BOUNDARY CONTROL AND ACCESS CONTROL

1. Access controls allow use of computer system resources to authorize users, limit the
action users can undertake with respect to those resources and ensure that user
obtain only authentic computer resources.
TRUE
2. Three classes of techniques to transform clear-text into cipher-text data:
Transposition ciphers, Substitutions ciphers, Product Ciphers
TRUE
3. Cryptography controls are used extensively throughout the boundary subsystem.
TRUE
4. Data can be inputted by Via keyboard, mouse Touch screen, data is entered directly
to the system.
TRUE
5. Pengendalian keluaran ini merupakan pengendalian aplikasi yang penting, karena
input yang salah, outputnya juga akan salah
FALSE
6. Cryptographic controls protect the privacy of data and prevent authorized
modifications of data.
TRUE
7. Use check digits in secondary key
FALSE
8. Three classes of techniques to transform clear-text into cipher-text data:
Transposition ciphers, Substitutions ciphers, Product Ciphers
TRUE
9. Cryptography controls are used extensively throughout the boundary subsystem.
TRUE
10. Data can be inputted by Via keyboard, mouse Touch screen, data is entered directly
to the system.
TRUE
11. Access control performs three functions: access control authenticate users who
identify themselves to the system, access control authenticate the resources
requested by the users, access control confines users action to those that have been
authorized
FALSE
12. Cryptographic controls protect the privacy of data and prevent authorized
modifications of data.
TRUE
13. A discretionary access policy can be used. As a means of restricting access to objects
based on the identity of subjects and/or groups to which they belong
sebagai media atau alat untuk membatasi akses ke datbase berdasarkan indentias
dari objek dan atau kelompok dimana objek tersebut berada.
14. Access control performs three functions, except
access control mechanism to the computer resources
 15. Access control provides three classes of authentication to access control mechanism,
except
personal belonging
16. Access controls restrict use of computer system resources to authorize users,
limit the action users can undertake with respect to those resources and ensure that
user obtain only authentic computer resources
17. Action Privileges to data resources
All (Read, Modify, Add)
18. Boundary Control have three purposes, except
To allow the action undertaken by users who obtain computer resources to an
authorize set
19. Cryptographic Control cab be used to
protect the integrity of data in the database.
20. Cryptographic Control cab be used to
protect the integrity of data in the database
21. Mandatory Access control Policy
A and B
a. The value of the classification level is then compared against the users clearance
level to determine whether the data item/attribute of record/relation will be
made available to the user
b. Under a mandatory access control policy, classification levels can be assigned to
specific data item, attribute, in a record/relation and to record/relation as a
whole
22. Read, add and modify are action privileges, are they apply in input control
no, in apply in the access control

INPUT CONTROL
1. Input Control ingin memastikan bahwa data sebelum di input akan memenuhi syarat
berikut ini
data transaksi yang valid telah lengkap, terkumpul semuanya serta bebas dari
kesalahan sebelum dilakukan proses pengolahannya.
2. Input control terjadi ketika aplikasi harus memastikan
semua benar (validity and integrity, completeness, terkumpul semuanya)
3. Input control terjadi ketika aplikasi harus memastikan
semua benar (validity and integrity, completeness, terkumpul semuanya)
4. Input data juga mensyaratkan persiapan yaitu:
all option are corrects
a. Input data juga mensyaratkan persiapan yaitu:
b. Verifikasi untuk meyakinkan akurasi
c. Mendistribusikan dari satu tempat ke tempat lain
5. Input data merupakan aktivitas utama dalam suatu sistem informasi berbasis
komputer.
 Untuk meningkatkan akurasinya gunakan barcode dan scanner
6. Application Control Framework antara lain untuk
Pengendalian aplikasi ditujukan untuk meyakinkan bahwa setiap sistem aplikasi
yang digunakan oleh suatu organisasi dapat menjaga asset, memaintain integritas
data dan dapat mencapai tujuan secara efisien dan efektif.
7. Completeness checks
controls ensure records processing from initiation to completion
8. Components in the communication subsystem area responsible for transporting data
among all the other subsystem within a system and for transporting data to or
receiving data from another system
Communication Control
9. Components of input control are responsible for bringing both data and instructions
in to the system, sebutkan 5 cara yang dapat digunakan untuk input
semua benar
a. Data can be inputted directly through online system
b. Via keyboard, mouse Touch screen, data is entered directly to the system
c. Read via some type of screen or optical scanner
10. Input control terjadi ketika aplikasi harus memastikan
semua benar (validity and integrity, completeness, terkumpul semuanya)
11. Input data juga mensyaratkan persiapan yaitu:
all option are corrects
a. Input data juga mensyaratkan persiapan yaitu:
b. Verifikasi untuk meyakinkan akurasi
c. Mendistribusikan dari satu tempat ke tempat lain
12. Input data merupakan aktivitas utama dalam suatu sistem informasi berbasis
komputer.
Untuk meningkatkan akurasinya gunakan barcode dan scanner
13. Instructions are placed on a source document to prevent clerks from filling it out
incorrectly.
Preventive Control
14. Ketika login ke toko online, anda memasukan login ID dan login name, lalu untuk
memastikan yang login adalah anda maka nama anda akan terpampang di laman toko
onine sebagai bukti bahwa anda login dengan benar, Aplikasi melakukan hal ...... untuk
memastikan hal tersebut
Verification
15. Online output
all are corrects
a. Is output that delivery electronically to the terminal employed by a user to gain
access computer
b. Is output that delivery electronically to the terminal employed by a user to gain
access to
c. Is output that delivery electronically to the terminal employed by a user to gain
access to users
16. Groups of transaction that constitute a physical unit
 Physical Batch
17. Data submitted to an application system should be validate as soon as possible after
it has been captured and as close as possible to its source
Validation of Data Input
Validation test applied to the field do not depend on other field within the input
records
Filed Check
18. Range Check
Does data for a field fall within allowed value of range,
Does a field that should contain only alphabetic or numeric contains alphanumeric
Alphabetic/numeric
Is there any missing data in the field?
Missing data/blank

COMMUNICATION CONTROL
1. ................................... is an approach to communications security that encrypts and
decrypts all network traffic at each network routing point (e.g. network switch, or
node through which it passes) until arrival at its final destination.
Link encryption
2. Link encryption is an approach to communications security that encrypts and decrypts
all network traffic at each network routing point (e.g. network switch, or node through
which it passes) until arrival at its final destination. Select one or more:
a. masalah keamanan dalam komunikasi antar network dengan cara enkrip dan
dekrip semua jalur komunikasi hingga pesan sampai di tujuan
b. masalah keamanan dalam komunikasi antar network dengan cara enkrip dan
dekrip semua jalur komunikasi hingga pesan sampai di tujuan dimana file dan
jalur di enkrip dan dekrip selama dalam perjalanan
3. Components in the communication subsystem area responsible for transporting data
among all the other subsystem within a system and for transporting data to or
receiving data from another system
Communication Control
4. As data is transported across a communication subsystem it can be impaired
(diganggu),through
All are correct
a. attenuation (penurunan intensitas),
b. delay (tertunda)
c. distortion (distorsi),
d. and noise (suara gemuruh).
5. Passive attack include unauthorized reading of data and analysis traffic
communication line. Subversive attack include message insertion, message deletion,
message duplication, altering the order of messages, disrupting communication and
establishing spurious association within the communication subsystem
 Exposure
6. One way to reduce expected losses in the communication system is
to................................. that have characteristic which make them reliable and that
incorporate feature or provide controls which mitigate the possible effects of
exposures
choose physical components
7. a reliable Transmission Media
bounded
8. main function of Port Protection
semua benar
a. Permit user to make connection through to the host computer system only from
authorized telephone number
b. Eliminate the telltale modem tone that auto-dialer routine can detect
c. Maintain an audit trail of all successful and unsuccessful attempts
9. Sistem komunikasi komputer yang menggunakan Hub
Star Topology
10. Link Encryption
Protect data transferring between two node
11. Message Sequence number
Detect the change to message order
12. Auditor harus memastikan bahwa sistem pengendalian benar benar ada dan berfungsi
dengan baik, tugas tersebut dipastikan dengan
all are corrects
a. Existence control must be capable of restoring the communication subsystem if
it fails.
b. High quality components should be deployed throughout the network and back-
up should component should be available
c. Hardware and software should be properly maintained
d. High quality test and diagnosis equipment should be available to monitor the
operation of the network

QUIZ PROCESS CONTROL

1. Major Components of Processing Control are
Central Processing on which programs are executed
Real and Virtual memory in which program and data are stored
Operating System that manages system resources
Application program that execute instructions to achieve specific user requirements,
which of the following is not the responsible of Real and Virtual Memory
Manages system resources
2. Sebutkan empa komponen yang terlibat dapat pengendalian proses
CPU, memory dan virtual memory, Operating System, Application
3. Managing data storage is responsible of
Operating System
4. Dalam kontek pengendalian proses, mengapa HP lebih disukai On Terus selama 24
jam, bahkan ketika isi batery HP masih nyala
agar memory HP selalu dalam keadaan siaga karena jika dimatikan kandungan
memory akan hilang
5. An important existence control in the processing subsystem is a checkpoint/restart
facility. Maksudnya adalah
Tempat dimana proses dimulai agar memudahkan proses ulang
6. A reliable operating system achieves five goals, which one is not
It saves operation to an orderly in the main memory
7. Aplikasi akan dapat dioperasikan hanya jika memory HP dalam keadaan On
Benar karena memory menampung program aplikasi yang di operasikan
8. There are four type of threats to operating system integrity, one of its is Privileged
personnel abuse their powers, maksudnya adalah
maksudnya adalah user yang memiliki hak luar biasa menyalahgunakan
kekuasaannya
9. Two type of controls are used to reduce expected looses from errors and irregularities
associated with real memory.
A and B
a. Memory errors can be detected via parity check and hamming codes. Hamming
codes also allow errors to be corrected
b. Access control, which are implemented via boundary registered can be used to
ensure one process does not gain authorized access to the real memory assigned
to another process
10. Sebuah HP memiliki Primary memory sebesar 3 GB dan Secondary memory 64 GB,
artinya adalah
Hanya seondary memory yang dapat menyimpan data secara permanent
11. programs are executed by
Central Processing
12. OS dalam HP berperan sebagai
Manajer
13. ketika HP atau komputer dinyalakan artinya CPU diaktifkan, maka diantara empat
komponen utama pengendalian proses yang akan aktiv setelah CPU adalah
OS
14. Processing control subsystem is responsible for ....................data. except
Stratifying data
15. Four type of controls are used to reduce expected looses from errors and irregularities
associated with the central processor
Are all corrects
a. Error processors can be detected via parity checks or be corrected by attempting
to execute failed instructions again.
b. To prevent irregularities, privileged instruction can be executed only if the
processor is in a supervisor state
c. Timing controls can be used to prevent the processors remaining in an endless
loop because of a program error
 d. Timing controls can be used to prevent the processors remaining in an endless
loop because of a program error

DATABASE CONTROL
1. Database control subsystem responsible for
defining, creating, modifying, deleting and reading data in an information system.
2. database maintains declarative data, relating to the static aspect of real-world object
and their association.
artinya data yang ada dapat mencerminkan keadaanya nyata
3. Tiga komponen utama pengendalian database adalah
semua benar
a. database management system used to manage data
b. application program that perform operation on data
c. central processor and primary storage in which operation are performed
d. central processor and primary storage in which operation are performed
4. Salah satu bentuk pengendalian adalah access control,
artinya mengendalikan askes ke database
5. menolak database untuk diakses oleh berbagai aplikasi
Access control are used in the database subsystem to prevent unauthorized access
to and use of data
6. A discretionary access policy can be used. As a means of restricting access to objects
based on the identity of subjects and/or groups to which they belong
sebagai media atau alat untuk membatasi akses ke datbase berdasarkan indentias
dari objek dan atau kelompok dimana objek tersebut berada
7. Users discretionary access control means
All are corrects
a. Name-dependent access control
b. Content-dependent access control
c. Context dependent restriction
d. History-dependent access
8. Mandatory Access control Policy
A dan B
a. The value of the classification level is then compared against the users clearance
level to determine whether the data item/attribute of record/relation will be
made available to the user
b. Under a mandatory access control policy, classification levels can be assigned to
specific data item, attribute, in a record/relation and to record/relation as a
whole
9. A good database management system will enforce various type of integrity constrains
to maintain the accuracy, completeness an uniqueness of the instances of the
constructs used within the conceptual modeling or data modeling approach use to
structure data in the database.
 arti dari integrity constrains adalah sesuatu yang membatasi atau memaksa agar
tidak terjadi hal hal yang tidak dikehendak
10. Data integrity Violent bisa terjadi karena
All are corrects
a. Data integrity can be violated when two process are allowed to concurrent
access to a data item
b. One process could read and update a data item at the same time other process
reads and update the data item
c. locking out one process while the other process completes it update can lead to
a dead lock which two processes are waiting for each other to release
11. cryptographic Control cab be used to
protect the integrity of data in the database.
12. Data di HP bisa diselamatkan dari kehancuran hanya dengan cara
Save duplicate of data in the cloud
13. most user does not care of the safety of database, what is your action to save data
contact in your HP
Export then save in the cloud
14. Data integrity show the relationship between table, One to many relationship means
data in one table have many relation in respective data in another table
15. jika dua komputer mengakses ke satu data yang sama secara bersamaan, untuk
technology komputer seperti sekarang ini, maka akan terjadi
locking one process
16. Selama proses collecting evidence ditemukan Tabel A berisikan data customer
sedangkan table B berisikan transaksi-transaksi piutang selama satu periode
akuntansi, setelah dibuatkan ringkasan saldo piutang didapat bahwa ada satu
customer yang ada di table transaksi tidak sesuai dengan table customer dan ada 64
customer yang masing masing memiliki saldo positip. Untuk melakukan pengecekan
saldo masing masing customer, jika dari teknik sampling didapat 5 customer yang
hendak di cek, maka langkah berikutnya adalah
Melakukan pemeriksaan pisik bukti bukti transaksi dan mencocokannya dengan
saldo hasil hitungan auditor.
17. Data integrity is the maintenance of, and the assurance of the accuracy and
consistency of, data over its entire life-cycle.
include reliability

OUTPUT CONTROL
1. The output subsystem provides functions that determines the contents of data that
will be provided to
Users
2. Inference controls area used in the output subsystem to prevent compromise of
statistical database
3. User tend to
obtain only aggregate statistic rather than the values of individual data items.
4. Positive Compromises
User determine that user have a particular attribute value
5. Approximate compromises
User determine within some range the attributes value possessed by a person
6. Compromise
Kompromi
7. Batch output is a group of output that must.
be controlled
8. Batch controls over the hardcopy of output, page containing tables, graphs, images,
negotiable instruments such as check for distribution to employee, client, vendors,
film slides, CD-ROM containing image and sound. Micro teach containing images and
a cartridges for archival storage is a
Batch output control
9. Function of Batch output control
Ensure that accurate, complete and timely output is provided to only authorized
users
10. if customer bills are destroyed and organization does not have a back-up then..
cash flows difficulties can controlled
11. the way of Batch output control are
All are corrects
a. Securing the special stationary that produce output
b. Ensuring that only authorized person or user can execute the batch/reports
c. Ensuring that content of the spooling/printer files cannot be alter
d. Preventing unauthorized parties from viewing the content of the confidential
report/batch as they printing/collecting
e. Output of the batch report should show distribution list
12. Online output
All are corrects
a. Is output that delivery electronically to the terminal employed by a user to gain
access computer
b. Is output that delivery electronically to the terminal employed by a user to gain
access to
c. Is output that delivery electronically to the terminal employed by a user to gain
access to users
13. ............ to be established over the production and distribution of online output to
ensure that accurate, complete and timely output is provided to only authorized users
Control need
14. The output subsystem provides functions that determines the contents of data that
will be provided to
Users
15. Inference controls area used in the output subsystem to prevent compromise of
statistical database
IS AUDITING
1. "Destruction of stored data due to errors, hardware or software malfunctions, and
intentional acts of sabotage or vandalism>Unauthorized modification or disclosure of
stored data" Adalah jenis kesalahan yang sering terjadi di tempat penyimpanan data
(objective 6), auditor memastikan bahwa hal ini tidak terjadi maka dapat memeriksa
atau memastikan........
Media penyimpanan file/data di tempatkan di perputakaan yanag aman dan
membatasi akses secara pisik
2. Apa yang dimaksud dengan "Off-site backup of all data files"
Menyimpan file/data backup di luar lokasi perusahaan
3. Apa yang dimaksud dengan "Data encryption for confidential data"
mengenkrips data yang penting dan rahasia
4. Auditing objectively obtaining and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between
those assertions and established criteria.
Marshal B Romney and Paul J Steinbart
5. Computer data file area accurate, complete and confidential
objective 6
6. Concurrent update controls artinya adalah
update data secara serentak oleh dua user atau lebih
7. Destruction of stored data due to errors, hardware or software malfunctions, and
intentional acts of sabotage or vandalism>Unauthorized modification or disclosure of
stored data
adalah jenis kesalahan yang ada di Objective 6
8. Disaster recovery plan adalah
rencana tidakan yang dapat dilakukan oleh perusahaan untuk mengantisipasi jika
terjadi malapetaka
9. Evaluation of audit evidence antara lain dilakukan dengan cara memeriksa quality of
internal control, memeriksan reliability of information, memeriksa kinerja
operasional, mempertimbankan untuk mencari bukti tambahan, mempertimbankan
faktor resiko, mempertimbankan faktor materialitas dan mendokumentasikan semua
akvitias. Apa yang dimaksud dengan Materialitas
Jumlah kesalahan, fraud atau kelalaian yang mempengaruhi keputusan tentang
penggunaan informasi keuangan yang bijaksana
10. Examination of the general and application control of an SI to assess its compliance
with internal control policies and procedure and it effectiveness in safeguarding assets
IS audit
11. inadvertent programming error Unauthorized Program Code adalah jenis kesalahan
yang terjadi di
Objective 2 dan 3
12. Jenis kesalahan yang sering terjadi di objective 1 antara lain adalah "Loss, theft, or
unauthorized access to programs, data, and other system resources". auditor perlu
mamastikan hal ini tidak terjadi dengan cara
 Limiting of logical access to system using authentication and authorization controls
13. Loss, theft, or unauthorized access to programs, data, and other system resources
Jenis kesalalahan yang sering terjadi di objective 1
14. Unauthorized modification or disclosure of stored data adalah jenis kesalahan yang
sering terjadi pada Objective 6, untuk itu auditor perlu memastikan hal ini tidak terjadi
dengan cara
Logical access controls and an access control matrix
15. Unauthorized Program Code, artinya
Instruksi atau kode program yang tidak sah, atau tidak diotorisasi