TBChap 012

Chapter 12
Monitoring and Auditing AIS
True / False Questions
1. Data mining is the process of searching for patterns in the data in a data warehouse and to
analyze the patterns for decision making.
True False
2. The data in a data warehouse are updated when transactions are processed.
True False
3. Parallel simulation uses an independent program to simulate a part of an existing application

program, and is designed to test the validity and to verify the accuracy of an existing application
program.
True False
4. Data governance is the convergence of data quality, data management, data policies, business
process management, and risk management surrounding the handling of data in a company.
True False
5. Computer-assisted audit techniques (CAAT) are often used when auditing a company's IT
infrastructure.
True False
12-1
Copyright 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of
McGraw-Hill Education.
6. Firewalls are security systems comprised of hardware and software that is built using routers,
servers, and a variety of software.
True False
7. The Generally Accepted Auditing Standards (GAAS) issued by PCAOB provide guidelines for
conducting an IS/IT audit.
True False
8. Virtual private network (VPN) is a private network, provided by a third party, for exchanging
information through a high capacity connection.
True False
9. A wireless network is comprised access points and stations. Access points logically connect stations
to a firm's network.
True False
10. Integrated test facility (ITF) is an automated technique that enables test data to be continually
evaluated during the normal operation of a system.
True False
11. Accountants increasingly participate in designing internal controls and improving business and IT
processes in a database environment.
True False
12. A data warehouse is for daily operations and often includes data for the current fiscal year only.
True False
13. Parallel simulation attempts to simulate the firm's key features or processes.
True False
12-2
14. Embedded audit module is a programmed audit module that is added to the system under
review.
True False
15. A continuous audit is to perform audit-related activities on a continuous basis.
True False
Multiple Choice Questions
16. Which of the following is not an approach used for the online analytical processing (OLAP).
A. Exception reports
B. What-if simulations
C. Consolidation
D. Data mining
17. The purpose of a company's firewall is to:
A. Guard against spoofing

B. Filtering packets
C. Deny computer hackers access to sensitive data
D. All of the above
12-3
18. Which of the statements regarding the data warehouse is incorrect?
A. It is a centralized collection of firm-wide data

B. The purpose of a data warehouse is to provide a rich data set for management to identify
patterns and to examine trends of business events
C. Includes data for the current fiscal year only
D. The data in a data warehouse is pulled from each of the operational databases periodically
19. Which of the following statements about switches is correct?
A. Hub is smarter than Switch.

B. Switches provide more security protections than hubs do for a company's internal network.
C. Switch is widely used in WANs.
D. A Switch contains multiple ports.
20. Which of the following describes a group of computers that connects the internal users of a
company distributed over an office building?
A. Internet
B. LAN
C. Virtual private network (VPN)
D. Decentralized network
21. Which of the following is not a management control for wireless networks?
A. Assigning roles and responsibilities of employees for access control

B. Conducting risk assessment on a regular basis
C. Conducting appropriate awareness training on wireless networks
D. Creating policies and procedures
12-4
22. What is the man-in-the-middle threat for wireless LANs?
A. The attacker impersonates an authorized user and gains certain unauthorized privileges to the
wireless network
B. The attacker passively monitors wireless networks for data, including authentication credentials
C. The attacker steals or makes unauthorized use of a service
D. The attacker actively intercepts communications between wireless clients and access points to
obtain authentication credentials and data.
23. Which of the following statements regarding the black-box approach for systems auditing is
correct?
A. The auditors need to gain detailed knowledge of the systems' internal logic
B. The black-box approach could be adequate when automated systems applications are
complicated
C. The auditors first calculating expected results from the transactions entered into the system.
Then, the auditors compare these calculations to the processing or output results.
D. All of the above are correct
24. What is data mining?
A. A particular attribute of information.

B. A common term for the representation of multidimensional data.
C. The process of analyzing data to extract of information that is not affected by the raw data
alone.
D. None of the above is correct.
12-5
25. What is the test data technique?
A. It uses a set of input data to validate system integrity.

B. It requires auditors to prepare both valid and invalid data to examine critical logics and controls
of the system
C. It is an automated technique that enables test data to be continually evaluated during the
normal operation of a system
D. A and B are correct
E. None of the above is correct
26. Within a WAN, a router would perform which of the following functions?
A. Provide the communication within the network

B. Select network pathways within a network for the flow of data packets.
C. Amplify and rebroadcast signals in a network
D. Forward data packets to their internal network destination
27. Which of the following strategies will a CPA most likely consider in auditing an entity that
processes most of its financial data only in electronic form, such as a paperless system?
A. Continuous monitoring and analysis of transaction processing with an embedded audit module.
B. Increased reliance on internal control activities that emphasize the segregation of duties.
C. Verification of encrypted digital certificates used to monitor the authorization of transactions.
D. Extensive testing of firewall boundaries that restrict the recording of outside network traffic.
28. Which of the following is the primary reason that many auditors hesitate to use embedded audit
modules?
A. Embedded audit modules cannot be protected from computer viruses.

B. Auditors are required to monitor embedded audit modules continuously to obtain valid results.
C. Embedded audit modules can easily be modified through management tampering.
D. Auditors are required to be involved in the system design of the application to be monitored.
12-6
29. The results of a generalized audit software simulation of the aging of accounts receivable revealed
substantial differences in the aging contribution, even though grand totals reconciled. Which of
the following should the IS auditor do first to resolve the discrepancy?
A. Recreate the test, using different software.

B. List a sample of actual data to verify the accuracy of the test program.
C. Ignore the discrepancy because the grand totals reconcile and instruct the controller to correct
program.
D. Create test transactions and run test data on both the production and simulation program.
30. Common IT techniques that are needed to implement continuous auditing include
A. Data warehouse and data mining

B. Transaction logging and query tools
C. Computer-assisted audit techniques.
D. All of the above.
31. Which statements are incorrect about virtual private network (VPN)?
A. It is a way to use the public telecommunication infrastructure in providing secures access to an

organization's network.
B. It enables the employees to work remotely by accessing their firm's network securely using the
Internet
C. The packets sent through VPN are encrypted and with authentication technology.
D. The expensive cost is one major disadvantage of VPN.
32. LAN is the abbreviation for
A. Large Area Network.

B. Local Area Network.
C. Longitudinal Analogue Network.
D. Low Analytical Nets.
12-7
33. Which of the following is least likely to be considered a component of a computer network?
A. Application programs.
B. Computers.
C. Servers.
D. Routers.
34. Which of the following statements regarding the purposes of an operating system is correct?
A. To ensure the integrity of a system

B. To control the flow of multiprogramming and tasks of scheduling in the computer
C. To allocate computer resources to users and applications
35. Which of the following is not a benefit of using wireless technology?
A. Mobility
B. Rapid deployment
C. Flexibility and Scalability
D. Security
36. Masquerading threat for wireless LANs is:
A. The attacker actively intercepts communications between wireless clients and access points to
obtain authentication credentials and data
B. The attacker alters a legitimate message sent via wireless networks by deleting, adding to,
changing, or reordering it
C. The attacker passively monitors wireless networks for data, including authentication credentials
D. The attacker impersonates an authorized user and gains certain unauthorized privileges to the
wireless network
12-8
37. Which of the following statements is not correct?
A. The IP address of a desktop computer often changes

B. The MAC address of a desktop computer often changes
C. The IP address of a Web server does not change
D. Each hardware device must have a MAC address
38. Which of the following is not a use of CAATs in auditing?
A. Test of details of transactions and balances

B. Analytical review procedures
C. Fraud examination
D. Produce terms and conditions of employment
39. Which of the following statements is wrong regarding continuous audit?
A. Continuous audit is to perform audit-related activities on a continuous basis

B. Testing in continuous audits often consists of continuous controls monitoring and continuous
data assurance
C. Technology plays a key role in continuous audit in analyzing trends and patterns of transactions,
identifying exceptions and anomalies, and testing controls
D. Continuous audit is frequently used to perform substantive tests and is used for testing of
controls through transactional-data analysis
12-9
40. Which of the following statements about firewalls is wrong?
A. A firewall is a security system comprised of hardware and software that is built using routers,
servers, and a variety of software
B. A firewall allows individuals on the corporate network to send and receive data packets from the
Internet
C. A firewall can filter through packets coming from outside networks to prevent unauthorized
access
D. A firewall connects different LANs, software-based intelligent devices, examines IP addresses
Essay Questions
12-10
41. Identify each of the following statements with one of the five fundamental control objectives of
operating systems.
Control objectives:
(a) Protect operations systems from users.

(b) The operating system must protect users from each other.
(c) The operating system must be protected from itself.
(d) The operating system must be protected from its environment.
(e) The operating system must protect users from themselves.
12-11
42. Categorize the following scenarios as management, operational, or technical controls for wireless
networks' security controls.
43. What are the two approaches of CAATs in auditing systems? What are the differences between
them?
12-12
44. What are the differences between LANs and WANs? Have you ever used any LANs and WANS?
45. What are the general security objectives for both wired LANs and wireless LANs?
46. What are the benefits of conducting continuous audits (or monitoring)?
12-13
47. Discuss five significant barriers that are often encountered in implementing continuous auditing?
48. List common security threats for wireless LANs. Find a specific case in which the security of wireless
LANs was threatened. Given the case you find, comment on how to prevent or mitigate the
threats?
12-14
Chapter 12 Monitoring and Auditing AIS Answer Key
True / False Questions
1. Data mining is the process of searching for patterns in the data in a data warehouse and to
analyze the patterns for decision making.
TRUE
AACSB: Reflective Thinking

AICPA BB: Industry
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 12-01 Understand the risks involved with computer hardware and software.
Source: Original
Topic: Hardware and software risks in AIS
2. The data in a data warehouse are updated when transactions are processed.
FALSE

AICPA BB: Industry
Blooms: Understand
Difficulty: 2 Medium
Source: Original
3. Parallel simulation uses an independent program to simulate a part of an existing application

program, and is designed to test the validity and to verify the accuracy of an existing
application program.
TRUE

AICPA BB: Industry
12-15
Blooms: Understand
Learning Objective: 12-03 Explain continuous auditing in AIS.
Source: Original
Topic: Monitoring and auditing an AIS
4. Data governance is the convergence of data quality, data management, data policies, business
process management, and risk management surrounding the handling of data in a company.
TRUE

AICPA BB: Industry
AICPA FN: Decision Making
Blooms: Remember
Difficulty: 1 Easy
Source: Original
5. Computer-assisted audit techniques (CAAT) are often used when auditing a company's IT
infrastructure.
FALSE

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: 12-02 Understand and apply computer-assisted audit techniques.
Source: Original
6. Firewalls are security systems comprised of hardware and software that is built using routers,
servers, and a variety of software.
TRUE

AICPA BB: Industry
12-16
Blooms: Remember
Difficulty: 1 Easy
Source: Original
7. The Generally Accepted Auditing Standards (GAAS) issued by PCAOB provide guidelines for
conducting an IS/IT audit.
FALSE

AICPA BB: Industry
Blooms: Understand
Source: Original
8. Virtual private network (VPN) is a private network, provided by a third party, for exchanging
information through a high capacity connection.
FALSE

AICPA BB: Industry
Blooms: Understand
Source: Original
9. A wireless network is comprised access points and stations. Access points logically connect
stations to a firm's network.
TRUE

AICPA BB: Industry
Blooms: Remember
12-17
Difficulty: 1 Easy
Source: Original
10. Integrated test facility (ITF) is an automated technique that enables test data to be continually
evaluated during the normal operation of a system.
TRUE

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
11. Accountants increasingly participate in designing internal controls and improving business and
IT processes in a database environment.
TRUE

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
12. A data warehouse is for daily operations and often includes data for the current fiscal year
only.
FALSE

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
12-18
Source: Original
13. Parallel simulation attempts to simulate the firm's key features or processes.
TRUE

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
14. Embedded audit module is a programmed audit module that is added to the system under
review.
TRUE

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
15. A continuous audit is to perform audit-related activities on a continuous basis.
TRUE

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
12-19
Multiple Choice Questions
16. Which of the following is not an approach used for the online analytical processing (OLAP).
A. Exception reports
B. What-if simulations
C. Consolidation
D. Data mining

AICPA BB: Industry
Blooms: Understand
Source: Original
17. The purpose of a company's firewall is to:
A. Guard against spoofing

B. Filtering packets
C. Deny computer hackers access to sensitive data
D. All of the above

AICPA BB: Industry
Blooms: Understand
Source: Original
12-20
18. Which of the statements regarding the data warehouse is incorrect?
A. It is a centralized collection of firm-wide data

B. The purpose of a data warehouse is to provide a rich data set for management to identify
patterns and to examine trends of business events
C. Includes data for the current fiscal year only
D. The data in a data warehouse is pulled from each of the operational databases periodically

AICPA BB: Industry
Blooms: Understand
Source: Original
19. Which of the following statements about switches is correct?
A. Hub is smarter than Switch.

B. Switches provide more security protections than hubs do for a company's internal network.
C. Switch is widely used in WANs.
D. A Switch contains multiple ports.

AICPA BB: Industry
Blooms: Understand
Source: Original
12-21
20. Which of the following describes a group of computers that connects the internal users of a
company distributed over an office building?
A. Internet
B. LAN
C. Virtual private network (VPN)
D. Decentralized network

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
21. Which of the following is not a management control for wireless networks?
A. Assigning roles and responsibilities of employees for access control

B. Conducting risk assessment on a regular basis
C. Conducting appropriate awareness training on wireless networks
D. Creating policies and procedures

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
12-22
22. What is the man-in-the-middle threat for wireless LANs?
A. The attacker impersonates an authorized user and gains certain unauthorized privileges to
the wireless network
B. The attacker passively monitors wireless networks for data, including authentication
credentials
C. The attacker steals or makes unauthorized use of a service
D. The attacker actively intercepts communications between wireless clients and access points
to obtain authentication credentials and data.

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
23. Which of the following statements regarding the black-box approach for systems auditing is
correct?
A. The auditors need to gain detailed knowledge of the systems' internal logic
B. The black-box approach could be adequate when automated systems applications are
complicated
C. The auditors first calculating expected results from the transactions entered into the system.
Then, the auditors compare these calculations to the processing or output results.

AICPA BB: Industry
Blooms: Understand
Source: Original
12-23
24. What is data mining?
A. A particular attribute of information.

B. A common term for the representation of multidimensional data.
C. The process of analyzing data to extract of information that is not affected by the raw data
alone.
D. None of the above is correct.

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
25. What is the test data technique?
A. It uses a set of input data to validate system integrity.

B. It requires auditors to prepare both valid and invalid data to examine critical logics and
controls of the system
C. It is an automated technique that enables test data to be continually evaluated during the
normal operation of a system
D. A and B are correct
E. None of the above is correct

AICPA BB: Industry
Blooms: Understand
Source: Original
12-24
26. Within a WAN, a router would perform which of the following functions?
A. Provide the communication within the network

B. Select network pathways within a network for the flow of data packets.
C. Amplify and rebroadcast signals in a network
D. Forward data packets to their internal network destination

AICPA BB: Industry
Blooms: Understand
Source: Original
27. Which of the following strategies will a CPA most likely consider in auditing an entity that
processes most of its financial data only in electronic form, such as a paperless system?
A. Continuous monitoring and analysis of transaction processing with an embedded audit

module.
B. Increased reliance on internal control activities that emphasize the segregation of duties.
C. Verification of encrypted digital certificates used to monitor the authorization of
transactions.
D. Extensive testing of firewall boundaries that restrict the recording of outside network traffic.

AICPA BB: Industry
Blooms: Understand
Source: CPA examination, adapted
12-25
28. Which of the following is the primary reason that many auditors hesitate to use embedded
audit modules?
A. Embedded audit modules cannot be protected from computer viruses.

B. Auditors are required to monitor embedded audit modules continuously to obtain valid
results.
C. Embedded audit modules can easily be modified through management tampering.
D. Auditors are required to be involved in the system design of the application to be
monitored.

AICPA BB: Industry
Blooms: Understand
Source: CPA examination, adapted
29. The results of a generalized audit software simulation of the aging of accounts receivable
revealed substantial differences in the aging contribution, even though grand totals reconciled.
Which of the following should the IS auditor do first to resolve the discrepancy?
A. Recreate the test, using different software.

B. List a sample of actual data to verify the accuracy of the test program.
C. Ignore the discrepancy because the grand totals reconcile and instruct the controller to
correct program.
D. Create test transactions and run test data on both the production and simulation program.

AICPA BB: Industry
Blooms: Understand
Source: CISA examination, adapted
12-26
30. Common IT techniques that are needed to implement continuous auditing include
A. Data warehouse and data mining

B. Transaction logging and query tools
C. Computer-assisted audit techniques.
D. All of the above.

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
31. Which statements are incorrect about virtual private network (VPN)?
A. It is a way to use the public telecommunication infrastructure in providing secures access to

an organization's network.
B. It enables the employees to work remotely by accessing their firm's network securely using
the Internet
C. The packets sent through VPN are encrypted and with authentication technology.
D. The expensive cost is one major disadvantage of VPN.

AICPA BB: Industry
Blooms: Understand
Source: Original
12-27
32. LAN is the abbreviation for
A. Large Area Network.

B. Local Area Network.
C. Longitudinal Analogue Network.
D. Low Analytical Nets.

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
33. Which of the following is least likely to be considered a component of a computer network?
A. Application programs.
B. Computers.
C. Servers.
D. Routers.

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
12-28
34. Which of the following statements regarding the purposes of an operating system is correct?
A. To ensure the integrity of a system

B. To control the flow of multiprogramming and tasks of scheduling in the computer
C. To allocate computer resources to users and applications

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
35. Which of the following is not a benefit of using wireless technology?
A. Mobility
B. Rapid deployment
C. Flexibility and Scalability
D. Security

AICPA BB: Industry
Blooms: Remember
Difficulty: 1 Easy
Source: Original
12-29
36. Masquerading threat for wireless LANs is:
A. The attacker actively intercepts communications between wireless clients and access points
to obtain authentication credentials and data
B. The attacker alters a legitimate message sent via wireless networks by deleting, adding to,
changing, or reordering it
C. The attacker passively monitors wireless networks for data, including authentication
credentials
D. The attacker impersonates an authorized user and gains certain unauthorized privileges to
the wireless network

AICPA BB: Industry
Blooms: Understand
Source: Original
37. Which of the following statements is not correct?
A. The IP address of a desktop computer often changes

B. The MAC address of a desktop computer often changes
C. The IP address of a Web server does not change
D. Each hardware device must have a MAC address

AICPA BB: Industry
Blooms: Understand
Source: Original
12-30
38. Which of the following is not a use of CAATs in auditing?
A. Test of details of transactions and balances

B. Analytical review procedures
C. Fraud examination
D. Produce terms and conditions of employment

AICPA BB: Industry
Blooms: Understand
Source: Original
39. Which of the following statements is wrong regarding continuous audit?
A. Continuous audit is to perform audit-related activities on a continuous basis

B. Testing in continuous audits often consists of continuous controls monitoring and
continuous data assurance
C. Technology plays a key role in continuous audit in analyzing trends and patterns of
transactions, identifying exceptions and anomalies, and testing controls
D. Continuous audit is frequently used to perform substantive tests and is used for testing of
controls through transactional-data analysis

AICPA BB: Industry
Blooms: Understand
Source: Original
12-31
40. Which of the following statements about firewalls is wrong?
A. A firewall is a security system comprised of hardware and software that is built using routers,
servers, and a variety of software
B. A firewall allows individuals on the corporate network to send and receive data packets from
the Internet
C. A firewall can filter through packets coming from outside networks to prevent unauthorized
access
D. A firewall connects different LANs, software-based intelligent devices, examines IP addresses

AICPA BB: Industry
Blooms: Understand
Source: Original
Essay Questions
12-32
41. Identify each of the following statements with one of the five fundamental control objectives of
operating systems.
Control objectives:
(a) Protect operations systems from users.

(b) The operating system must protect users from each other.
(c) The operating system must be protected from itself.
(d) The operating system must be protected from its environment.
(e) The operating system must protect users from themselves.

AICPA BB: Industry
Blooms: Apply
12-33
Difficulty: 3 Hard
Source: Original
42. Categorize the following scenarios as management, operational, or technical controls for
wireless networks' security controls.

AICPA BB: Industry
Blooms: Apply
Difficulty: 3 Hard
Source: Original
12-34
43. What are the two approaches of CAATs in auditing systems? What are the differences between
them?
The two approaches are auditing around the computer (the black-box approach) auditing
through the computer (the white-box approach).
Using the black-box approach, auditors do not need to gain detailed knowledge of the systems'
internal logic. The system will not be interrupted for auditing purposes. The approach applies
when the automated systems applications are relatively simple. Using the white-box approach
requires auditors to understand the internal logic of the system/application being tested.
Auditors need to create test cases to verify specific logic and controls in a system. Auditing
through the computer approach embraces a variety of techniques such as test data technique,
parallel simulation. The white-box approach is used when the automated systems applications
are complicated.

AICPA BB: Industry
Blooms: Understand
Source: Original
44. What are the differences between LANs and WANs? Have you ever used any LANs and WANS?
1) LANs covers a small area while WANs covers a significantly larger area.
2) LANs speeds are also significantly faster than WANs.
3) LANs is more secure than WANs.
4) WANs are much more expensive to implement than LANs.
The Internet is the most popular WAN. A local area network is often used in a computer lab on
campus. (Students' answers may vary.)

AICPA BB: Industry
12-35
Blooms: Understand
Source: Original
45. What are the general security objectives for both wired LANs and wireless LANs?
1) Confidentiality: Ensure that communication cannot be read by unauthorized parties.

2) Integrity: Detect any intentional or unintentional changes to the data during transmission.
3) Availability: Ensure that devices and individuals can access a network and its resources
whenever needed.
4) Access Control: Restrict the rights of devices or individuals to access a network or resources
within a network.

AICPA BB: Industry
Blooms: Understand
Source: Original
12-36
46. What are the benefits of conducting continuous audits (or monitoring)?
Using continuous audit/monitoring, most firms can reduce errors and frauds; increase
operational effectiveness; better comply with laws and regulations; and increase management
confidence in control effectiveness and financial information.
In addition, continuous auditing allows internal and external auditors to monitor transaction
data in a timely manner; better understand critical control points, rules, and exceptions; perform
control and risk assessments in real time or near real time; notify management of control
deficiencies in a timely manner; and reduce efforts on routine testing while focus on more
valuable investigation activities.

AICPA BB: Industry
Blooms: Understand
Source: Original
47. Discuss five significant barriers that are often encountered in implementing continuous
auditing?
1) Access to all relevant data in a timely manner

2) Readiness of the internal audit group to develop and adopt continuous auditing
3) Accumulating and quantifying the risks and the exposures that have been identified
4) Defining the appropriate analytic that will effectively identify exceptions to controls
5) Developing a suitable scoring/weighting mechanism to prioritize exceptions

AICPA BB: Industry
Blooms: Understand
Source: Original
12-37
48. List common security threats for wireless LANs. Find a specific case in which the security of
wireless LANs was threatened. Given the case you find, comment on how to prevent or mitigate
the threats?
1) Eavesdropping: The attacker passively monitors wireless networks for data, including
authentication credentials.
2) Man-in-the-Middle: The attacker actively intercepts communications between wireless clients
and access points to obtain authentication credentials and data.
3) Masquerading: The attacker impersonates an authorized user and gains certain unauthorized
privileges to the wireless network.
4) Message Modification: The attacker alters a legitimate message sent via wireless networks by
deleting, adding to, changing, or reordering it.
5) Message Replay: The attacker passively monitors transmissions via wireless networks and
retransmits messages, acting as if the attacker was a legitimate user.
6) Misappropriation: The attacker steals or makes unauthorized use of a service.
7) Traffic Analysis: The attacker passively monitors transmissions via wireless networks to
identify communication patterns and participants.
8) Rogue Access Points: The attacker sets up an unsecured wireless network near the enterprise
with an identical name and intercepts any messages sent by unsuspecting users that log onto it.
Students' answers vary on the specific case and the approaches to mitigate the threats.

AICPA BB: Industry
Blooms: Apply
Difficulty: 3 Hard
Source: Original
12-38

TBChap 012

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

TBChap 012

Caricato da

Copyright:

Formati disponibili

Chapter 12

Monitoring and Auditing AIS

True / False Questions

3. Parallel simulation uses an independent program to simulate a part of an existing application

15. A continuous audit is to perform audit-related activities on a continuous basis.

Multiple Choice Questions

17. The purpose of a company's firewall is to:

A. Guard against spoofing

A. It is a centralized collection of firm-wide data

19. Which of the following statements about switches is correct?

A. Hub is smarter than Switch.

A. Assigning roles and responsibilities of employees for access control

24. What is data mining?

A. A particular attribute of information.

A. It uses a set of input data to validate system integrity.

A. Provide the communication within the network

A. Embedded audit modules cannot be protected from computer viruses.

A. Recreate the test, using different software.

A. Data warehouse and data mining

A. It is a way to use the public telecommunication infrastructure in providing secures access to an

32. LAN is the abbreviation for

A. Large Area Network.

A. To ensure the integrity of a system

35. Which of the following is not a benefit of using wireless technology?

36. Masquerading threat for wireless LANs is:

A. The IP address of a desktop computer often changes

38. Which of the following is not a use of CAATs in auditing?

A. Test of details of transactions and balances

39. Which of the following statements is wrong regarding continuous audit?

A. Continuous audit is to perform audit-related activities on a continuous basis

(a) Protect operations systems from users.

True / False Questions

AACSB: Reflective Thinking

AACSB: Reflective Thinking

3. Parallel simulation uses an independent program to simulate a part of an existing application

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking

15. A continuous audit is to perform audit-related activities on a continuous basis.

AACSB: Reflective Thinking

AACSB: Reflective Thinking

17. The purpose of a company's firewall is to:

A. Guard against spoofing

AACSB: Reflective Thinking

A. It is a centralized collection of firm-wide data

AACSB: Reflective Thinking

19. Which of the following statements about switches is correct?

A. Hub is smarter than Switch.

AACSB: Reflective Thinking

AACSB: Reflective Thinking

A. Assigning roles and responsibilities of employees for access control

AACSB: Reflective Thinking

AACSB: Reflective Thinking

AACSB: Reflective Thinking