Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
revenue cycle?
Receive items Forecast production Record time spent on specific jobs Deliver or ship order
Which of the following would be an activity associated with the human resources/payroll cycle? Deposit cash receipts Adjust customer account Pay for items Record time worked by employees
Which of the following is considered a disadvantage of an Enterprise Resource Planning (ERP) system? Data input is captured once Time required for implementation Customer relationship management Increased productivity
Which of the following is NOT an element of data processing? Create Update Reconcile Delete Update
Which of the following is NOT a major business cycle? The production cycle The revenue cycle The financing cycle The cash receipts cycle The payroll cycle
A chart of accounts:
is a list of all accounts in the organization with each account identified by a three- or four-digit code. is used to summarize each customer's current balance. provides an audit trail. is a list of all permanent accounts in the organization. Temporary accounts, such as revenue and expense accounts, are not included in the chart of accounts. None of the above.
Which of the following is a source document associated with the revenue cycle?
Sales order Deposit slip Credit memo Bill of lading All of the above
An entity is something about which information is stored. What is the term for the characteristics of interest that are stored about an entity such as a pay rate or an address? Field
Which of the following is NOT a typical Enterprise Resource Planning system module? Financial Strategic Planning Manufacturing. Project Management
An audit trail consists of which of the following items? Sales invoice Sales Journal Accounts Receivable Ledger All of the above
What are the characteristics of a master file? Is conceptually similar to a ledger in a manual AIS Are permanent Contain individual records which are frequently changed May have records which are added to it All of the above
Which of the following is NOT a common data coding technique discussed in the chapter?
A chart of accounts provides the user with a list of general ledger accounts. True False
True False
Accounts receivable generally has a sub-ledger for many companies. True False
Data processing is comprised of four elements and can be represented by the acronym CRUD. The R in CRUD stands for Revise. True False
1. A foreign key imposes a specific kind of integrity to related tables. What is the name of this integrity?
What are the benefits associated with database technology? Data sharing Data integration Data independence Answers #1 and #2 only Answers #1, #2, and #3
Conceptual-level schema External-level schema The internal-level schema None of the above
This type of key is used to link rows from one table to the rows in another table. Primary key Foreign key
Which method of gathering business intelligence uses sophisticated statistical analysis and neural networks to aid in decision making? Data Warehousing Semantic data modeling Data mining None of the above.
Foreign key Secondary key Connecting key Primary key None of the above can be null. Two of the above cannot be null.
When the same, non-key, data element is stored multiple times in table it creates an anomaly known as the: Delete Anomaly. Update Anomaly. Insert Anomaly. None of the above.
All nonkey (primary and foreign) attributes must describe a quality of the item identified by the primary key. Primary keys cannot be null or empty. Foreign keys (if not empty) must be a primary key in another table. All of the above. None of the above.
When a non-null value for the primary key indicates that a specific object exists and can be identified by reference to its primary key value, it is referred to as the referential integrity rule. the relational database rule. the entity integrity rule. None of the above.
What is (are) the component(s) of a data dictionary? Field length Field type Authorized users Data location Answers #1, #2, and #3 are correct.
"Get me the date attribute of the third tuple in the sales order relation." What is being requested?
The person wants the value in the date field of the third table that is related to sales order. The person wants the value in the date field in the third row of the sales order item table. The person wants the value in the date field of the third sales order that is related to the sales order item table. The person wants the value in the date field of the third record in the sales order table.
Data manipulation language is used to do which of the following? Updating the database Creating the database Querying the database All of the above
True False
A data dictionary contains information about the structure of the database. True False
The primary difference between the conceptual and external schema is that the external schema is an organization-wide view of the entire database. True False
It is possible that two or more attributes can form a single key. True False
True False
A scheme where the perpetrator steals the cash or check that customer A mails in to pay its accounts receivable, then the perpetrator takes the funds from customer B to later cover that account. And so on with Customer C.
Which of the following creates an environment where computer fraud is less likely to occur?
Hire employees without adequate security and criminal checks. Assume that corporate security policies are understood by all employees. Increase the penalties for committing fraud. None of the above.
Kiting is a scheme in which: insufficient funds are covered up by deposits made at one bank by checks drawn at another bank. a computer system is infiltrated under false pretenses. an external user impersonates an internal user. None of the above.
In order for an act to be legally considered fraud it must be all of the following except: A material fact. Justifiable reliance. A false statement. No intent to deceive. An injury or loss suffered by the victim.
According to Statement on Auditing Standards No. 99 (SAS 99) requires an auditor to do all of the following during an audit except: Incorporate a technology focus. Identify, assess, and respond to risks. Acquire malpractice insurance in case the auditor does not detect an actual fraud during the audit. Document and communicate findings.
According to the opportunity part of the fraud triangle, a person may do all of the following acts except: Convert the theft or misrepresentation for personal gain. Control the fraud. Commit the fraud. Conceal the fraud.
Which of the following pressures are classified as Management Characteristics that can lead to financial statement fraud?
High management and/or employee turnover Declining industry New regulatory requirements that impair financial stability or profitability Intense pressure to meet or exceed earnings expectations
All of the following are classification of computer fraud except: Input fraud. Reconciliation fraud. Computer instructions fraud. Processor fraud. Output fraud.
Implement a fraud hotline. Conduct periodic external and internal audits. Maintain adequate insurance. Develop a strong system of internal controls.
Which of the following is considered a financial pressure that can lead to employee fraud?
There are many threats to accounting information systems. Which of the following is an example of an Intentional Act. War and attack by terrorists Hardware or software failure Computer fraud Logic errors
Unintentional acts pose greater risk of loss to information systems than do intentional acts.
True False
Research indicates that there are very few significant differences between violent and white-collar criminals. True False
True False
True False
True False
A computer crime that involves attacking phone lines is: data diddling. phreaking. phishing. pharming.
Social engineering facilitates what type of computer fraud? Click fraud Identity theft Spoofing Dictionary attacks
involves the clandestine use of another user's WIFI. usually results from spamming.
requires the permission of another user to gain access. None of the above.
A network of computers used in a denial-of-service (DoS) attack is called a (an): Worm. Botnet. Rootkit. Splog.
advertisers. spammers. disgruntled computer programmers. customers who have read-only access.
Spyware infections came from: worms/viruses. drive-by downloads. file-sharing programs. All of the above.
Which of the following is not a characteristic of computer viruses? They can lie dormant for a time without doing damage. They can mutate which increases their ability to do damage.
They can hinder system performance. They are easy to detect and destroy.
Which of the following is known as a zero-day attack? An attack between the time a new software vulnerability is discovered and the time a patch for fixing the problem is released. An attack on the first day a software program is released. An attack on New Year's Day since it is a holiday and most people are not at work. None of the above.
Which of the following is a method used to embezzle money a small amount at a time from many different accounts? Data diddling. Pretexting. Spoofing. Salami technique.
Which of the following is NOT a method that is used for identity theft?
A computer fraud and abuse technique that steals information, trade secrets, and intellectual property. Cyber-extortion.
Internet pump-and-dump inflates advertising bills by manipulating click numbers on websites. True False
A rootkit captures data from packets that travel across networks. True False
Bluesnarfing is the act of stealing contact lists, images, and other data using Bluetooth. True False
True False
The Sarbanes Oxley Act is the most important business-oriented legislation in the past 75 years. Which of the following are elements of the Sarbanes Oxley Act? the establishment of the Public Company Accounting Oversight Board. the prohibition against auditors performing certain services for their audit clients such as bookkeeping and human resource functions. audit committee members must be independent of the audited company. All of the above. None of the above.
After the Sarbanes-Oxley Act (SOX) was passed, the Securities and Exchange Commission (SEC) required management to do which of the following: use the same audit firm for at least two consecutive audit years. conclude that internal controls are not effective if there are material weaknesses. disclose all weaknesses regardless of materiality. Conduct 100% substantive testing of all internal controls.
Which of the following system(s) compares actual performance with planned performance?
Boundary system Belief system Diagnostic control system Interactive control system None of the above.
Uncertainty can result in opportunity. The ERM framework can help management manage uncertainty. Uncertainty results in risk. All of the above. None of the above.
General authorization is different from specific authorization. With general authorization an employee in the proper functional area can: authorize typical purchases of inventory items. approve purchases within normal customer credit limits. endorse checks for deposit. approve sales returns and allowances. approve vendor invoices for payment. All of the above.
The ERM model includes an element called Risk Response. According to that element, which of the following is an appropriate way to respond to risk? Implement a system to effectively monitor risk. Estimate material risk assessments. Share the risk with another. All of the above.
Costs are more difficult to quantify than revenues. The primary cost analyzed is overhead. The internal control should at least provide reasonable assurance that control problems do not develop. None of the above.
Which functions should be segregated? Authorization and recording Authorization and custody Recording and custody All of the above. None of the above.
Which of the following is not a principle applicable to project development and acquisition controls? Strategic master plan Project controls Steering committee Network management
According to sound internal control concepts, which of the following systems duties should be segregated? Programming and Systems Administration Computer operations and programming Custody and record keeping. Answers 1 and 2 are correct.
Which of the following are internal control functions? Preventive controls Detective controls. Corrective controls. All of the above are internal control functions.
Distributed computer networks are harder to control than centralized mainframe systems.
True False
Cost considerations have generally not factored into how well companies protect data.
True False
The exposure of a threat is defined as the probability that a threat will occur.
True False
True
False
True False
What criteria contribute to systems reliability? Developing and documenting policies Effectively communicating policies to all authorized users Designing appropriate control procedures Monitoring the system and taking corrective action All of the above None of the above.
The CEO to certify that he/she evaluates the effectiveness of internal controls. The CFO to certify that he/she evaluates the effectiveness of internal controls. The CEO and CFO must certify that they have evaluated the effectiveness of internal controls. Neither the CEO nor CFO are required to certify internal control effectiveness.
Preventive controls
Which of the following devices should NOT be placed in the demilitarized zone (DMZ)?
Web server Sales department server Mail server Remote access server
The time based model of security does not include which factor to evaluate the effectiveness of an entity's security controls The time it takes an attacker to break through the entity's preventative controls. The time it takes to determine that an attack is in progress. The time it takes to respond to an attack. The time it takes to evaluate the financial consequences from an attack.
Defense in depth utilizes what techniques to assure security? Employs multiple layers of controls Provides redundancy of controls Utilizes overlapping and complementary controls All of the above None of the above
Permits the user to engage in all operating actions Permits the user unlimited ability to change information All of the above. None of the above.
Log analysis Intrusion detection systems Authentication controls Both 1 and 2 None of the above
Which type of network filtering screens individual IP packets based solely on its contents? Static packet filtering Stateful packet filtering Deep packet filtering None of the above
Which step would a computer incident response team (CIRT) team take first in the incident response process? Containment of the problem Recovery Follow up Recognition that the problem exists
Which of the following is a method of controlling remote access? Border Routers Firewalls Intrusion Prevention Systems All of the above None of the above
Security is considered to be more the responsibility of the Information Technology department than that of Management. True False
True False
True False
Cloud computing takes advantage of the power and speed of modern computers to run multiple systems simultaneously on one computer. True False
True False
require employee logouts when the workstations are left unattended. prohibitions against visitors roaming the building in which computers are stored. form design. Answers 1 and 2 only. All of the above.
monitor credit reports regularly. sending personal information in encrypted form. immediately cancel missing credit cards. shred all personal documents after they are used. All of the above.
Which of the following can be used to detect whether confidential information has been disclosed? A digital watermark Information rights management (IRM) software
Which of the following is a fundamental control for protecting privacy? Information rights management (IRM) software Training Encryption None of the above
Which of the following are internationally recognized best practices for protecting the privacy of customers' personal information. Organizations should explain the choices available and obtain their consent to the collection of customer data prior to its collection. Use and retention of customer information as described by their privacy policy. Disclosure to third parties only according to their privacy policy. All of the above.
The same key is used to encrypt and decrypt in which type of encryption systems?
Symmetric encryption systems Asymmetric encryption systems A public key system A private key system None of the above
Which of the following represents a process that takes plaintext and transforms into a short code?
Public Key Infrastructure Symmetric key Infrastructure Hashing All of the above.
Which of the following uses encryption to create a secure pathway to transmit data? Encryption tunnel Virtual Private Network (VPN) Demilitarized Zone None of the above.
Which of the following represents an organization that issues documentation as to the validity and authenticity of digital identification such as digital certificates? Symmetric Key Infrastructure Digital Clearing House Certificate Authority Digital Signature Repository
Which of the following is NOT a factor that can influence encryption strength? Encryption algorithm Key length Policies for managing cryptographic keys Digital Certificate Length
What is the first step in protecting the confidentiality of intellectual property and other sensitive business information?
Encrypt the data. Install information rights management software. Employ deep packet inspection techniques on all incoming packets. Identify where confidential data resides and who has access to it.
Which of the following is a major privacy-related concern? Spam Identity theft Public Key Infrastructure Answers 1 and 2
True False
True False
True False
True False
One significant advantage of firewalls is that they can inspect encrypted packets.
True False
Which of the following controls checks the accuracy of input data by using it to retrieve and display other related information? Prompting Validity check Closed-loop verification All of the above.
Which of the following backup procedures copies all changes made since the last full backup? Incremental backup Differential backup Archive backup None of the above.
prompting. closed loop verification. trailer Record. echo check. Answers 1 and 2 only.
validity checks on the customer item numbers. sign checks on inventory-on-hand balances. limit checks. All of the above.
A facility that is not only pre-wired for telephone and Internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities. Archive Checkpoint Cold site Hot site
Which of the following maintains two copies of a database in two separate data centers at all times and updating both copies in real-time as each transaction occurs. Real-time mirroring
The least expensive and effective option for replacing and computer equipment lost in a disaster is: leasing a cold site. reciprocal agreements with another organization that has similar equipment. creating a hot site. All of the above are ineffective options in disaster recovery.
only when a disaster seems imminent. only immediately after disaster recovery is designed. at least annually. only if determined to be necessary.
Important change management controls would not include Change requests have to be documented. All changes have to be approved by management. All changes must be tested prior to implementation. User rights and privileges should be reviewed after the change process is completed.
Preparing batch totals is the ___ step in processing credit sales transactions. last first second third
The recovery point objective (RPO) represents the length of time that an organization is willing to attempt to function without its information system. True False
True False
True False
An incremental backup copies all changes since the last full backup.
True False