1. Segregation of duties in the computer-based information system includes a. separating the programmer from the computer operator. b.

preventing management override. c. separating the inventory process from the billing process. d. performing independent verifications by the computer operator. 2. A disadvantage of distributed data processing is a. the increased time between job request and job completion. b. the potential for hardware and software incompatibility among users. c. the disruption caused when the mainframe goes down. d. that users are not likely to be involved. e. that data processing professionals may not be properly involved. 3. Which of the following is NOT a control implication of distributed data processing? a. redundancy b. user satisfaction c. incompatibility d. lack of standards 4. Which of the following disaster recovery techniques may be least optimal in the case of a disaster? a. empty shell b. mutual aid pact c. internally provided backup d. they are all equally beneficial 5. Which of the following is a feature of fault tolerance control? a. interruptible power supplies b. RAID c. DDP d. MDP 6. Which of the following disaster recovery techniques is has the least risk associated with it? a. empty shell b. ROC c. internally provided backup d. they are all equally risky 7. Which of the following is NOT a potential threat to computer hardware and peripherals? a. low humidity b. high humidity c. carbon dioxide fire extinguishers d. water sprinkler fire extinguishers 8. Which of the following would strengthen organizational control over a large-scale data processing center?

a. requiring the user departments to specify the general control standards necessary for processing transactions b. requiring that requests and instructions for data processing services be submitted directly to the computer operator in the data center c. having the database administrator report to the manager of computer operations. d. assigning maintenance responsibility to the original system designer who best knows its logic 9. The following are examples of commodity assets except a. network management b. systems operations c. systems development d. server maintenance 10. Which of the following is true? a. Core competency theory argues that an organization should outsource specific core assets. b. Core competency theory argues that an organization should focus exclusively on its core business competencies. c. Core competency theory argues that an organization should not outsource specific commodity assets. d. Core competency theory argues that an organization should retain certain specific non~-core assets in-house. BAB3 1. Sniffer software is a. used by malicious Web sites to sniff data from cookies stored on the users hard drive. b. used by network administrators to analyze network traffic. c. used by bus topology intranets to sniff for carriers before transmitting a message to avoid data collisions. d. an illegal program downloaded from the Web to sniff passwords from the encrypted data of Internet customers. e. illegal software for decoding encryptedmessages transmitted over a shared intranet channel. 2. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a(n) a. operating system. b. database management system. c. utility system. d. facility system. e. object system. 3. A users application may consist of several modules stored in separate memory locations, each with

its own data. One module must not be allowed to destroy or corrupt another module. This is an objective of a. operating system controls. b. data resource controls. c. computer center and security controls. d. application controls. 4. A program that attaches to another legitimate program but does NOT replicate itself is called a a. virus. b. worm. c. Trojan horse. d. logic bomb. 5. Which of the following is NOT a data communications control objective? a. maintaining the critical application list b. correcting message loss due to equipment failure c. preventing illegal access d. rendering useless any data that a perpetrator successfully captures 6. Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the hosts network using a technique called a. spoofing. b. IP spooling. c. dual-homed. d. screening. 7. Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, is form of a. a DES message. b. request-response control. c. denial of service attack. d. call-back device. 8. A message that is contrived to appear to be coming from a trusted or authorized source is called a. a denial of service attack. b. digital signature forging. c. Internet protocol spoofing. d. URL masquerading. e. a SYN-ACK packet. 9. A DDos attack a. is more intensive than a Dos attack because it emanates from single source. b. may take the form of either a SYN flood or smurf attack. c. is so named because it affects many victims simultaneously, which are distributed across the Internet. d. turns the target victims computers into zombies that are unable to access the Internet.

e. none of the above is correct. 10. A ping signal is used to initiate a. URL masquerading. b. digital signature forging. c. Internet protocol spoofing. d. a smurf attack e. a SYN-ACK packet. 11. A digital signature a. is the encrypted mathematical value of the message senders name. b. is derived from the digest of a document that has been encrypted with the senders private key. c. is derived from the digest of a document that has been encrypted with the senders public key. d. is the computed digest of the senders digital certificate. e. allows digital messages to be sent over an analog telephone line. BAB 4 1. The database approach has several unique characteristics not found in traditional (flat-file) systems, specifically file-oriented systems. Which one of the following statements does not apply to the database model? a. Database systems have data independence; that is, the data and the programs are maintained separately, except during processing. b. Database systems contain a data definition language that helps describe each schema and subschema. c. The database administrator is the part of the software package that instructs the operating aspects of the program when data are retrieved. d. A primary goal of database systems is to minimize data redundancy. e. Database systems increase user interface with the system through increased accessibility and flexibility. 2. One of the first steps in the creation of a relational database is to a. integrate accounting and nonfinancial data. b. plan for increased secondary storage capacity. c. order data-mining software that will facilitate data retrieval. d. create a data model of the key entities in the system. e. construct the physical user view using SQL. 3. Which of the following is a characteristic of a relational database system? a. All data within the system are shared by all users to facilitate integration. b. Database processing follows explicit links that are contained within the records.

c. User views limit access to the database. d. Transaction processing and data warehousing systems share a common database. 4. Partitioned databases are most effective when a. users in the system need to share common data. b. primary users of the data are clearly identifiable. c. read-only access is needed at each site. d. all of the above. 5. The functions of a database administrator are a. database planning, data input preparation, and database design. b. data input preparation, database design, and database operation. c. database design, database operation, and equipment operations. d. database design, database implementation, and database planning. e. database operations, database maintenance, and data input preparation. 6. The data attributes that a particular user has permission to access are defined by the a. operating system view. b. systems design view. c. database schema. d. user view. e. application program. 7. An inventory table in a relational database system contains values for items such as part number, part name, description, color, and quantity. These individual items are called a. attributes. b. record types. c. bytes. d. occurrences. 8. Which of the following is a characteristic of a relational database system? a. Tables are linked to other related table through pointers. b. A parent table may be related to many child tables, but a child table may have only one parent. c. Each table must contain an attribute whose value is unique. d. Tables in 1:M associations are linked by embedding the primary key of theMside tables into the 1 side table as a foreign key. 9. A database system that has several remote users networked together, but each user site stores a unique portion of the database is called a a. replicated data processing network. b. partitioned database. c. recentralized network. d. multidrop data network. e. hybrid system.

10. For those instances where individual users may be granted summary and statistical query access to confidential data to which they normally are denied access, which type of control is most suitable? a. User-defined procedures b. Data encryption c. Inference controls d. Biometric devices 11. Where are database access permission defined? a. Operating system b. Database authority table c. Database schema d. Systems manual e. Application programs 12. Database currency is achieved by a. implementing partitioned databases at remote sites. b. employing data-cleansing techniques. c. ensuring that the database is secure from accidental entry. d. an external auditors reconciliation of reports from multiple sites. e. a database lockout that prevents multiple simultaneous access. BAB 5 1. All of the following individuals would likely be SDLC participants EXCEPT a. accountants. b. shareholders. c. management. d. programmers. e. all of the above. 2. Which of the following represents the correct order in problem resolution? a. Define the problem, recognize the problem, perform feasibility studies, specify system objectives, and prepare a project proposal. b. Recognize the problem, define the problem, perform feasibility studies, specify system objectives, and prepare a project proposal. c. Define the problem, recognize the problem, specify system objectives, perform feasibility studies, and prepare a project proposal. d. Recognize the problem, define the problem, specify system objectives, perform feasibility studies, and prepare a project proposal. 3. A feasibility study for a new computer system should a. consider costs, savings, controls, profit improvement, and other benefits analyzed by application area. b. provide the preliminary plan for converting existing manual systems and clerical operations. c. provide management with assurance from qualified, independent consultants that the

use of a computer system appeared justified. d. include a report by the internal audit department that evaluated internal control features for each planned application. 4. Which of the following is the most important factor in planning for a system change? a. Having an auditor as a member of the design team. b. Using state-of-the-art techniques. c. Concentrating on software rather than hardware. d. Involving top management and people who use the system. e. Selecting a user to lead the design team. 5. In the context of the TELOS acronym, technical feasibility refers to whether a. a proposed system is attainable, given the existing technology. b. the systems manager can coordinate and control the activities of the systems department. c. an adequate computer site exists for the proposed system. d. the proposed system will produce economic benefits exceeding its costs. e. the system will be used effectively within the operating environment of an organization. 6. Which of the following steps is NOT considered to be part of this systems survey? a. Interviews are conducted with operating people and managers. b. The complete documentation of the system is obtained and reviewed. c. Measures of processing volume are obtained for each operation. d. Equipment sold by various computer manufacturers is reviewed in terms of capability, cost, and availability. e. Work measurement studies are conducted to determine the time required to complete various tasks or jobs. 7. A systems development approach that starts with broad organizational goals and the types of decisions organizational executives make is called a. bottom-up. b. network. c. top-down. d. strategic. e. sequential. 8. The TELOS study that determines whether a project can be completed in an acceptable time frame is a. a schedule feasibility study. b. a time frame feasibility study. c. an on-time feasibility study. d. an economic completion feasibility study.

e. a length of contract feasibility study.