Professional Documents
Culture Documents
Model Answers Part 4
Model Answers Part 4
QUESTION 2 25 MARKS
2.1 Access Controls 10 Marks
Reference: Adams, Diale and Richard (2019: 8/12-8/17)
Access controls:
− The terminals should be situated in such a manner that only staff members have access
thereto. (1)
− Each user should be assigned a unique user ID and password that should be contained in
the access table of the operating system. (1)
− The access table/ user matrixes should define each user’s access privileges according to
the least privilege principle – i.e. only grant access to a user for those applications that he
requires in order to perform his duties. (1)
− Only Mr Dliale should have access to the access table in order to change a user’s privileges.
(1)
− Upon logging in the user should be authenticated by means of a password that is: (1)
• Unique (1)
• Confidential (1)
• Changed regularly (1)
− The system should also provide for:
• Automatic shutdown in the event of illegal access attempts (e.g. no more than 3 incorrect
password attempts) (1)
• Time-out facilities (shutdown or password controlled screen savers) in the event of non-
activity for a period of 3 minutes. (1)
− Automatic logging of all access and access violations. (1)
− These logs should be reviewed on a daily basis by Mr Dliale. (1)
− Only Mr Dliale should have access privileges to these logs (1)
− Encryption of confidential information, for example, passwords. (1)
Comment
There are not too many disadvantages. This is mainly because the software development industry
is highly competitive, which has resulted in an explosion of packages on the market covering
virtually every industry. The packages are of high quality, fully debugged and very reliable.
11
2.3. Advantage of packaged software 3 Marks
2.5 Programmed application controls that you would expect to find to ensure that all
valid restaurant sales are captured accurately and completely 10 Marks
• Size checks detect when the field does not conform to preset size limits. (1)
• Mandatory field/missing data checks detect blanks where none should exist; if a
quantity is not entered in a quantity field on an internal sales order, data capture
cannot continue. (1)
• Valid character and sign check. The letters, digits or signs entered in a field are
checked against valid characters or signs for that field, for example a minus sign (–)
could not be entered in a quantity order field. (1)
• Dependency tests eg. Sales only accepted if waitress code is entered (any other valid
examples). (1)
• Field size tests eg. On table number (or other valid examples). (1)
12
AUE2602/201/1/2021
Completeness
• Missing data check on key entry fields. (1)
• Use of appropriate screen design and screen prompts. (1)
• Sequential pre-numbering of invoices. (1)
• Control totals (any valid example) (1)
• Exception reports (any valid example) eg. On missing entry fields. (1)
QUESTION 1 50 MARKS
13