority d. c. data encryption 87. Many techniques exist to reduce the likelihood and effects of data communication hardware failure. database management system. is a computer resource authority table d. backup controls d. a system that enforces access control between two networks c. access the vendor's open purchase order file with read-only authority 84. customers routinely a. . All of the following are designed to control exposures from subversive threats except a. field interrogation d. and processed by the system c. Which of the following is not a test of access controls? a. data encryption 86. access the vendor's accounts receivable file with read/write authority b. the audit trail a. Firewalls are a. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an) a. operating system. c. the policy on the purchase of software only from reputable vendors the policy that all software upgrades are checked for viruses before they are implemented the policy that current versions of antivirus software should be available to all users the policy that permits users to take files home to work on them 82. inference controls 83. object system. encryption controls c. b. firewalls b. all of the above 88. one-time passwords c. antivirus software c. translated.

What do you call a system of computers that connects the internal users of an organization that is distributed over a wide geographic area? a. is a. LAN b. combines the messages of multiple users into one packet for transmission. Transmitting numerous SYN packets to a targeted receiver. bridge 96. c. 92. but NOT responding to an ACK. d. c. To physically connect a workstation to a LAN requires a a. c. none of the above 91. A distributed denial of service attack is so named because it is capable of attacking many victims simultaneously who are distributed across the internet. An Intrusion prevention system works in parallel with a firewall at the perimeter of the network to act as a filer that removes malicious packets from the flow before they can affect servers and networks. network interface card c. Which of the following is true? a. facilitate physical connection between network devices b. multiplexer d. a ping attack. a 256-bit public encryption technique that has become a U. file server b. decentralized network c. multidrop network d. Network protocols fulfill all of the following objectives except a. IP Spoofing. promote compatibility among network devices d. a smurf attack. is a method for partitioning a database into packets for easy access where no identifiable primary user exists in the organization. an ACK echo attack d. is a denial of service technique that disassembles various incoming messages to targeted users into small packages and then reassembles them in random order to create a useless . a 128-bit public key encryption technique d. a 128-bit private key encryption technique c. a 64 -bit private key encryption technique b. Intranet 94. Advance encryption standard (AES) is a. At the receiving end.S. e. provide a basis for error checking and measuring network performance c. Packet switching a. result in inflexible standards 95. is used to establish temporary connections between network devices for the duration of a communication session. b.90. government standard 93. Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate the contents of message packets. b. None of the above are true statements. d. the packet is disassembled into the individual messages and distributed to the intended users. b.

b. 97. c. d. URL masquerading b. b. none of the above is true SET 2. Which topology has a large central computer with direct connections to a periphery of smaller computers? Also in this topology. is a private network within a public network. 3. A virtual private network: a. is most effective used with a bus topology. for environments where network nodes routinely communicate with each other . is best suited to the token-ring topology because the random-access method used by this model detects data collisions. star topology b.garbled message. A ping signal is used to initiate a. bus topology c. individual workstations can function locally but cannot communicate with other workstations c. a. e. is more efficient than the bus or ring topologies. a universal topology facilitates the transfer of data among networks 98. ring topology d. Which of the following statements is correct? The client-server model a. Internet protocol spoofing d. individual workstations can communicate with each other b. for a wide area network with a mainframe for a central computer b. is an Internet facility that links user sites locally and around the world. bridges and gateways connect one workstation with another workstation b. defines the path to a facility or file on the web. the functions of the central site are taken over by a designated workstation 2. for centralized databases only c. In a star topology. A star topology is appropriate a. individual workstations cannot function locally and cannot communicate with other workstations d. c. d. the central computer manages and controls data communications among the network nodes. digital signature forging c. is a password-controlled network for private users rather than the general public. the network interface card permits different networks to share data c. ACCOUNTING 503-Auditing in CIS Environment ASSIGNMENT 1. file servers permit software and data to be shared with other network users d. a smurf attack e. none of the above is true. One advantage of network technology is a. when the central site fails a. 99. distributes both data and processing tasks to the server’s node. client/server topology 100.

d. d. 7. all nodes are of equal status. is a low-level encryption scheme used to secure transmissions in HTTP format. b. is used to transfer text files. Which of the following statements is correct? TCP/IP a. the network consists of a central computer which manages all communications between nodes b. . FTP a. IP spoofing a. is the document format used to produce Web pages. c. has a host computer connected to several levels of subordinate computers c. spreadsheets. is the document format used to produce Web pages. is a low-level encryption scheme used to secure transmissions in higher-level () format.d. It will resolve itself when the primary computer completes processing its transaction and releases the IP address needed by other users. combines the messages of multiple users into a “spoofing packet” where the IP addresses are interchanged and the messages are then distributes randomly among the targeted users. spreadsheets. Which one of the following statements is correct? a. is a low-level encryption scheme used to secure transmissions in higher-level () format. may take the form of either a SYN flood or smurf attack c. Cookies are text files and never contain encrypted data. 10. c. e. d. In a ring topology a. programs. is a form of masquerading to gain unauthorized access to a web server. 9. e. and databases across the Internet. d. is used to connect to Usenet groups on the Internet is used to transfer text files. HTML a. when the central database does not have to be concurrent with the nodes 4. c. is used to establish temporary connections between network devices with different IP addresses for the duration of a communication session. is a temporary phenomenon that disrupts transaction processing. b. is the basic protocol that permits communication between Internet sites. information processing units rarely communicate with each other 5. A distributed denial of service (DDoS) attack a. which are distributed across the internet d. controls Web browsers that access the WWW. programs. Cookies always contain encrypted data. is used to connect to Usenet groups on the Internet. controls Web browsers that access the Web. b. is more intensive that a Dos attack because it emanates from single source b. controls Web browsers that access the Web. none of the above is correct 6. responsibility for managing communications is distributed among the nodes d. is so named because it effects many victims simultaneously. turns the target victim's computers into zombies that are unable to access the Internet e. c. and databases across the Internet. c. b. Cookies contain the URLs of sites visited by the user. b. is the file format used to produce Web pages. 8.

data attribution d. data retrieval 17. allows digital messages to be sent over analog telephone lines 14. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users. is used to connect to Usenet groups on the Internet d. A digital signature is a. digital signature forging c. the encrypted mathematical value of the message sender’s name b. d. b. c. Which of the following statements is correct? a. URL masquerading 12. d. c. c. and databases across the Internet. is a low-level encryption scheme used to secure transmissions in higher-level () format. Internet protocol spoofing d. data storage c. is the unique address that every computer node and host attached to the Internet must have. e. is the document format used to produce Web pages. is used to transfer text files. is the address of the protocol rules and standards that governing the design of internet hardware and software. The decision to partition a database assumes that no identifiable primary user exists in the organization. An IP Address: a. 16. is represented by a 64-bit data packet. the packet is disassembled into the individual messages and distributed to the intended users. defines the path to a facility or file on the web. programs. the computed digest of the sender’s digital certificate d. none of the above is true. All of the following are basic data management tasks except a. Web browsers cannot function without cookies. 15. HTTP a.d. 13. 11. a denial of service attack b. b. The task of searching the database to locate a stored record for processing is called . A deadlock is a temporary phenomenon that disrupts transaction processing. A message that is made to look as though it is coming from a trusted source but is not is called a. Packet switching combines the messages of multiple users into a “packet” for transmission. controls Web browsers that access the Web. spreadsheets. b. At the receiving end. derived from the digest of a document that has been encrypted with the sender’s private key c. Packet switching is used to establish temporary connections between network devices for the duration of a communication session. e. data deletion b.

by direct query b. the schema b. the conceptual database 22. restricting access to data to the primary user c. data deletion data storage data attribution data retrieval 18.a. Which of the following is not a problem usually associated with the flat-file approach to data management? a. Which of the following is not a responsibility of the database management system? a. Which of the following is not one of the components? a. provide an interface between the users and the physical database b. multiple storage procedures c. by constantly interacting with systems programmers d. data sharing b. data storage d. the physical database d. the user view d. The data definition language . currency of information 19. constant production of backups d. A description of the physical arrangement of records in the database is a. data redundancy d. by developing operating software c. provide security against a natural disaster c. the inability to determine what data is available 21. b. ensure that the internal schema and external schema are consistent d. Which of the following may provide many distinct views of the database? a. the conceptual view 25. excessive storage costs 20. all of the above 26. the external view 24. the subschema d. c. the database management system b. The textbook refers to four interrelated components of the database concept. data redundancy b. authorize access to portions of the database 23. the database sdministrator c. d. the internal view b. Which characteristic is associated with the database approach to data management? a. the ability to process data without the help of a programmer b. the conceptual view c. the ability to control access to the data c. Users access the database a. Which characteristic is not associated with the database approach to data management? a. the internal view c.

the user’s view of the physical database is the same as the physical database b. relation 32. an owner (parent) record may own just one member (child) record d. only one-to-many relationships can be supported 34. data is represented on two-dimensional tables d. In the relational database model a. and files that comprise the database b. to design the subschema 30. Which duty is not the responsibility of the database administrator? a. a virtual table exists in the form of rows and columns of a table stored on the disk d. describes every data element in the database 27. a member (child) record may have more than one owner (parent) 31. identifies. a new table can be built by joining two tables d. Which term is not associated with the relational database model? a. permits users to process data in the database without the need for conventional programs d. to design application programs d. data can be extracted from specified rows from specified tables c. collision d. data is represented as a tree structure 33. transfers data to the buffer area for manipulation c. The data manipulation language a. to develop and maintain the data dictionary b. is written in a fourth-generation language b. data is presented to users as tables b. tuple b. defines the database to the database management system b. a programming language (COBOL) is used to create a user’s view of the database 35. users perceive that they are manipulating a single table c. enables application programs to interact with and manipulate the database d. for the database management system. attribute c. In a hierarchical model a. links between related records are implicit b. records. the way to access data is by following a predefined data path c. relationships are explicit b. to implement security controls c. In a relational database a. In the relational database model all of the following are true except a. Which statement is not correct? A query language like SQL a. requires user familiarity with COBOL c. allows users to retrieve and modify data d. describes every data element in the database 28. reduces reliance on programmers 29. the names and relationships of all data elements.a. the user perceives that files are linked using pointers c. inserts database commands into application programs to enable standard programs to interact with and manipulate the database c. Which of the following is not a common form of conceptual database model? .

query language b. c. none of the above 42. 37. data redundancy b.a. partitioned database b. data transmission volume is increased c. All of the following are elements of the DBMS which facilitate user access to the database except a. response time is improved d. there exists a high degree of data sharing and no primary user c. hierarchical network sequential relational 36. d. b. implementing concurrency controls 41. Which procedure will prevent two end users from accessing the same data element at the same time? a. networked database d. all are levels or views of the database 39. The DBMS is special software that is programmed to know which data elements each user is authorized to access. current. using a lockout procedure c. there is minimal data sharing among information processing units b. What control maintains complete. b. An example of a distributed database is a. c. centralized database c. replicating the database d. all are examples of distributed databases 40. Which statement is false? a. d. The DBMS does not control access to the database. risk of destruction of entire database is reduced 43. the DBMS periodically makes backup copies of the physical database. most data sharing consists of read-write transactions 44. user control is enhanced b. there is no risk of the deadlock phenomenon d. The advantages of a partitioned database include all of the following except a. data definition language 38. data access language c. During processing. partitioning the database b. data manipulation language d. data replication c. internal view d. A replicated database is appropriate when a. data lockout d. user view b. User programs send requests for data to the DBMS. Data currency is preserved in a centralized database by a. and consistent data at all information processing units? a. Which of the following is a level of the database that is defined by the data definition language? a. deadlock control . schema c.

When creating and controlling backups for a sequential batch system. Which backup technique is most appropriate for sequential batch systems? a. replication control c. backup files can never be used for scratch files d. may result in data lockout d. is a security issue in partitioned databases b. checkpoint b. the number of backup versions retained depends on the amount of data in the file b. off-site backups are not required c. the greater the number of backup versions 49. Which of the following is not a basic database backup and recovery feature? a. In a direct access file system a. inspecting biometric controls b. transaction log d. processing a transaction file against a maser file creates a backup file c. ensuring that authorized users access only those files they need to perform their duties d. database authorization table c. partitioning can reduce losses in case of disaster 47. if the master file is destroyed. transaction processing response time is improved d. All of the following tests of controls will provide evidence that access to the data files is limited except a. gateway control 45. staggered backup approach c. database authority table 52. verifying that unauthorized users cannot access data files 53. deadlocks are eliminated c.b. grandparent-parent-child approach b. passwords d. files are backed up immediately before an update run d. it cannot be reconstructed 50. concurrency control d. is implemented using time stamping c. voice prints 51. intermittent backup 48. reconciling program version numbers . direct backup d. backup database c. the more significant the data. antivirus software b. Audit objectives for the database management system include all of the following except a. Data concurrency a. Which of the following is not an access control in a database system? a. occurs when a deadlock is triggered 46. remote site. increased user control by having the data stored locally b. a. confirming that backup procedures are adequate c. verifying that the security group monitors and reports on fault tolerance violations b. backups are created using the grandfather-father-son approach b. All of the following are advantages of a partitioned database except a.

database schema. application listing. 56. the source program library stores application programs in source code form c. program testing c. user view.c. e. the source program library management system increases operating efficiency 60. testing c. using passwords to limit access to application programs b. Which test of controls will provide evidence that the system as originally implemented was free from material errors and free from fraud? Review of the documentation indicates that a. attempting to retrieve unauthorized data via inference queries 54. documentation updates b. Which control is not associated with new systems development activities? a. Recovery Operations Function c. formal authorization d. user involvement d. internal audit approval 59. user manual. inference controls 55. comparing job descriptions with access privileges stored in the authority table d. biometric controls b. assigning a test name to all programs undergoing maintenance c. backup controls d. Computer Services Function 62. Which control ensures that production files cannot be accessed without specific permission? a. the detailed design was an appropriate solution to the user's problem c. not the full system . assigning version numbers to programs to record program modifications 61. encryption controls c. a cost-benefit analysis was conducted b. Which control is not a part of the source program library management system? a. d. Which statement is correct? a. Database Management System b. internal audit participation 57. Program testing a. modifications are made to programs in machine code language d. operating system. involves individual modules only. reconciling program version numbers b. Which of the following is not a test of access controls? a. Source Program Library Management System d. compiled programs are very susceptible to unauthorized modification b. combining access to the development and maintenance test libraries d. The database attributes that individual users have permission to access are defined in a. problems detected during the conversion period were corrected in the maintenance phase 58. tests were conducted at the individual module and total system levels prior to implementation d. c. Routine maintenance activities require all of the following controls except a. b.

prototype level 69. development time is reduced c. the system designer 70. ensure incompatible functions have been identified and segregated 65. the project manager c. elementary level 66. An audit objective for systems maintenance is to verify that user requests for maintenance reconcile to program version numbers. is a top-down approach b. is primarily concerned with usability 63. starts with an abstract description of the system and redefines it to produce a more detailed description of the system 67. a user representative d. intermediate level d. requires creation of meaningful test data c. conceptual level b. d. The benefits of the object-oriented approach to systems design include all of the following except a. Evaluators of the detailed feasibility study should not include a. intermediate level d. system maintenance activities are simplified 68. An audit objective for systems maintenance is to ensure that the production libraries are protected from unauthorized access. need not be repeated once the system is implemented d. An audit objective for systems maintenance is to detect unauthorized access to application databases. context level b. the internal auditor b. this approach does not require input from accountants and auditors b. When the auditor reconciles the program version numbers. operational feasibility study b. Which statement is not correct? The structured design approach a. 64. protect production libraries from unauthorized access d. protect applications from unauthorized changes b. is documented by data flow diagrams and structure diagrams c. schedule feasibility study . a standard module once tested does not have to be retested until changes are made d. b. context level c. assembles reusable modules rather than creating systems from scratch d. ensure applications are free from error c.Which level of a data flow diagram is used to produce program code and database tables? a. A cost-benefit analysis is a part of the detailed a.b. Which is not a level of a data flow diagram? a. c. which audit objective is being tested? a. An audit objective for systems maintenance is to ensure that applications are free from errors. elementary level c. Which statement is not true? a.

c. input screen formats b. programs. systems design 73. systems analysis report 77. site preparation d. hardware acquisition b. tested. A commercial software system that is completely finished. end users c. is significantly less expensive than a system developed in-house d. report layouts d. Which type of documentation shows the detailed relationship of input files. economic feasibility study 71. The detailed design report contains all of the following except a. comparison of the results of a benchmark problem 76. and ready for implementation is called a a. System documentation is designed for all of the following groups except a. contact with user groups c. Which step is least likely to occur when choosing a commercial software package? a. process logic 78. vendor-supported system c. Examples of one-time costs include all of the following except a. and output files? a. programming 72. can be easily modified to the user’s exact specifications c. fully documented system report b. structure diagrams b. backbone system b. can be installed faster than a custom system b. data conversion c. alternative conceptual designs c. preparation of a request for proposal d. systems designers and programmers b. personnel costs d. insurance c. systems selection report c. is less likely to have errors than an equivalent system developed in-house 75. legal feasibility study d. detailed system design report d. Which of the following is not an advantage of commercial software? Commercial software a. benchmark system d. accountants d. The output of the detailed design phase of the Systems Development Life Cycle (SDLC) is a a. all of the above require systems documentation 79. a detailed review of the source code b. overview diagram . Examples of recurring costs include a. turnkey system 74. software acquisition b.

more efficient operations . a list of all master files used in the system d. validating the database c.c. explanation of error messages 81. programming costs 86. Typical contents of a run manual include all of the following except a. data coupling cutover 84. data conversion costs d. a list of required hardware devices 82. The testing of individual program modules is a part of a. backing up the original files 83. Computer operators should have access to all of the following types of documentation except a. freight charges c. reconciliation of new and old databases d. a program code listing c. phased cutover c. decomposing the system b. file requirements d. a recurring cost b. system flowchart d. reinforcement of the building floor 85. which cutover method is the most conservative? a. expansion into other markets b. a data conversion cost c. more current information c. reduction in supplies and overhead c. a systems design cost d. parallel operation cutover d. a list of users who receive output b. Site preparation costs include all of the following except a. An example of an intangible benefit is a. the costs associated with transferring data from one storage medium to another is an example of a. When converting to a new system. program flowchart 80. cold turkey cutover b. reduced inventories d. software acquisition costs b. Which task is not essential during a data conversion procedure? a. faster response to competitor actions 88. a programming cost 87. An example of a tangible benefit is a. crane used to install equipment b. When implementing a new system. supplies d. run schedule b. increased customer satisfaction b. logic flowchart c. systems design costs c.

surveying the current system c. might decrease costs d. Which technique is least likely to be used to quantify intangible benefits? a. programming and testing d. does not include a review of the current system c. the systems selection report c. Intangible benefits a. results in a formal project schedule b. specify requirements for the new system c. it pinpoints the causes of the current problems d. can be measured and expressed in financial terms b. is performed by the internal auditor 95. The formal product of the systems evaluation and selection phase of the Systems Development Life Cycle is a.d. Systems analysis involves all of the following except a. the detailed system design d. insurance c. data conversion 94. are of relatively little importance in making information system decisions c. Typically a systems analysis a. the systems plan 93. all of the above 90. it highlights elements of the current system that are worth preserving c. all of the above are advantages of surveying the current system 96. A disadvantage of surveying the current system is a. A tangible benefit a. gathering facts b. do not lend themselves to manipulation 91. are sometimes estimated using customer satisfaction surveys d. might increase revenues c. are easily measured b. reduced equipment maintenance 89. the report of systems analysis b. redesigning bottleneck activities d. One time costs include all of the following except a. identifies user needs and specifies system requirements d. review of accounting transaction data 92. professional judgment d. identify user needs b. site preparation b. formally state the goals and objectives of the system . when measured. reviewing key documents 97. it constrains the generation of ideas about the new system b. simulation models c. The systems analysis report does not a. opinion surveys b.

The role of the steering committee includes a. ensure mandated procedures are part of the design 100. users’ needs and requirements for the new system d. resolving conflicts that arise from a new system c. approving the accounting procedures to be implemented . After the systems analysis phase of the System Development Life Cycle (SDLC) is complete. the conceptual design of the new system b. suggest inclusion of advanced audit features d.d. an evaluation of the new system c. a comparison of alternative implementation procedures for the new system 99. The accountant’s role in systems analysis includes all of the following except a. prepare data gathering questionnaires c. specify audit trail requirements b. the company will have a formal systems analysis report on a. specify the system processing methods 98. selecting the programming techniques to be used d. designing the system outputs b.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.