Information Technology Auditing 4th

Edition James A Hall- Test Bank

To Purchase this Complete Test Bank with Answers Click the

link Below

https://tbzuiqe.com/product/information-technology-auditing-4th-edition-james-a-hall-test-bank/

If face any problem or Further information contact us At tbzuiqe@gmail.com

Sample Test
Chapter 3—Security Part I: Auditing Operating Systems and
Networks
 
TRUE/FALSE
 

1. In a computerized environment, the audit trail log must be

printed onto paper documents.

 
ANS:  F                    PTS:   1
 

2. Disguising message packets to look as if they came from

another user and to gain access to the host’s network is
called spooling.
 
ANS:  F                    PTS:   1
 

3. A formal log-on procedure is the operating system’s last

line of defense against unauthorized access.

 
ANS:  F                    PTS:   1
 

4. Computer viruses usually spread throughout the system

before being detected.

 
ANS:  T                    PTS:   1
 

5. A worm is software program that replicates itself in areas

of idle memory until the system fails.

 
ANS:  T                    PTS:   1
 

6. Viruses rarely attach themselves to executable files.

 
ANS:  F                    PTS:   1
 
 
 7. Operating system controls are of interest to system
professionals but should not concern accountants and
auditors.

 
ANS:  F                    PTS:   1
 

8. The most frequent victims of program viruses are

microcomputers.

 
ANS:  T                    PTS:   1
 
 

9. Audit trails in computerized systems are comprised of two

types of audit logs: detailed logs of individual keystrokes
and event-oriented logs.

 
ANS:  T                    PTS:   1
 

10. In a telecommunications environment, line errors can

be detected by using an echo check.

 
ANS:  T                    PTS:   1
 
 
 
 

11. The message authentication code is calculated by

the sender and the receiver of a data transmission.

 
ANS:  T                    PTS:   1
 

12. The request-response technique should detect if a

data communication transmission has been diverted.

 
ANS:  T                    PTS:   1
 

13. Electronic data interchange translation software

interfaces with the sending firm and the value added
network.

 
ANS:  F                    PTS:   1
 

14. A value added network can detect and reject

transactions by unauthorized trading partners.

 
ANS:  T                    PTS:   1
 

15. Electronic data interchange customers may be given

access to the vendor’s data files.

 
ANS:  T                    PTS:   1
 

16. The audit trail for electronic data interchange

transactions is stored on magnetic media.

 
ANS:  T                    PTS:   1
 

17. A firewall is a hardware partition designed to protect

networks from power surges.

 
ANS:  F                    PTS:   1
 

18. To preserve audit trails in a computerized

environment, transaction logs are permanent records of
transactions.

 
ANS:  T                    PTS:   1
 

19. The network paradox is that networks exist to

provide user access to shared resources while one of its
most important objectives is to control access.

 
ANS:  T                    PTS:   1
 
 20. IP spoofing is a form of masquerading to gain
unauthorized access to a Web server.

 
ANS:  T                    PTS:   1
 

21. The rules that make it possible for users of networks

to communicate are called protocols.

 
ANS:  T                    PTS:   1
 

22. A factor that contributes to computer crime is the

reluctance of many organizations to prosecute criminals
for fear of negative publicity.

 
ANS:  T                    PTS:   1

23. Because of network protocols, users of networks

built by different manufacturers are able to communicate
and share data.

 
ANS:  T                    PTS:   1
 

24. The client-server model can only be applied to ring

and star topologies.

 
ANS:  F                    PTS:   1
 

25. Only two types of motivation drive DoS attacks:  1)

to punish an organization with which the perpetrator had
a grievance; and 2) to gain bragging rights for being able
to do it.

 
ANS:  F                    PTS:   1
 

26. The bus topology connects the nodes in parallel.

 
ANS:  T                    PTS:   1
 

27. A network topology is the physical arrangement of

the components of the network.

 
ANS:  T                    PTS:   1
 

28. A digital signature is a digital copy of the sender’s

actual signature that cannot be forged.

 
ANS:  F                    PTS:   1
 

29. A smurf attack involves three participants: a zombie,

an intermediary, and the victim.

 
ANS:  F                    PTS:   1
 

30. In a hierarchical topology, network nodes

communicate with each other via a central host
computer.

 
ANS:  T                    PTS:   1
 

31. Polling is one technique used to control data

collisions.

 
ANS:  T                    PTS:   1
 

32. The more individuals that need to exchange

encrypted data, the greater the chance that the key will
become known to an intruder.  To overcome this problem,
private key encryption was devised.

 
ANS:  F                    PTS:   1
 

33. A ping is used to test the state of network

congestion and determine whether a particular host
computer is connected and available on the network.

 
ANS:  T                    PTS:   1
 
 
 

34. HTML tags are customized to delimit attributes, the

content of which can be read and processed by computer
applications.

 
ANS:  F                    PTS:   1
 
 
MULTIPLE CHOICE
 

1. The operating system performs all of the following tasks

except

a. translates third-generation languages into machine language

b. assigns memory to applications

c. authorizes user access

d. schedules job processing

 
 
ANS:  C                    PTS:   1
 

2. Which of the following is considered an unintentional

threat to the integrity of the operating system?
a. a hacker gaining access to the system because of a security flaw

b. a hardware flaw that causes the system to crash

c. a virus that formats the hard drive

d. the systems programmer accessing individual user files

 
 
ANS:  B                    PTS:   1
 

3. A software program that replicates itself in areas of idle

memory until the system fails is called a

a. Trojan horse

b. worm

c. logic bomb

d. none of the above

 
 
ANS:  B                    PTS:   1
 

4. A software program that allows access to a system

without going through the normal logon procedures is
called a

a. logic bomb
b. Trojan horse

c. worm

d. back door

 
 
ANS:  D                    PTS:   1
 

5. All of the following will reduce the exposure to computer

viruses except

a. install antivirus software

b. install factory-sealed application software

c. assign and control user passwords

d. install public-domain software from reputable bulletin boards

 
 
ANS:  D                    PTS:   1
 
 
 
 
 
 
 
 6. Hackers can disguise their message packets to look as if
they came from an authorized user and gain access to the
host’s network using a technique called

a. spoofing.

b. spooling.

c. dual-homed.

d. screening.

 
 
ANS:  A                    PTS:   1
 
 

7. Passwords are secret codes that users enter to gain

access to systems. Security can be compromised by all of
the following except

a. failure to change passwords on a regular basis

b. using obscure passwords unknown to others

c. recording passwords in obvious places

d. selecting passwords that can be easily detected by computer crimi

 
 
ANS:  B                    PTS:   1
 
 8. Which control will not reduce the likelihood of data loss
due to a line error?

a. echo check

b. encryption

c. vertical parity bit

d. horizontal parity bit

 
 
ANS:  B                    PTS:   1
 

9. Which method will render useless data captured by

unauthorized receivers?

a. echo check

b. parity bit

c. public key encryption

d. message sequencing

 
 
ANS:  C                    PTS:   1
 

10. Which method is most likely to detect unauthorized

access to the system?
a. message transaction log

b. data encryption standard

c. vertical parity check

d. request-response technique

 
 
ANS:  A                    PTS:   1
 

11. All of the following techniques are used to validate

electronic data interchange transactions except

a. value added networks can compare passwords to a valid customer

prior to converting the message, the translation software of the rec

b.
password against a validation file in the firm’s database

c. the recipient’s application software can validate the password prior

d. the recipient’s application software can validate the password afte

 
 
ANS:  D                    PTS:   1
 
 

12. All of the following tests of controls will provide

evidence that adequate computer virus control
techniques are in place and functioning except
a. verifying that only authorized software is used on company comput

b. reviewing system maintenance records

c. confirming that antivirus software is in use

d. examining the password policy including a review of the authority t

 
 
ANS:  B                    PTS:   1
 

13. Audit objectives for communications controls include

all of the following except

a. detection and correction of message loss due to equipment failure

b. prevention and detection of illegal access to communication chann

c. procedures that render intercepted messages useless

d. all of the above

 
 
ANS:  D                    PTS:   1
 

14. When auditors examine and test the call-back

feature, they are testing which audit objective?

a. incompatible functions have been segregated

b. application programs are protected from unauthorized access

c. physical security measures are adequate to protect the organizatio

d. illegal access to the system is prevented and detected

 
 
ANS:  D                    PTS:   1
 

15. In an electronic data interchange (EDI) environment,

when the auditor compares the terms of the trading
partner agreement against the access privileges stated in
the database authority table, the auditor is testing which
audit objective?

a. all EDI transactions are authorized

b. unauthorized trading partners cannot gain access to database reco

c. authorized trading partners have access only to approved data

d. a complete audit trail is maintained

 
 
ANS:  C                    PTS:   1
 

16. In determining whether a system is adequately

protected from attacks by computer viruses, all of the
following policies are relevant except
a. the policy on the purchase of software only from reputable vendors

b. the policy that all software upgrades are checked for viruses before

c. the policy that current versions of antivirus software should be ava

d. the policy that permits users to take files home to work on them

 
 
ANS:  D                    PTS:   1
 

17. In an electronic data interchange environment,

customers routinely

a. access the vendor’s accounts receivable file with read/write author

b. access the vendor’s price list file with read/write authority

c. access the vendor’s inventory file with read-only authority

d. access the vendor’s open purchase order file with read-only authori

 
 
ANS:  C                    PTS:   1
 

18. In an electronic data interchange environment, the

audit trail

a. is a printout of all incoming and outgoing transactions

b. is an electronic log of all transactions received, translated, and pro

c. is a computer resource authority table

d. consists of pointers and indexes within the database

 
 
ANS:  B                    PTS:   1
 
 

19. All of the following are designed to control exposures

from subversive threats except

a. firewalls

b. one-time passwords

c. field interrogation

d. data encryption

 
 
ANS:  C                    PTS:   1
 

20. Many techniques exist to reduce the likelihood and

effects of data communication hardware failure. One of
these is

a. hardware access procedures

b. antivirus software

c. parity checks

d. data encryption

 
 
ANS:  C                    PTS:   1
 

21. Which of the following deal with transaction

legitimacy?

a. transaction authorization and validation

b. access controls

c. EDI audit trail

d. all of the above

 
 
ANS:  D                    PTS:   1
 

22. Firewalls are

a. special materials used to insulate computer facilities

b. a system that enforces access control between two networks

c. special software used to screen Internet access

d. none of the above

 
 
ANS:  B                    PTS:   1
 
 

23. Which of the following is true?

Deep Packet Inspection uses a variety of analytical and statistical t

a. message packets.

An Intrusion prevention system works in parallel with a firewall at t

b.
filer that removes malicious packets from the flow before they can

A distributed denial of service attack is so named because it is cap

c.
simultaneously who are distributed across the internet.

d. None of the above are true statements.

 
 
ANS:  A                    PTS:   1

24. A system of computers that connects the internal

users of an organization that is distributed over a wide
geographic area is a(n)

a. LAN

b. decentralized network

c. multidrop network
d. Intranet

 
ANS:  D                    PTS:   1
 

25. Network protocols fulfill all of the following

objectives except

a. facilitate physical connection between network devices

b. provide a basis for error checking and measuring network performa

c. promote compatibility among network devices

d. result in inflexible standards

 
ANS:  D                    PTS:   1
 

26. To physically connect a workstation to a LAN

requires a

a. file server

b. network interface card

c. multiplexer

d. bridge

 
ANS:  B                    PTS:   1
 

27. Packet switching

combines the messages of multiple users into one packet for transm
a. is disassembled into the individual messages and distributed to the

is a method for partitioning a database into packets for easy acces

b.
exists in the organization.

is used to establish temporary connections between network devic

c.
session.

is a denial of service technique that disassembles various incoming

d.
packages and then reassembles them in random order to create a u

 
ANS:  C                    PTS:   1
 
 

28. A virtual private network:

a.  is a password-controlled network for private users rather than the

b.  is a private network within a public network.

c.  is an Internet facility that links user sites locally and around the w

d.  defines the path to a facility or file on the web.

e.  none of the above is true.

 
ANS:  B                    PTS:   1
 
 
 

29. A ping signal is used to initiate

a.  URL masquerading

b.  digital signature forging

c.  Internet protocol spoofing

d.  a smurf attack

e.  none of the above is true

 
ANS:  D                    PTS:   1
 

30. In a star topology, when the central site fails

a. individual workstations can communicate with each other

b. individual workstations can function locally but cannot communica

c. individual workstations cannot function locally and cannot commun

d. the functions of the central site are taken over by a designated wor

 
ANS:  B                    PTS:   1
 
 31. Which of the following statements is correct? The
client-server model

is best suited to the token-ring topology because the random-acces

a. data collisions.

b. distributes both data and processing tasks to the server’s node.

c. is most effective used with a bus topology.

d. is more efficient than the bus or ring topologies.

 
ANS:  B                    PTS:   1
 

32. A star topology is appropriate

a. for a wide area network with a mainframe for a central computer

b. for centralized databases only

c. for environments where network nodes routinely communicate with

d. when the central database does not have to be concurrent with the

 
ANS:  A                    PTS:   1
 

33. In a ring topology

a. the network consists of a central computer which manages all com

b. has a host computer connected to several levels of subordinate com

c. all nodes are of equal status; responsibility for managing communic

d. information processing units rarely communicate with each other

 
ANS:  C                    PTS:   1
 
 
 
 
 
 

34. A distributed denial of service (DDoS) attack

a. is more intensive that a Dos attack because it emanates from singl

b. may take the form of either a SYN flood or smurf attack

c. is so named because it effects many victims simultaneously, which

d. turns the target victim’s computers into zombies that are unable to

ANS:  B                    PTS:   1

 
 

35. Which of the following statements is correct? TCP/IP

a. is the basic protocol that permits communication between Internet

b. controls Web browsers that access the WWW.

c. is the file format used to produce Web pages.

d. is a low-level encryption scheme used to secure transmissions in H

 
ANS:  A                    PTS:   1
 

36. FTP

a. is the document format used to produce Web pages.

b. controls Web browsers that access the Web.

c. is used to connect to Usenet groups on the Internet

d. is used to transfer text files, programs, spreadsheets, and database

e. is a low-level encryption scheme used to secure transmissions in hi

 
ANS:  D                    PTS:   1
 

37. IP spoofing

combines the messages of multiple users into a “spoofing packet” w

a. and the messages are then distributes randomly among the targete

b. is a form of masquerading to gain unauthorized access to a web ser

is used to establish temporary connections between network devic

c.
duration of a communication session.

d. is a temporary phenomenon that disrupts transaction processing. It

 computer completes processing its transaction and releases the IP

 
ANS:  B                    PTS:   1
 
 

38. HTML

a. is the document format used to produce Web pages.

b. controls Web browsers that access the Web.

c. is used to connect to Usenet groups on the Internet.

d. is used to transfer text files, programs, spreadsheets, and database

e. is a low-level encryption scheme used to secure transmissions in hi

 
ANS:  A                    PTS:   1
 
 
 

39. A message that is made to look as though it is

coming from a trusted source but is not is called

a. a denial of service attack

b. digital signature forging

c. Internet protocol spoofing

d. URL masquerading

 
ANS:  C                    PTS:   1
 

40. An IP Address:

a. defines the path to a facility or file on the web.

b. is the unique address that every computer node and host attached

c. is represented by a 64-bit data packet.

is the address of the protocol rules and standards that governing th

d.
software.

 
ANS:  B                    PTS:   1
 
 

41. A digital signature is

a. the encrypted mathematical value of the message sender’s name

b. derived from the digest of a document that has been encrypted with

c. the computed digest of the sender’s digital certificate

d. allows digital messages to be sent over analog telephone lines

 
ANS:  B                    PTS:   1
 

42. HTTP

a. is the document format used to produce Web pages.

b. controls Web browsers that access the Web.

c. is used to connect to Usenet groups on the Internet

d. is used to transfer text files, programs, spreadsheets, and database

e. is a low-level encryption scheme used to secure transmissions in hi

 
ANS:  B                    PTS:   1
 

43. Which of the following statements is correct?

Packet switching combines the messages of multiple users into a “

a. receiving end, the packet is disassembled into the individual messa
users.

b. The decision to partition a database assumes that no identifiable pr

Packet switching is used to establish temporary connections betwe

c.
communication session.

A deadlock is a temporary phenomenon that disrupts transaction pr

d.
primary computer completes processing its transaction and release

 
ANS:  C                    PTS:   1
 
SHORT ANSWER
 

1. What is a virus?

 
ANS:
A virus is a program that attaches itself to another legitimate
program in order to penetrate the operating system.
 
PTS:   1
 

2. List three methods of controlling unauthorized access to

telecommunication messages.

 
ANS:
call-back devices, data encryption, message sequence
numbering, message authentication codes, message
transaction logs, and request-response technique
 
PTS:   1
 

3. What are some typical problems with passwords?

 
ANS:
users failing to remember passwords; failure to change
passwords frequently; displaying passwords where others can
see them; using simple, easy-to-guess passwords
 
PTS:   1
 

4. Discuss the key features of the one-time password

technique:

 
ANS:
The one-time password was designed to overcome the
problems associated with reusable passwords.
The user’s password changes continuously.
This technology employs a credit card-sized smart card that
contains a microprocessor programmed with an algorithm that
generates, and electronically displays, a new and unique
password every 60 seconds.
The card works in conjunction with special authentication
software located on a mainframe or network server computer.
Each user’s card is synchronized to the authentication
software, so that at any point in time both the smart card and
the network software are generating the same password for
the same user.
 
PTS:   1
 
 

5. What is event monitoring?

 
ANS:
Event monitoring summarizes key activities related to system
resources. Event logs typically record the IDs of all users
accessing the system; the time and duration of a user’s
session; programs that were executed during a session; and
the files, databases, printers, and other resources accessed.
 
PTS:   1
 
 

6. What are the auditor’s concerns in testing EDI controls?

 
ANS:
When testing EDI controls, the auditor’s primary concerns are
related to ascertaining that EDI transactions are authorized,
validated, and in compliance with organization policy, that no
unauthorized organizations gain access to records, that
authorized trading partners have access only to approved data,
and that adequate controls are in place to maintain a complete
audit trail.
 
PTS:   1
 
 

7.   What can be done to defeat a DDoS Attack?

 
ANS:
Intrusion Prevention Systems (IPS) that employ deep packet
inspection (DPI) are a countermeasure to DDoS attacks.
 
PTS:   1
 

8. What is deep packet inspection?

 
ANS:
DPI is a technique that searches individual network packets
for protocol non-compliance and can identify and classify
malicious packets based on a database of known attack
signatures.
 
PTS:   1
 

9. Explain how smurf attacks can be controlled.

 
ANS:
The targeted organization can program their firewall to ignore
all communication from the attacking site, once the attackers
IP address is determined.
 
PTS:   1
 

10. Explain how SYN Flood attacks can be controlled.

 
ANS:
Two things can be done:
 
First, Internet hosts can program their firewalls to block
outbound message packets that contain invalid internal IP
addresses.
 
Second, security software can scan for half-open connections
that have not been followed by an ACK packet. The clogged
ports can then be restored to allow legitimate connections to
use them.
 
PTS:   1
 
 
 
 
 

11. Discuss the private key encryption technique and its

shortcomings.

 
ANS:
To encode a message, the sender provides the encryption
algorithm with the key, which produces the ciphertext
message. This is transmitted to the receiver’s location, where
it is decoded using the same key to produce a cleartext
message. Because the same key is used for coding and
decoding, control over the key becomes an important security
issue. The more individuals that need to exchange encrypted
data, the greater the chance that the key will become known
to an intruder who could intercept a message and read it,
change it, delay it, or destroy it.
 
PTS:   1
 

12. Discuss the public key encryption technique.

 
ANS:
This approach uses two different keys: one for encoding
messages and the other for decoding them. The recipient has a
private key used for decoding that is kept secret. The
encoding key is public and published for everyone to use.
Receivers never need to share private keys with senders,
which reduces the likelihood that they fall into the hands of an
intruder. One of the most trusted public key encryption
methods is Rivest-Shamir-Adleman (RSA). This method is,
however, computationally intensive and much slower than
private key encryption.
 
PTS:   1
 
 
ESSAY
 
 

1. What is an operating system? What does it do? What are

operating system control objectives?

 
ANS:
An operating system is a computer’s control program. It
controls user sharing of applications and resources such as
processors, memory, databases, and peripherals such as
printers. Common PC operating systems include Windows
2000, Windows NT, and Linux.
 
An operating system carries out three primary functions:
translating high level languages into machine language using
modules called compilers and interpreters; allocating
computer resources to users, workgroups, and applications;
and managing job scheduling and multiprogramming.
 
Operating systems have five basic control objectives:

1. to protect itself from users,

2. to protect users from each other,
3. to protect users from themselves,
4. to protect it from itself, and
5. to protect itself from its environment.

 
PTS:   1
 
 
 
 

2. What are the three security objectives of audit trails?

Explain.

 
ANS:
Audit trails support system security objectives in three ways.
By detecting unauthorized access to the system, the audit
trail protects the system from outsiders trying to breach
system controls. By monitoring system performance, changes
in the system may be detected. The audit trail can also
contribute to reconstructing events such as system failures,
security breaches, and processing errors. In addition, the
ability to monitor user activity can support increased personal
accountability.
 
PTS:   1
 

3. Discuss three sources of exposure (threats) to the

operating system.

 
ANS:

1. Privileged personnel who abuse their authority. Systems

administrators and systems programmers require
unlimited access to the operating system to perform
maintenance and to recover from system failures. Such
individuals may use this authority to access users’
programs and data files.
2. Individuals both internal and external to the organization
who browse the operating system to identify and exploit
security flaws.
3. Individuals who intentionally (or accidentally) insert
computer viruses or other forms of destructive programs
into the operating system.

 
PTS:   1
 

4. Discuss three techniques for breaching operating system

controls.

 
ANS:
Browsing involves searching through areas of main memory for
password information.
Masquerading is a technique where a user is made to believe
that he/she has accessed the operating system and therefore
enters passwords, etc., that can later be used for unauthorized
access.
A virus is a program that attaches itself to legitimate software
to penetrate the operating system. Most are destructive.
A worm is software that replicates itself in memory.
A logic bomb is a destructive program triggered by some
“logical” condition–a matching date, e.g., Michelangelo’s
birthday.
 
PTS:   1
 

5. A formal log-on procedure is the operating system’s first

line of defense. Explain how this works.

 
ANS:
When the user logs on, he or she is presented with a dialog box
requesting the user’s ID and password. The system compares
the ID and password to a database of valid users. If the system
finds a match, then the log-on attempt is authenticated. If,
however, the password or ID is entered incorrectly, the log-on
attempt fails and a message is returned to the user. The
message should not reveal whether the password or the ID
caused the failure. The system should allow the user to
reenter the log-on information. After a specified number of
attempts (usually no more than five), the system should lock
out the user from the system.