Test Bank Ch08 - Chapter 8 MULTIPLE CHOICE 1. Concerning...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Chapter 8 MULTIPLE CHOICE 1. Concerning virtual private networks (VPN), which of the following is not true? a) VPNs provide the functionality of a privately owned network using the Internet. b) Using VPN software to encrypt information while it is in transit over the Internet in effect creates private communication channels, often referred to as tunnels, which are accessible only to those parties possessing the appropriate encryption and decryption keys. The cost of the VPN software is much less than the cost of leasing or buying the infrastructure (telephone lines, satellite links, communications equipment, etc.) needed to create a privately owned secure communications network. d) It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the corresponding physical connections in a privately owned network. c) 2. The goal of information systems controls is a) b) c) d) To ensure that systems objectives are met. To ensure that systems function To ensure that systems are reliable. To ensure that data are confidential. 3. Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information? a) b) c) d) Choice and consent. Disclosure to third parties. Reimbursement. Use and retention. 4. Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information? a) b) c) d) Access. Monitoring and enforcement. Registration. Security. 5. A text file created by a website and stored on a visitor's hard disk. a) b) c) d) Validity check Spam Error log Cookie 6. Forms design is an example of this type of control. a) b) c) d) Data entry controls Data transmission controls Output controls Source data controls 7. Sequentially pre-numbered forms is an example of . a) Data entry controls b) Data transmission controls c) Processing controls d) Source data controls 8. Message acknowledgement techniques are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 9. 10. File labels are an example of a) b) c) d) Data entry controls Output controls Processing controls Source data controls 11. Turnaround documents are an example of a) b) c) d) Data entry controls Output controls Processing controls Source data controls 12. 13. Input validation checks are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Source data controls 14. Parity checks are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 15. Error logs and review are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 16. Visual scanning is an example of a) b) c) d) Data entry controls Output controls Processing controls Source data controls 17. User reviews are an example of a) Data entry controls b) Data transmission controls c) Output controls d) Processing controls 18. 19. Data matching is an example of a) b) c) d) Data entry controls Data transmission controls Processing controls Source data controls 20. Batch totals are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 21. Check digit verification is an example of a) b) c) d) Data transmission controls Output controls Processing controls Source data controls 22. Data conversion checks are an example of a) b) c) d) Data entry controls Output controls Processing controls Source data controls 23. This determines if the characters in a field are of the proper type. a) b) c) d) Field check Limit check Range check Reasonableness test 24. This ensures that the input data will fit into the assigned field. a) b) c) d) Limit check Range check Size check Validity check 25. This tests a numerical amount to ensure that it does not exceed a predetermined value. a) b) c) d) Completeness check Limit check Range check Sign check 26. This tests a numerical amount to ensure that it does not exceed a predetermined value nor fall below another predetermined value. a) Completeness check b) Field check c) Limit check d) Range check 27. This determines if all required data items have been entered. a) b) c) d) Completeness check Field check Limit check Range check 28. This compares the ID number in transaction data with similar data in the master file to verify that the account exists. a) b) c) d) Reasonableness test Sign check Size check Validity check 29. This determines the correctness of the logical relationship between two data items. a) b) c) d) Range check Reasonableness test Sign check Size check 30. This batch processing data entry control tests if a batch of input data is in the proper numerical or alphabetical sequence. a) b) c) d) Batch total Financial total Hash total Sequence check 31. This batch processing data entry control sums a field that contains dollar values. a) b) c) d) Batch total Financial total Hash total Sequence check 32. This batch processing data entry control sums a non-financial numeric field. a) b) c) d) Batch total Financial total Hash total Sequence check 33. This batch processing data entry control sums the number of items in a batch. a) b) c) d) Batch total Hash total Record count Sequence check 34. This ensures that the correct and most current files are being updated. a) b) c) d) Cross-footing balance test Data matching File labels Write-protect mechanism 35. These find processing errors. a) b) c) d) Cross-footing balance test File labels Recalculation of batch totals Write-protect mechanisms 36. This compares the results produced by more than one method to verify accuracy. a) b) c) d) Concurrent update control Cross-footing balance test Data matching Recalculation of batch totals 37. This protects records from errors that occur when two or more users attempt to update the same record simultaneously. a) b) c) d) Concurrent update controls Cross-footing balance test Data conversion controls Recalculation of batch totals 38. The system and the receiving unit calculate a summary statistic and compare it. a) b) c) d) Echo check Numbered batches Parity check Trailer record 39. This entails verifying that the proper number of bits are set to the value 1 in each character received. a) b) c) d) Echo check Numbered batches Parity check Trailer record 40. Concerning availability, which of the following statements is true? a) b) c) d) Human error does not threaten system availability. Proper controls can maximize the risk of threats causing significant system downtime. Threats to system availability can be completely eliminated. Threats to system availability include hardware and software failures as well as natural and man-made disasters. 41. This enables a system to continue functioning in the event that a particular component fails, a) Backup procedures b) Fault tolerance c) Preventive maintenance d) None of the above 42. Every organization should have a disaster recovery plan so that data processing capacity can be restored as smoothly and quickly as possible. Which item below would not typically be part of an adequate disaster recovery plan? a) b) c) d) a system upgrade due to operating system software changes uninterruptible power systems installed for key system components scheduled electronic vaulting of files backup computer and telecommunication facilities 43. ________ involves copying only the data items that have changed since the last backup. a) b) c) d) Archive Backup Differential backup Incremental backup 44. ________ copies all changes made since the last full backup. a) b) c) d) Archive Backup Differential backup Incremental backup 45. While this type of backup takes longer, it's restoration is simpler. a) b) c) d) Archive Backup Differential backup Incremental backup 46. A copy of a database, master file, or software that will be retained indefinitely as a historical record. a) b) c) d) Archive Backup Differential backup Incremental backup 47. A location that is pre-wired for necessary telecommunications and computer equipment. a) b) c) d) a cold site a hot site a remote sister site a subsidiary location 48. A facility that contains all the computing equipment the organization needs to perform its essential business activities. a) b) c) d) a cold site a hot site a remote sister site a subsidiary location 49. Which of the following is not the objective of a disaster recovery plan? a) b) c) d) Minimize the extent of the disruption, damage or loss. Permanently establish an alternative means of processing information. Resume normal operations as soon as possible. Train employees for emergency operations. 50. The most important change management technique is probably a) b) c) d) User rights and privileges are carefully monitored during change process. Changes tested thoroughly prior to implementation. All documentation is updated to reflect changes to the system. Adequate monitoring and review by top management. 51. Which of the following is not a useful control procedure to control access to system outputs? a) b) c) d) Allowing visitors to move through the building without supervision. Coding reports to reflect their importance. Requiring employees to log out of applications when leaving their desk. Restricting access to rooms with printers. When a computer system's files are automatically duplicated on a second data storage system as they are changed, the process is referred to as e) f) g) h) real-time mirroring. batch updating. consistency control. double-secure storage. The accounting department at Synergy Hydroelectric records an average of 12,500 transactions per hour. By cost-benefit analysis, managers have concluded that the maximum acceptable loss of data in the event of a system failure is 25,000 transactions. The firm's recovery point objective is therefore i) j) k) l) 25,000 transactions 12,500 transactions 1 hour 2 hours The accounting department at Synergy Hydroelectric records an average of 12,500 transactions per hour. By cost-benefit analysis, managers have concluded that the maximum acceptable loss of data in the event of a system failure is 25,000 transactions. If the firm's recovery time objective is 120 minutes, then the worst case recovery time objective is m) n) o) p) 1 hour 2 hours 3 hours 4 hours The accounting department at Synergy Hydroelectric records an average of 10,000 transactions per hour. By cost-benefit analysis, managers have concluded that the maximum acceptable loss of data in the event of a system failure is 40,000 transactions. The firm's recovery point objective is therefore q) r) s) t) 40,000 transactions 10,000 transactions 10 hours 4 hours The accounting department at Synergy Hydroelectric records an average of 10,000 transactions per hour. By cost-benefit analysis, managers have concluded that the maximum acceptable loss of data in the event of a system failure is 20,000 transactions. If the firm's recovery time objective is 60 minutes, then the worst case recovery time objective is u) v) w) x) 1 hour 2 hours 3 hours 4 hours The maximum amount of time between backups is determined by a firm's y) z) aa) ab) recovery time objective. recovery point objective. recovery objective. maximum time recovery objective. The maximum acceptable down time after a computer system failure is determined by a firm's ac) ad) ae) af) recovery time objective. recovery point objective. recovery objective. maximum time recovery objective. The Spontaneous Combustion Rocket Shoppe in downtown Fargo, North Dakota, generates three quarters of its revenue from orders taken over the Internet. The revenue clearing account is debited by the total of cash and credit receipts and credited by the total of storefront and Internet sales. This is an example of a ag) ah) ai) aj) data integrity test. zero-balance test. trial balance audit. cross-footing balance test. Chaz Finnerty called the IT Help Desk in a huff. "I'm trying to open an Excel file and I get a message that says that the file is locked for editing. What's going on?" The answer is that ak) the file is corrupted due to a computer virus. al) there is no problem. Chaz is editing the file, so it is locked.. am) concurrent update controls have locked the file. an) Chaz didn't open the file with the appropriate program. A comparison of debits and credits in related control accounts is referred to as a ao) ap) aq) ar) cross-footing balance test. parity test. zero-balance test. size check. When I enter a correct customer number, the data entry screen displays the customer name and address. This is an example of as) at) au) av) prompting. preformatting. closed-loop verification error checking. What is the most effective way to ensure information system availability? aw) High bandwidth ax) Maintain a hot site ay) Maintain a cold site az) Frequent backups Mike Colby took a call from a client. "Listen, Mike, I need to interact online in real time with our manufacturing operation in China, and I want to make sure that no one intercepts the communications. How can I do that?" Mike thought a moment, then responded with the best solution. "We'll set up a(an) ________." ba) bb) bc) bd) ballistic sequencing network electronic courier system virtual private network can-string-can (CSC) system Modest Expectations Investment Services (MEIS) allows customers to manage their investments over the Internet. If customers attempt to spend more money than they have in their account, an error message is displayed. This is an example of a be) bf) bg) bh) reasonableness test. field check. validity check. limit check. Mike Colby took a call from a client. "Listen, Mike, I need for my customers to make payments online using credit cards. Here's the thing, though. I want to make sure that no one intercepts the communications. How can I do that?" Mike thought a moment, then responded with the best solution. "We'll set up a(an) ________." bi) bj) bk) bl) ballistic sequencing network electronic courier system secure sockets layer (SSL) system can-string-can (CSC) system Cancellation and storage of documents means that bm) data are copied from a document and stored, after which the document is shredded. bn) documents are defaced before being shredded. bo) documents are defaced and stored. bp) cancellation data are copied from documents before they are stored. The devices that direct TCP/IP packets to their destinations are called bq) br) bs) bt) servers. access points. routers. coaxial stackers. Devices that filter TCP/IP packets in order to protect against malicious code are called bu) routers. bv) firewalls. bw) COBIT frameworks. bx) black ICE. Which of the following will not make a password more secure? by) bz) ca) cb) Including multiple character types Choosing a word or phrase that is easy to remember. Making a password longer. Change a password frequently. Modest Expectations Investment Services (MEIS) allows customers to manage their investments over the Internet. If customers attempt to sell more shares of a stock than they have in their account, an error message is displayed. This is an example of a cc) cd) ce) cf) reasonableness test. field check. validity check. limit check. SHORT ANSWER 52. Identify a fundamental control procedure for protecting that confidentiality of sensitive information. 53. Identify four source data controls. 54. Identify four data entry controls. 55. Identify four processing controls. 56. What is fault tolerance? 57. Define and contrast a recovery point objective and a recovery time objective. ESSAY 58. Identify four useful procedures for controlling access to system outputs. 59. Identify the 10 internationally recognized best practices for protecting the privacy of customers' personal information. 60. Describe some steps you can take to minimize your risk of identify theft. ANSWER KEY 1) D 2) C 3) C 4) C 5) D 6) D 7) D 8) B 9) C 10) D 11) A 12) B 13) A 14) D 15) C 16) C 17) A 18) D 19) C 20) A 21) C 22) B 23) D 24) A 25) D 26) B 27) D 28) B 29) C 30) C 31) C 32) C 33) B 34) A 35) A 36) C 37) D 38) B 39) A 40) D 41) C 42) C 43) A 44) A 45) B 46) B 47) D 48) A 49) A 50) D 51) D 52) D 53) C 54) B 55) A 56) 57) 58) 59) 60) 61) 62) 63) 64) 65) 66) 67) 68) 69) 70) 71) 72) 73) 74) 75) 76) 77) B C C C B C D C C C B B D Encryption Answers include: forms design, pre-numbered forms sequence test, turnaround documents, cancellation and storage of documents, authorization and segregation of duties, visual scanning, check digit verification, RFID security. Answers include: field check, sign check, limit check, range check, size check, completeness check, validity check, reasonableness check, prompting, pre-formatting, closed-loop verification, transaction log. Answers include: data matching, file labels, recalculation of batch totals, cross-footing balance test, write-protection mechanisms, database processing integrity procedures, concurrent update controls, data conversion controls. Fault tolerance is the use of redundant components that enable a system to continue functioning in the event that a particular component fails. A recovery point objective is the maximum amount of time that a firm is willing to risk the possible loss of transaction data. A recovery time objective is the maximum amount of time that a firm is willing to risk losing access to its accounting information system due to disaster. Not allowing visitors to move through the building without supervision. Coding reports to reflect their importance. Requiring employees to log out of applications when leaving their desk. Restricting access to rooms with printers. Management. Notice. Choice and consent. Collection. Use and retention. Access. Disclosure to third parties. Security. Quality. Monitoring and enforcement. Shred documents containing personal information. Never send personally identifying information in unencrypted email. Beware of email/phone/print requests to verify personal information that the requesting party should already possess. Do not carry your social security card with you. Print only your initials and last name on checks. Limit the amount of other information preprinted on checks. Do not use your mailbox for outgoing mail. Do not carry more than a few blank checks with you. Use special software to digitally clean any digital media prior to disposal. Monitor your credit cards regularly. File a police report as soon as you discover a purse or wallet missing. Make photocopies of driver's license, passports and credit cards and keep in a safe location. Immediately cancel any stolen or lost credit cards. ...
View Full Document

Ask a homework question - tutors are online