Upload
alquin-john-sosa
View
5.233
Download
0
Embed Size (px)
Citation preview
SET 1. ACCOUNTING 503-Auditing in CIS Environment ASSIGNMENT
1. Goals of Enterprise Resource Planning (ERP) system include all of the following excepta. improved customer serviceb. improvements of legacy systemsc. reduced production timed. increased production
2. Core applications area. sales and distributionb. business planningc. shop floor control and logisticsd. all of the above
3. Data warehousing processes does not includea. modeling datab. condensing datac. extracting datad. transforming data
4. Which of the following is usually not part of an ERP’s core applications?a. On-line Transaction Processing (OLTP) applicationsb. sales and distribution applicationsc. business planning applicationsd. On-line Analytical Processing (OLAP) applications
5. Which of the following is usually not part of an ERP’s OLAP applications?a. logisticsb. decision support systemsc. ad hoc analysisd. what-if analysis
6. Which of the following statements is least likely to be true about a data warehouse?a. It is constructed for quick searching and ad hoc queries.b. It was an original part of all ERP systems.c. It contains data that are normally extracted periodically from the operating databases.d. It may be deployed by organizations that have not implemented an ERP.
7. Which of the following statements is not true?a. In a typical two-tier client server system, the server handles both application and database
duties.b. Client computers are responsible for presenting data to the user and passing user input
back to the server.c. In three-tier client server architecture, one tier is for user presentations, one is for database
and applications, and the third is for Internet access.d. The database and application functions are separate in the three-tier model.
8. Which statements about data warehousing is not correct?a. The data warehouse should be separate from the operational system.b. Data cleansing is a process of transforming data into standard form.c. Drill-down is a data-mining tool available to users of OLAP.d. Normalization is an requirement of databases included in a data warehouse.
9. Which statement about ERP installation is least accurate?
a. For the ERP to be successful, process reengineering must occur.b. ERP fails because some important business process is not supported.c. When a business is diversified, little is gained from ERP installation.d. The phased-in approach is more suited to diversified businesses.
10. Which statement is true?a. ERPs are infinitely scalable.b. Performance problems usually stem from technical problems, not business process
reengineering.c. The better ERP can handle any problems an organization can have.d. ERP systems can be modified using bolt-on software.
11. Auditors of ERP systemsa. need not worry about segregation of duties.b. may feel that the data warehouse is too clean and free from errors.c. find independent verification easy.d. need not worry about system access since the ERP determines it.
12. Legacy systems area. old manual systems that are still in place.b. flat file mainframe systems developed before client-server computing became standard.c. stable database systems after debugging.d. advanced systems without a data warehouse.
13. A data mart isa. another name for a data warehouse.b. a database that provides data to an organization’s customers.c. an enterprise resource planning system.d. a data warehouse created for a single function or department.
14. Most ERPs are based on which network model?a. peer to peerb. client-serverc. ring topologyd. bus topology
15. On-line transaction processing programsa. are bolt-on programs used with commercially available ERSs.b. are available in two models–two-tier and three-tier.c. handle large numbers of relatively simple transactions.d. allow users to analyze complex data relationships.
16. Supply chain management softwarea. is typically under the control of external partners in the chain.b. links all of the partners in the chain, including vendors, carriers, third-party firms, and
information systems providers.c. cannot be integrated into an overall ERP.d. none of the above
17. The setup of a data warehouse includesa. modeling the datab. extracting data from operational databasesc. cleansing the datad. all of the above
18. Extracting data for a data warehousea. cannot be done from flat files.b. should only involve active files.c. requires that the files be out of service.d. follows the cleansing of data.
19. Data cleansing involves all of the following excepta. filtering out or repairing invalid datab. summarizing data for ease of extractionc. transforming data into standard business termsd. formatting data from legacy systems
20. Separating the data warehouse from the operations databases occurs for all of the following reasons excepta. to make the management of the databases more economicalb. to increase the efficiency of data mining processesc. to integrate legacy system data into a form that permits entity-wide analysisd. to permit the integration of data from diverse sources
21. Closed database architecture isa. a control technique intended to prevent unauthorized access from trading partners.b. a limitation inherent in traditional information systems that prevents data sharing.c. a data warehouse control that prevents unclean data from entering the warehouse.d. a technique used to restrict access to data marts.e. a database structure that many of the leading ERPs use to support OLTP applications.
22. Which of the following is NOT as a risk associated with ERP implementation.?a. A drop in firm performance after implementation because the firm looks and works
differently than it did while using a legacy system. b. Implementing companies have found that staff members, employed by ERP consulting
firms, do not have sufficient experience in implementing new systems.c. Implementing firms fail to select systems that properly support their business activities.d. The selected system does not adequately meet the adopting firm’s economic growth.e. ERP’s are too large, complex, and generic for them to be well integrated into most
company cultures.
23. Which statement is LEAST accurate?a. Implementing an ERP system has as much to do with changing the way an organization
does business than it does with technology.b. The big-bang approach to ERP implementation is generally riskier than the phased in
approach. c. To take full advantage of the ERP process, reengineering will need to occur.d. A common reason for ERP failure is that the ERP does not support one or more important
business processes of the organization
24. Auditors of ERP systemsa. are concerned about segregation of duties just as they would be in traditional systems.b. focus on output controls such as independent verification because internal processing
controls are known to be correct since best practices are used..c. routinely audit data in the data warehouse because it is know to be clean and free from
errors.d. need not review access levels granted to users since these are determined when the system
is configured and never change.
25. Which statement is most correct?a. SAP is more suited to service industries than manufacturing clients.
b. J.D. Edwards’s ERP is designed to accept the best practices modules of other vendors.
c. Oracle evolved from a human resources system.
d. PeopleSoft is the world’s leading supplier of software for information management.
e. SoftBrands provides enterprise software for the hospitality and manufacturing sectors.
26. Auditors of ERP systemsa. need not be concerned about segregation of duties because these systems possess strong computer
controls.b. focus on output controls such as independent verification to reconcile batch totals.c. are concerned that managers fail to exercise adequate care in assigning permissions.d. do not view the data warehouse as an audit or control issue at all because financial records are not
stored there.e. need not review access levels granted to users because these are determined when the system is
configured and never change.
27. All of the following are issues of computer security excepta. releasing incorrect data to authorized individualsb. permitting computer operators unlimited access to the computer roomc. permitting access to data by unauthorized individualsd. providing correct data to unauthorized individuals
28. Segregation of duties in the computer-based information system includesa. separating the programmer from the computer operatorb. preventing management overridec. separating the inventory process from the billing processd. performing independent verifications by the computer operator
29. In a computer-based information system, which of the following duties needs to be separated?a. program coding from program operationsb. program operations from program maintenancec. program maintenance from program codingd. all of the above duties should be separated
30. Supervision in a computerized environment is more complex than in a manual environment for all of the following reasons excepta. rapid turnover of systems professionals complicates management's task of assessing the
competence and honesty of prospective employeesb. many systems professionals have direct and unrestricted access to the organization's
programs and datac. rapid changes in technology make staffing the systems environment challengingd. systems professionals and their supervisors work at the same physical location
31. Adequate backups will protect against all of the following excepta. natural disasters such as firesb. unauthorized accessc. data corruption caused by program errorsd. system crashes
32. Which is the most critical segregation of duties in the centralized computer services function?a. systems development from data processingb. data operations from data librarianc. data preparation from data controld. data control from data librarian
33. Systems development is separated from data processing activities because failure to do soa. weakens database access securityb. allows programmers access to make unauthorized changes to applications during
executionc. results in inadequate documentationd. results in master files being inadvertently erased
34. Which organizational structure is most likely to result in good documentation procedures?a. separate systems development from systems maintenanceb. separate systems analysis from application programmingc. separate systems development from data processingd. separate database administrator from data processing
35. All of the following are control risks associated with the distributed data processing structure excepta. lack of separation of dutiesb. system incompatibilitiesc. system interdependencyd. lack of documentation standards
36. Which of the following is not an essential feature of a disaster recovery plan?a. off-site storage of backupsb. computer services functionc. second site backupd. critical applications identified
37. A cold site backup approach is also known asa. internally provided backupb. recovery operations centerc. empty shelld. mutual aid pact
38. The major disadvantage of an empty shell solution as a second site backup isa. the host site may be unwilling to disrupt its processing needs to process the critical
applications of the disaster stricken companyb. intense competition for shell resources during a widespread disasterc. maintenance of excess hardware capacityd. the control of the shell site is an administrative drain on the company
39. An advantage of a recovery operations center is thata. this is an inexpensive solutionb. the initial recovery period is very quickc. the company has sole control over the administration of the centerd. none of the above are advantages of the recovery operations center
40. For most companies, which of the following is the least critical application for disaster recovery purposes?a. month-end adjustments
b. accounts receivablec. accounts payabled. order entry/billing
41. The least important item to store off-site in case of an emergency isa. backups of systems softwareb. backups of application softwarec. documentation and blank formsd. results of the latest test of the disaster recovery program
42. Some companies separate systems analysis from programming/program maintenance. All of the following are control weaknesses that may occur with this organizational structure excepta. systems documentation is inadequate because of pressures to begin coding a new program
before documenting the current programb. illegal lines of code are hidden among legitimate code and a fraud is covered up for a long
period of timec. a new systems analyst has difficulty in understanding the logic of the programd. inadequate systems documentation is prepared because this provides a sense of job
security to the programmer
43.All of the following are recommended features of a fire protection system for a computer center excepta. clearly marked exitsb. an elaborate water sprinkler systemc. manual fire extinguishers in strategic locationsd. automatic and manual alarms in strategic locations
44. All of the following tests of controls will provide evidence about the physical security of the computer center excepta. review of fire marshal recordsb. review of the test of the backup power supplyc. verification of the second site backup locationd. observation of procedures surrounding visitor access to the computer center
45. All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan excepta. inspection of the second site backupb. analysis of the fire detection system at the primary sitec. review of the critical applications listd. composition of the disaster recovery team
46. The following are examples of commodity assets excepta. network managementb. systems operationsc. systems developmentd. server maintenance
47. The following are examples of specific assets excepta. application maintenanceb. data warehousingc. highly skilled employeesd. server maintenance
48. Which of the following is true?
a. Core competency theory argues that an organization should outsource specific core assets.b. Core competency theory argues that an organization should focus exclusively on its core business
competencies c. Core competency theory argues that an organization should not outsource specific commodity
assets.d. Core competency theory argues that an organization should retain certain specific noncore assets
in-house.
49. Which of the following is not true?a. Large-scale IT outsourcing involves transferring specific assets to a vendorb. Specific assets, while valuable to the client, are of little value to the vendorc. Once an organization outsources its specific assets, it may not be able to return to its pre-outsource
state.d. Specific assets are of value to vendors because, once acquired, vendors can achieve economies of
scale by employing them with other clients
50. Which of the following is not true?a. When management outsources their organization’s IT functions, they also outsource responsibility
for internal control.b. Once a client firm has outsourced specific IT assets, its performance becomes linked to the
vendor’s performance.c. IT outsourcing may affect incongruence between a firm’s IT strategic planning and its business
planning functions.d. The financial justification for IT outsourcing depends upon the vendor achieving economies of
scale.
51. Which of the following is not true?a. Management may outsource their organizations’ IT functions, but they cannot outsource their
management responsibilities for internal control.b. section 404 requires the explicit testing of outsourced controls.c. The SAS 70 report, which is prepared by the outsourcer’s auditor, attests to the adequacy of the
vendor’s internal controls.d. Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report.
52. Segregation of duties in the computer-based information system includesa. separating the programmer from the computer operatorb. preventing management overridec. separating the inventory process from the billing processd. performing independent verifications by the computer operator
53. A disadvantage of distributed data processing isa. the increased time between job request and job completion.b. the potential for hardware and software incompatibility among users.c. the disruption caused when the mainframe goes down.d. that users are not likely to be involved.
54. Which of the following is NOT a control implication of distributed data processing?a. redundancyb. user satisfactionc. incompatibilityd. lack of standards
55. Which of the following disaster recovery techniques may be least optimal in the case of a disaster?a. empty shellb. mutual aid pactc. internally provided backupd. they are all equally beneficial
56. Which of the following is a feature of fault tolerance control?a. interruptible power suppliesb. RAIDc. DDPd. MDP
57. Which of the following disaster recovery techniques is has the least risk associated with it? a. empty shellb. ROCc. internally provided backupd. they are all equally risky
58. Which of the following is NOT a potential threat to computer hardware and peripherals?a. low humidityb. high humidityc. carbon dioxide fire extinguishersd. water sprinkler fire extinguishers
59. Which of the following would strengthen organizational control over a large-scale data processing center?a. Requiring the user departments to specify the general control standards necessary for
processing transactions.b. Requiring that requests and instructions for data processing services be submitted directly to the
computer operator in the data center.c. Having the database administrator report to the manager of computer operations.d. Assigning maintenance responsibility to the original system designer who best knows its logic.
60. Which of the following is true?a. Core competency theory argues that an organization should outsource specific core assets.b. Core competency theory argues that an organization should focus exclusively on its core business
competencies c. Core competency theory argues that an organization should not outsource specific commodity
assets.d. Core competency theory argues that an organization should retain certain specific non-core assets
in-house.
61. The operating system performs all of the following tasks excepta. translates third-generation languages into machine languageb. assigns memory to applicationsc. authorizes user accessd. schedules job processing
62. Which of the following is considered an unintentional threat to the integrity of the operating system?a. a hacker gaining access to the system because of a security flawb. a hardware flaw that causes the system to crashc. a virus that formats the hard drive
d. the systems programmer accessing individual user files
63. A software program that replicates itself in areas of idle memory until the system fails is called aa. Trojan horseb. wormc. logic bombd. none of the above
64. A software program that allows access to a system without going through the normal logon procedures is called aa. logic bombb. Trojan horsec. wormd. back door
65. All of the following will reduce the exposure to computer viruses excepta. install antivirus softwareb. install factory-sealed application softwarec. assign and control user passwordsd. install public-domain software from reputable bulletin boards
66. Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host’s network using a technique calleda. spoofing.b. spooling.c. dual-homed.d. screening.
67. Which is not a biometric device?a. passwordb. retina printsc. voice printsd. signature characteristics
68. All of the following are objectives of operating system control excepta. protecting the OS from usersb. protesting users from each otherc. protecting users from themselvesd. protecting the environment from users
69. Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all of the following excepta. failure to change passwords on a regular basisb. using obscure passwords unknown to othersc. recording passwords in obvious placesd. selecting passwords that can be easily detected by computer criminals
70. Audit trails cannot be used toa. detect unauthorized access to systemsb. facilitate reconstruction of eventsc. reduce the need for other forms of securityd. promote personal accountability
71. Which control will not reduce the likelihood of data loss due to a line error?
a. echo checkb. encryptionc. vertical parity bitd. horizontal parity bit
72. Which method will render useless data captured by unauthorized receivers?a. echo checkb. parity bitc. public key encryptiond. message sequencing
73. Which method is most likely to detect unauthorized access to the system?a. message transaction logb. data encryption standardc. vertical parity checkd. request-response technique
74. All of the following techniques are used to validate electronic data interchange transactions excepta. value added networks can compare passwords to a valid customer file before message
transmissionb. prior to converting the message, the translation software of the receiving company can
compare the password against a validation file in the firm's databasec. the recipient's application software can validate the password prior to processingd. the recipient's application software can validate the password after the transaction has been
processed
75. In an electronic data interchange environment, customers routinely accessa. the vendor's price list fileb. the vendor's accounts payable filec. the vendor's open purchase order filed. none of the above
76. All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning excepta. verifying that only authorized software is used on company computersb. reviewing system maintenance recordsc. confirming that antivirus software is in used. examining the password policy including a review of the authority table
77. Audit objectives for communications controls include all of the following excepta. detection and correction of message loss due to equipment failureb. prevention and detection of illegal access to communication channelsc. procedures that render intercepted messages uselessd. all of the above
78. When auditors examine and test the call-back feature, they are testing which audit objective?a. incompatible functions have been segregatedb. application programs are protected from unauthorized accessc. physical security measures are adequate to protect the organization from natural disasterd. illegal access to the system is prevented and detected
79. In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?
a. all EDI transactions are authorizedb. unauthorized trading partners cannot gain access to database recordsc. authorized trading partners have access only to approved datad. a complete audit trail is maintained
80. Audit objectives in the electronic data interchange (EDI) environment include all of the following excepta. all EDI transactions are authorizedb. unauthorized trading partners cannot gain access to database recordsc. a complete audit trail of EDI transactions is maintainedd. backup procedures are in place and functioning properly
81. In determining whether a system is adequately protected from attacks by computer viruses, all of the following policies are relevant excepta. the policy on the purchase of software only from reputable vendorsb. the policy that all software upgrades are checked for viruses before they are implementedc. the policy that current versions of antivirus software should be available to all usersd. the policy that permits users to take files home to work on them
82. Which of the following is not a test of access controls?a. biometric controlsb. encryption controlsc. backup controlsd. inference controls
83. In an electronic data interchange environment, customers routinelya. access the vendor's accounts receivable file with read/write authorityb. access the vendor's price list file with read/write authorityc. access the vendor's inventory file with read-only authorityd. access the vendor's open purchase order file with read-only authority
84. In an electronic data interchange environment, the audit traila. is a printout of all incoming and outgoing transactionsb. is an electronic log of all transactions received, translated, and processed by the systemc. is a computer resource authority tabled. consists of pointers and indexes within the database
85. All of the following are designed to control exposures from subversive threats excepta. firewallsb. one-time passwordsc. field interrogationd. data encryption
86. Many techniques exist to reduce the likelihood and effects of data communication hardware failure. One of these isa. hardware access proceduresb. antivirus softwarec. parity checksd. data encryption
87. Which of the following deal with transaction legitimacy?a. transaction authorization and validationb. access controlsc. EDI audit trail
d. all of the above
88. Firewalls area. special materials used to insulate computer facilitiesb. a system that enforces access control between two networksc. special software used to screen Internet accessd. none of the above
89. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an)a. operating system.b. database management system.c. utility systemd. facility system.e. object system.
90. Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, isa. a smurf attack.
b. IP Spoofing.
c. an ACK echo attack
d. a ping attack.
e. none of the above
91. Which of the following is true?a. Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate
the contents of message packets. b. An Intrusion prevention system works in parallel with a firewall at the perimeter of the
network to act as a filer that removes malicious packets from the flow before they can affect servers and networks.
c. A distributed denial of service attack is so named because it is capable of attacking many victims simultaneously who are distributed across the internet.
d. None of the above are true statements.
92. Advance encryption standard (AES) is a. a 64 -bit private key encryption technique b. a 128-bit private key encryption technique c. a 128-bit public key encryption technique d. a 256-bit public encryption technique that has become a U.S. government standard
93. What do you call a system of computers that connects the internal users of an organization that is distributed over a wide geographic area?a. LANb. decentralized networkc. multidrop networkd. Intranet
94. Network protocols fulfill all of the following objectives excepta. facilitate physical connection between network devicesb. provide a basis for error checking and measuring network performancec. promote compatibility among network devicesd. result in inflexible standards
95. To physically connect a workstation to a LAN requires aa. file serverb. network interface cardc. multiplexerd. bridge
96. Packet switchinga. combines the messages of multiple users into one packet for transmission. At the receiving
end, the packet is disassembled into the individual messages and distributed to the intended users.
b. is a method for partitioning a database into packets for easy access where no identifiable primary user exists in the organization.
c. is used to establish temporary connections between network devices for the duration of a communication session.
d. is a denial of service technique that disassembles various incoming messages to targeted users into small packages and then reassembles them in random order to create a useless garbled message.
97. One advantage of network technology isa. bridges and gateways connect one workstation with another workstationb. the network interface card permits different networks to share datac. file servers permit software and data to be shared with other network usersd. a universal topology facilitates the transfer of data among networks
98. A virtual private network:a. is a password-controlled network for private users rather than the general public.b. is a private network within a public network.c. is an Internet facility that links user sites locally and around the world.d. defines the path to a facility or file on the web.e. none of the above is true.
99. Which topology has a large central computer with direct connections to a periphery of smaller computers? Also in this topology, the central computer manages and controls data communications among the network nodes.a. star topologyb. bus topologyc. ring topologyd. client/server topology
100. A ping signal is used to initiate a. URL masqueradingb. digital signature forgingc. Internet protocol spoofingd. a smurf attacke. none of the above is true
SET 2. ACCOUNTING 503-Auditing in CIS Environment ASSIGNMENT
1. In a star topology, when the central site failsa. individual workstations can communicate with each other
b. individual workstations can function locally but cannot communicate with other workstations
c. individual workstations cannot function locally and cannot communicate with other workstations
d. the functions of the central site are taken over by a designated workstation
2. Which of the following statements is correct? The client-server modela. is best suited to the token-ring topology because the random-access method used by this
model detects data collisions.b. distributes both data and processing tasks to the server’s node.c. is most effective used with a bus topology.d. is more efficient than the bus or ring topologies.
3. A star topology is appropriatea. for a wide area network with a mainframe for a central computerb. for centralized databases onlyc. for environments where network nodes routinely communicate with each otherd. when the central database does not have to be concurrent with the nodes
4. In a ring topologya. the network consists of a central computer which manages all communications between
nodesb. has a host computer connected to several levels of subordinate computersc. all nodes are of equal status; responsibility for managing communications is distributed
among the nodesd. information processing units rarely communicate with each other
5. A distributed denial of service (DDoS) attack a. is more intensive that a Dos attack because it emanates from single sourceb. may take the form of either a SYN flood or smurf attackc. is so named because it effects many victims simultaneously, which are distributed across
the internetd. turns the target victim's computers into zombies that are unable to access the Internet
e. none of the above is correct
6. Which of the following statements is correct? TCP/IPa. is the basic protocol that permits communication between Internet sites.b. controls Web browsers that access the WWW.c. is the file format used to produce Web pages.d. is a low-level encryption scheme used to secure transmissions in HTTP format.
7. FTPa. is the document format used to produce Web pages.b. controls Web browsers that access the Web.c. is used to connect to Usenet groups on the Internetd. is used to transfer text files, programs, spreadsheets, and databases across the Internet.e. is a low-level encryption scheme used to secure transmissions in higher-level () format.
8. IP spoofinga. combines the messages of multiple users into a “spoofing packet” where the IP addresses
are interchanged and the messages are then distributes randomly among the targeted users.b. is a form of masquerading to gain unauthorized access to a web server.c. is used to establish temporary connections between network devices with different IP
addresses for the duration of a communication session.d. is a temporary phenomenon that disrupts transaction processing. It will resolve itself when
the primary computer completes processing its transaction and releases the IP address needed by other users.
9. HTMLa. is the document format used to produce Web pages.b. controls Web browsers that access the Web.c. is used to connect to Usenet groups on the Internet.d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.e. is a low-level encryption scheme used to secure transmissions in higher-level () format.
10. Which one of the following statements is correct?a. Cookies always contain encrypted data.b. Cookies are text files and never contain encrypted data.c. Cookies contain the URLs of sites visited by the user.d. Web browsers cannot function without cookies.
11. A message that is made to look as though it is coming from a trusted source but is not is calleda. a denial of service attackb. digital signature forgingc. Internet protocol spoofingd. URL masquerading
12. An IP Address:a. defines the path to a facility or file on the web.b. is the unique address that every computer node and host attached to the Internet must
have.c. is represented by a 64-bit data packet.d. is the address of the protocol rules and standards that governing the design of internet
hardware and software.e. none of the above is true.
13. A digital signature isa. the encrypted mathematical value of the message sender’s nameb. derived from the digest of a document that has been encrypted with the sender’s private
keyc. the computed digest of the sender’s digital certificated. allows digital messages to be sent over analog telephone lines
14. HTTPa. is the document format used to produce Web pages.b. controls Web browsers that access the Web.c. is used to connect to Usenet groups on the Internetd. is used to transfer text files, programs, spreadsheets, and databases across the Internet.e. is a low-level encryption scheme used to secure transmissions in higher-level () format.
15. Which of the following statements is correct?
a. Packet switching combines the messages of multiple users into a “packet” for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users.
b. The decision to partition a database assumes that no identifiable primary user exists in the organization.
c. Packet switching is used to establish temporary connections between network devices for the duration of a communication session.
d. A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users.
16. All of the following are basic data management tasks except a. data deletionb. data storagec. data attributiond. data retrieval
17. The task of searching the database to locate a stored record for processing is calleda. data deletionb. data storagec. data attributiond. data retrieval
18. Which of the following is not a problem usually associated with the flat-file approach to data management?a. data redundancyb. restricting access to data to the primary userc. data storaged. currency of information
19. Which characteristic is associated with the database approach to data management?a. data sharingb. multiple storage proceduresc. data redundancyd. excessive storage costs
20. Which characteristic is not associated with the database approach to data management?a. the ability to process data without the help of a programmerb. the ability to control access to the datac. constant production of backupsd. the inability to determine what data is available
21. The textbook refers to four interrelated components of the database concept. Which of the following is not one of the components?a. the database management systemb. the database sdministratorc. the physical databased. the conceptual database
22. Which of the following is not a responsibility of the database management system?a. provide an interface between the users and the physical database
b. provide security against a natural disasterc. ensure that the internal schema and external schema are consistentd. authorize access to portions of the database
23. A description of the physical arrangement of records in the database isa. the internal viewb. the conceptual viewc. the subschemad. the external view
24. Which of the following may provide many distinct views of the database?a. the schemab. the internal viewc. the user viewd. the conceptual view
25. Users access the databasea. by direct queryb. by developing operating softwarec. by constantly interacting with systems programmersd. all of the above
26. The data definition languagea. identifies, for the database management system, the names and relationships of all data
elements, records, and files that comprise the databaseb. inserts database commands into application programs to enable standard programs to
interact with and manipulate the databasec. permits users to process data in the database without the need for conventional programsd. describes every data element in the database
27. The data manipulation languagea. defines the database to the database management systemb. transfers data to the buffer area for manipulationc. enables application programs to interact with and manipulate the databased. describes every data element in the database
28. Which statement is not correct? A query language like SQLa. is written in a fourth-generation languageb. requires user familiarity with COBOLc. allows users to retrieve and modify datad. reduces reliance on programmers
29. Which duty is not the responsibility of the database administrator?a. to develop and maintain the data dictionaryb. to implement security controlsc. to design application programsd. to design the subschema
30. In a hierarchical modela. links between related records are implicitb. the way to access data is by following a predefined data pathc. an owner (parent) record may own just one member (child) recordd. a member (child) record may have more than one owner (parent)
31. Which term is not associated with the relational database model?a. tupleb. attributec. collisiond. relation
32. In the relational database modela. relationships are explicitb. the user perceives that files are linked using pointersc. data is represented on two-dimensional tablesd. data is represented as a tree structure
33. In the relational database model all of the following are true excepta. data is presented to users as tablesb. data can be extracted from specified rows from specified tablesc. a new table can be built by joining two tablesd. only one-to-many relationships can be supported
34. In a relational databasea. the user’s view of the physical database is the same as the physical databaseb. users perceive that they are manipulating a single tablec. a virtual table exists in the form of rows and columns of a table stored on the diskd. a programming language (COBOL) is used to create a user’s view of the database
35. Which of the following is not a common form of conceptual database model?a. hierarchicalb. networkc. sequentiald. relational
36. Which statement is false?a. The DBMS is special software that is programmed to know which data elements each user
is authorized to access.b. User programs send requests for data to the DBMS.c. During processing, the DBMS periodically makes backup copies of the physical database.d. The DBMS does not control access to the database.
37. All of the following are elements of the DBMS which facilitate user access to the database excepta. query languageb. data access languagec. data manipulation languaged. data definition language
38. Which of the following is a level of the database that is defined by the data definition language?a. user viewb. schemac. internal viewd. all are levels or views of the database
39. An example of a distributed database isa. partitioned databaseb. centralized databasec. networked databased. all are examples of distributed databases
40. Data currency is preserved in a centralized database bya. partitioning the databaseb. using a lockout procedurec. replicating the databased. implementing concurrency controls
41. Which procedure will prevent two end users from accessing the same data element at the same time?a. data redundancyb. data replicationc. data lockoutd. none of the above
42. The advantages of a partitioned database include all of the following excepta. user control is enhancedb. data transmission volume is increasedc. response time is improvedd. risk of destruction of entire database is reduced
43. A replicated database is appropriate whena. there is minimal data sharing among information processing unitsb. there exists a high degree of data sharing and no primary userc. there is no risk of the deadlock phenomenond. most data sharing consists of read-write transactions
44. What control maintains complete, current, and consistent data at all information processing units?a. deadlock controlb. replication controlc. concurrency controld. gateway control
45. Data concurrencya. is a security issue in partitioned databasesb. is implemented using time stampingc. may result in data lockoutd. occurs when a deadlock is triggered
46. All of the following are advantages of a partitioned database excepta. increased user control by having the data stored locallyb. deadlocks are eliminatedc. transaction processing response time is improvedd. partitioning can reduce losses in case of disaster
47. Which backup technique is most appropriate for sequential batch systems?a. grandparent-parent-child approachb. staggered backup approachc. direct backupd. remote site, intermittent backup
48. When creating and controlling backups for a sequential batch system,a. the number of backup versions retained depends on the amount of data in the fileb. off-site backups are not requiredc. backup files can never be used for scratch files
d. the more significant the data, the greater the number of backup versions
49. In a direct access file systema. backups are created using the grandfather-father-son approachb. processing a transaction file against a maser file creates a backup filec. files are backed up immediately before an update rund. if the master file is destroyed, it cannot be reconstructed
50. Which of the following is not an access control in a database system?a. antivirus softwareb. database authorization tablec. passwordsd. voice prints
51. Which of the following is not a basic database backup and recovery feature?a. checkpointb. backup databasec. transaction logd. database authority table
52. Audit objectives for the database management system include all of the following excepta. verifying that the security group monitors and reports on fault tolerance violationsb. confirming that backup procedures are adequatec. ensuring that authorized users access only those files they need to perform their dutiesd. verifying that unauthorized users cannot access data files
53. All of the following tests of controls will provide evidence that access to the data files is limited excepta. inspecting biometric controlsb. reconciling program version numbersc. comparing job descriptions with access privileges stored in the authority tabled. attempting to retrieve unauthorized data via inference queries
54. Which of the following is not a test of access controls?a. biometric controlsb. encryption controlsc. backup controlsd. inference controls
55. The database attributes that individual users have permission to access are defined ina. operating system.b. user manual.c. database schema.d. user view.e. application listing.
56. Which control is not associated with new systems development activities?a. reconciling program version numbersb. program testingc. user involvementd. internal audit participation
57. Which test of controls will provide evidence that the system as originally implemented was free from material errors and free from fraud? Review of the documentation indicates thata. a cost-benefit analysis was conductedb. the detailed design was an appropriate solution to the user's problemc. tests were conducted at the individual module and total system levels prior to
implementationd. problems detected during the conversion period were corrected in the maintenance phase
58. Routine maintenance activities require all of the following controls excepta. documentation updatesb. testingc. formal authorizationd. internal audit approval
59. Which statement is correct?a. compiled programs are very susceptible to unauthorized modificationb. the source program library stores application programs in source code formc. modifications are made to programs in machine code languaged. the source program library management system increases operating efficiency
60. Which control is not a part of the source program library management system?a. using passwords to limit access to application programsb. assigning a test name to all programs undergoing maintenancec. combining access to the development and maintenance test librariesd. assigning version numbers to programs to record program modifications
61. Which control ensures that production files cannot be accessed without specific permission?a. Database Management Systemb. Recovery Operations Functionc. Source Program Library Management Systemd. Computer Services Function
62. Program testinga. involves individual modules only, not the full systemb. requires creation of meaningful test datac. need not be repeated once the system is implementedd. is primarily concerned with usability
63. Which statement is not true?a. An audit objective for systems maintenance is to detect unauthorized access to application
databases.b. An audit objective for systems maintenance is to ensure that applications are free from
errors.c. An audit objective for systems maintenance is to verify that user requests for maintenance
reconcile to program version numbers.d. An audit objective for systems maintenance is to ensure that the production libraries are
protected from unauthorized access.
64. When the auditor reconciles the program version numbers, which audit objective is being tested?a. protect applications from unauthorized changesb. ensure applications are free from errorc. protect production libraries from unauthorized accessd. ensure incompatible functions have been identified and segregated
65. Which is not a level of a data flow diagram?a. conceptual levelb. context levelc. intermediate leveld. elementary level
66. Which statement is not correct? The structured design approacha. is a top-down approachb. is documented by data flow diagrams and structure diagramsc. assembles reusable modules rather than creating systems from scratchd. starts with an abstract description of the system and redefines it to produce a more detailed
description of the system
67. The benefits of the object-oriented approach to systems design include all of the following excepta. this approach does not require input from accountants and auditorsb. development time is reducedc. a standard module once tested does not have to be retested until changes are maded. system maintenance activities are simplified
68.Which level of a data flow diagram is used to produce program code and database tables?a. context levelb. elementary levelc. intermediate leveld. prototype level
69. Evaluators of the detailed feasibility study should not includea. the internal auditorb. the project managerc. a user representatived. the system designer
70. A cost-benefit analysis is a part of the detaileda. operational feasibility studyb. schedule feasibility studyc. legal feasibility studyd. economic feasibility study
71. Examples of one-time costs include all of the following excepta. hardware acquisitionb. insurancec. site preparationd. programming
72. Examples of recurring costs includea. software acquisitionb. data conversionc. personnel costsd. systems design
73. A commercial software system that is completely finished, tested, and ready for implementation is called aa. backbone systemb. vendor-supported system
c. benchmark systemd. turnkey system
74. Which of the following is not an advantage of commercial software? Commercial softwarea. can be installed faster than a custom systemb. can be easily modified to the user’s exact specificationsc. is significantly less expensive than a system developed in-housed. is less likely to have errors than an equivalent system developed in-house
75. Which step is least likely to occur when choosing a commercial software package?a. a detailed review of the source codeb. contact with user groupsc. preparation of a request for proposald. comparison of the results of a benchmark problem
76. The output of the detailed design phase of the Systems Development Life Cycle (SDLC) is aa. fully documented system reportb. systems selection reportc. detailed system design reportd. systems analysis report
77. The detailed design report contains all of the following excepta. input screen formatsb. alternative conceptual designsc. report layoutsd. process logic
78. System documentation is designed for all of the following groups excepta. systems designers and programmersb. end usersc. accountantsd. all of the above require systems documentation
79. Which type of documentation shows the detailed relationship of input files, programs, and output files?a. structure diagramsb. overview diagramc. system flowchartd. program flowchart
80. Typical contents of a run manual include all of the following excepta. run scheduleb. logic flowchartc. file requirementsd. explanation of error messages
81. Computer operators should have access to all of the following types of documentation excepta. a list of users who receive outputb. a program code listingc. a list of all master files used in the systemd. a list of required hardware devices
82. Which task is not essential during a data conversion procedure?a. decomposing the system
b. validating the databasec. reconciliation of new and old databasesd. backing up the original files
83. When converting to a new system, which cutover method is the most conservative?a. cold turkey cutoverb. phased cutoverc. parallel operation cutoverd. data coupling cutover
84. Site preparation costs include all of the following excepta. crane used to install equipmentb. freight chargesc. suppliesd. reinforcement of the building floor
85. The testing of individual program modules is a part ofa. software acquisition costsb. systems design costsc. data conversion costsd. programming costs
86. When implementing a new system, the costs associated with transferring data from one storage medium to another is an example ofa. a recurring costb. a data conversion costc. a systems design costd. a programming cost
87. An example of a tangible benefit isa. increased customer satisfactionb. more current informationc. reduced inventoriesd. faster response to competitor actions
88. An example of an intangible benefit isa. expansion into other marketsb. reduction in supplies and overheadc. more efficient operationsd. reduced equipment maintenance
89. A tangible benefita. can be measured and expressed in financial termsb. might increase revenuesc. might decrease costsd. all of the above
90. Intangible benefitsa. are easily measuredb. are of relatively little importance in making information system decisionsc. are sometimes estimated using customer satisfaction surveysd. when measured, do not lend themselves to manipulation
91. Which technique is least likely to be used to quantify intangible benefits?a. opinion surveys
b. simulation modelsc. professional judgmentd. review of accounting transaction data
92. The formal product of the systems evaluation and selection phase of the Systems Development Life Cycle isa. the report of systems analysisb. the systems selection reportc. the detailed system designd. the systems plan
93. One time costs include all of the following excepta. site preparationb. insurancec. programming and testingd. data conversion
94. Typically a systems analysisa. results in a formal project scheduleb. does not include a review of the current systemc. identifies user needs and specifies system requirementsd. is performed by the internal auditor
95. A disadvantage of surveying the current system isa. it constrains the generation of ideas about the new systemb. it highlights elements of the current system that are worth preservingc. it pinpoints the causes of the current problemsd. all of the above are advantages of surveying the current system
96. Systems analysis involves all of the following excepta. gathering factsb. surveying the current systemc. redesigning bottleneck activitiesd. reviewing key documents
97. The systems analysis report does nota. identify user needsb. specify requirements for the new systemc. formally state the goals and objectives of the systemd. specify the system processing methods
98. After the systems analysis phase of the System Development Life Cycle (SDLC) is complete, the company will have a formal systems analysis report ona. the conceptual design of the new systemb. an evaluation of the new systemc. users’ needs and requirements for the new systemd. a comparison of alternative implementation procedures for the new system
99. The accountant’s role in systems analysis includes all of the following excepta. specify audit trail requirementsb. prepare data gathering questionnairesc. suggest inclusion of advanced audit featuresd. ensure mandated procedures are part of the design
100. The role of the steering committee includesa. designing the system outputsb. resolving conflicts that arise from a new systemc. selecting the programming techniques to be usedd. approving the accounting procedures to be implemented