Advertisement Upgrade to remove ads

A computer input control is designed to ensure that?

Data received for processing are properly authorized and converted to machine readable form.
This answer is correct because input controls are designed to provide reasonable assurance that data received for processing by computer have been properly authorized, converted into machine sensible form and identified, and have not been lost, suppressed, added, duplicated, or otherwise improperly changed.

Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI)
system?

Encryption performed by a physically secure hardware device is more secure than encryption performed by software
This answer is correct. The requirement is to select which of the statements is correct concerning the security of messages in an EDI system. This answer is correct because encryption by physically secure hardware is ordinarily more secure, but more costly than that performed by software.

A customer's order was never filled because an order entry clerk transposed the customer identification number while entering the sales transaction into the system. Which of the following controls would?

Validity check.
This answer is correct. The requirement is to identify the control that would help prevent the transposition of a customer
identification number. This answer is correct because a validity check is a check of an entered number to see if it is in valid form or
a valid account number.

Bacchus Inc. is a large multinational corporation with various business units around the world. plans for which of the following would help Bacchus ensure a timely recovery?,,

This answer is correct. The requirement is to identify the plan that would ensure timely recovery if a fire destroyed the corporate headquarters and largest manufacturing site. A business continuity plan deals with recovery of business operations after a disaster.

The performance audit report of an information technology department indicated that the department lacked a disaster recover plan. Which of the following steps should management take first to correct this condition?

Prepare a statement of responsibilities for tasks included in a disaster recovery plan.
This answer is correct. The requirement is to identify the step management would first take to correct the lack of a disaster recovery plan. The first step is to identify the responsibilities for tasks included in the plan.

The computer operating system performs scheduling resource allocation, and data retrieval functions based on a set of instructions provided by the?

Job control language.
This answer is correct. The requirement is to identify the component that provides the instructions to the operating system to schedule, allocate resources, and retrieve data. This answer is correct because the job control language is a command language that specifies priority, program size, and running sequence.

A distributed processing environment would be most beneficial in which of the following situations?

Large volumes of data are generated at many locations and fast access is required.
This answer is correct because a distributed data processing system is useful when processing is done in multiple locations. It enables processing of a large volume of transactions and fast access to data.

Compared to online real-time processing

Stored data are current only after the update process.
The requirement is to identify the disadvantage of batch processing as compared to online real-time process ing. This answer is correct because batch-processed data is not updated until the batch is processed.

Controls in the information technology area are classified into the preventive detective, and corrective categories. Which of the following is a preventive control?

Access control software.
This answer is correct. The requirement is to identify the preventive control. A preventive control is designed to prevent a
misstatement from occurring. Access control software prevents unauthorized individuals from gaining access to a system or
application and therefore prevents unauthorized transactions or changes in data.

A system in which the end user is responsible for the development and execution of the computer Application that he or she uses is referred to as

End-user computing.
This answer is correct because in end-user computing the user is responsible for the development and execution of the computer application that generates the information used by that same user.

Which of the following is a computer program that appears to be legitimate but performs an illicit activity when it is run?

Trojan horse.
This answer is correct because this describes a Trojan horse.

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?

This answer is correct. The requirement is to identify the input control that would prevent an incorrect state abbreviation from being accepted. This answer is correct because a validity check involves comparison of input to a list of valid items.

A client that recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name and the individual's password is the same as the Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client's computer-access control?

Employees are not required to take regular vacations.
This answer is correct because the information provided includes no information addressing regular vacations.

Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals?

This answer is incorrect. These responsibilities are not incompatible.

Which of the following items would be most critical to include in a systems specification document for a financial report?

Data elements needed.
This answer is correct. A systems specification document should include a description of the data elements needed.

Which of the following is a critical success factor in data mining a large data store?

Pattern recognition.
This answer is correct because the benefit of data mining is the confirmation and exploration of data relationships.

Which of the following would provide the most security for sensitive data stored on a personal computer?

Encrypting data files on the computer.
This answer is correct because encryption involves coding of the data files an d, accordingly, encrypted sensitive data provides security because the files cannot be read by those without knowledge of the encryption code.

0017
What should be examined to determine if an information system is operating according to prescribed procedures?

System control.
This answer is correct because system control is concerned with adherence with prescribed procedures.

0096
Which of the following transaction processing modes provides the most accurate and complete information for decision
making?

Batch.
This answer is incorrect. When using batch processing the information is not available until the batch is processed.

0124
Which of the following risks can be minimized by requiring all employees accessing the information system to use passwords?

,
Collusion.
This answer is incorrect because collusion can still occur with the use of passwords.
Data entry errors.
This answer is incorrect because passwords do not prevent data entry errors.
Failure of server duplicating function.
This answer is incorrect because passwords do nothing to prevent hardware failure.
Firewall vulnerability.
This answer is correct. The requirement is to identify the risks that can be minimized through the use of passwords. This answer is correct because passwords can prevent unauthorized individuals from penetrating the firewall.

0073
During the annual audit

it was learned from an interview with the controller that the accounting system was programmed to us
a batch processing method and a detailed posting type. This would mean that individual transactions were,,
Posted upon entry, and each transaction had its own line entry in the appropriate ledger.
This answer is incorrect. Posting upon entry describes an online processing system.
Assigned to groups before posting, and each transaction had its own line entry in the appropriate ledger. This answer is correct. This describes a batch processing method and a detailed posting type.
Posted upon entry, and each transaction group had a cumulative entry total in the appropriate ledger.
This answer is incorrect. Posting upon entry describes an online processing system. This also indicates a cumulative posting system.
Assigned to groups before posting, and each transaction group had a cumulative entry total in the appropriate ledger. This answer is incorrect. This describes a batch processing method and a cumulative posting type.

0130
SOL is most directly related to
String question language processing.
This answer is incorrect because the term string question language processing is not used in information technology.
The grandfather

father, son- method of record retention.
This answer is incorrect because SQL is not directly related to record retention using the grandfather, father, son approach.
Electronic commerce.
This answer is incorrect because while electronic commerce may use SQL, the most direct tie is to relational databases.
Relational databases.
This answer is correct because virtually all relational databases use the SQL computer language.

0029
What is the computer process called when data processing is performed concurrently with a particular activity and the results are available soon enough to influence the particular course of action being taken or the decision being made?

,
Batch processing.
This answer is incorrect because integrated batch processing systems collect data into groups (batches) prior to processing. Then, the entire group of records is processed at regular intervals.
Real-time processing.
This answer is correct because on line real-time systems are those for which processing is performed as data are input and the results are available immediately.
Integrated data process ing.
This answer is incorrect because integrated data processing refers to a system (batch or real-time) for which duplicate records and duplicate operations are minimized.
Random access processing.
This answer is incorrect because random access processing is a method of data access (random versus sequential access) , not a method of data processing.

0033
Which of the following internal control procedures would prevent an employee from being paid an inappropriate hourly wage?

,
Having the supervisor of the data entry clerk verify that each employee's hours worked are correctly entered into the system. This answer is incorrect because it would only affect the accuracy of the hours worked.
Using real-time posting of payroll so there can be no after-the-fact data manipulation of the payroll register. This answer is incorrect because using real-time posting of payroll would not improve the accuracy of wage rates.
Giving payroll data entry clerks the ability to change any suspicious hourly pay rates to a reasonable rate. This answer is incorrect because data entry clerks should not be authorized to change wage rates.
Limited access to employee master files to authorized employees in the personnel department.
The requirement is to identify the internal control procedure that would prevent an employee from being paid an inappropriate hourly wage. This answer is correct because limiting access to employee master files to authorized employees would help prevent unauthorized changes in the wage rates in the master files.

0101
Which of the following most likely represents a significant deficiency in the internal control?

,
The systems analyst reviews applications of data processing and maintains systems documentation. This answer is incorrect. This procedure is generally acceptable within a computerized environment.
The systems programmer designs systems for computerized applications and maintains output controls.
This answer is correct. The systems program mer should not maintain custody of output in a computerized system. At a minimum, the programming, operating, and library functions should be segregated in such computer systems.
The control clerk establishes control over data received by the information systems departments and reconciles totals after processing.
This answer is incorrect. This procedure is generally acceptable within a computerized environment.
The accounts payable clerk prepares data for computer processing and enters the data into the computer. This answer is incorrect. This procedure is generally acceptable within a computerized environment.

0004
When designing the physical layout of a data processing center

which of the following would be least likely to be a necessary control?,,
Design of controls to restrict access.
This answer is incorrect because access controls must be considered.
Adequate physical layout space for the operating system.
This answer is correct because an operating system ordinarily requires no physical layout space since it represents software within a computer.
Inclusions of an adequate power supply system with surge protection.
This answer is incorrect because to effectively ope rate the data processing center one needs adequate power and surge protection.
Consideration of risks related to other uses of electricity in the area.
This answer is incorrect because other uses of electricity in the area may cause interference with the data processing and therefore should be considered.

0025
The ability to add or update documentation items in data dictionaries should be restricted to
Database administrators.
This answer is correct. Access must be controlled to ensure integrity of documentation although 11read11 access should be provided to other parties as it is important for applications development and maintenance.
System programmers.
This answer is incorrect. This is an improper function.
System librarians.
This answer is incorrect. This is an improper function.
Application programmers.
This answer is incorrect. This is an improper function.

...

0063
Most client/server applications operate on a three-tiered architecture consisting of which of the following layers?

,
Desktop client, application, and database.
This answer is correct. The requirement is to identify the layers of most client/server applications. This answer is correct because the layers consist of the desktop client, an application server, and a database server.
Desktop client, software, and hardware.
This answer is incorrect because software and hardware exists at all tiers.
Desktop server, application, and database.
This answer is incorrect because the desktop is not a server.
Desktop server, software, and hardware.
This answer is incorrect because the desktop is not a server and hardware and software exist at all tiers.

0075
Which of the following terms refers to a site that has been identified and maintained by the organization as a data processing
disaster recovery site but has not been stocked with equipment?

,
Hot.
This answer is incorrect. A hot site is one that is stocked and ready for operation.
Cold.
This answer is correct. A cold site is a backup site that has not been stocked with equipment.
Warm.
This answer is incorrect. This is not a term used for a backup site.
Flying start.
This answer is incorrect. This is not a term used for a backup site.

0122
One of the major problems in a computer system is that incompatible functions may be performed by the same individual. One
compensating control for this is use of

A tape library.
This answer is incorrect because a tape library is likely to be effective only when the library is effectively controlled.
A self-checking digit system.
This answer is incorrect because a self-checking digit system is un likely to be effective if the concern is incompatible functions.
Computer generated hash totals.
This answer is incorrect because hash totals are designed primarily to determine that data have not been lost or transformed
during processing.
A computer log.
This answer is correct because the use of a computer log will allow a review of an individual's access to the system.

0005
An auditor was examining a client's network and discovered that the users did not have any password protection. Which of
following would be the best example of the type of network password the users should have?

,
trjunpqs.
This answer is incorrect because it contains only letters.
34787761
This answer is incorrect because it contains only numbers.
tr34ju78.
This answer is not as good because it does not contain uppercase letters.
tR34ju78.
This answer is correct because good passwords contain a combination of upper- and lowercase letters, numbers, and punctuation symbols. This selection is the best because it contains a combination of numbers and upper- and lowercase letters.

0085
In business information systems the term "stake holder" refers to which of the following parties?,,

The management team responsible for the security of the documents and data stored on the computers or networks. This answer is incorrect because it describes only one type of stake holder.
information technology personnel responsible for creating the documents and data stored on the computers or networks. This answer is incorrect because it describes only one type of stake holder.
Authorized users who are g ranted access rights to the documents and data stored on the computers or networks. This answer is incorrect because it describes only one type of stake holder.
Anyone in the organization who has a role in creating or using the documents and data stored on the computers or networks.
This answer is correct. The requirement is to identify what the term Stakeholder refers to. This answer is correct because a stakeholder is anyone that uses a system.

0077
A fast- growing service company is developing its information technology internally. What is the first step in the company's
systems development life cycle?

,
Analysis.
This answer is correct. The requirement is to identify the first step in the systems development life cycle. The steps in the systems development life cycle are analysis, design, build, test, and implement.
implementation.
This answer is incorrect because it represents a later step in the process.
Testing.
This answer is incorrect because it represents a later step in the process.
Design.
This answer is incorrect because it represents a later step in the process.

0106
Which of the following best defines electronic data interchange (ED I) transactions?

,
Electronic business information is exchanged between two or more businesses.
This answer is correct. The requirement is to identify the item that best defines electronic data interchange. Electronic data interchange involves the electronic exchange of business transaction data in a standard format from one entity's computer to another entity's computer.
Customers' funds-related transactions are electronically transmitted and processed. This answer is incorrect because it describes electronic funds transfer.
Entered sales data are electronically transmitted via a centralized network to a central processor. This answer is incorrect because it defines a computer network.
Products sold on central Web servers can be accessed by users anytime.
This answer is incorrect because it defines an internet electronic commerce system.

0113
Which of the following constitutes a weakness in the internal control of a computer system?

,
One generation of backup files is stored in an off-premises location.
This answer is incorrect because storing backup files off- premises wi ll i m prove internal control. Reconstruction of files, if necessary, wi ll be possible.
Machine operators distribute error messages to the control group.
This answer is incorrect because machine operators should (by nature of operating the system) have access to error messages and will distribute them to the control group.
Machine operators do not have access to the complete systems manual.
This answer is incorrect because machine operators should not have access to the systems manual. Operators should not have complete information on the operation (and weaknesses) of the overall system.
Machine operators are supervised by the programmer.
This answer is correct because machine operators should not be supervised by the programmer. Good internal control in a computer system requires that operators, programmers, and the library function be segregated.

0006
An employee mistakenly enters April 31 in the date field. Which of the following programmed edit checks offers the best
solution for detecting this error?

,
Online prompting.
This answer is incorrect. On-line prompting could help but the user could still input the invalid date.
Mathematical accuracy.
This answer is incorrect because a mathematical accuracy check would not detect an invalid date.
Pre-formatted screen.
This answer is incorrect because a pre-formatted screen would still allow an invalid date to be inputted.
Reasonableness.
This answer is correct. The requirement is to identify the programmed edit check that offers the best solution for preventing the error of mistakenly entering an invalid date in a data field. A reasonableness test would not allow an invalid date to be accepted.

0116
Which of the following configurations of elements represents the most complete disaster recovery plan?

,
Vendor contract for alternate processing site, backup procedures, names of persons on the disaster recovery team. This answer is incorrect. Refer to the correct answer explanation.
Alternate processing site, backup and off-site storage procedures, identification of critical applications, test of the plan.
This answer is correct because the plan should provide for an alternative processing site, backup and off-site storage procedures, identification of critical applications, and test of the plan.
Off-site storage procedures, identification of critical applications, test of the plan. This answer is incorrect. Refer to the correct answer explanation.
Vendor contract for alternate processing site, names of persons on the disaster recovery team, off-site storage procedures. This answer is incorrect. Refer to the correct answer explanation.

0094
An overall description of a database including the names of data elements, their characteristics, and their relationship to one another, would be defined by using a,,

Data definition language.
This answer is correct. The data definition language defines the database structure and content, especially the schema and sub-schema descriptions,including the names of the data elements contained in the database and their relationship to each other.
Data control language.
This answer is incorrect. The data control language is a type of database language used to specify the privileges and security rules governing database users.
Data manipulation language.
This answer is incorrect. Data manipulation language provides application programs with a facility to interact with the database to facilitate add ing, changing, and deleting either data or data relationships.
Data command interpreter language.
This answer is incorrect. Data command interpreter languages are symbolic character strings used to control the current state of database management system operations.

0053
One of the benefits of a single integrated database information system is

Closer program-data linkage.
This answer is incorrect. Closer program-data linkage or independence is not a benefit.
Increased data redundancy.
This answer is incorrect. Redundancy is reduced which is a benefit.
Reduced security.
This answer is incorrect. The need for security measures is not reduced.
Increased data accessibility.
This answer is correct.Increased data accessibility is a benefit of a single integrated database information system.

0045
A validation check used to determine if a quantity ordered field contains only numbers is an example of a (n)
I

nput control.
This answer is correct. A validation check at data entry that verifies that a quantity field contains only numbers is an example of a programmatic means of ensuring the accuracy of the value in that no non numeric characters are permitted this is an input control.
Audit trail control.
This answer is incorrect. The purpose of an audit trail control is to ensure that a chronological record of all relevant events in a system has been recorded.
Processing control.
This answer is incorrect. A processing control ensures that data are complete and accurate during updating.
Data security control.
This answer is incorrect. A data security control ensures that only authorized individuals are permitted to access and use a system.

0057
Which of the following is least likely to be considered an advantage of a value-added network?

,
Reduce communication and data protocol problems.
This answer is incorrect because the VAN often is able to reduce communication and data protocol problems.
Increased security.
This answer is incorrect because increased security is often an advantage of a VAN.
Reduced cost.
This answer is correct since value-added networks (VAN) are often costly.
Partners do not have to establish numerous point-to-point connections.
This answer is incorrect because partners establish less point-to-point connections when a VAN is involved.

0039
Because log-on procedures may be cumbersome and tedious users often store log-on sequences in their personal and invoke them when they want to use mainframe facilities. A risk of this practice is that

Personal computers become much more likely to be physically stolen.
This answer is incorrect. Keeping log-on sequences on the personal computer is unlikely to greatly increase the likelihood of physical theft of those computers.
Anyone with access to the personal computers could log on to the mainframe.
This answer is correct. Since storing the log-on sequences makes log-on easier, anyone with access to the personal computer could potentially log-on to the mainframe through use of the personal computer.
Backup procedures for data files would not be as effective.
This answer is incorrect. Keeping the log-on sequences on the personal computers would not affect the effectiveness of backup procedures for data files.
Users with in adequate training would make more mi stakes.
This answer is incorrect. Keeping the log-on sequences on the personal computers would tend to reduce the number of user mistakes because using automated log-ons would reduce the knowledge required for user to log on to the mainframe.

0054
Which of the following terms best describes a payroll system?

,
Database management system (DBMS).
This answer is incorrect because the payroll system uses a database but it does not involve management of the database.
Transaction processing system (TPS).
This answer is correct. The requirement is to identify the term that best describes a payroll system. A payroll system is a transaction processing system.
Decision support system (DSS).
This answer is incorrect because a decision support system provides information for decision making.
Enterprise resource planning (ERP) system.
This answer is incorrect because an enterprise resource planning system is a software suite that maintains data and integrates multiple business processes and applications.

0110
In which of the following locations should a copy of the accounting system data backup of year-end information be stored?

,
Secure off-site location.
This answer is correct because it is desirable to store the data in a separate secure location to prevent loss from fire or natural disaster.
Data backup server in the network room. This answer describes a less desirable location.
Fi reproof cabinet in the data network room. This answer describes a less desirable location.
Locked file cabinet in the accounting department. This answer describes a less desirable location.

0088
Which of the following is considered an application input control?

,
Run control total.
This answer is incorrect. A run control total is a processing control.
Edit check.
This answer is correct. An edit check is a check on the accuracy of data as it is inputted.
Report distribution log.
This answer is incorrect. A report distribution log is a distribution control.
Exception report.
This answer is incorrect. An exception report is a processing control.

0123
When used in an information technology context EDI is

Education Discount Interface.
This answer is incorrect. Refer to the correct answer employee.
Electronic Data Interchange.
This answer is correct because EDI stands for electronic data interchange.
Engineered Duplicate Integration.
This answer is incorrect. Refer to the correct answer employee.
Extreme Disaster Inhibitor.
This answer is incorrect. Refer to the correct answer employee.

0040
Automated equipment controls in a computer processing system are designed to detect errors arising from

Operation of the computer processing equipment.
This answer is correct because automated equipment controls (hardware controls) are designed to detect report, or prevent operational errors within the computer. For exam ple, the m is reading of magnetic tapes by a tape reader or storage of erroneous data are detected or prevented by the dual-gap heads and parity checks. Other hardware controls are the echo check, dual circuitry, boundary protection, interlock, file protection rings, etc.
Lack of human alertness.
This answer is incorrect because lack of human alertness relates to human error which equipment controls (hardware controls)
cannot detect.
In correct input and output data.
This answer is incorrect because mistakes arising from human-related errors will not be detected by automated equipment controls
(hardware controls).
Poor management of the computer processing installation.
This answer is incorrect because poor management of the computer installation is a human-related error which will not be detected by equipment controls (hardware controls).

0009
First Federal S&L has an on-line real-time system with terminals installed in all of its branches. This system will not accept a customer's cash withdrawal instructions in excess of $1 ,000 without the use of a "terminal audit key." After the transaction is authorized by a supervisor, the bank teller then processes the transaction with the audit key. This control can be
by

Online recording of the transaction on an audit override sheet.
This answer is correct because documentation of all situations in which the "terminal audit key" has been used will i m prove the audit trail.
Increasing the dollar amount to $1 ,500.
This answer is incorrect because increasing the dollar amount required for use of the key will simply reduce the number of times it is used (and allow larger withdrawals to be made without any required special authorization).
Requiring manual, rather than on-line, recording of all such transactions.
This answer is incorrect because there is no reason to believe that a manual system will be more effective than an online system.
Using parallel simulation.
This answer is incorrect because parallel simulation, running the data through alternate software, would have no particular advantage for processing these large withdrawals.

0022
To maintain effective segregation of duties within the information technology function an application programmer should have
which of the following responsibilities?,

Modify and adapt operating system software.
This answer is incorrect because this is a function that is appropriate for the systems programmer.
Correct detected data entry errors for the cash disbursement system.
This answer is incorrect because this is a function that is appropriate for data control personnel.
Code approved changes to a payroll program.
This answer is correct. The requirement is to identify the appropriate duties of an application programmer. An appropriate function for an application programmer includes making code approved changes to a payroll program.
Maintain custody of the billing program code and its documentation.
This answer is incorrect because this is a function that is appropriate for data library personnel.

0115
A data warehouse in an example of

,
On-line analytical processing.
This answer is correct because a data warehouse is an approach to online analytical processing that combines data into a subject?,,
oriented, integrated collection of data used to support management decision-making processes.
On-line transaction processing.
This answer is incorrect because on-line transaction processing involves day-to-day transaction processing operations.
Essential information batch processing.
This answer is incorrect because the term essential information batch processing is vague, and is not ordinarily associated with a data warehouse.
Decentralized processing.
This answer is incorrect because a data warehouse may or may not be associated with decentralized processing.

0028
Which of the following is considered to be a server in a local area network (LAN)?

,
The cabling that physically interconnects the nodes of the LAN. This answer is incorrect. The cabling is the telecom muni cations link.
A device that stores program and data files for users of the LAN.
This answer is correct. A file server providing files for users of the LAN is one type of server.
A device that connects the LAN to other networks.
This answer is incorrect. A network gateway connects the LAN to other networks.
A workstation that is dedicated to a single user on the LAN.
This answer is incorrect. A workstation that is dedicated to a single user is a client.

0042
An input clerk enters a person's employee number. The computer responds with a message that reads employee number that you entered is NOT assigned to an active employee. Please reenter. What technique is the"
using?,,

Optical character recognition (OCR).
This answer is incorrect because OCR software converts images of paper documents as read by a scanning device into text document computer files.
Check digit.
This answer is incorrect because a check digit is an extra reference number that follows an identification number and bears a mathematical relationship to the other digits. This extra digit is input with the data.
Validity check.
This answer is correct because with a validity check the computer compares input reference data to tables or master files to make sure that valid codes are being used. In this example, the computer com pared the input with a table containing the employee numbers of all active employees.
Field (format) check.
This answer is incorrect because with a field (format) check a computer checks attributes such as character content, length, or sign of the individual data fields.

0036
If a control total were to be computed on each of the following data items which would best be identified as a hash total for a payroll application?,,

Hours worked.
This answer is incorrect because a company may use the total of hours worked for various purposes.
Total debits and total credits.
This answer is incorrect because the totals of debits and credits help the auditor (and management) to determine that all transactions have been properly recorded and processed.
Net pay.
This answer is incorrect because the total of net pay normally has a meaning, such as equaling the credit to cash based on the payroll.
Department numbers.
This answer is correct. The requirement is to determine the total which would most likely be considered a hash total. A hash total is a meaningless sum which normally has no use other than to prove the completeness with which a batch has been processed. The summation of department numbers has no apparent use other than to help determine that an entire batch has been processed.

0020
In a daily computer run to update checking account balances and print out basic details on any customer's account that was overdrawn the overdrawn account of the computer programmer was never printed. Which of the following control procedures would have been most effective in detecting this fraud?

Use of the test-data approach by the author in testing the client's program and verification of the subsidiary file.
This answer is incorrect because use of a test-data approach involves the development of a set of dummy transactions which are processed by the client's computer programs. Thus, the auditor would only detect the fraud if the test data overdrew the programmer's account.
Use of a running control total for the master file of checking account balances and comparison with the printout.
This answer is incorrect because using a running control total of all checking account balances could not be meaningfully compared with a printout of overdrawn accounts.
A program check for valid customer code.
This answer is incorrect because a program check for a valid customer code would only detect those transactions for which the customer code was incorrectly in putted or no such customer existed.
Periodic recompiling of programs from documented source files, and comparison with programs currently in use.
This answer is correct because a periodic recompiling of the program from the original source files and comparison with the program currently in use would allow the auditor to detect the modification in the program that has permitted the fraud to occur.

0023
A procedural control used in the management of a computer center to minimize the possibility of data or program file destruction through operator error includes

,
Control figures.
This answer is incorrect because control figures address the accuracy of information on a file, not the physical security of a program file.
Cross footing tests.
This answer is incorrect because cross footing tests address the accuracy of information on a file, not the physical security of a program file.
Limit checks.
This answer is incorrect because limit checks address the accuracy of information on a file, not the physical security of a program fiIe.
External labels.
This answer is correct because external labels will prevent file destruction by properly identifying each file.

0016
The program flow charting symbol representing a decision is a

,
Triangle
This answer is incorrect. Refer to the correct answer employee.
Circle.
This answer is incorrect. Refer to the correct answer employee.
Rectangle.
This answer is incorrect. Refer to the correct answer employee.
Diamond.
This answer is correct. The flowcharting symbol for a decision is a diamond.

0001
Graphical notations that show the flow and transformation of data within a system or business area are called

Action diagrams.
This answer is incorrect. Action diagrams are process logic notations that combine graphics and text to support the definition of technical rules.
Program structure charts.
This answer is incorrect. Program structure ch arts are graphical depictions of the hierarchy of modules or instructions in a program.
Conceptual data models.
This answer is incorrect. Conceptual data models are independent definitions of the data requirements that are explained in terms of entities and relationships.
Data flow diagrams.
This answer is correct. That is the definition of a data flow diagram.

0047
Management of a financial services company is considering a strategic decision concerning the expansion of its existing local area network (LAN) to enhance the firm's customer service function.Which of the following aspects of the expanded system is
the least significant strategic issue for management?

,
How the expanded system can contribute to the firm's long-range business plan.
This answer is incorrect. Long-range business plans are a central aspect of strategic decisions.
How the expanded system would support daily business operations.
This answer is incorrect. support of daily business operations is an important aspect of strategic decisions.
How indicators can be developed to measure how well the expanded system achieves its business objectives. This answer is incorrect. Measurement of plan fulfillment is essential to management's evaluation of the system.
How the expanded system will contribute to the reduction of operating costs.
This answer is correct. Cutting costs, perse, is the least important issue. Payoff, or return on costs, is a more relevant strategic consideration.

0041
The Internet is made up of a series of networks which include

,
Gateways to allow mainframe computers to connect to personal computers.
This answer is correct. Gateways connect Internet computers of dissimilar networks.
Bridges to d i rect messages through the optimum data path . This answer is incorrect. Routers determine the best path for data.
Repeaters to physically connect separate local area networks (LANs). This answer is incorrect. Bridges connect physically separate LANs.
Routers to strengthen data signals between distant computers. This answer is incorrect. Repeaters strengthen signal strength.

0052
Which of the following is correct concerning electronic commerce security?

,
Since they cannot use both, companies must decide whether to use an electronic data interchange approach or an approach using the Internet.
This answer is incorrect because companies can use both an electronic data interchange approach and one using the Internet.
Companies that wish to use the Internet for electronic commerce must adhere to the Uniform Internet Service Provider Code of Conduct.
This answer is incorrect because there is no such Uniform Internet Service Provider Code of Conduct11 that must be adhered to by companies.
Use of a Web site homepage instead of encryption leads to greater security in electronic transactions. This answer is incorrect because using a homepage is not an alternative to using encryption.
The successful use of a firewall will help assure the security of a firm's computer systems. This answer is correct because a firewall will limit who is able to access a database.

0027
Which of the following procedures would enhance the control of a computer operations department?

,
I. Periodic rotation of operators. II. Mandatory vacations.
Ill. Controlled access to the facility.
IV. Segregation of personnel who are responsible for controlling input and output.
I,II.
This answer is incorrect. This response is incomplete.
I,II,Ill.
This answer is incorrect. This response is incomplete.
Ill, IV.
This answer is incorrect. This response is incomplete.
I, II,Ill,
This answer is correct. All of the above practices are effective control measures. Periodic rotation and mandatory vacations provide other personnel with the ability to detect operator problems. Controlled access and segregation of duties allow for the separation of incompatible functions.
Which of the following types of control plans is particular to a specific process or subsystem, rather than related to the timing its occurrence?,,
Preventive.
This answer is incorrect because preventative controls serve to prevent errors or fraud and may cut across many processes or subsystems.
Corrective.
This answer is incorrect because corrective controls correct errors and may cut across many processes or subsystems.
Application.
This answer is correct. The requirement is to identify the control plan that is particular to a process or subsystem. This answer is correct because application controls apply to a particular application or process.
Detective.
This answer is incorrect because detective controls detect errors and fraud and may cut across several processes or subsystems.

0067
There are several kinds of hardware and software for connecting devices within a network and for connecting different networks to each other. The kind of connection often used to connect dissimilar networks is a

,
Gateway.
This answer is correct. A gateway, often implemented via software, translates between two or more different protocol families and makes connections between dissimilar networks possible.
Bridge.
This answer is incorrect. A bridge joins network segments so they appear to be one physical segment.
Router.
This answer is incorrect. A router connects two or more network segments, such that the segments maintain their separate logical identities.
Wiring concentrator.
This answer is incorrect. A wiring concentrator accepts twisted-pair cabling from each of several PCs in the same LAN.

0048
The machine language for a specific computer

,
May be changed by the programmer.
This answer is incorrect because a programmer will not be able to write a program which will change the computer's machine language.
Is the same as all the other computer languages.
This answer is incorrect because machine languages differ among different computers. Also, machine languages differ from user programs (e.g ., written in BASIC, COBOL).
Is determined by the engineers who designed the computer.
This answer is correct because the machine language must be designed for the specific computer and, therefore, is determined by the engineers who design the computer.
Is always alphabetic.
This answer is incorrect because the machine language is never alphabetic it is of a binary form.

0030
When considering disaster recovery what type of backup facility involves an agreement between two organizations to aid other in the event of disaster?

Cold site.
This answer is incorrect because a cold site ordinarily involves processing at another site.
Hot site.
This answer is incorrect because a hot site ordinarily relies upon a commercial disaster recovery service that allows a business to continue in the event of computer disaster.
Reciprocal agreement.
This answer is correct because a reciprocal agreement involves agreement between two or more organizations to help each other in the event of disaster to one's processing.
Rollback.
This answer is incorrect because a checkpoint system is more directly related to copying the database at certain points for backup support.

0038
Which of the following is an advantage of using a value-added network for EDI transactions?

Ability to deal with differing data protocols.
This answer is correct because a value-added network is a privately owned network that routes ED I transactions and alleviates problems related to differences between various organizations' hardware and software.
Decrease in cost of ED I.
This answer is incorrect because a value-added network is likely to increase the cost of ED I, not decrease it.

This answer is incorrect because a value-added network is likely to have no effect on data redundancy.
Direct communication between trading partners.
This answer is incorrect because a value-added network results in communications to the value-added network, and then to the trading partner.

0012
When erroneous data are detected by computer program controls such data may be excluded from processing and printed on
an error report. The error report should most probably be reviewed and followed up by the?

Supervisor of computer operations.
This answer is incorrect because the supervisor of computer operations has responsibility for the overall operation of the information systems department and should not provide an internal audit function.
Systems analyst.
This answer is incorrect because the systems analyst is responsible for designing the system, and accordingly should not have internal audit responsibility.
Control group.
This answer is correct because the control group is responsible for providing a continuous review function by supervising and monitoring input, operations, and the distribution of output (i.e., a continuous internal audit function).
Computer programmer.
This answer is incorrect because the computer programmer is charged with designing program flow charts and writing computer programs based on the work of the systems analyst. Accordingly, this individual does not have internal audit responsibility.

0013
The most appropriate type of network for a company that needs its network to function inexpensively in widely separated geographical areas is

Local area network (LAN).
This answer is incorrect. A local area network (LAN) is generally limited to short distances (e.g., 2,000 feet radius of the servers).
Wide area network (WAN).
This answer is correct. A wide area network (WAN) is the best kind of network because it can connect many sites located across a broad geographical distance.
Value added network (VAN).
This answer is incorrect. A value-added network (VAN) is,in general, more expensive than a private network such as WAN for high-volume communications.
Private branch exchange (PBX).
This answer is incorrect. A private branch exchange (PBX) is an electronic switch that transfers telephone calls, which does not have the network capabilities needed by the company.

0046
In a client/server environment the "client" is most likely to be the?

Supplier of the computer system.
This answer is incorrect because the supplier of the computer system is not referred to as the client.
Computers of various users.
This answer is correct because the "client" may be viewed as the computer or workstation of the individual user.
Computer that contains the network's software and provides services to a server.
This answer is incorrect because the server ordinarily provides most of the software and provides services to the client.
Database administrator.
This answer is incorrect because the database administrator is not referred to as the client.

0024
Securing client/server systems is a complex task because of all of the following factors except:

,
The use of relational databases.
This answer is correct. Client server implementation does not necessarily use relational databases.
The number of access points.
This answer is incorrect. This is a factor that makes security complex in client/server environments.
Concurrent operation of multiple user sessions.
This answer is incorrect. This is a factor that makes security complex in client/server environments.
Widespread data access and update capabilities.
This answer is incorrect. This is also a factor that makes client/server security complex.

0049
Which of the following controls would assist in detecting an error when the data input clerk records a sales invoice as $1 2.99
when the actual amount is $122.99?

Batch control totals.
This answer is correct. The other controls would not find this error.
Echo check.
This answer is incorrect. This is a hardware control that checks for accuracy in data transmission it is not an input control.
Limit check.
This answer is incorrect. This would only work if the two amounts were reversed and there was a dollar limit on invoices.
Sign check.
This answer is incorrect. This control checks for positive or negative field restrictions.

0060
The primary objective of security software is to?

,
Control access to information system resources.
This answer is correct. The objective of security software is to control access to information systems resources such as program libraries, data files, and proprietary software.
Restrict access to prevent installation of unauthorized utility software.
This answer is incorrect. security software will control the use of utilities, but not the installation.
Detect the presence of viruses.
This answer is incorrect. Antivirus software detects the presence of viruses.
Monitor the separation of duties within applications.
This answer is incorrect. security software may be a tool to establish separation of duties, but does not monitor it.

0056
Which of the following represents the procedure managers use to identify whether the company has information that unauthorized individuals want how these individuals could obtain the information, the value of the information, and the probability of unauthorized access occurring?

Disaster recovery plan assessment.
This answer is incorrect because disaster recovery plan assessment is an evaluation of the plan for recovery when the information system fails.
systems assessment.
This answer is incorrect because a systems assessment is an evaluation of the adequacy of a system in providing required information.
Risk assessment.
The requirement is to identify the process that involves identifying whether the company has information un authorized individuals want, how the individuals could obtain the information, the value of the information, and the probability of un authorized access. This answer is correct because the process of risk assessment is described.
Test of controls.
This answer is incorrect because tests of controls test the operating effectiveness of the controls.

ABC systems projects have been assessed on these risk criteria. Which the risk to?

A.Current Sketchy
B.New Sketchy
C. Current Well defined
D.New Well defined
A
This answer is incorrect because it has at least one less risky component.
B
The requirement is to identify the project with the highest risk. This answer is correct because the project involves both new (more risky than cu rrent) technology and sketchy (more risky than well-defined) structure.
c
This answer is incorrect because it has at least one less risky component.
D
This answer is incorrect because it has at least one less risky component.
Which of the following is a key difference in controls when changing from a manual system to a computer system?,,
Internal control principles change.
This answer is incorrect because the control principles do not change.
Internal control objectives differ.
This answer is incorrect because control objectives do not change.
Control objectives are more difficult to achieve.
This answer is incorrect because control objectives are not more difficult to achieve.
Methodologies for implementing controls change.
The requirement is to identify the key differences in controls when changing from a manual system to a computer system. This answer is correct because the methods of achieving control are different for a computer system.

0104
Compared to batch processing real-time processing has which of the following advantages?,,

Ease of auditing.
This answer is incorrect because batch processing is actually easier to audit.
Ease of implementation.
This answer is incorrect because real-time processing is not as efficient and not as easy to implement.
Timeliness of informati on.
This answer is correct. The requirement is to identify the advantage of real-time processing. This answer is correct because the major advantage of real-time processing is that information is available immed iately.
Efficiency of processing.
This answer is incorrect because real-time processing is not as efficient and not as easy to implement.

0078
Which of the following is a primary function of a database management system?

,
Report customization.
This answer is incorrect because report customization is a function of a report writing system.
Capability to create and modify the database.
This answer is correct. The requirement is to identify the primary function of a database management system. One of the functions is to create and modify the database.
Financial transactions input.
This answer is incorrect because financial transaction input is a function of Application software.
Database access authorizations
This answer is incorrect because database access authorization is a function of access control systems.

0111
In updating a computerized accounts receivable file which one of the following would be used as a batch control to verify the
accuracy of the total credit posting?

The sum of the cash deposits plus the discounts less the sales returns. This answer is incorrect. Refer to the correct answer employee.
The sum of the cash deposits.
This answer is incorrect. Refer to the correct answer employee.
The sum of the cash deposits less the discounts taken by customers. This answer is incorrect. Refer to the correct answer employee.
The sum of the cash deposits plus the discounts taken by customers.
This answer is correct because the accounts receivable will be credited for the amount of cash received plus discounts taken by the customers. Therefore, the control total should be the sum of the cash deposits plus the discounts taken by customers.

0019
Which of the following activities would most likely detect computer-related fraud?

,
Using data encryption.
This answer is incorrect because encryption serves to prevent unauthorized access to data.
Performing validity checks.
This answer is incorrect because performing validity checks serves to prevent errors or fraud.
Conducting fraud-awareness training.
This answer is incorrect because conducting fraud-aware ness training serves to prevent fraud.
Reviewing the systems-access log.
This answer is correct because reviewing the systems-access log might reveal (detect) un authorized access to the system. All of the other measures, A through C, serve to prevent errors or fraud.

0065
Which of the following procedures should be included in the disaster recovery plan for an Information Technology

,
Replacement of personal computers for user departments.
This answer is incorrect because replacement of personal computers for user departments is not part of the disaster recovery plan for the IT department.
Identification of critical applications.
This answer is correct because a disaster recovery plan must identify the critical applications.
Physical security of warehouse facilities.
This answer is incorrect because physical security of warehouse facilities is part of controls over inventory.
Cross-training of operating personnel.
This answer is incorrect because cross-training of operating personnel is not part of the disaster recovery plan.

0068
Any assessment of the operational capabilities of a computer system must consider downtime.Even in a fully protected system

downtime will exist because of,,
Electrical power losses.
This answer is incorrect because a fully protected computer system has alternative power sources which would provide for electrical power losses and, therefore, downtime would not exist for this reason.
Unscheduled maintenance.
This answer is correct because even though the computer system is fully protected, unscheduled maintenance will require a certain amount of downtime.
Unauthorized entry.
This answer is incorrect because an un authorized entry would be thwarted in a fully protected system. Thus, downtime would not arise from un authorized entries.
Keypunching errors.
This answer is incorrect because a fully protected computer system has adequate internal controls which would provide for keypunching errors. Downtime would not arise from this type of error.

0015
A digital signature is used primarily to determine that a message is

,
Unaltered in transmission.
This answer is correct. The requirement is to identify the purpose of a digital signature. This answer is correct because the digital signature assures the recipient that the message came from a certain individual and it was not modified.
Not intercepted en route.
This answer is incorrect because the digital signature does not assure that the message was not intercepted.
Received by the intended recipient.
This answer is incorrect because the digital signature does not provide assurance that the message was received by the intended recipient.
Sent to the correct address.
This answer is incorrect because the digital signature does not assure that the message was sent to the correct address.

0069
A manufacturing company that wanted to be able to place material orders more efficiently most likely would utilize which of the

,
following?,,
Electronic check presentment.
This answer is incorrect because it relates to check processing.
Electronic data interchange.
This answer is correct because electronic data interchange is used to electronically connect a company to its suppliers and customers.
Automated clearinghouse.
This answer is incorrect because it relates to check processing.
Electronic funds transfer.
This answer is incorrect because it relates to check processing.

0081
More than one file may be stored on a single magnetic disc. Several programs may be
In both cases it is important to prevent the mixing of data. One way to do this is to use

,
File integrity control.
This answer is incorrect because file integrity control deals with maintaining the entire file.
Boundary protection.
This answer is correct because the primary purpose of boundary protection is to prevent the mixing of data on a magnetic memory disc and a core storage unit.
Interleaving.
This answer is incorrect because interleaving is a nonsense term.
Paging.
This answer is incorrect because paging is a technique used in virtual storage to segment programs and data files which are being used.

0007
Which of the following is not a characteristic of a batch processed computer system?

,
The collection of like transactions which are sorted and processed sequentially against a master file. This answer is incorrect since a batch system may process sequentially against a master file.
Keypunching of transactions, followed by machine processing.
This answer is incorrect because keypunching is followed by machine processing in a batch system.
The production of numerous printouts.
This answer is incorrect because processed batches ordinarily result in numerous printouts.
The posting of a transaction, as it occurs, to several files, without intermediate printouts.
This answer is correct because simultaneous posting to several files is most frequently related to an on-line real-time system, not a batch system.

0032
Which of the following employees normally would be assigned the operating responsibility for designing a computer including flowcharts of data processing routines?

,
Computer program mer.
This answer is incorrect because computer programmers write detailed programs based upon the work of the systems analyst.
Data processing manager.
This answer is incorrect because the data processing manager has overall responsibility for the computer operations function
(systems design, program ming, operations, library, etc.).
Systems analyst.
This answer is correct because the systems analyst is responsible for designing the computer system, including the goals of the system and means of achieving those goals, based upon the nature of the business and its information needs. The systems analyst also must outline the data processing system for the computer programmer with system flowcharts.
Internal auditor.
This answer is incorrect because the internal auditor may review the systems design and program flowcharts, but is not responsible for their design.

0003
A bank wants to reject erroneous checking account numbers to avoid invalid input.Management of the bank was told that there is a method that involves adding another number at the end of the account numbers and subjecting the other numbers an algorithm to compare with the extra numbers. What technique is this?

,
Optical character recognition (OCR) software.
This answer is incorrect because OCR software converts images of paper documents as read by a scanning device into text document computer files.
Check digit.
This answer is correct because a check digit is an extra reference number that follows an identification number and bears a mathematical relationship to the other digits. The identification number can be subjected to an algorithm and compared to the check digit.
Validity check.
This answer is incorrect because with a validity check the computer compares input reference data to tables or master files to make sure that valid codes are being used.
Field (format) check.
This answer is incorrect because with a field (format) check a computer checks attributes such as character content, length, or sign of the individual data fields.

0034
Which of the following would lessen internal control in a computer processing system?

,
The computer librarian maintains custody of computer program instructions and detailed listings.
This answer is incorrect because the computer librarian should maintain custody of program instructions and detailed listings to strengthen controls in a computer system.
Computer operators have access to operator instructions and detailed program listings.
This answer is correct because computer operators who have access to detailed program listings have the opportunity to modify the programs.
The control group is solely responsible for the distribution of all computer output.
This answer is incorrect because the control group should be responsible for the distribution of all computer output to strengthen controls in a computer system.
Computer programmers write and debug programs which perform routines designed by the systems analyst.
This answer is incorrect because computer programmers should write and debug programs which perform routines designed by the systems analyst in order to strengthen controls in a computer system.

0002
Which of the following areas of responsibility are normally assigned to a systems programmer in a computer system environment?

,
Systems analysis and applications programming.
This answer is incorrect because the systems analyst and application programmers are normally given these areas of responsibility.
Data communication hardware and software.
This answer is incorrect because this area is normally assigned to others within the organization, such as data security.
Operating systems and compilers.
This answer is correct because systems programmers are given responsibility for maintaining system software, including operating systems and compilers.
Computer operations.
This answer is incorrect because computer operations are normally assigned to operators.

0074
A controller is developing a disaster recovery plan for a corporation's computer systems. In the event of a disaster that makes the company's facilities unusable

the controller has arranged for the use of an alternate location and the delivery of duplicate computer hardware to this alternate location.Which of the following recovery plans would best describe this arrangement?,,
Hot site.
This answer is incorrect because a hot site has duplicate equipment ready to start processing in the event of a disaster.
Cold site.
This answer is correct. The requirement is to identify the recovery plan that best describes the arrangement. A cold site is one in which the customer may provide and install equipment in the event of a disaster.
Backup site procedures.
This answer is incorrect because backup site procedures set forth the plan for a backup site.
Hot spare site agreement.
This answer is incorrect because a hot spare site agreement is not a commonly defined agreement.

0119
Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (ED I) environment?

,
Elimination of the need to continuously update antivirus software.
This answer is incorrect because antivirus software is still needed when the data is transmitted.
Assurance of the thoroughness of transaction data because of standardized controls.
This answer is correct because in an EDI environment transactions are communicated in standard format to help ensure completeness and accuracy.
Automatic protection of information that has electronically left the entity.
This answer is incorrect because EDI does not provide for automatic protection of information. Transmission controls must still exist.
Elimination of the need to verify the receipt of goods before making payment.
This answer is incorrect because EDI does not eliminate the need to assure that goods are received.

0089
Which of the following is an electronic device that separates or isolates a network segment from the main network while
maintaining the connection between networks?

,
Query program.
This answer is incorrect because a query program is a program that allows data to be extracted from a database.
Firewall.
This answer is correct because a firewall prevents unauthorized users from accessing a network segment.
Image browser.
This answer is incorrect because an image browser is an application that allows the viewing of digital photos.
Keyword.
This answer is incorrect because a keyword is an important word that relates to a particular topic.

0090
Which of the following statements is true regarding Transmission Control Protocol and Internet Protocol (TCP/I P) ?

,
Every TCP/IP-supported transmission is an exchange of funds.
This answer is incorrect because a TCP/IP-supported transmission may be exchange of any type of data.
TCP/IP networks are limited to large mainframe computers.
This answer is incorrect because TCP/IP is used with all computers connected to the Internet.
Every site connected to a TCP/IP network has a unique address.
This answer is correct because every site connected to a TCP/IP has a unique address.
The actual physical connections among the various networks are limited to TCP/IP ports. This answer is incorrect because the actual physical connections are not limited to TCP/IP ports.

In a large multinational organization which of the following job responsibilities should be assigned to the network administrator?,,

Managing remote access.
This answer is correct. The requirement is to identify the job responsibilities that should be assigned to the network administrator. The network administrator is responsible for maintaining the hardware and software aspects of a computer network
Developing application programs.
This answer is incorrect because application programmers should be responsible for this function.
Reviewing security policy.
This answer is incorrect because review of the security policy is not a responsibility that should be assigned to the network administrator.
Installing operating system upgrades.
This answer is incorrect because instal ling operating system upgrades is a function that should be assigned to system programmers.

0114
What type of computerized data processing system would be most appropriate for a company that is opening a new retail
location?

,
Batch processing.
This answer is incorrect because batch processing is old technology for a retail business.
Real-time processing.
This answer is correct because real-time processing is the best method for use by retail businesses.
Sequential-file processing.
This answer is incorrect because it does not describe appropriate technology for processing transactions.
direct-access processing.
This answer is incorrect because it does not describe appropriate technology for processing transactions.

0095
Which of the following artificial intelligence information systems cannot learn from experience?

,
Neural networks.
This answer is incorrect because this system does learn from experience.
Case-based reasoning systems.
This answer is incorrect because this system does learn from experience.
Rule-based expert systems.
This answer is correct because rule-based expert systems do not learn from experience they simply execute rules.
Intelligent agents.
This answer is incorrect because this system does learn from experience.

0097
Which of the following allows customers to pay for goods or services from a Web site while maintaining financial privacy?

,
Credit card.
This answer is incorrect because it does not enable the use of cash for purchases.
Site draft.
This answer is incorrect because it does not enable the use of cash for purchases.
E-cash.
This answer is correct because E-cash is a system for use of cash to purchase items over the Internet.
Electronic check.
This answer is incorrect because it does not enable the use of cash for purchases.

0098
An entity doing business on the Internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

,
Password management.
This answer is incorrect. Password management helps prevent un authorized intruders from accessing systems.
Data encryption.
This answer is incorrect. Data encryption helps prevent un authorized intruders from understanding information if they get access to it.
Digital certificates.
This answer is incorrect. Digital certificates help assure that data received is from an appropriate source.
Batch processing.
This answer is correct. Batch processing is a method of processing transactions. It does not serve to protect information processed on the Internet.

0125
Which of the following is the primary advantage of using a value-added network (VAN)?

,
It provides confidentiality for data transmitted over the Internet. This answer is incorrect. VANs do not use public networks.
It provides increased security for data transmissions.
This answer is correct. VANs provide increased security over transactions because they use private networks.
It is more cost effective for the company than transmitting data over the Internet. This answer is incorrect. VANs cost more than simply using the Internet.
It enables the company to obtain trend information on data transmission.
This answer is incorrect. VANs make it more difficult to collect data about transmissions.

0127
Control Objectives for Information and Related Technology (COBIT) provides a framework for

,
Internet Based systems.
This answer is incorrect. See explanation for the correct answer.
Information technology and information technology governance.
This answer is correct. COB IT provides a framework for information technology and information technology governance.
Auditing IT Systems.
This answer is incorrect. See explanation for the correct answer.
The implementation for new technology.
This answer is incorrect. See explanation for the correct answer.

0132
An accounts payable clerk is accused of making unauthorized changes to previous payments to a vendor. Proof could be
uncovered in which of the following places?,,

Transaction logs.
The requirement is to identify the best source of information about an unauthorized change to previous payments to vendors. This answer is correct because transaction logs maintain records of any changes in data.
Error reports.
This answer is incorrect because error reports contain in formation about transactions that do not meet certain criteria.
Error files.
This answer is incorrect because error files would contain details of how errors were resolved.
Validated data file.
This answer is incorrect because a validated data file is not a typical control term.

0099
According to COBIT information needs to conform to all of the following criteria, except,

Effectiveness.
This answer is incorrect. It is part of the criteria.
Confidentiality.
This answer is incorrect. It is part of the criteria.
Integrity.
This answer is incorrect. It is part of the criteria.
Encrypted.
This answer is correct. It is not part of the COB IT criteria.

0133
According to COBIT the process model domain that includes the strategy and tactics to identify the manner in which IT can
best contribute to the achievement of business objectives is?

Plan and organize.
This answer is correct. The plan and organize domain encompasses the strategy and tactics to identify the manner in which IT can best contribute to the achievement of business objective s.
Acqui re and implement.
This answer is incorrect. See the explanation for the correct answer.
Deliver and support.
This answer is incorrect. See the explanation for the correct answer.
Monitor and evaluate.
This answer is incorrect. See the explanation for the correct answer.

0135
An information technology director collected the names and locations of key vendors current hardware configuration,
team members, and an alternative processing location. What is the director most likely preparing?

Data restoration plan.
This answer is incorrect because data restoration is only one aspect of disaster recovery.
Disaster recovery plan.
This answer is correct. The requirement is to determine for what purpose the information technology director is collecting the described data. This information would be useful in reconstructing a database in the event of a disaster.
System security policy.
This answer is incorrect because the data collected is not related to system security policy.
System hardware policy.
This answer is incorrect because the data collected is not related to hardware policy.

0109
Which of the following statements best characterizes the function of a physical access control?

,
Protects systems from the transmission of Trojan horses.
This answer is incorrect because firewalls prevent the transmission of Trojan horses.
Provides authentication of users attempting to log into the system.
This answer is incorrect because authentication of users attempting to log into the system is done by a system of user IDs and passwords.
Separates unauthorized individuals from computer resources.
This answer is correct because physical access controls are those that limit the access to computer equipment, files and documentation.
Minimizes the risk of incurring a power or hardware failure.
This answer is incorrect because backup policies minimize the risk of power or hardware failure.

0084
Which of the following is usually a benefit of using electronic funds transfer for international cash transactions?

,
Creation of multilingual disaster recovery plans.
This answer is incorrect because it does not describe characteristics of electronic funds transfer.
Reduction in the frequency of data entry errors.
The requirement is to identify the benefit of using electronic funds transfer for international cash transactions. This answer is correct because electronic funds transfer systems minimize the need for entry of information and, therefore, reduce the chance of entry errors.
Off-site storage of foreign source documents.
This answer is incorrect because it does not describe characteristics of electronic funds transfer.
Improvement in the audit trail for cash transactions.
This answer is incorrect because it does not describe characteristics of electronic funds transfer.

0102
A company has a significant e-commerce presence and self-hosts its Web site. To assure continuity in the event of a natural
disaster the firm should adopt which of the following strategies?

Backup the server database daily.
This answer is incorrect. This is not the most effective method.
Store records off-site.
This answer is incorrect. This is not the most effective method.
Purchase and implement RAID technology.
This answer is incorrect. RAID technology is only designed to prevent loss of data in the event of equipment failure.
Establish off-site mirrored Web server.
This answer is correct. Establishing an off- site mirrored Web server would provide for continuous duplication of data in geographically separated locations.

0126
An enterprise resource planning (E R P) system has which of the following advantages over multiple independent functional
systems?

,
Modifications can be made to each module without affecting other modules. This answer is incorrect. This statement is not true about ERP systems.
Increased responsiveness and flexibility while aiding in the decision-making process.
This answer is correct. An ERP system increases responsiveness and flexibility while aiding in the decision-making process.
Increased amount of data redundancy since more than one module contains the same information. This answer is incorrect. ERP reduces data redundancy.
Reduction in costs for implementation and training.
This answer is incorrect. ERP systems typically are more expensive to implement.

0129
Which of the following is a model for evaluating the sophistication of IT processes?

,
Control models.
This answer is incorrect. See explanation for correct answer.
Maturity models.
This answer is correct. Maturity models evaluate the sophistication of IT processes rated from a maturity level of non-existent (0) to optimized (5).
Performance models.
This answer is incorrect. See explanation for correct answer.
Hierarchy models.
This answer is incorrect. See explanation for correct answer.

0136
What is a major disadvantage to using a private key to encrypt data?

,
Both sender and receiver must have the private key before this encryption method will work.
This answer is correct. The requirement is to identify the major disadvantage to using a private key to encrypt data. This answer is correct because when a private key is used both the sender and the receiver have the key.
The private key cannot be broken into fragments and distributed to the receiver. This answer is incorrect because it is not a disadvantage.
The private key is used by the sender for encryption but not by the receiver for decryption. This answer is incorrect because the same key must be used by both the sender and receiver.
The private key is used by the receiver but not by the sender for encryption.
This answer is incorrect because the same key must be used by both the sender and receiver.

0070
A brokerage firm has changed a program so as to permit higher transaction volumes. After proper testing of the change the revised programs were authorized and copied to the production library. This practice is an example of?

Prototyping.
This answer is incorrect. Prototyping is the practice of rapid development of a system containing essential features for the purpose of eliciting user comments, which drive successive iterations of the prototype system.
Program integration.
This answer is incorrect. program integration does not have a standard meaning.
SDLC (System Development Life Cycle).
This answer is incorrect. SDLC is the system development life cycle. The practice described is often assumed to be incorporated in well-controlled SDLC but is not thought of as SDLC.
Change control.
This answer is correct. The practice of authorizing changes, approving tests results, and copying developmental programs to a production library is program change control.

0043
To prevent interrupted information systems operation which of the following controls are typically included in an organization's
disaster recovery plan?

Backup and data transmission controls.
This answer is incorrect because a disaster recovery system does not include data transmission controls.
Data input and downtime controls.
This answer is incorrect because a disaster recovery plan does not include data input controls.
Backup and downtime controls.
This answer is correct because a disaster recovery plan should include both backup and downtime me controls.
disaster recovery and data processing controls.
This answer is incorrect because a disaster recovery plan does not include processing controls.

0092
Which of the following structures refers to the collection of data for all vendors in a relational data base ?

Record.
This answer is incorrect. A record would have information about one vendor.
Field.
This answer is incorrect. A field is an element of a record.
File.
This answer is correct. The described structure would be referred to as a vendor file.
Byte.
This answer is incorrect. A byte is a piece of a field.

0128
When a client's accounts payable computer system was relocated the administrator provided support through a dial-up connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time?

User passwords are not required to be in alphanumeric format.
This answer is incorrect. This control reduces the risk that passwords will be determined by unauthorized individuals.
Management procedures for user accounts are not documented.
This answer is incorrect. This control is not relevant to the described situation.
User accounts are not removed upon termination of employees.
This answer is correct. If accounts are removed upon termination, the terminated administrator can no longer have access to the company's systems.
Security logs are not periodically reviewed for violations.
This answer is incorrect. If the account is not removed, its use would not show up on a security log.

0131
According to COBIT the IT group achieves its business objectives by establishing processes and employing the following
resources:

Applications, information, infrastructure, and people.
This answer is correct. The resources include applications, information, infrastructure, and people.
Technology, computers, communication, and data.
This answer is incorrect. See explanation for correct answer.
Facilities, personnel, applications, and tools.
This answer is incorrect. See explanation for correct answer.
Systems, programs, security, and controls.
This answer is incorrect. See explanation for correct answer.

0134
Which of the following is not true?

, Relational databases
Are flexible and useful for unplanned, ad hoc queries.
This answer is incorrect. This is true about relational databases.
Store data in table form.
This answer is incorrect. This is true about relational databases.
Use trees to store data in a hierarchical structure.
This answer is correct. Hierarchical databases use tree structures to organize data relational databases use tables.
Are maintained on direct access devices.
This answer is incorrect. This is true about relational databases.

0061
A control feature in an electronic data processing system req ui res the central processing unit (CPU) to send signals to the printer to activate the print mechanism for each character. The print mechanism just prior to printing, sends a signal back to the CPU verifying that the proper print position has been activated. This type of hardware control is referred to as?

Echo control.
This answer is correct because an echo check or control consists of transmitting data back to the source unit for comparison with the original data that were transmitted. In this case, the print command is sent to the printer and then returned to the CPU to verify that the proper command was received.
Validity control.
This answer is incorrect because a validity check or control consists of the examination of a bit pattern to determine that the combination is legitimate for the system character set( i.e., that the character represented by the bit combination is valid per the system). A validity check is not being described in this situation.
Signal control.
This answer is incorrect because "signal control" is nonexistent.
Check digit control.
This answer is incorrect because a check digit control is a programmed control wherein the last character or digit can be calculated from the previous digits. This type of hardware check is not being described in this situation.

0008
The use of a header label in conjunction with magnetic tape is most likely to prevent errors by the

,
Computer operator.
This answer is correct because the use of a header label allows the computer operator to determine whether the correct file has been selected for process ing. Therefore, header labels will most likely prevent errors by the computer operator who mounts the magnetic tapes on the tape drives.
Keypunch operator.
This answer is incorrect because the keypunch operator does not load magnetic tapes and, therefore, is not affected by the use of header labels.
Computer programmer.
This answer is incorrect because the programmer will write the programs and will not run them in a good internal control structure.
Maintenance technician.
This answer is incorrect because the maintenance technician will not run the magnetic tape. Thus, the use of header labels will not affect the maintenance technician's errors.

0014
Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group?

,
Parity check.
This answer is incorrect because a parity check involves a special bit which is added to each character stored in memory and detects if the hardware loses a bit during the internal movement of the character.
Validity check.
This answer is correct because a validity check determines whether a character is a legitimate item of the given character set. Thus, the validity check ascertains whether a given character is within the desired group (e.g. a field indicating sex of an individual where F=female and M=male would not accept an 11A11 being coded).
Echo check.
This answer is incorrect because an echo check is a hardware control wherein data is transmitted back to its source and compared to the original data to verify the transmission correctness.
Limit check.
This answer is incorrect because a limit or reasonableness check is a programmed control based on specified lim its. For example, a calendar month cannot be numbered higher than 1 2 , or a week cannot have more than 1 68 hours.

0021
Employee numbers have all numeric characters. To prevent the input of alphabetic characters what technique should be used?,,

Optical character recognition (OCR).
This answer is incorrect because OCR software converts images of paper documents as read by a scanning device into text document computer files.
Check digit.
This answer is incorrect because a check digit is an extra reference number that follows an identification number and bears a mathematical relationship to the other digits. This extra digit is input with the data.
Validity check.
This answer is incorrect because with a validity check the computer compares input reference data to tables or master files to make sure that valid codes are being used.
Field (format) check.
This answer is correct because with a field (format) check the computer checks the characteristics of the character content, length, or sign of the individual data fields.

0035
Encryption protection is least likely to be used in which of the following situations?

,
When transactions are transmitted over local area networks.
This answer is correct. Various factors need to be considered. Encoding is important when confidential data are transmitted between geographically separated locations that can be electronically monitored. Although LANs may need encryption protection, the type of data and the described communication media make the other options appear more vulnerable.
When wire transfers are made between banks.
This answer is incorrect. Encryption is often used in this situation.
When confidential data are sent by satellite trans mission.
This answer is incorrect. Encryption is often used in this situation.
When financial data are sent over dedicated leased lines. This answer is incorrect. Encryption is often used in this situation.

0059
Parity checks read-after-write checks, and duplicate circuitry are computer controls that are designed to detect,,

Erroneous internal handling of data.
This answer is correct because parity checks, read-after-write checks, and duplicate circuitry are hardware controls which have been developed to detect and control mishandling of data within the computer. They detect electronic or mechanical problems in the movement and storage of data.
Lack of sufficient documentation for computer processes.
This answer is incorrect because these controls are not relevant to the detection and control of lack of sufficient documentation.
Il logical programming commands.
This answer is incorrect because these controls are not relevant to the detection and control of illogical programming commands.
Il logical uses of hardware.
This answer is incorrect because these controls are not relevant to the detection and control of illogical uses of hardware.

0010
Today organizations are using microcomputers for data presentation because microcomputer use compared to mainframe use, is more,,

Controllable.
This answer is incorrect. Microcomputer use is less controllable than mainframe use.
Conducive to data integrity.
This answer is incorrect. Microcomputer use is less conducive to data integrity than mainframe use because less control over use is possible in microcomputer environments.
Reliable.
This answer is incorrect. Given the decades of refinement of them, mainframes are generally more reliable than microcomputers.
Cost effective.
This answer is correct. In cooperative processing, microcomputers are more cost effective than mainframes for data entry and presentation because microcomputers are better suited to frequent screen updating and graphical user interfaces.

0055
With the growth of microcomputers some organizations are allowing end-users to develop their own applications. One of the
organizational risks of this policy is?

User requirements will not be well met.
This answer is incorrect. This will improve with less chance of use r-analyst distortion.
Reduced control of data.
This answer is correct. Private files can proliferate.
Increased applications backlog.
This answer is incorrect. This will reduce applications backlog.
Increased development time.
This answer is incorrect. This will reduce development time.

0044
An organization's computer help desk function is usually a responsibility of the?

,
Applications development unit.
This answer is incorrect. Applications development is responsible for developing systems. After formal acceptance by users, developers typically cease having day-to-day contact with a system's users.
Systems programming un it.
This answer is incorrect. The responsibility of systems programming is to implement and maintain system-level software such as operating systems, access control software, and database systems software.
Computer operations unit.
This answer is correct. Help desks are usually a responsibility of computer operations because of the operational nature of their functions (for example, assisting users with systems problems involving prioritization and obtaining technical support/vendor assistance).
User departments.
This answer is incorrect. The responsibility of user departments is to interact with application systems as planned. User departments typically do not have the expertise necessary to solve their own systems problems.

0051
Companies now can use electronic transfers to conduct regular business transactions. Which of the following terms best describes a system where an agreement is made between two or more parties to electronically transfer purchase orders orders, invoices, and/or other financial documents?

Electronic mail(E-mail).
This answer is incorrect. E-mail can send text or document files, but the term encompasses a wide range of transfers. Electronic data interchange specifically applies to the system described in the question.
Electronic funds transfer (EFT).
This answer is incorrect. Electronic funds transfer (E FT) refers to the transfer of money.
Electronic data interchange (ED I).
This answer is correct. Electronic data interchange refers to the electronic transfer of documents between businesses.
Electronic data processing (EDP).
This answer is incorrect. Electronic data processing (ED P) is a generic term which refers to computerized processing of transaction data within organizations.

0062
A program that edits a group of source language statements for syntax errors and translates the statements into an object program is a( n)

,
Interpreter.
This answer is incorrect. An interpreter edits source language statements for syntax errors and translates them into executable code, but it interprets source statements one statement at a time, not as a group as a compiler does.
Compiler.
This answer is correct. A program that edits a group of source language statements for syntax errors and translates the statements into an object program is a compiler.
Debugger.
This answer is incorrect. A debugger is a program that traces program execution or captures variable values for the purpose of helping the developer find program errors.
Encryptor.
This answer is incorrect. An encryptor is a program that converts ordinary text to encoded text that cannot be deciphered without access to the encryption key and procedure.

0050
An auditor has a paper memorandum that needs to be made into a computer file so that text from the memorandum can be and pasted into an audit report. In addition to a scanner what software is needed to accomplish this task?

Optical character recognition (OCR).
This answer is correct because optical character recognition (OCR) software converts images of paper documents as read by a scanning device into text document computer files.
Check digit.
This answer is incorrect because a check digit is an extra reference number that follows an identification number and bears a mathematical relationship to the other digits. This extra digit is input with the data.
Validity check.
This answer is incorrect because with a validity check the computer compares input reference data to tables or master files to make sure that valid codes are being used.
Field (format ) check.
This answer is incorrect because with a field (format) check the computer checks the characteristics of the character content, length, or sign of the individual data fields.

0037
The machine-language program that results when a symbolic-language program is translated is called a (n)

,
Processor program.
This answer is incorrect because 11processor program is not legitimate terminology.
Object program.
This answer is correct because the translation of a symbolic-language program (readable by humans) results in an object program which is machine-readable.
Source program.
This answer is incorrect because a source program is another term for a symbolic-language program.
Wired program.
This answer is incorrect because a wired program refers to first-generation computers, which require manual wiring of the CPU to perform desired operations.

0031
In an accounting information system which of the following types of computer files most likely would be a master file?

Inventory subsidiary.
This answer is correct. The requirement is to identify the files that would most likely be a master file.This answer is correct because a master file is a file containing relatively permanent information used as a sou rce of reference and periodically updated, and this is characteristic of an inventory subsidiary file.
Cash disbursements.
This answer is incorrect because it is a transaction file.
Cash receipts.
This answer is incorrect because it is a transaction file.
Payroll transact ions.
This answer is incorrect because it is a transaction file.

0071
A value-added network (VAN)is a privately owned network that performs which of the following functions?

,
Route data transactions between trading partners.
The requirement is to identify the function of a value-added network. This answer is correct because a value-added network is a system that routes data transactions between trading partners.
Route data within a company's multiple networks.
This answer is incorrect because it does not describe a function of a value-added network.
Provide additional accuracy for data transmissions.
This answer is incorrect because it does not describe a function of a value-added network.
Provide services to send marketing data to customers.
This answer is incorrect because it does not describe a function of a value-added network.

0103
Which of the following best describes a hot site?

,
Location within the company that is most vulnerable to a disaster.
This answer is incorrect because a hot site is a redundant site that should not be located near a potential disaster area.
Location where a company can install data processing equipment on short notice.
This answer is incorrect because a hot site should be able to assume operations on short notice.
Location that is equipped with a redundant hardware and software configuration.
The requirement is to identify the description of a hot site. This answer is correct because a hot site is one that is equipped with redundant hardware and software that may be used quickly when the primary site goes down.
Location that is considered too close to a potential disaster area.
This answer is incorrect because a hot site is a redundant site that should not be located near a potential disaster area.

0108
Which of the following is an advantage of a computer-based system for transaction processing over a manual system?

, A
computer-based system
Does not require as stringent a set of internal controls.
This answer is incorrect because computer-based systems also need stringent internal controls.
Will produce a more accurate set of financial statements.
This answer is incorrect because computer-based and manual systems can both produce accurate financial statements if they are well controlled.
Will be more efficient at producing financial statements.
This answer is correct. The requirement is to identify the advantage of a computer-based system for transaction processing over a manual system. This answer is correct because computer-based systems are more efficient than manual systems at producing financial statements.
Eliminates the need to reconcile control accounts and subsidiary ledgers.
This answer is incorrect because reconciliations are necessary in both types of systems.

0072
An organization relied heavily on e-commerce for its transactions. Evidence of the organization's security awareness manual
would be an example of which of the following types of controls?

,
Preventative.
This answer is correct. The requirement is to identify which type of control would be evidenced by the organization's security awareness manual. This answer is correct because the use of such a manual is designed to prevent breaches of security.
Detective.
This answer is incorrect because detective controls are designed to detect problems.
Corrective.
This answer is incorrect because corrective controls are designed to correct problems once they have occurred.
Compliance.
This answer is incorrect because compliance controls are designed to prevent or detect failures to comply with laws or regulations.

0082
Data control language used in a relational database is most likely to include commands used to control?

,
The original defining of a database.
This answer is incorrect because data definition language is more directly associated with original defining of a database.
The maintenance and querying of a database.
This answer is incorrect because data manipulation language related most directly to the maintenance and querying of a database.
Which users have various privileges relating to a database.
This answer is correct because data control language is composed of commands used to control a database,including controlling which users have various privileges (e.g ., who is able to read from and write to various portions of the database).
The creation and alteration of tables within a database.
This answer is incorrect because data definition language is more directly associated with original defining of a database.

0026
In which of the following phases of computer system development would training occur?

,
Planning phase.
This answer is incorrect. The requirement is to identify which type of control would be evidenced by the,, organization's security awareness manual. This answer is in correct because the planning phase would occur before any training is implemented.
Analysis phase.
This answer is incorrect because the analysis phase involves determining the system requirements.
Design phase.
This answer is incorrect because the design phase involves designing the system.
Implementation phase.
This answer is correct because the implementation phase involves training company personnel on how to use the system.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set