Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA PassMaster Questions–Business 4
Export Date: 10/30/08
1
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Introduction to Information Technology
CPA-03480
Type1 M/C
1. CPA-03480 BEC C03 #4
A-D
Corr Ans: A
PM#4
B 4-01
Page 10
A report that does not currently exist but that needs to be created on demand without having to get a
software developer involved is known as a/an:
a.
b.
c.
d.
Ad hoc report.
Demand report.
Exception report.
Scheduled report.
CPA-03480
Explanation
Choice "a" is correct. An ad hoc report is a report that does not currently exist but that needs to be
created on demand without having to get a software developer involved.
Choice "b" is incorrect. A demand report is a specific report that can be printed or viewed on demand.
Choice "c" is incorrect. An exception report is a report produced when a specific condition or "exception"
occurs.
Choice "d" is incorrect. Scheduled reports are the more traditional reports that display information in a
predefined format and that are made available on a regular basis.
CPA-03487
Type1 M/C
2. CPA-03487 D96 - 1.27
A-D
Corr Ans: D
PM#6
B 4-01
Page 7
Which one of the following terms best describes a Decision Support System (DSS)?
a.
b.
c.
d.
Management reporting system.
Formalized system.
Structured system.
Interactive system.
CPA-03487
Explanation
Choice "d" is correct. Decision support systems are computer-based information systems that provide
interactive support to managers or others during the decision-making process.
Choice "a" is incorrect. Management reporting systems provide managers with the information needed
for day-to-day decision making.
Choice "b" is incorrect. A formalized system is a generic term used to describe any system operating in
proper or regular form.
Choice "c" is incorrect. A structured system is a system in which each program within a system is
independent of other programs within the system. This enables programming teams to work
independently on different programs within the same system.
CPA-04598
Type1 M/C
3. CPA-04598 BEC C05 #1
A-D
Corr Ans: C
PM#10
B 4-01
Page 5
Which of the following statements is (are) correct for data?
I. Production and test data are normally stored together in the same databases.
II. Production and test data are normally stored separately, with the production data stored in production
databases and the test data stored in test databases.
III. Access to production and test data are normally the same.
a. I and III only are correct.
b. II and III only are correct.
2
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
c. II only is correct.
d. None of the listed statements is correct.
CPA-04598
Explanation
Choice "c" is correct.
Production and test data are normally stored separately, with the production data stored in production
databases and the test data stored in test databases.
Only personnel with a need to access production data should have access to that data. Access to test
data can be considerably more open.
CPA-05169
Type1 M/C
A-D
Corr Ans: C
PM#21
B 4-01
4. CPA-05169 Page 9
Avon Corporation has a management information system. From the management information system,
several different reports are available, including reports that are monthly budget vs. actual reports, reports
that highlight where sales representatives have not met their assigned sales quotas, account analysis
reports that can be requested by accountants as needed as a part of the closing process, and reports that
are created by end users to obtain information as needed at any time during the month. The 4 types of
reports are best described as:
a.
b.
c.
d.
Demand reports, scheduled reports, exception reports, and ad hoc reports.
Scheduled reports, ad hoc reports, exception reports, and demand reports.
Scheduled reports, exception reports, demand reports, and ad hoc reports.
Exception reports, scheduled reports, demand reports, and ad hoc reports.
CPA-05169
Explanation
Choice "c" is correct. Monthly reports of budget vs. actual data, or anything else, are normally called
scheduled reports that are produced without anybody having to request them. Reports that highlight
sales representatives not having met their assigned sales quotas are normally called exception reports.
Reports that analyze accounts, or that provide other specific and non-changeable information, but only on
demand, are normally called demand reports. Reports that provide information as requested by the end
user, and are available on demand, are normally called ad hoc reports.
Note that these names are generic names. An individual organization in the real world may call the
reports something else again.
Choices "a", "b", and "d" are incorrect, per the above descriptions.
CPA-05317
Type1 M/C
A-D
Corr Ans: D
PM#22
B 4-01
5. CPA-05317 Released 2006 Page 3
In business information systems, the term "stakeholder" refers to which of the following parties?
a. The management team responsible for the security of the documents and data stored on the
computers or networks.
b. Information technology personnel responsible for creating the documents and data stored on the
computers or networks.
c. Authorized users who are granted access rights to the documents and data stored on the computers
or networks.
d. Anyone in the organization who has a role in creating or using the documents and data stored on the
computers or networks.
CPA-05317
Explanation
Note: The material tested in this question does not appear specifically on-point in our textbook, as the
topic has rarely shown up on the CPA exam. However, this answer is essentially common sense, and we
3
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
believe that our students would have answered this question correctly given the information they had.
Regardless, we have expanded our explanation of this question to provide more detailed information.
Choice "d" is correct. In business information systems, the term "stakeholder" could refer to anyone in
the organization who has a role in creating or using data stored on the computers or networks. This term
is not covered anywhere in the Becker materials, but the question can almost be answered entirely by
using common sense. The description in choice "d" is the most inclusive of the descriptions listed. It
certainly should include anyone who "uses" the information because users would certainly have some
interest in the data being correct and complete. So would the people who created the data in the first
place. Management certainly would also.
Choice "a" is incorrect. The management team responsible for security certainly would be stakeholders,
but so would others.
Choice "b" is incorrect. Information technology personnel responsible for creating the data certainly
would be stakeholders, but so would others.
Choice "c" is incorrect. Authorized users who use the data certainly would be stakeholders, but so would
others.
CPA-05319
Type1 M/C
A-D
Corr Ans: C
PM#23
B 4-01
6. CPA-05319 Released 2006 Page 6
Which of the following cycles does not have accounting information that is recorded in the general ledger
reporting system?
a.
b.
c.
d.
Expenditure.
Production.
Planning.
Revenue.
CPA-05319
Explanation
Choice "c" is correct. A planning cycle does not necessarily have information recorded in the general
ledger system. The planning cycle does not normally result in real transactions. The general ledger
system (the general ledger system is not just a reporting system) records real transactions (or at least real
Journal Entries).
Choice "a" is incorrect. Expenditures (at least the Journal Entries for those expenditures) are recorded in
the general ledger system.
Choice "b" is incorrect. Production (at least the expenditures necessary for the production to occur and
the Journal Entries for those expenditures) is recorded in the general ledger system.
Choice "d" is incorrect. Revenue (at least the Journal Entries resulting from that revenue) is recorded in
the general ledger system.
CPA-05327
Type1 M/C
A-D
Corr Ans: D
PM#24
B 4-01
7. CPA-05327 Released 2006 Page 3
In which of the following phases of computer system development would training occur?
a.
b.
c.
d.
Planning phase.
Analysis phase.
Design phase.
Implementation phase.
CPA-05327
Explanation
Note: The material tested in this question does not appear specifically on-point in our textbook, as the
topic has rarely shown up on the CPA exam. However, this answer is essentially common sense, and we
believe that our students would have answered this question correctly given the information they had.
4
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "d" is correct. Training should certainly not occur before the implementation phase. Before that,
the system is not necessarily finalized. Besides, until something at least is developed, there is nothing to
train on.
Choice "a" is incorrect. Training should certainly not occur in the planning phase. There is no system yet.
Choice "b" is incorrect. Training should certainly not occur in the analysis phase. There is no system yet.
Choice "c" is incorrect. Training should certainly not occur in the design phase. There is no system yet.
CPA-05587
Type1 M/C
A-D
Corr Ans: B
PM#25
B 4-01
8. CPA-05587 Released 2007 Page 3
What should be examined to determine if an information system is operating according to prescribed
procedures?
a.
b.
c.
d.
System capacity.
System control.
System complexity.
Accessibility to system information.
CPA-05587
Explanation
Note to Students: The terms referenced in this question do not show up (or rarely show up) in practice
and are confusing in that we have to apply assumptions about what they must mean. Therefore, they are
not included in our text or in the Technical Addendum for B4. The most likely explanation about why this
question was released is that it was not answered correctly by candidates and that it will not be used
again. However, we are going to use this question as a learning experience for our students. What do
you do when you are faced with a question that does not make a whole bunch of sense? Generally, you
try to eliminate answers that could not be correct and do your best to choose among the remaining
alternatives. Remember, you need a 75% to PASS… questions like this one rarely show up.
Choice "b" is correct. This question is asking if the system is operating according to "prescribed
procedures." It is difficult to determine what the words "prescribed procedures" and "system control" even
mean. We pretty much have to assume that "prescribed procedures" means that the system is operating
"correctly" or is producing the correct results. With that interpretation, the best way that the correct
answer can be obtained is by eliminating the other choices as being incorrect. Choice "b" is then the only
one left.
Choice "a" is incorrect. System capacity is a factor in operating a system (system capacity normally
means processor capacity (i.e., how many transactions can the processor or processors process in a
certain period of time), but it has nothing directly to do with whether the system is operating correctly. A
system can have the capacity to generate a large number of incorrect answers. This choice can be
eliminated.
Choice "c" is incorrect. System complexity is a factor in operating a system, but it theoretically has
nothing to do with whether the system is operating correctly. It is true that the more complex a system,
the less chance there is that it will operate correctly. Complexity breeds errors. However, that does not
make this choice the correct answer.
Choice "d" is incorrect. Accessibility to system information is a factor in operating a system, but it has
nothing to do with whether the system is operating correctly. Somewhat like system capacity, a system
can be less than optimal in that it does not provide the (desired) access to system information (assumed
here to be the application data in the system or information about how the system is operating), but that
does not mean that the system is not operating correctly. It just may not be meeting some of its
accessibility requirements.
CPA-05595
Type1 M/C
A-D
Corr Ans: C
PM#26
B 4-01
9. CPA-05595 Released 2007 Page 7
5
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Which of the following artificial intelligence information systems cannot learn from experience?
a.
b.
c.
d.
Neural networks.
Case-based reasoning systems.
Rule-based expert systems.
Intelligent agents.
CPA-05595
Explanation
Choice "c" is correct. Artificial intelligence is discussed in the B4 Technical Addendum; it is not discussed
in the main text. Rule-based expert systems are based on rules that are built into the system. The only
way that those systems can "learn" is if the rules are updated by some external party. That is not really
the "system" that is learning.
Choice "a" is incorrect. Neural networks are networks that are based (as much as possible) on the
human brain. The human brain can learn from experience, and neural networks can learn (at least
theoretically).
Choice "b" is incorrect. Case-based reasoning systems are systems that reason based on past problems
that are similar. This reasoning is a form of learning.
Choice "d" is incorrect. Intelligent agents (in an artificial intelligence sense) are agents that assist users
and act on their behalf. The "intelligent" aspect means, or at least implies, that the agent can learn from
what is happening or what has happened.
Roles and Responsibilities within the IT Function
CPA-03505
Type1 M/C
10. CPA-03505 J91 - 6C
A-D
Corr Ans: C
PM#2
B 4-02
Page 14
The duties and responsibilities of the database administrator include:
I.
Design and control of a firm's database. This responsibility includes ensuring application
independence and back-up and recovery procedures.
II. Definition and control of the data in the data dictionary.
III. Assignment of user codes and maintenance of other security measures.
IV. Control of all changes in data structure and in programs that use the database.
a.
b.
c.
d.
I, II, and III.
I, II, and IV.
I, III, and IV.
I, II, III, and IV.
CPA-03505
Explanation
Choice "c" is correct. I, III, and IV are correct. Item II is not correct because it refers to the definition and
control of the data in the data dictionary. The data is the responsibility of the data administrator.
CPA-04599
Type1 M/C
11. CPA-04599 BEC C05 #2
A-D
Corr Ans: D
PM#3
B 4-02
Page 11
Which of the following statements is (are) correct for purchased application packages?
I.
If an application package is purchased from an outside vendor and installed, system analysts may be
called system integrators. For purchased applications, their main responsibility would be to modify
the application to perform the specific functions required from the application.
II. If an application package is purchased from an outside vendor and installed, the package must be
maintained after installation. Invariably, this maintenance is performed by the vendor.
III. If an application package is purchased from an outside vendor and installed, the application must be
customized.
a. I only is correct.
6
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
b. I and II only are correct.
c. II and III only are correct.
d. None of the listed statements is correct.
CPA-04599
Explanation
Choice "d" is correct.
Statement I is an incorrect statement. If an application package is purchased from an outside vendor and
installed, system analysts may be called system integrators. For purchased applications, their main
responsibility would not be to modify the application to perform the specific functions required from the
application but would be to design any interfaces, to convert the initial data for the application, and to
provide training to end users.
Statement II is an incorrect statement. If an application package is purchased from an outside vendor
and installed, the package must be maintained after installation. However, this maintenance may be
performed by the vendor or by the organization itself. Of course, the organization would have to have
access to the source code to perform any real maintenance on the system itself.
Statement III is an incorrect statement. If an application package is purchased from an outside vendor
and installed, the application may be customized. Customization will normally hinder the installation of
future releases.
CPA-04600
Type1 M/C
12. CPA-04600 BEC C05 #3
A-D
Corr Ans: D
PM#4
B 4-02
Page 12
Which of the following statements is correct for application programs and application programmers?
a. If programs are developed internally, a small portion of the overall programming budget will normally
be devoted to program maintenance. Program maintenance is quite simple if the programs are
written using modern programming techniques.
b. Application programmers should be given full write/update access to data in production systems so
that data fixes (corrections to production data outside of the normal application programs) can be
made quickly with the least amount of paperwork.
c. Application programmers should not be allowed to test the programs that they have written because
they are not independent.
d. None of the listed statements is correct.
CPA-04600
Explanation
Choice "d" is correct.
Choice "a" is incorrect. If programs are developed internally, a large portion of the overall programming
budget will normally be devoted to program maintenance. Program maintenance is never simple,
regardless of how the programs were written. Modern programming techniques may make program
maintenance "simpler," but they will not make it "simple."
Choice "b" is incorrect. Application programmers should not be given full write/update access to data in
production systems. If a data fix is necessary, temporary write/update access should be provided, and
such access should be appropriately documented.
Choice "c" is incorrect. Application programmers should be allowed to test the programs that they have
written because testing is an integral part of program development. Independence has nothing to do with
it. However, some organizations do have testing organizations that test programs after the application
programmers have finished their testing.
CPA-04601
Type1 M/C
13. CPA-04601 BEC C05 #4
A-D
Corr Ans: C
PM#5
B 4-02
Page 15
Which of the following statements is not correct for segregation of duties in an IT environment?
a. The IT department is a support group in that it normally does not initiate or authorize transactions.
7
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
b. Segregation of duties in an IT environment normally revolves around granting and/or restricting
access to production data and/or production programs.
c. The duties of system analysts and application programmers should never be combined.
d. Segregation of duties in an IT environment is defined as dividing responsibilities for different portions
of a transaction among several different people.
CPA-04601
Explanation
Choice "c" is correct as it is the only incorrect statement. The duties of system analysts and application
programmers can be, and often are, combined. The duties of system programmers and application
programmers should not be combined.
Choice "a" is incorrect because the statement is true. The IT department is a support group that normally
does not initiate or authorize transactions.
Choice "b" is incorrect because the statement is true. Segregation of duties normally revolves around
granting and/or restricting access to production programs and/or production data.
Choice "d" is incorrect because the statement is true. Segregation of duties in an IT environment is
defined as dividing responsibilities for different portions of a transaction among several different people.
CPA-04829
Type1 M/C
A-D
Corr Ans: C
PM#6
B 4-02
14. CPA-04829 Released 2005 Page 13
Which of the following areas of responsibility are normally assigned to a systems programmer in a
computer system environment?
a.
b.
c.
d.
Systems analysis and applications programming.
Data communications hardware and software.
Operating systems and compilers.
Computer operations.
CPA-04829
Explanation
Choice "c" is correct. This is exactly what systems programmers do; they work with operating systems
and compilers, etc.
Choice "a" is incorrect. System programmers seldom, if ever, write applications programs. The skill sets
and mindsets of systems programmers and applications programmers are almost completely different, not
to mention that systems programmers doing both would violate good internal control principles.
Choice "b" is incorrect because it is not the best answer. Systems programmers could be assigned the
responsibility for data communications hardware and software. The data communications software could
be part of the operating system, or an adjunct to the operating system. However, the question says
"normally."
Choice "d" is incorrect. Systems programmers are not normally responsible for computer operations
personnel.
CPA-05171
Type1 M/C
A-D
Corr Ans: C
PM#7
B 4-02
15. CPA-05171 Page 11
Stratford Corporation uses a general ledger system that was developed internally in the mid-1970s. It is
having more and more problems finding people who can support this system because the system was
written in PL/1, a general-purpose language developed by IBM in the 1960s that was a mix of COBOL
and FORTRAN and that was not widely used in commercial systems. In addition, the person who
designed and wrote the system died of a heart attack in December of 1988. Which of the following
statements is correct for Stratford to consider in determining whether/how to replace this system?
a. If Stratford purchases a new general ledger system from an outside vendor, Stratford must rely on the
vendor to maintain and support that system.
8
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
b. If Stratford purchases a new general ledger system from an outside vendor, Stratford must customize
that system to meet its own specific general ledger requirements.
c. If Stratford designs and writes a new general ledger system instead of purchasing a new system from
an outside vendor, Stratford will be able to design the system to meet its own specific general ledger
requirements.
d. If Stratford designs and writes a new general ledger system instead of purchasing a new system from
an outside vendor, it should purchase life insurance for the major system developers so that it will be
protected from future heart attacks.
CPA-05171
Explanation
Choice "c" is correct. If Stratford designs and writes a new general ledger system instead of purchasing a
new system from an outside vendor, Stratford will be able to design the system to meet its own specific
general ledger requirements, whatever those requirements might be. However, whether Stratford should
design the system to meet those requirements is an entirely different question.
Choice "b" is incorrect. If Stratford purchases a new general ledger system from an outside vendor,
Stratford may customize that system to meet its own specific general ledger requirements. However,
there is a definite cost associated with such customization. Every time a new version of the purchased
system is released, the customization will have to be done all over again. Such repeated work will
become expensive over time and will almost certainly delay the installation of new versions. Stratford
should really examine its "requirements" for a general ledger system and determine how many of those
so-called requirements are actually required. After all, the system is a general ledger system. How many
specific company requirements can there possibly be for a general ledger system?
If there are some "real" specific requirements, these requirements should be considered when the various
candidate systems are being investigated in the selection process. The intent, obviously, would be to
select the system that comes closest to meeting those requirements. If there are some specific reporting
requirements, for example, a reporting mechanism might be able to be added to the system without
customizing the core system. So if everything else was equal, the system that should be selected is the
system that best accommodates the addition of the reporting mechanism with the least change, and
possibly no change, to the core system.
Choice "a" is incorrect. If Stratford purchases a new general ledger system from an outside vendor,
Stratford may rely on the vendor to maintain and support that system. Note that maintenance and
support are two different things. Maintenance is keeping the system "up to date" with new releases from
time to time. Assuming that maintenance has been purchased from the vendor, the vendor normally
maintains the system. Stratford may or may not even have access to the source code for the programs
and thus may or may not be able to maintain it. Support is keeping the system up and running; support
includes monitoring the system, determining that a problem has occurred, and fixing or getting around the
problem. Support may be provided by the vendor or may be provided by the customer, especially when
the system is running in the customer's environment.
Choice "d" is incorrect. Even if Stratford purchased life insurance for the major system developers, it
might be somewhat financially protected from future heart attacks of those developers, but it will not be
protected from anything else. The people who design and write systems are often lost, but the cause is
more often resigning or being transferred to other projects.
CPA-05172
Type1 M/C
A-D
Corr Ans: A
PM#8
B 4-02
16. CPA-05172 Page 12
Jose Para is an application programmer employed by the law firm of Am, Bulance, & Chasr. AB&C is a
relatively small firm with a small number of application programmers for its mainframe computer system,
so Jose also acts as the system programmer for that system. Which of the following statements is correct
for AB&C?
a. Since Jose is the system programmer, Jose can more than likely override any system security and
provide himself with unlimited access to application programs and data.
9
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
b. Since Jose already has write access to application programs in his function as application
programmer, his function as system programmer will more than likely provide him no additional
access.
c. AB&C's accounting system logs all transactions that are entered. This feature is a compensating
strength for the weakness that Jose is both an application programmer and a system programmer
and will provide sufficient security.
d. AB&C's accounting system logs all access attempts to application programs. This feature is a
compensating strength for the weakness that Jose is both an application programmer and a system
programmer and will provide sufficient security.
CPA-05172
Explanation
Choice "a" is correct. Since Jose is the system programmer, he can more than likely override any system
security and provide himself with unlimited access to application programs and data if he wanted to and if
he wanted to do the work to do so. He can more than likely hide any such access. And since he is an
application programmer, he might know what to do to the programs and data (for nefarious purposes)
when he has such access. One employee acting as both a system programmer and an application
programmer is a serious internal control weakness that is very difficult to overcome.
Choice "b" is incorrect. Jose has write (update) access to application programs in his function as
application programmer. However, his function as system programmer will more than likely allow him to
hide such access if he were to choose to do so. One employee acting as both a system programmer and
an application programmer is a serious internal control weakness that is very difficult to overcome.
Choice "c" is incorrect. AB&C's accounting system may log all transactions that are entered. However,
Jose's access as a system programmer may allow him to bypass this transaction logging and change
data in other ways (for example, by "data fixes"). This feature, while potentially a good idea, is not a
compensating strength for the weakness that Jose is both an application programmer and a system
programmer (although it may be a compensating strength for other weaknesses) and will probably not
provide sufficient security. In addition, it is a fact of life that transaction logs are seldom actively
monitored.
Choice "d" is incorrect. AB&C's accounting system may log all access attempts to application programs.
However, Jose's access as a system programmer may allow him to bypass this access logging and
change programs in other ways. This feature, while a good idea and a feature of all automated program
security systems, is not a compensating strength for the weakness that Jose is both an application
programmer and a system programmer (although it may be a compensating strength for other
weaknesses) and will probably not provide sufficient security.
CPA-05173
Type1 M/C
A-D
Corr Ans: B
PM#9
B 4-02
17. CPA-05173 Page 14
Network Solutions, Inc. (NSI) provides network services to large corporations in the banking industry. To
perform these services, it relies on personnel performing various job functions. Which of the following
statements is/are correct for Network Solutions, Inc.?
I. NSI's database administrator maintains and supports its database system(s).
II. NSI's network administrator supports its own internal network(s) by monitoring performance of those
networks and troubleshooting any problems.
III. NSI's database administrator and network administrator can be the same person.
a.
b.
c.
d.
III only is correct.
I, II, and III are correct.
I and II only are correct.
II and III only are correct.
CPA-05173
Explanation
Choice "b" is correct. Statement I is correct. NSI's database administrator maintains and supports its
database system(s). Statement II is correct. NSI's network administrator supports its own internal
network(s) by monitoring performance of those networks and troubleshooting any problems. Statement
10
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
III is correct. NSI's database administrator and network administrator can be the same person, although
that is not likely. Since the skillsets of database administrator and network administrator are both highly
technical and very specialized, it is unlikely that one person will perform the two functions, other than
possibly in a very small organization with some very talented people.
Choice "a" is incorrect. Other statements are also correct.
Choice "c" is incorrect. Another statement is also correct.
Choice "d" is incorrect. Another statement is also correct.
CPA-05174
Type1 M/C
A-D
Corr Ans: D
PM#10
B 4-02
18. CPA-05174 Page 15
Which of the following statements is/are correct with respect to segregation of duties in an IT
environment?
a. The IT department is a support group and normally does not initiate or authorize transactions.
b. In general, segregation of duties is defined as dividing responsibilities for different portions of a
transaction (authorization, recording, and custody) among several different people or departments.
c. Segregation of duties in an IT environment normally revolves around granting and/or restricting
access to production programs and to production data.
d. All of the statements are correct.
CPA-05174
Explanation
Choice "d" is correct. All of the statements are correct.
The IT department is a support group and normally does not initiate or authorize transactions. When it
does initiate or authorize transactions, those transactions normally are for such activities as leasing
hardware, paying software license fees, and other IT-related activities.
In general, segregation of duties is defined as dividing responsibilities for different portions of a
transaction (authorization, recording, and custody) among several different people or departments. This
definition is true in an IT environment or with systems, but it is sometimes harder to accomplish in an IT
environment since software may perform many of the functions.
Segregation of duties in an IT environment normally revolves around granting and/or restricting access to
production programs and to production data.
Choices "a", "b", and "c" are incorrect, per the above explanation.
IT Fundamentals
CPA-03512
Type1 M/C
19. CPA-03512 BEC C03 #6
A-D
Corr Ans: A
PM#1
B 4-03
Page 19
All of the following are components of a local area network (LAN), except:
a. Database Management System (DBMS).
b. Network Operating System (NOS).
c. Network Interface Card (NIC).
d. Node.
CPA-03512
Explanation
Choice "a" is correct. A DBMS is not a component of a LAN although it can be run on a LAN. Rather it is
a separate set of computer programs that allows an organization to create new databases, use and work
with the data in a database after the database has been created, and also allows for maintenance to be
performed on a database after it has been placed into operation.
11
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "b" is incorrect. A network operating system is a component of a LAN. It is the operating system
of a server that manages communication over a network.
Choice "c" is incorrect. A network interface card is a component of a LAN. It is the circuit board that the
transmission media is plugged into.
Choice "d" is incorrect. A node is any device connected to a LAN.
CPA-03518
Type1 M/C
20. CPA-03518 BEC C03 #7
A-D
Corr Ans: D
PM#2
B 4-03
Page 31
Which of the following statements concerning intranets is incorrect?
a. An intranet connects geographically separate LANs within an organization.
b. A firewall is needed to ensure that unauthorized Internet users cannot access an organization's
intranet.
c. In order to gain access to an intranet, a user generally must enter a password.
d. An intranet web browser is different from an Internet web browser.
CPA-03518
Explanation
Choice "d" is correct. The same web browser can be used for both intranets and the Internet making
choice "d" an incorrect statement.
Choice "a" is incorrect because this statement is correct.
Choice "b" is incorrect because this statement is correct.
Choice "c" is incorrect because this statement is correct.
CPA-03527
Type1 M/C
21. CPA-03527 BEC C03 #9
A-D
Corr Ans: D
PM#4
B 4-03
Page 30
All of the following are characteristics of value added networks (VANs), except:
a.
b.
c.
d.
Automatic error detection, protocol conversion, and message storing and forwarding services.
Very high security because they are private networks.
Messages separated by vendor, batched together, and transmitted to their specific destinations.
Individual transactions transmitted immediately and which usually reach their destination within
minutes.
CPA-03527
Explanation
Choice "d" is correct. VANs normally batch transactions and transmit them at the end of the day or
overnight.
Choice "a" is incorrect. These services are characteristics of VANs.
Choice "b" is incorrect. Very high security is a characteristic of VANs.
Choice "c" is incorrect. Batching of transactions is a characteristic of VANs.
CPA-03535
Type1 M/C
22. CPA-03535 BEC C03 #13
A-D
Corr Ans: D
PM#7
B 4-03
Page 31
An intranet is used to:
a.
b.
c.
d.
Permit specified external parties to access an organization's network.
Surf the World Wide Web.
Share an organization's private information with the general public.
Connect geographically separate LANs within an organization.
12
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-03535
Explanation
Choice "d" is correct. Intranets are private networks that people outside of an organization generally have
no access to. Intranets share organizational information by connecting geographically separate LANs
within an organization.
Choice "a" is incorrect. An extranet, not an intranet, permits specified external parties to access an
organization's network.
Choice "b" is incorrect. Web browsers such as Internet Explorer or Netscape Navigator are used to surf
the World Wide Web.
Choice "c" is incorrect. If an organization wanted to share private information with the general public, it
would post the information on its website over the Internet, not an intranet.
CPA-03539
Type1 M/C
23. CPA-03539 BEC C03 #18
A-D
Corr Ans: A
PM#9
B 4-03
Page 33
Misstatements in a batch computer system caused by incorrect programs or data may not be detected
immediately because:
a.
b.
c.
d.
Errors in some transactions in a batch may cause rejection of other transactions in the batch.
The identification of errors in input data typically is not part of the system.
There are no time delays in processing transactions in a batch system.
The processing of transactions in a batch system is not uniform.
CPA-03539
Explanation
Choice "a" is correct. Rejection of some transactions in a batch may cause other transactions in the
batch to be rejected. These errors may not be detected immediately because of the time delay in
processing transactions.
Choice "b" is incorrect. Input tests are typically performed for batch as well as for online computer
systems.
Choice "c" is incorrect. Due to the time delay in processing batches of transactions, errors in processing
transactions may not be detected immediately.
Choice "d" is incorrect. Processing of transactions in a batch system is uniform.
CPA-03540
Type1 M/C
24. CPA-03540 4D.C02 - 3
A-D
Corr Ans: C
PM#10
B 4-03
Page 23
Analysis of large and diverse amounts of data included in data warehouses is often referred to as:
a.
b.
c.
d.
Systems analysis.
Electronic Data Interchange (EDI).
Data mining.
Data processing.
CPA-03540
Explanation
Choice "c" is correct. Data mining refers to the process of sifting through large amounts of data,
impossible to analyze by individuals, to search for relationships amongst various data as a means for
achieving strategic or competitive advantage.
Choice "a" is incorrect. Systems analysis is the analytical evaluation of the manner in which systems
process data.
Choice "b" is incorrect. Electronic Data Interchange (EDI) is the transfer of data between various systems
in machine-readable formats.
Choice "d" is incorrect. Data processing is a generic term that describes the methods and systems use to
collect and process data and produce outputs.
13
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-03545
Type1 M/C
25. CPA-03545 4D.C02 - 12
A-D
Corr Ans: C
PM#11
B 4-03
Page 31
One of the most popular tools available to business is the Internet. The Internet can best be described
as:
a. A single server maintained by Interpol to facilitate and monitor all international electronic
communications.
b. A central computer maintained by the United States government to expedite electronic
communications and research.
c. A tremendous number of servers dedicated to sending and receiving information to and from other
networks.
d. A group of servers provided licenses to offer Internet service by the United States government.
CPA-03545
Explanation
Choice "c" is correct. The Internet is a tremendous number of servers dedicated to sending and receiving
information to and from other networks. It is comprised of hundreds of thousands of business,
government, military and education networks around the world that all communicate with each other.
Choice "a" is incorrect. The Internet is not a single server maintained by any one organization; it is an
international network of computers that are linked together.
Choice "b" is incorrect. The Internet is not a single computer maintained by any one organization; it is an
international network of computers that are linked together.
Choice "d" is incorrect. Internet participation is not licensed or restricted by the United States
government; it is an international network of computers that are linked together.
CPA-03564
Type1 M/C
26. CPA-03564 4D.C02 - 13
A-D
Corr Ans: A
PM#12
B 4-03
Page 31
Intranets are distinguished from the Internet by what feature?
a. Internets allow general access while intranets allow only private access specified by the intranet
sponsor.
b. Intranets do not allow access to the Internet.
c. Intranets provide read only information that is not downloadable.
d. Only Internet users can "surf" for information.
CPA-03564
Explanation
Choice "a" is correct. The Internet is a public information highway while an intranet is a privately
sponsored form of electronic communication normally used for organizational communications.
Choice "b" is incorrect. Intranets frequently allow for access to the Internet. Security measures are often
provided to ensure that Internet users cannot access the sponsoring organization's intranet.
Choice "c" is incorrect. Intranets can provide information that can be downloaded or otherwise be
handled as interactively as the data retrieved from the Internet.
Choice "d" is incorrect. Intranets have many of the same surfing and data collection features common to
the Internet.
CPA-03566
Type1 M/C
27. CPA-03566 4D.C02 - 15
A-D
Corr Ans: C
PM#13
B 4-03
Page 31
Corporate intranets are frequently used for all but the following:
a. Dissemination of corporate policies.
b. Employee directed benefits maintenance.
14
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
c. Providing a portal from the Internet into the sponsoring organization's website.
d. Employee training programs.
CPA-03566
Explanation
Choice "c" is correct. Intranets are not used to provide a portal for external users to access data from the
sponsoring organization or to access the sponsoring organization's website. In fact sponsoring
organizations take specific measures to provide security that will prevent Internet access to an
organization's intranet.
Choice "a" is incorrect. Dissemination of corporate policies in read only format is a common use of an
intranet. Employees access the home page and click on policies and are able to locate corporate
directives from a menu of categories.
Choice "b" is incorrect. An advanced use of intranets is employee directed benefits maintenance.
Employees of an organization access an internal benefits website, enter a password, and then are able to
update health benefit data, deferred compensation deductions or even tax filing status or tax exemption
status without any specific interaction with human resources professionals.
Choice "d" is incorrect. Staff development functions are a growing use of intranets. Employees of the
organization access an employee-training menu from the intranet home page, complete training, and,
ultimately, test themselves and submit test scores to satisfy competency requirements.
CPA-03567
Type1 M/C
28. CPA-03567 4D.C02 - 21
A-D
Corr Ans: B
PM#14
B 4-03
Page 31
Which of the following statements concerning the Internet is correct?
a. Sending international e-mail is slightly more expensive than sending domestic e-mail.
b. If a person has Internet access through an Internet Service Provider (ISP), audio and video signals
can be transmitted over the Internet for no additional cost if that person has the appropriate hardware
and software.
c. A web browser is an optional program someone may use when surfing the web.
d. E-mail is generally sent from the sender's computer directly to the recipient's computer.
CPA-03567
Explanation
Choice "b" is correct. Internet users in different countries can instantly send audio and video if both
parties have the proper hardware and software. The remarkable feature is that there is no additional cost
when communicating around the world using the Internet.
Choice "a" is incorrect. Sending international e-mail is the same cost as sending domestic e-mail.
Choice "c" is incorrect. A web browser is a required program for someone who is surfing the web.
Choice "d" is incorrect. E-mail is generally sent from the sender's computer through a series of e-mail
servers before it reaches the recipient's computer.
CPA-03571
Type1 M/C
29. CPA-03571 Au R98 #7
A-D
Corr Ans: C
PM#16
B 4-03
Page 27
Which of the following is considered a component of a local area network?
a.
b.
c.
d.
Program flowchart.
Loop verification.
Transmission media.
Input routine.
CPA-03571
Explanation
Choice "c" is correct. A transmission media is one component of a LAN. Other components are nodes,
workstations, servers, network interface cards, operating systems, and communication devices.
15
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "a" is incorrect. A program flowchart is a diagrammatic representation of the sequence of
processing steps and the logic included in a computer program.
Choice "b" is incorrect. Loop verification is the process of confirming the correctness of the entered data
by displaying additional information after data has been entered.
Choice "d" is incorrect. An input routine is a series of steps in a program to ensure the accuracy of
entered data. It might include steps such as limit tests, field checks, validity tests, etc.
CPA-03575
Type1 M/C
30. CPA-03575 J95 - 1.19
A-D
Corr Ans: A
PM#17
B 4-03
Page 27
A local area network (LAN) is best described as a(n):
a. Computer network that connects computers of all sizes, workstations, terminals, and other devices
within a limited proximity.
b. System to allow computer users to meet and share ideas and information.
c. Electronic library containing millions of items of data that can be reviewed, retrieved, and analyzed.
d. Method to offer specialized software, hardware, and data handling techniques that improve
effectiveness and reduce costs.
CPA-03575
Explanation
Choice "a" is correct. A local area network (LAN) is a computer network that connects computers of all
sizes, workstations, terminals, and other devices within a limited proximity.
Choices "b" and "c" are incorrect. The Internet allows computer users to meet and share ideas and
information as well as allowing access to electronic libraries.
Choice "d" is incorrect. LANs typically use standard hardware and software and allow shared access.
CPA-03589
Type1 M/C
A-D
Corr Ans: B
PM#20
B 4-03
31. CPA-03589 Au May 94 #16 Page 37
Which of the following statements most likely represents a disadvantage for an entity that keeps
microcomputer-prepared data files rather than manually prepared files?
a. Attention is focused on the accuracy of the programming process rather than errors in individual
transactions.
b. It is usually easier for unauthorized persons to access and alter the files.
c. Random error associated with processing similar transactions in different ways is usually greater.
d. It is usually more difficult to compare recorded accountability with physical count of assets.
CPA-03589
Explanation
Choice "b" is correct. It is easier to access and alter microcomputer data files than manually prepared
data files. Microcomputer access security is difficult to maintain because of the increased number of data
entry points and the potential ability to defeat access controls.
Choice "a" is incorrect. Once the programs are written, the focus should be on the accuracy of the
transactions.
Choice "c" is incorrect. One of the benefits of an automated system over a manual system is the removal
of random errors from the process. Instead, systematic errors are more common.
Choice "d" is incorrect. There is no significant difference between comparing physical counts with
accounting records kept on either a manual or an automated system.
CPA-03591
Type1 M/C
32. CPA-03591 D94 - 1.14
A-D
Corr Ans: B
PM#21
B 4-03
Page 36
16
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
A network of computers located throughout an organization's different facilities spread over a wide area to
fulfill information processing needs is called:
a.
b.
c.
d.
A local area network.
Distributed data processing system.
Interactive processing.
Time-sharing.
CPA-03591
Explanation
Choice "b" is correct. A distributed data processing system is a network of computers located throughout
an organization's different facilities normally spread over a wide area to fulfill information processing
needs.
Choice "a" is incorrect. A local area network is a "local" distributed system allowing resource sharing by
users in a relatively small area (e.g., single office).
Choice "c" is incorrect. Interactive processing is a method of processing information immediately after
input.
Choice "d" is incorrect. Time-sharing is a type of multiprocessing system in which many users "share" a
central computer owned by an outside vendor and accessed through remote terminals.
CPA-03592
Type1 M/C
33. CPA-03592 J91 - 1.26
A-D
Corr Ans: D
PM#22
B 4-03
Page 34
The concept of timeliness of data availability is most relevant to:
a.
b.
c.
d.
Payroll systems.
General ledger.
Computerized systems.
On-line systems.
CPA-03592
Explanation
Choice "d" is correct. On-line systems require immediate response to the user since the user and the
computer are "having a conversation."
Choice "a" is incorrect. Payroll is a classical example of a batch system. Hours are input and processed,
errors are corrected, and checks are then printed.
Choice "b" is incorrect. General ledger systems do not require immediate "processing" of input. In fact,
they work better when you can "batch" journal entries and have them process at one time.
Choice "c" is incorrect. Computer systems can include batch processing as well as on-line processing
concepts.
CPA-03593
Type1 M/C
34. CPA-03593 J91 - 6A
A-D
Corr Ans: C
PM#23
B 4-03
Page 19
The basic differences between a file-oriented system and a database management system (DBMS)
include the following.
I.
The file-oriented system focuses on individual applications, each with its own set of files and with
each file physically separate from the other files.
II. In the database management system, the focus is on data rather than a particular application. This
leads to data independence, data standardization, one-time data entry, data security, and shared
data ownership.
a.
b.
c.
d.
Only I.
Only II.
Both I and II.
Neither I nor II.
17
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-03593
Explanation
Choice "c" is correct. Both I and II are correct.
CPA-03596
Type1 M/C
35. CPA-03596 J91 - 6B
A-D
Corr Ans: C
PM#24
B 4-03
Page 19
Advantages of a database management system (DBMS) include:
I. Reduced data redundancy and inconsistencies.
II. Inability to expand data fields without affecting application programs.
III. Data accessibility increases the timeliness, effectiveness, and availability of information.
a.
b.
c.
d.
I and II.
II and III.
I and III.
I, II, and III.
CPA-03596
Explanation
Choice "c" is correct. Both I and III are correct.
Not II, because an advantage of a DBMS includes the ability to expand data fields without affecting
application programs; instead, alterations are needed only in the DBMS.
CPA-03600
Type1 M/C
36. CPA-03600 J91 - 6B1
A-D
Corr Ans: B
PM#25
B 4-03
Page 24
Disadvantages of a database management system (DBMS) include:
I. Less highly trained technical personnel are required.
II. Increased vulnerability as a common database is highly integrated. A breakdown in hardware or
software has a much more severe effect than in a system having separate files and applications.
III. Audit trails being somewhat obscured as the result of movement of data from one file to another.
a.
b.
c.
d.
I and II.
II and III.
I and III.
I, II, and III.
CPA-03600
Explanation
Choice "b" is correct. Both II and III are correct.
Not I, because disadvantages of a DBMS include more - not less - highly trained technical personnel.
CPA-03604
Type1 M/C
37. CPA-03604 D90 - 1.24
A-D
Corr Ans: D
PM#26
B 4-03
Page 36
Information processing made possible by a network of computers dispersed throughout an organization is
called:
a.
b.
c.
d.
Online processing.
Interactive processing.
Time sharing.
Distributed data processing.
CPA-03604
Explanation
Choice "d" is correct. This is definition of distributed processing, a network of computers dispersed
throughout an organization.
18
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choices "a" and "b" are incorrect. An online (interactive) process is a method of processing information
where data is processed immediately after input. It can be done on almost any hardware configuration.
Choice "c" is incorrect. Time sharing is a method of processing where many users are sharing the same
computer. Each user is given a "timeslice" at which time the CPU is executing their program. This is a
type of multiprocessing system.
CPA-03607
Type1 M/C
38. CPA-03607 D89 - 1.07
A-D
Corr Ans: B
PM#27
B 4-03
Page 19
Database systems and the resulting concept of database management systems have several unique
characteristics not found in traditional systems, specifically file-oriented systems. Which one of the
following statements does not apply to database-oriented systems?
a. Database systems contain a data definition language that helps describe each schema and
subschema.
b. The database administrator is the part of the software package that instructs the operating aspects of
the program when data are retrieved.
c. A primary goal of database systems is to minimize data redundancy.
d. Database systems increase user interface with the system through increased accessibility and
flexibility.
CPA-03607
Explanation
Choice "b" is correct. The database administrator is a human who is responsible for the design,
maintenance and security of the database.
Choice "a" is incorrect. Data definition language (DDL) is one of the tools that is commonly found in a
DBMS. These tools help the database administrator design and maintain the data elements themselves
as well as define relationships among data elements.
Choice "c" is incorrect. Minimizing data redundancy is a primary goal of a DBMS.
Choice "d" is incorrect. Increased user interface with the system through increased accessibility and
flexibility is a common benefit of using a DBMS.
CPA-03619
Type1 M/C
39. CPA-03619 J89 - 1.11
A-D
Corr Ans: C
PM#28
B 4-03
Page 18
All of the following are examples of computer software, except a(n):
a.
b.
c.
d.
Operating system.
Language translator.
Modem.
Database management system.
CPA-03619
Explanation
Choice "c" is correct. A modem is an electronic device that allows signals to be sent over phone lines.
Choice "a" is incorrect. An operating system is an integrated group of programs (software) that
supervises the operations of a computer system.
Choice "b" is incorrect. A language processor known as a compiler, not a language translator, is software
that translates source code (human readable) to object code (machine readable).
Choice "d" is incorrect. A database management system is software that is in charge of providing data
from a database to an application program and writing it back to disk.
CPA-04602
Type1 M/C
40. CPA-04602 BEC C05 #5
A-D
Corr Ans: B
PM#29
B 4-03
Page 17
19
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Which of the following statements is (are) correct for computer hardware?
I.
Virtual memory is memory where portions of a program that are not being executed are stored, but it
is not real memory.
II. Virtual memory is that portion of real memory where portions of a program that are not being
executed are stored.
III. RAID is disk storage where multiple inexpensive disk drives are combined into an array.
a.
b.
c.
d.
I and II only are correct.
I and III only are correct.
III only is correct.
II and III only are correct.
CPA-04602
Explanation
Choice "b" is correct.
Statement I is a correct statement. Virtual memory is memory where portions of a program that are not
being executed are stored, but it is not real memory. It is actually a part of disk storage. When the part of
the program that is being stored in virtual memory is to be executed, the part of the program is retrieved
and stored in real memory.
Statement III is a correct statement. RAID is disk storage where multiple inexpensive disk drives are
combined into an array of disk drives to obtain performance, capacity, and reliability that exceed that of a
single large disk drive.
Statement II is an incorrect statement. Virtual memory is NOT real memory.
CPA-04603
Type1 M/C
41. CPA-04603 BEC C05 #6
A-D
Corr Ans: A
PM#30
B 4-03
Page 18
All of the following statements are correct for processors and processing power, except:
a. Processing power is often measured in terms of MIPS, which is millions of instructions per minute.
b. In addition to processing power, there are many other factors, such as the speed of the input and
output devices, that determine the overall processing power of a computer system.
c. When multiple processors or computers process the same program, there is an efficiency loss to
provide the control of the overall processing. This factor is called the multiprocessing (MP) factor.
d. Multiprocessing is the coordinated processing of programs by more than one processor.
CPA-04603
Explanation
Choice "a" is correct. It is an incorrect statement.
Processing power is often measured in terms of MIPS, which is millions of instructions per second, not
per minute.
Choices "b", "c", and "d" are incorrect because these three statements are correct.
CPA-04604
Type1 M/C
42. CPA-04604 BEC C05 #7
A-D
Corr Ans: D
PM#31
B 4-03
Page 26
Which of the following statements is (are) correct for application software?
I.
Application software can be purchased or developed internally. If application software is purchased,
the purchase is of the software itself, and the purchaser can do whatever it wishes with the software.
II. When application software is purchased, the purchaser invariably receives a copy of the source code
and, for large applications, the source code is escrowed. Escrow of the source code protects the
software vendor if the purchaser fails to live up to its contractual obligations.
III. When application software is purchased, maintenance for that software may or may not be
purchased. Maintenance is normally updates and support.
20
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
a.
b.
c.
d.
I, II, and III are correct.
I and II only are correct.
II and III only are correct.
III only is correct.
CPA-04604
Explanation
Choice "d" is correct.
Statement I is an incorrect statement. Application software can be purchased or developed internally. If
application software is purchased, what is being purchased is a license to use the software under certain
prescribed terms and conditions.
Statement II is an incorrect statement. When application software is purchased, the purchaser may or
may not receive a copy of the source code. The source code may or may not be escrowed. Escrow of
the source code supposedly protects the purchaser if the software vendor fails to live up to its contractual
obligations.
CPA-04605
Type1 M/C
43. CPA-04605 BEC C05 #8
A-D
Corr Ans: C
PM#32
B 4-03
Page 27
All of the following statements are correct for a telecommunications network, except:
a. Some of the functions of a telecommunications network are to establish an interface between the
sender and the receiver of the message and to transmit the message.
b. A communication or network protocol is the set of rules that allows the various pieces of hardware
and software that are included in the network to communicate.
c. Routers connect different types of networks, and gateways route packets of data through
interconnected LANs.
d. A bridge is used to connect segments of a LAN which both use the same set of network protocols.
CPA-04605
Explanation
Choice "c" is correct. It is an incorrect statement.
Gateways connect different types of networks, and routers route packets of data through interconnected
LANs.
Choices "a", "b", and "d" are incorrect because these three statements are correct.
CPA-04606
Type1 M/C
44. CPA-04606 BEC C05 #9
A-D
Corr Ans: B
PM#33
B 4-03
Page 32
Which of the following statements is (are) correct for transaction processing modes?
I.
In batch processing, the grandfather-father-son file rotation procedure can be used either to recover
from processing problems or to retain files off-site for disaster recovery.
II. Batch totals, often used in batch processing, are totals of dollar fields in transactions. The total
computed from the batch is compared to an input batch total for the batch of transactions; if the two
totals are the same, processing of the batch can continue.
III. Hash totals, often used in batch processing, are totals of fields in transactions other than dollars. The
total computed from the batch is compared to an input hash total for the batch of transactions; if the
two totals are the same, processing of the batch can continue.
IV. In the past, batch processing predominated. These days, there is no justification for batch
processing.
a.
b.
c.
d.
I and III only are correct.
I, II, and III are correct.
I and IV only are correct.
II and III only are correct.
21
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-04606
Explanation
Choice "b" is correct.
All of the statements other than IV are correct. In the past, batch processing predominated. These days,
a much larger portion of system processing is on-line rather than batch, but batch processing is still often
used for system to system transfers of data, updating separate data warehouses, and the like.
CPA-04607
Type1 M/C
45. CPA-04607 BEC C05 #10
A-D
Corr Ans: C
PM#34
B 4-03
Page 32
All of the following statements are correct for programmed controls, except:
a. Programmed controls can be divided into input controls, processing controls, and output controls.
b. Input controls are utilized in batch systems where a report of rejected transactions is produced. The
rejected transactions are corrected and re-submitted.
c. Input controls are not really necessary in on-line systems since the person entering the transactions
can review them as they are being entered and ensure that they are correct.
d. Output controls relate to the accuracy and distribution of reports.
CPA-04607
Explanation
Choice "c" is correct. It is an incorrect statement.
Input controls are necessary in on-line systems because the person entering the transactions may not or
may not be able to review the transactions as they are being entered. The person entering the
transactions may not be aware of the nature of the transactions and/or may not have the information or
the time to review the transactions. For example, one input control is to check for the validity of an
account number. The person entering the transactions would not have any idea whether a reasonable
looking account number was valid or not.
Choices "a", "b", and "d" are incorrect because these three statements are correct.
CPA-04822
Type1 M/C
A-D
Corr Ans: A
PM#35
B 4-03
46. CPA-04822 Released 2005 Page 20
In an accounting information system, which of the following types of computer files most likely would be a
master file?
a.
b.
c.
d.
Inventory subsidiary.
Cash disbursements.
Cash receipts.
Payroll transactions.
CPA-04822
Explanation
Choice "a" is correct. The question can be readily addressed by using the "odd man out" principle. Just
look at the other three choices. Each of them is a transaction file of some type; one of them is even
called a transaction file. The other two (cash disbursements and cash receipts) are both transactions in a
non-computerized accounting system and are transaction files in a computerized accounting system.
Choices "b", "c", and "d" are incorrect, per the above explanation.
CPA-04834
Type1 M/C
A-D
Corr Ans: A
PM#36
B 4-03
47. CPA-04834 Released 2005 Page 29
Most client/server applications operate on a three-tiered architecture consisting of which of the following
layers?
a. Desktop client, application, and database.
b. Desktop client, software, and hardware.
22
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
c. Desktop server, application, and database.
d. Desktop server, software, and hardware.
CPA-04834
Explanation
Choice "a" is correct. A three-tier architecture is desktop client, application, and database.
Choice "b" is incorrect. Client/server architecture does not include hardware in the architecture. That
eliminates both choices "b" and "d".
Choice "c" is incorrect. The desktop is a client, not a server.
Choice "d" is incorrect. Client/server architecture does not include hardware in the architecture. That
eliminates both choices "b" and "d".
CPA-05175
Type1 M/C
A-D
Corr Ans: D
PM#37
B 4-03
48. CPA-05175 Page 17
TakeItBack Company outsourced its computer operations in 1970. It had so many problems with its
outsourcing vendor that it finally decided to terminate the contract and take over its operations again.
Which of the following statements is/are correct with respect to the hardware that it may install in its new
data center that it has just built?
a. TakeItBack is investigating RAID disk storage for its disk storage needs. RAID is inexpensive disk
drives that are combined in an array of disk drives. TakeItBack is aware of the old adage of "You get
what you pay for" and is willing to accept the performance and reliability problems of RAID in
exchange for the lower price.
b. TakeItBack has decided to buy and install 40GB of virtual memory on its main processor. It has
designed the main computer room in its new data center to provide the space for this virtual memory.
c. TakeItBack has decided to utilize tape storage for all of its online systems since tape drives are
random storage devices. Even though tape random access is slower than disk random access, tape
storage will work just fine for its online systems.
d. None of the statements is correct.
CPA-05175
Explanation
Choice "d" is correct. All three statements are nonsense. Possibly TakeItBack should just have looked
for another outsourcing vendor if it was dissatisfied with its outsourcing center. It certainly does not know
enough about hardware to equip and run its own data center.
RAID disk storage, while relatively inexpensive, does not necessarily mean lower performance and
reliability.
Virtual memory is not real memory; it is software controlled. There is nothing to install. TakeItBack
wasted its money on floor space for the virtual memory.
There is really no such thing as tape random access. Tape storage is sequential. Tape storage would
not be used in online systems, other than possibly for batch parts of the online systems or for backup and
recovery. Disk storage is required for online systems.
Choices "a", "b", and "c" are incorrect, per the above explanation.
CPA-05176
Type1 M/C
A-D
Corr Ans: D
PM#38
B 4-03
49. CPA-05176 Page 18
LotsofPower Corporation is looking to replace some or all of the processors in its computer center. Which
of the following statements that LotsofPower has received from its computer hardware sales
representatives is correct?
a. Processing power is often described in terms of MIPS. The MIPS measurement of processors is the
sole factor in determining the overall processing power of a particular processor or computer system.
23
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
b. Multiprocessing is several parts of a program running at the same time on a single processor.
c. Multiprogramming is the coordinated processing of programs by more than one processor.
d. None of the statements is correct.
CPA-05176
Explanation
Choice "d" is correct. None of the statements is correct.
It is correct that processing power is often described in terms of MIPS. However, the MIPS measurement
is only one of the factors in determining the overall processing power of a particular processor or
computer system. For example, the internal and external (to the processor itself) data transfer speed is
also important. If a particular application system is input/output intensive, like many commercial
application systems are, data transfer speed might be much more important than pure processing power.
Multiprogramming, not multiprocessing, is several parts of a program running at the same time on a single
processor. In multiprogramming, since there is only one processor, only one part of a program can
actually run at a single point in time. Multiprogramming takes advantage of a wait state with one program
(where the program is waiting for something else like relatively slow input/output) to switch to another
program. It then looks like several programs are running at the same time even though they are not.
Choices "c" and "d" are backwards.
Multiprocessing, not multiprogramming, is the coordinated processing of programs by more than one
processor. In multiprocessing, several programs are run at the same time. In parallel processing, there
are multiple processors that share the execution of an individual program; the program is split into pieces
and the multiple pieces of the single program are run concurrently by the multiple processors. This
capability will benefit programs that are written to take advantage of it. Choices "c" and "d" are
backwards.
Choices "a", "b", and "c" are incorrect, per the above explanation.
CPA-05177
Type1 M/C
A-D
Corr Ans: D
PM#39
B 4-03
50. CPA-05177 Page 21
Stonehenge Corporation utilizes several database management systems in its various application
systems running at data center just north of London, England. Which of the following statements is/are
correct for these databases?
I.
In a relational database, the data are stored in two-dimensional tables that are implemented by
indexes and linked lists.
II. Normalization is the process of separating data into logical tables.
III. Object-oriented databases can be used to store comments, drawings, images, voice, and video that
do not normally fit into more structured databases. Object-oriented databases are normally faster
than relational databases.
a.
b.
c.
d.
I, II, and III are correct.
III only is correct.
II and III only are correct.
II only is correct.
CPA-05177
Explanation
Choice "d" is correct. II only is correct.
Statement I is incorrect. In a relational database, the data are stored in two-dimensional tables that are
related to each other by keys, not implemented by indexes and linked lists. Indexes and linked lists were
normally used in the earlier hierarchical and tree-structured databases.
Statement II is correct. Normalization is the process of separating data into logical tables. Data
normalization is required before a relational database can be designed.
24
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Statement III is incorrect. Object-oriented databases can be used to store comments, drawings, images,
voice, and video that do not normally fit into more structured databases. However, object-oriented
databases are normally slower than, not faster than, relational databases.
Choices "a", "b", and "c" are incorrect, per the above explanation.
CPA-05178
Type1 M/C
A-D
Corr Ans: A
PM#40
B 4-03
51. CPA-05178 Page 25
CoffeeEverywhere Corporation, headquartered in Seattle, Washington, uses a variety of programming
languages in its various application systems. Which of the following statements is not correct with
respect to programming languages?
a. Programs may be either interpreted or compiled. When programs are compiled, each line of source
code is converted into executable code immediately before it is executed.
b. Examples of modern programming languages are C++ and Java.
c. Fourth-generation languages are languages that enable end users to develop applications with little
or no technical assistance.
d. Programs are normally written in source code that is then translated into object code.
CPA-05178
Explanation
Choice "a" is correct. Programs may be either interpreted or compiled. However, when programs are
interpreted, not compiled, each line of source code is converted into executable code immediately before
it is executed. Interpretation is normally slower than compilation because it is harder to optimize (for
performance) an interpreted program. Optimization normally is part of the compilation or linking process.
Choice "b" is incorrect. Examples of modern programming languages are C, C++, Visual Basic, and
Java. Java is a programming language. If a computer has a Java interpreter, compiled Java modules
can be run on that computer. Java modules can be embedded on web pages and can be downloaded to
a web browser and run on a client computer. Java, from a programming standpoint, is somewhat like C
and C++; however, programs written in Java are more portable (from one vendor's computer to another in
executable form) than C or C++ programs. C and C++ are really not all that portable since different
programming language vendors tend to include "special features" in their programming languages.
Choice "c" is incorrect. Fourth-generation languages are languages that enable end users to develop
applications with little or no technical assistance. That does not necessarily mean that untrained end
users will really be able to write good or efficient programs or applications, just that they may be able to
write them.
Choice "d" is incorrect. Programs are normally written in source code that is then translated into object
code. The translation is the compilation or interpretation of the source code. If a program is compiled,
broadly speaking, the object code is retained and is what is executed. If a program is interpreted, the
interpreted code is what executes. If the program is executed again, it is interpreted again.
CPA-05179
Type1 M/C
A-D
Corr Ans: A
PM#41
B 4-03
52. CPA-05179 Page 26
Left Bank of the Mississippi is a leading bank headquartered in East St. Louis, Illinois. The bank has
operated for years with an old deposit accounting system and is looking to replace that system with a new
and more modern system purchased from an outside application software vendor that supplies software
to the banking community. Which of the following statements is/are correct?
a. If Left Bank purchases the software, normally it will actually have purchased only a license to use that
software. Its license will be subject to the terms and conditions written into the license agreement.
b. If Left Bank purchases the software, it will automatically have the right to have the software source
code escrowed with an escrow agent of some type. Escrowing of the source code protects the
purchaser if the software vendor fails to live up to its contractual obligations.
25
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
c.
The new deposit accounting system will probably fall under the definition of groupware because it will
be used by groups of customers.
d. None of the statements is correct.
CPA-05179
Explanation
Choice "a" is correct. If Left Bank purchases the software, normally it will actually have purchased only a
license to use that software. Its license will be subject to the terms and conditions written into the license
agreement. The license agreement for a large application system (such as a deposit accounting system)
will be considerably different from the shrink-wrap license agreement that is used for PC software.
Choice "b" is incorrect. If Left Bank purchases the software, it will not automatically have the right to have
the software source code escrowed with an escrow agent; an escrow agreement will have to be written
into the license agreement. In addition, it is questionable exactly how much the escrowing of the source
code protects the purchaser if the software vendor fails to live up to its contractual obligations.
Choice "c" is incorrect. The new deposit accounting system will not probably fall under the definition of
groupware because it will be used by groups of customers. Groupware is software that lets different
people work on the same documents and coordinate their work activities. It is extremely unlikely that a
deposit accounting system will perform this function. Besides, what are "groups" of customers?
Choice "d" is incorrect since choice "a" is correct.
CPA-05245
Type1 M/C
A-D
Corr Ans: C
PM#42
B 4-03
53. CPA-05245 Released 2006 Page 34
Compared to batch processing, real-time processing has which of the following advantages?
a.
b.
c.
d.
Ease of auditing.
Ease of implementation.
Timeliness of information.
Efficiency of processing.
CPA-05245
Explanation
Choice "c" is correct. Compared to batch processing, real-time processing has the advantage of
timeliness of information because data is updated more quickly.
Choice "a" is incorrect. Auditing is normally easier with a batch system than with an online system. With
an online system, it is harder, although certainly not impossible, to build effective audit trails. With less
effective audit trails, it is more difficult to audit, and sometimes considerably different approaches to
auditing (auditing around a system instead of auditing through a system) must be taken.
Choice "b" is incorrect. There is no real difference in general between the ease of implementation of a
batch system and of an online system; although, there might be a difference between a specific batch
system and a specific online system.
Choice "d" is incorrect. There is no real difference in general between the efficiency of processing
between a batch system and an online system; although, there might be a difference between a specific
batch system and a specific online system. It is difficult to determine exactly what the examiners actually
meant by "efficiency of processing."
CPA-05257
Type1 M/C
A-D
Corr Ans: A
PM#43
B 4-03
54. CPA-05257 Released 2006 Page 23
Which of the following is a critical success factor in data mining a large data store?
a.
b.
c.
d.
Pattern recognition.
Effective search engines.
Image processing systems.
Accurate universal resource locater (URL).
26
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-05257
Explanation
Choice "a" is correct. Data mining can be defined as the extraction of implicit, previously unknown, and
potentially useful information from data. It is usually associated with an organization's need to identify
trends. Data mining involves the process of analyzing the data to show patterns or relationships in that
data. Thus, pattern recognition, or the ability of the data mining software to recognize the patterns (or
trends), is the critical success factor for data mining (at least in the opinion of the examiners).
Choice "b" is incorrect, per the examiners. An effective search engine is a critical success factor in data
mining especially when the data store (a nice techie word meaning the database) is really large (and it is
in this question). Unless the search engine is effective, the data mining process might take a very, very
long time, but it should eventually provide results. That may be the reason why the examiners did not
think that this answer was correct. Not all of the questions on the CPA exam are good. The question
asks for "a" critical success factor, not "the" critical success factor. In our opinion, both choice "a" and
choice "b" should be correct.
Choice "c" is incorrect. An image processing system is not a critical success factor in data mining. Image
processing systems are more oriented towards the gathering of data from images, and not towards the
mining or interpretation of that data.
Choice "d" is incorrect. An accurate universal resource locator (URL) is not a critical success factor in
data mining. A URL is a string of characters conforming to a standardized format which refers to a
resource on the Internet. Data for data mining purposes is seldom, if ever, on the Internet. That would be
way too slow.
CPA-05563
Type1 M/C
A-D
Corr Ans: A
PM#44
B 4-03
55. CPA-05563 Released 2007 Page 36
A distributed processing environment would be most beneficial in which of the following situations?
a. Large volumes of data are generated at many locations and fast access is required.
b. Large volumes of data are generated centrally and fast access is not required.
c. Small volumes of data are generated at many locations, fast access is required, and summaries of
the data are needed promptly at a central site.
d. Small volumes of data are generated centrally, fast access is required, and summaries are needed
monthly at many locations.
CPA-05563
Explanation
Choice "a" is correct. A distributed (or decentralized) processing environment would be the most
beneficial when large volumes of data are generated at many (remote) locations and fast access to the
data is required. In centralized processing, there is always some delay (however small these days) in
transmitting large volumes of data or transactions to the central site to be processed and then to be able
to access the processed information. Decentralized processing eliminates that particular problem
(although it does present other problems). Note that there seems to be an implied assumption in this
question that the (remote) locations need access only to their own local data and not to all of the data for
all locations. This choice seems to be better than choice "c".
Choice "b" is incorrect. If large volumes of data are generated centrally, centralized processing would
probably be more beneficial, regardless of whether or not fast access to that data is required. This choice
implies that little, if any, data or transactions are generated at the remote locations so there would be no
real need for distributed processing.
Choice "c" is incorrect. If summaries of the data are needed "promptly" at the central site, centralized
processing MIGHT be more beneficial. Since only small volumes of data are generated at the remote
locations, there would probably not be much delay in transmitting that data to the central location and
probably not much delay in accessing that data. Since only summaries of the data are needed at the
central location, those summaries could probably be readily prepared at the remote locations. This
choice is the next best, and a case could certainly be made that the choice is correct. The decision could
readily come down to summaries of "what" data. Is it summaries of all of the data generated by all
27
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
locations or summaries of only the data generated by the remote location? If the former is what is meant,
centralized processing would be more beneficial. If the latter is what is meant, distributed processing
would probably be more beneficial.
Choice "d" is incorrect. If summaries of the data are needed "monthly" at the remote sites, centralized
processing MIGHT be more beneficial. However, there is no way to tell in this choice how much data is
generated at the remote locations. From the way the question in total is written, an assumption might be
made that there is only a small volume of data at the remote locations. If there is a large volume of data
at the remote locations, decentralized processing might be more beneficial because fast access is
required.
Note: This question is rather vague and ambiguous. Candidates should not have to make too many
assumptions or read too much into the question. Unfortunately, with this question, you do.
CPA-05575
Type1 M/C
A-D
Corr Ans: C
PM#45
B 4-03
56. CPA-05575 Released 2007 Page 28
Which of the following statements is true regarding Transmission Control Protocol and Internet Protocol
(TCP/IP)?
a.
b.
c.
d.
Every TCP/IP-supported transmission is an exchange of funds.
TCP/IP networks are limited to large mainframe computers.
Every site connected to a TCP/IP network has a unique address.
The actual physical connections among the various networks are limited to TCP/IP ports.
CPA-05575
Explanation
Choice "c" is correct. TCP/IP is the network protocol upon which the Internet is based. Knowing only
that, some or all of the incorrect choices can be readily eliminated. If nothing else, the odds of guessing
correctly are improved. There is detail on TCP/IP in the B4 Technical Addendum; however, TCP/IP is not
discussed in the main text. The "addresses" referenced in this choice refer to network addresses, which
are unique. Network addresses are discussed in the B4 Technical Addendum also; they are not
discussed in the main text.
Choice "a" is incorrect. TCP/IP is not limited to exchanges of funds. The Internet is used for a lot more
than just exchanges of funds, although it is certainly used for that. Knowing only that TCP/IP is the basis
for the Internet, and nothing else, this choice can be readily eliminated.
Choice "b" is incorrect. TCP/IP is not limited to large (or even small) mainframe computers. It can and is
used by any type of computer. Knowing only that TCP/IP is the basis for the Internet, and nothing else,
this choice can be readily eliminated.
Choice "d" is incorrect. The actual physical connections among the various networks are not limited to
TCP/IP ports. There are plenty of other "ports" that are used for Internet communications. Ports are
discussed in the B4 Technical Addendum; they are not discussed in the main text. This choice is
probably the next best choice since it takes just a little more knowledge to eliminate it.
Note: Remember that the B4 Technical Addendum should be a part of your review for the CPA Exam!
CPA-05585
Type1 M/C
A-D
Corr Ans: B
PM#46
B 4-03
57. CPA-05585 Released 2007 Page 34
What type of computerized data processing system would be most appropriate for a company that is
opening a new retail location?
a.
b.
c.
d.
Batch processing.
Real-time processing.
Sequential-file processing.
Direct-access processing.
CPA-05585
Explanation
28
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "b" is correct. In this question, a new "retail" location is being opened. Retail locations will
normally have a large number of small transactions (think of a convenience store selling beer and chips),
and that might make batch processing look to be most appropriate. However, it is important to know the
current status of inventory so that inventory (what is and what is not selling) can be properly replenished
(think of Walmart and its supply chain systems) and so that quick price reductions can be made for
inventory that is not selling. This last factor makes real-time processing most appropriate.
Choice "a" is incorrect. There is nothing wrong with batch processing, but batch processing would
probably not be used these days in the situation described in the question. In the past, batch processing
was used to upload transaction data from individual stores to the retailer's centralized processors (with
the remainder of the processing being done centrally and possibly in batch); however, real time
processing would be better (and more expensive). This kind of decision is almost always a cost/benefit
decision. It would certainly be possible, in this situation, to have the retail store transactions uploaded
after the close of business in batch, further processing of the transactions to be done centrally in batch,
and new inventory figures transmitted back to the store in batch after the central processing is complete.
Choice "c" is incorrect. Sequential file processing is almost totally restricted to batch processing.
Sequential file processing was used extensively in the "good old days" but it is seldom used these days
for major application files, which are almost always disk files and allow direct access. Tapes (which are
the normal sequential files) are normally restricted to backups and storage for very large amounts of data
that are too expensive to be stored on disk and for which there is no real need for relatively quick access.
Choice "d" is incorrect. This choice would have been better worded as "direct access file" processing (or
it means absolutely nothing). Reworded, direct access file processing is the opposite of sequential file
processing. It would most certainly be used in the "retail" applications, but that does not mean it is the
correct answer.
Risks, Controls, Disaster Recovery, and Business Continuity
CPA-03483
Type1 M/C
58. CPA-03483 BEC C03 #5
A-D
Corr Ans: D
PM#1
B 4-04
Page 41
All of the following are different types of reporting risk that an accountant must recognize as threats to
accuracy of reports, except:
a.
b.
c.
d.
Strategic risk.
Financial risk.
Information risk.
Data integrity risk.
CPA-03483
Explanation
Choice "d" is correct. There is no separate data integrity risk category.
Choice "a" is incorrect. Strategic risk includes risks such as choosing inappropriate technology.
Choice "b" is incorrect. Financial risk includes risks such as having financial resources lost, wasted, or
stolen.
Choice "c" is incorrect. Information risk includes risks such as loss of data integrity, incomplete
transactions, or hackers.
CPA-03622
Type1 M/C
59. CPA-03622 BEC C03 #15
A-D
Corr Ans: C
PM#2
B 4-04
Page 45
The system of user identification and authentication that prevents unauthorized users from gaining
access to network resources is called a:
a. Login ID and password.
b. Network server.
c. Firewall.
29
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
d. Network force field.
CPA-03622
Explanation
Choice "c" is correct. A firewall is a system of user identification and authentication that prevents
unauthorized users from gaining access to network resources. This name may also be applied to a
network node used to improve network traffic and to set up a boundary that prevents traffic from one
segment from crossing over to another. The most common use is to prevent Internet users from gaining
access to an organization's private intranet.
Choice "a" is incorrect. A login ID and password are normally required to allow access to a network
resource, but it is the firewall that protects the network and prevents unauthorized access.
Choice "b" is incorrect. A network server is a type of resource protected by the firewall.
Choice "d" is incorrect. There is no such thing as a network force field.
CPA-03631
Type1 M/C
60. CPA-03631 Au R98 #25
A-D
Corr Ans: B
PM#6
B 4-04
Page 51
Which of the following procedures would an entity most likely include in its computer disaster recovery
plan?
a.
b.
c.
d.
Develop an auxiliary power supply to provide uninterrupted electricity.
Store duplicate copies of critical files in a location away from the computer center.
Maintain a listing of all entity passwords with the network manager.
Translate data for storage purposes with a cryptographic secret code.
CPA-03631
Explanation
Choice "b" is correct. Maintaining current, off-site copies of critical data and program files is a
fundamental part of any disaster recovery plan.
Choice "a" is incorrect. An auxiliary power supply would prevent loss of power and possible loss of data.
Choice "c" is incorrect. This is a distractor. Decipherable password lists should not be maintained.
Choice "d" is incorrect. Using data encryption would prevent unauthorized use of information even if data
access controls failed.
CPA-03633
Type1 M/C
61. CPA-03633 Au May 93 #8
A-D
Corr Ans: B
PM#7
B 4-04
Page 51
Which of the following controls most likely would ensure that an entity can reconstruct its financial
records?
a.
b.
c.
d.
Hardware controls are built into the computer by the computer manufacturer.
Backup diskettes or tapes of files are stored away from originals.
Personnel who are independent of data input perform parallel simulations.
System flowcharts provide accurate descriptions of input and output operations.
CPA-03633
Explanation
Choice "b" is correct. Backup diskettes or tapes of files stored away from originals would enable an entity
to reconstruct its financial records if the originals were destroyed.
Choice "a" is incorrect. Hardware controls affect the processing and transfer of information within the
system. They do not enable the entity to reconstruct its financial records.
Choice "c" is incorrect. Parallel simulation is an auditing technique used when auditing through the
computer. It does not allow an entity to reconstruct its financial records.
Choice "d" is incorrect. System flowcharts could provide accurate descriptions of input and output
operations but would not assist in the reconstruction of financial records.
30
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-04608
Type1 M/C
62. CPA-04608 BEC C05 #11
A-D
Corr Ans: B
PM#8
B 4-04
Page 43
Which of the following statements is (are) correct for access controls?
I.
Access controls limit access to program documentation, data files, programs, and computer
hardware.
II. Passwords should consist of words that can be found in a common dictionary and should be of a
maximum length so that they can be easily remembered.
III. A backdoor is a means of access to a program or system that bypasses normal security mechanisms.
Backdoors should be maintained so that there can be quick access to the system or program for
emergency situations.
a.
b.
c.
d.
I and II only are correct.
I only is correct.
III only is correct.
II and III only are correct.
CPA-04608
Explanation
Choice "b" is correct. Statement I is the only correct statement. Access controls limit access to program
documentation, data files, programs, and computer hardware.
Statement II is incorrect. Passwords should not consist of words that can be found in a common
dictionary and should be of a minimum, not a maximum, length.
Statement III is incorrect. A backdoor is a means of access to a program or system that bypasses normal
security mechanisms. Backdoors should be eliminated.
CPA-04609
Type1 M/C
63. CPA-04609 BEC C05 #12
A-D
Corr Ans: C
PM#9
B 4-04
Page 45
Which of the following statements is (are) incorrect for firewalls?
I.
A firewall is a system of user identification and authentication that prevents unauthorized users from
gaining access to network resources.
II. Firewall methodologies can be divided into packet filtering, circuit level gateways, and application
level gateways. Packet filtering examines packets of data as they pass through the firewall according
to rules that have been established.
III. Application firewall is another name for network firewall. They perform the same function.
IV. None of the listed statements are incorrect.
a.
b.
c.
d.
I only is correct.
II only is correct.
III only is correct.
IV only is correct.
CPA-04609
Explanation
Choice "c" is correct. An application firewall, as opposed to a network firewall, is designed to protect
specific application services from attack.
CPA-04610
Type1 M/C
64. CPA-04610 BEC C05 #13
A-D
Corr Ans: A
PM#10
B 4-04
Page 47
Which of the following statements is incorrect for threats in a computerized environment?
a. A virus is a piece of computer program that inserts itself into some other program to propagate.
Alternatively, it can run independently.
31
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
b. A Trojan horse is a program that appears to have a useful function but that contains a hidden and
unintended function that presents a security risk.
c. Phishing is the sending of phony emails to try to lure people to phony web sites asking for financial
information.
d. In a denial-of-service attack, one computer bombards another computer with a flood of information
intended to keep legitimate users from accessing the target computer or network.
CPA-04610
Explanation
Choice "a" is correct. This statement is incorrect. A virus is a piece of computer program that inserts
itself into some other program to propagate. A virus cannot run independently.
Choices "b", "c", and "d" are incorrect because these statements are correct.
CPA-04808
Type1 M/C
A-D
Corr Ans: C
PM#11
B 4-04
65. CPA-04808 2005 Released Page 42
Which of the following types of control plans is particular to a specific process or subsystem, rather than
related to the timing of its occurrence?
a.
b.
c.
d.
Preventive.
Corrective.
Application.
Detective.
CPA-04808
Explanation
Choice "c" is correct. Application controls are written into the application and are specific to the particular
process or subsystem. The words "specific to the particular process or subsystem" almost give it away.
The words "process" and "subsystem" are quite similar to the word "application."
Choices "a", "b", and "d" are incorrect. Preventive, corrective, and detective controls are control
procedures that are part of the control environment.
●
Preventive Controls - Preventive controls are controls that are designed to prevent potential problems
from occurring.
●
Corrective Controls - Corrective controls are controls that are designed to fix problems that have
occurred and that have been located by detective controls.
●
Detective Controls - Detective controls are controls that are designed to locate problems that have
occurred so that they can be fixed by corrective controls.
CPA-04813
Type1 M/C
A-D
Corr Ans: B
PM#12
B 4-04
66. CPA-04813 2005 Released Page 51
Which of the following procedures should be included in the disaster recovery plan for an Information
Technology department?
a.
b.
c.
d.
Replacement personal computers for user departments.
Identification of critical applications.
Physical security of warehouse facilities.
Cross-training of operating personnel.
CPA-04813
Explanation
Choice "b" is correct. This question is not straightforward because a case can be made that several of
the choices are correct. However, as usual, one of the choices is more correct than the others. The
identification of critical applications will be found in almost all disaster recovery plans and thus is the best
answer.
32
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "a" is incorrect. Replacement of PCs could be in some disaster recovery plans, even though
when it is, the plan is more likely to be called a business continuity plan. If end users cannot use their
PCs because the PCs have been destroyed, they might not be able to access the recovered applications.
However, PCs can be readily purchased, and many firms will decide to purchase replacements only when
they need to (depending on the nature and extent of the disaster, the end users might be able to move to
an alternate location which still has its PCs). However, that approach should probably be documented in
the disaster recovery plan. Choice "b" is just better.
Choice "c" is incorrect. It is there to try to trick people into picking it because of the word "warehouse."
After all, we do have "data warehouses."
Choice "d" is incorrect. Cross-training could be in some disaster recovery plans, assuming that the
"operating personnel" means computer operations personnel (if it means something else, it won't be).
Cross-training of computer operations personnel (anybody who will be expected to be at the disaster
recovery site to provide the care and feeding of the applications) might be appropriate because the
disaster might keep some of the expected people from being there. If so, then the cross-training should
be documented in the disaster recovery plan. Replacement of personnel is something that is often
incorrectly ignored in disaster recovery plans.
CPA-04814
Type1 M/C
A-D
Corr Ans: A
PM#13
B 4-04
67. CPA-04814 2005 Released Page 50
A digital signature is used primarily to determine that a message is:
a.
b.
c.
d.
Unaltered in transmission.
Not intercepted in route.
Received by the intended recipient.
Sent to the correct address.
CPA-04814
Explanation
Choice "a" is correct. A digital signature is a means of ensuring that a message is not altered in
transmission. It is a form of data encryption.
Choice "b" is incorrect. A digital signature will not keep a message from being intercepted in route, any
more than a normal signature would.
Choice "c" is incorrect. A digital signature will not ensure that a message is received by the intended
recipient, any more than a normal signature would.
Choice "d" is incorrect. A digital signature will not ensure that a message is sent to the correct address,
any more than a normal signature would.
CPA-04826
Type1 M/C
A-D
Corr Ans: C
PM#14
B 4-04
68. CPA-04826 2005 Released Page 37
Which of the following is an advantage of a computer-based system for transaction processing over a
manual system? A computer-based system:
a.
b.
c.
d.
Does not require as stringent a set of internal controls.
Will produce a more accurate set of financial statements.
Will be more efficient at producing financial statements.
Eliminates the need to reconcile control accounts and subsidiary ledgers.
CPA-04826
Explanation
Choice "c" is correct. A computer-based system will almost always be "more efficient" in doing something
that has to be done multiple times. Thus, if multiple financial statements have to be produced, for
example, at multiple times during the closing process, a computer-based system will normally be more
efficient.
33
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "a" is incorrect. A computer-based system requires a set of internal controls that are just as
stringent as a manual system. The controls will be different, but that does not mean they will be less
stringent.
Choice "b" is incorrect. There is nothing about a computer-based system that guarantees increased
accuracy. Garbage in = garbage out.
Choice "d" is incorrect. There is nothing about a computer-based system that eliminates the need to
reconcile control accounts and subsidiary ledgers. Computer systems (really the programs in those
systems) make mistakes sometimes; they are called bugs. So, if such a reconciliation were needed in a
manual system, it would probably still be needed in a computer-based system, just for different reasons.
However, it should be able to be automated.
CPA-04827
Type1 M/C
A-D
Corr Ans: D
PM#15
B 4-04
69. CPA-04827 2005 Released Page 45
Which of the following risks can be minimized by requiring all employees accessing the information
system to use passwords?
a.
b.
c.
d.
Collusion.
Data entry errors.
Failure of server duplicating function.
Firewall vulnerability.
CPA-04827
Explanation
Choice "d" is correct, or it is the best of the answers. It is certainly questionable whether a firewall
vulnerability would be compensated for by requiring all employees to use passwords, but choice "d" is
much better than the other answers.
Choice "a" is incorrect. Collusion would not be minimized at all by requiring employees to have
passwords; the employees conspiring to do bad things could merely share their passwords.
Choice "b" is incorrect. Passwords would not do anything about data entry errors.
Choice "c" is incorrect. It is difficult to determine what "failure of server duplicating function" even means,
but, certainly, whatever it is, the usage of passwords or the lack of passwords would have no effect on it.
CPA-05181
Type1 M/C
A-D
Corr Ans: D
PM#16
B 4-04
70. CPA-05181 Page 44
Splendora Corporation, a corporation headquartered in Texas, is in the energy business. Since large
amounts of money are involved, Splendora needs to have tight security for its data and application
systems. Which of the following statements about its security might indicate a weakness in the security?
a. A backdoor is a means of access that bypasses normal security procedures. Splendora controls
access to its data center with access cards that log all employees who enter the computer center, so
it does not feel that it has any backdoors.
b. Splendora generates a default password for new users of its application systems as the employee's
last name and encourages but does not require that those passwords be changed. Splendora
considers the possibility of a security problem to be remote since employees will invariably change
those passwords as soon as they access the systems for the first time.
c. Splendora has a network firewall that protects access to its firewall and the applications that run on its
networks. Since firewalls protect against intrusion by outsiders, Splendora does not utilize any virus
protection software.
d. Each of the statements indicates a potential weakness in Splendora's security.
CPA-05181
Explanation
34
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "d" is correct. Each of the above statements indicates a potential weakness in Splendora's
security.
Choice "a" is incorrect. It indicates a weakness in Splendora's security. A backdoor is a means of access
to a program or system that bypasses normal security procedures. It has nothing whatsoever to do with
physical access to the data center, regardless of the arrangement of the doors to the data center.
Splendora should be concerned. This statement is merely a play on words.
Choice "b" is incorrect. It indicates a weakness in Splendora's security. There is nothing necessarily
wrong with generating default passwords as an employee's last name. However, assuming that new
employees will invariably change those passwords as soon as they access the application systems for
the first time is naïve at best. Some employees will change the passwords; others will be too busy (or too
lazy). A change of the default passwords should be required within a very limited period of time after the
passwords are assigned. This requirement is very easy to implement and should definitely be
implemented in this case since there is a need to have tight security.
Choice "c" is incorrect. It indicates a weakness in Splendora's security. A network firewall protects
access to a network and not to an application that runs on the network; an application firewall does that.
There is nothing to indicate that Spendora's firewall does both. In addition, firewalls protect against
intrusion by outsiders and do nothing whatsoever to protect against viruses.
CPA-05182
Type1 M/C
A-D
Corr Ans: B
PM#17
B 4-04
71. CPA-05182 Page 46
Newt Corporation, headquartered in Los Angeles, is a nationwide provider of educational services to
post-graduate students. Due to stringent federal guidelines for the protection of student information, Newt
utilizes various firewalls to protect its network from access by outsiders. Which of the following
statements with respect to firewalls is/are correct?
a. Packet filtering examines packets of data as they pass through the firewall. Packet filtering is the
most complex type of firewall configuration.
b. Circuit level gateways only allow data into a network that result from requests from computers inside
the network.
c. Application level gateways examine data coming into the gateway. They can be used to control
which computers in a network can access the Internet but cannot be used to control which Internet
websites or pages can be viewed once access is allowed.
d. All of the statements are correct.
CPA-05182
Explanation
Choice "b" is correct. Circuit level gateways, not packet filtering, only allow data into a network that result
from requests from computers inside the network by keeping track of requests that are sent out of the
network and only allowing data in that is in response to those requests.
Choice "a" is incorrect. Packet filtering examines packets of data as they pass through the firewall.
Packet filtering is the simplest, not the most complex, type of firewall configuration.
Choice "c" is incorrect. Application level gateways examine data coming into the gateway. They can be
used to control which computers in a network can access the Internet and can be used to control which
Internet websites or pages can be viewed once access is allowed.
Choice "d" is incorrect. Choice "b" is correct.
CPA-05183
Type1 M/C
A-D
Corr Ans: D
PM#18
B 4-04
72. CPA-05183 Page 47
Minnesota Corporation is a company that manufactures and distributes snowmobiles throughout the
northern part of the U.S. and Canada. Minnesota has a data center in Alabama where it runs the
35
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
computer systems that control its business. Minnesota feels that it has excellent security in all aspects of
its operation. Which of the following statements is/are correct?
a. A virus is a piece of computer program that inserts itself into some other program. Virus protection
software can be utilized to protect against viruses. One of the benefits of such software is that it can
be installed and forgotten, allowing security personnel to devote their attention to other areas.
b. A denial-of-service attack is an attack in which one computer bombards another computer with a
flood of information.
c. Phishing is the sending of phony emails to try to convince people to divulge information.
d. Choices "b" and "c" are correct.
CPA-05183
Explanation
Choice "d" is correct, which means that both "b" and "c" are incorrect.
Choice "a" is incorrect. A virus is a piece of computer program that inserts itself into some other program.
Virus protection software can be utilized to protect against viruses. One of the benefits of such software
is definitely not that it can be installed and forgotten. Virus protection software must be continually
updated because new viruses are being continually developed. Security personnel who install and forget
virus protection software will soon be looking for new jobs.
Choice "b" is incorrect. A denial-of-service attack is an attack in which one computer bombards another
computer with a flood of information intended to keep legitimate users from accessing the target computer
or network.
Choice "c" is incorrect. Phishing is the sending of phony emails to try to convince people to divulge
information like account numbers and social security numbers. It is often accomplished by luring people
to authentic-looking but fake websites.
CPA-05184
Type1 M/C
A-D
Corr Ans: D
PM#19
B 4-04
73. CPA-05184 Page 48
Lafayette Company is a corporation that conducts international trade between the U.S. and France. It
operates several computer systems to account for and control its business. As a matter of corporate
policy, it insists that all data entered into its systems pass rigorous data validation tests. Its accounting
systems process their transactions in batch although the transactions themselves are actually entered
and validated online. Which of the following statements with respect to such data validation is correct?
a. Valid code tests are tests where codes entered are checked against valid values in a master file.
Lafayette utilizes valid code tests on the dollar amounts in its transactions since it thinks that such
tests are an effective control on the entry of the dollar amounts in its transactions.
b. Lafayette uses check digits on all numeric fields when the data is initially entered. Lafayette thinks
that check digits on all numeric fields are an effective control on the entry of the numeric fields in
these transactions.
c. Batch totals are used for the account numbers in all batches of transactions as they are entered.
Lafayette thinks that such batch totals are an effective control on the entry of the account numbers in
its transactions.
d. None of the statements is correct.
CPA-05184
Explanation
Choice "d" is correct. None of the statements is correct.
Choice "a" is incorrect. Valid code tests are tests where codes entered are checked against valid values
in a master file. This definition is correct. However, Lafayette is incorrect in thinking that these valid code
tests are an effective control on the entry of the dollar amounts in its transactions. Valid code tests are
effective with fields when the correct values can be identified in advance and set up in the table. How can
that be done with dollar amounts? It really can't.
Choice "b" is incorrect. Lafayette uses check digits on all numeric fields when the data is initially entered.
Lafayette is incorrect in thinking that check digits on all numeric fields are an effective control on the entry
36
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
of its transactions. Check digits can be effective on the entry of some numeric fields such as account
numbers (and can be used with account numbers that are not totally numeric) that must follow a specific
pattern. Check digits are not effective on the entry of dollar amounts since dollar amounts do not follow a
specific pattern.
Choice "c" is incorrect. Batch totals are used with all batches of transactions as they are entered.
Lafayette is correct in thinking that batch totals are an effective control on the entry of its transactions.
Batch totals can be used on dollar amounts even when the transactions are entered online. However,
batch totals are not used on fields such as account numbers. If totals of account numbers (or any other
non-dollar mounts) are used for batches of transactions, they are called hash totals.
CPA-05185
Type1 M/C
A-D
Corr Ans: D
PM#20
B 4-04
74. CPA-05185 Page 50
Kinney Corporation operates parking lots throughout the U.S. and Canada. Its computer systems are run
at a data center in a newly redeveloped area of the South Bronx. On all of its application systems, Kinney
uses program modification control software. Which of the following statements is correct for such
program modification control software?
a. Program modification controls are controls over the modification of programs being used in
production applications.
b. Program modification controls include both controls that attempt to prevent changes by unauthorized
personnel and controls that track program changes so that there is an exact record of what versions
of what programs were running in production at any specific point in time.
c. Program change control software normally includes a software change management tool and a
change request tracking tool.
d. All of the statements are correct.
CPA-05185
Explanation
Choice "d" is correct. All of the statements are correct.
Program modification controls are controls over the modification of programs being used in production
applications.
Program modification controls include both controls that attempt to prevent changes by unauthorized
personnel and also that track program changes so that there is an exact record of what versions of what
programs were running in production at any specific point in time.
Program change control software normally includes a software change management tool and a change
request tracking tool. Program change control often involves changing what are effectively the same
programs in two different ways simultaneously. Normally, an environment has both production programs
and programs that are being tested. Sometimes, production programs require changes (production fixes)
at the same time the test versions of the same programs are being worked on. This process must be
controlled so that one set of changes does not incorrectly overlay the other.
Choices "a", "b", and "c" are incorrect, per the above explanation.
CPA-05186
Type1 M/C
A-D
Corr Ans: D
PM#21
B 4-04
75. CPA-05186 Page 51
Vulnerable Corporation has its data centers in Ft. Lauderdale, Miami, and Galveston. Since each of
these locations is somewhat susceptible to hurricanes, Vulnerable is considering signing a disaster
recovery contract with a disaster recovery service provider. Which of the following statements is/are
correct for disaster recovery?
I.
Vulnerable uses application software packages. The license agreements for the packages invariably
provide the right to make backup copies of the software for disaster recovery purposes.
37
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
II. Standard disaster recovery plans are limited to the restoration of IT processing. However, they may
be extended to the restoration of functions in end user areas.
III. The major emphasis in disaster recovery is normally the restoration of hardware and
telecommunication services.
a.
b.
c.
d.
I and II only are correct.
I and III only are correct.
I, II, and III are correct.
II and III only are correct.
CPA-05186
Explanation
Choice "d" is correct. II and III only are correct.
Statement I is incorrect. Vulnerable uses application software packages. The license agreements for the
packages do not invariably provide the right to make backup copies of the software for disaster recovery
purposes.
Statement II is correct. Standard disaster recovery plans are limited to the restoration of IT processing.
However, the plans may be extended to the restoration of functions in end user areas. Disaster recovery
service providers will do almost anything related to disaster recovery for the right amount of money, as
long as that service is specified (and priced) in the disaster recovery contract. Most disaster recovery
service providers will not provide services that were not specified in the disaster recovery contract. If and
when a disaster occurs, the customer normally gets what the customer has been paying for.
Statement III is correct. The major emphasis in disaster recovery is normally the restoration of hardware
and telecommunication services.
CPA-05240
Type1 M/C
A-D
Corr Ans: D
PM#22
B 4-04
76. CPA-05240 Released 2006 Page 47
Which of the following is a computer program that appears to be legitimate but performs an illicit activity
when it is run?
a.
b.
c.
d.
Redundant verification.
Parallel count.
Web crawler.
Trojan horse.
CPA-05240
Explanation
Choice "d" is correct. A Trojan horse (like the wooden horse in Helen of Troy) is a program that appears
to have a useful function but that contains a hidden and unintended function that presents a security risk
(appears to be legitimate but performs an illicit activity when it is run).
Choice "a" is incorrect. It is unclear what redundant verification is. One possibility if that it means
verifying something twice to make sure that it is done once. This term is probably just made up.
Choice "b" is incorrect. A parallel count appears to be the counting of bits in a parallel fashion. It appears
to have something to do with digital circuits in digital clocks, watches, microwave ovens, VCRs, and the
like. It is not a computer program.
Choice "c" is incorrect. A web crawler (also known as a web spider or web robot) is a program which
browses the web in a methodical, automated manner. Web crawlers are mainly used to create a copy of
visited web pages for later processing by a search engine. Web crawlers can also be used for
automating maintenance tasks on a web site. Web crawlers can also be used to gather specific types of
information from web pages. There is nothing illicit about a web crawler.
CPA-05244
Type1 M/C
A-D
Corr Ans: D
PM#23
B 4-04
77. CPA-05244 Released 2006 Page 48
38
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Which of the following input controls would prevent an incorrect state abbreviation from being accepted
as legitimate data?
a.
b.
c.
d.
Reasonableness test.
Field check.
Digit verification check.
Validity check.
CPA-05244
Explanation
Choice "d" is correct. A validity check (or valid code test) would prevent an incorrect state abbreviation
from being accepted. The state abbreviation codes would be checked against valid values in a master
file. Note the differences in terminology; different words may be used for the same thing. There is often
no "standard" terminology in IT.
Choice "a" is incorrect. A reasonableness test (check) is a data validation check on whether a data value
has a certain relationship with other data values. There is no "relationship" with state abbreviations, at
least in this question. However, as an additional verification, after the state abbreviation was determined
to be a correct value (i.e., TX), the state abbreviation might be checked against the zip code to determine
if the state contained the zip code; if not, one of them would be incorrect. There is no way to tell which
one is incorrect, but at least there would be an indication of some kind of error.
Choice "b" is incorrect. A field check is a data validation check performed on a data element to ensure
that it is of the appropriate data type (alphanumeric, numeric, etc.). Unfortunately, a state abbreviation
may be incorrect even if it is of the correct data type.
Choice "c" is incorrect. It is unclear what a digit verification check actually is. A Google search failed to
turn up anything, as did reference to several of the texts that the examiners have provided as references
in the IT area. Perhaps the examiners are making up good sounding combinations of words for some of
the wrong answers.
CPA-05259
Type1 M/C
A-D
Corr Ans: A
PM#24
B 4-04
78. CPA-05259 Released 2006 Page 48
In which of the following locations should a copy of the accounting system data backup of year-end
information be stored?
a.
b.
c.
d.
Secure off-site location.
Data backup server in the network room.
Fireproof cabinet in the data network room.
Locked file cabinet in the accounting department.
CPA-05259
Explanation
Choice "a" is correct. The accounting system data backup of year-end information should certainly be
stored in some kind of secure off-site location and not in any of the other listed locations.
Choice "b" is incorrect. The accounting system data backup would certainly not be stored (only) on a
data backup server in the network room. What if the server crashed completely and the data could not be
recovered? What if the network room burned down?
Choice "c" is incorrect. The accounting system data backup would certainly not be stored (only) in a
fireproof cabinet in the data network room. The media to store the data might be more than would fit into
a "cabinet" (many large corporations have hundreds of tapes of such data). It is nice that the cabinet is
fireproof, but what about a flood or some other natural disaster?
Choice "d" is incorrect. The accounting system data backup would certainly not be stored (only) in a
locked file cabinet in the accounting department. The accounting department is not immune to fires,
floods, and other natural disasters.
CPA-05307
Type1 M/C
A-D
Corr Ans: C
PM#25
B 4-04
39
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
79. CPA-05307 Released 2006 Page 48
A customer's order was never filled because an order entry clerk transposed the customer identification
number while entering the sales transaction into the system. Which of the following controls would most
likely have detected the transposition?
a.
b.
c.
d.
Sequence test.
Completeness test.
Validity check.
Limit test.
CPA-05307
Explanation
Choice "c" is correct. Of the choices listed, a validity check would most likely have detected a
transposition in a customer identification number. In our text, we called that kind of edit check a valid
code check or a validity check (Glossary). This kind of definition assumes that there is a master file of
customer numbers somewhere to check customer numbers against. Of course, a check against such a
file would not work to detect a transposition error if both the correct and the transposed customer
numbers actually existed and were in the file. Often, a check digit that takes the order of the numbers or
characters in the customer numbers into account can also be used.
Choice "a" is incorrect. It is difficult to determine exactly what a sequence test means in this question. A
Google search did not come up with anything specifically called a sequence test in a data validation
context. Obviously, it could be some kind of test for a "sequence" of numbers, but it certainly would not
work for customer numbers. A validity check would certainly be better.
Choice "b" is incorrect. It is difficult to determine exactly what a completeness test means in this
question. A Google search did not come up with anything specifically called a completeness test in data
validation context. Obviously, it could be some kind of test for "completeness" of the customer numbers
(e.g., are all of the digits there?), but it certainly would not be very effective for customer numbers. A
validity check would certainly be better.
Choice "d" is incorrect. A limit test is a check to determine if a data value is within certain limits. There
might conceivably be a lower limit and an upper limit on customer numbers, but this type of test would not
be worth much in that circumstance. A validity check would certainly be better.
CPA-05311
Type1 M/C
A-D
Corr Ans: C
PM#26
B 4-04
80. CPA-05311 Released 2006 Page 43
Which of the following statements best characterizes the function of a physical access control?
a.
b.
c.
d.
Protects systems from the transmission of Trojan horses.
Provides authentication of users attempting to log into the system.
Separates unauthorized individuals from computer resources.
Minimizes the risk of incurring a power or hardware failure.
CPA-05311
Explanation
Choice "c" is correct. The function of a physical access control is to separate unauthorized individuals
from computer resources. Examples are locks on doors to computer rooms, etc. which limit physical
access to computer resources to people who need such access in the performance of their job
responsibilities.
Choice "a" is incorrect. The function of a physical access control is not to protect systems from the
transmission of Trojan horses. Trojan horses are software, and physical access controls would not have
anything to do with them.
Choice "b" is incorrect. The function of a physical access control is not to provide authentication of users
attempting to log into the system; that would be done by some kind of a security system.
Choice "d" is incorrect. The function of a physical access control is not to minimize the risk of incurring a
power or hardware failure. A physical access control will do nothing to minimize the risk of power or
hardware failures.
40
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-05326
Type1 M/C
A-D
Corr Ans: D
PM#28
B 4-04
81. CPA-05326 Released 2006 Page 44
An auditor was examining a client's network and discovered that the users did not have any password
protection. Which of the following would be the best example of the type of network password the users
should have?
a.
b.
c.
d.
trjunpqs.
34787761.
tr34ju78.
tR34ju78.
CPA-05326
Explanation
Choice "d" is correct. Of the choices listed, the best one is "tR34ju78" because it contains a combination
of small letters, capital letters, and numbers. This password would be the most difficult to "crack."
Choice "a" is incorrect. "trjunpgs" is not the best password because it is all small letters and not a
combination of small letters, capital letters, and numbers.
Choice "b" is incorrect. "34787761" is not the best password because it is all numbers and not a
combination of small letters, capital letters, and numbers.
Choice "c" is incorrect. "tr34ju78" is not the best password because it is just small letters and numbers
and not a combination of small letters, capital letters, and numbers.
CPA-05558
Type1 M/C
A-D
Corr Ans: B
PM#28
B 4-04
82. CPA-05558 Released 2007 Page 45
Which of the following is an electronic device that separates or isolates a network segment from the main
network while maintaining the connection between networks?
a.
b.
c.
d.
Query program.
Firewall.
Image browser.
Keyword.
CPA-05558
Explanation
Choice "b" is correct. A firewall is an "electronic device" (a firewall may actually be both hardware and
software and not just hardware) that prevents unauthorized users from gaining access to network
resources. A firewall isolates a private network of some type from a public network (or a network
segment from the main network). It also maintains a (controlled) connection between those two
networks.
Choice "a" is incorrect. A query program has nothing to do with connecting networks or with separating or
isolating a network segment from the main network. A query program is a program that allows a user to
obtain information from a database or other data source.
Choice "c" is incorrect. An image browser is a program that displays a stored graphical image. It has
nothing to do with connecting networks or with separating or isolating a network segment from the main
network. An image browser is used to display information from a database or other data source.
Choice "d" is incorrect. In computer programming, a keyword is a word or identifier that has a particular
meaning to the programming language being used. For example, some people have seen things like
(IF…THEN) in some basic programming languages (FORTRAN, COBOL, Visual Basic, and many
others). Both IF and THEN are keywords, and they cannot be used in that language out of their specified
context. Alternatively, in a search, a keyword is a word that is used to find information somewhere that
contains that word. Either way, however, a keyword has nothing to do with connecting networks or with
separating or isolating a network segment from the main network.
41
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-05571
Type1 M/C
A-D
Corr Ans: C
PM#29
B 4-04
83. CPA-05571 Released 2007 Page 51
To prevent interrupted information systems operation, which of the following controls are typically
included in an organization's disaster recovery plan?
a.
b.
c.
d.
Backup and data transmission controls.
Data input and downtime controls.
Backup and downtime controls.
Disaster recovery and data processing controls.
CPA-05571
Explanation
Choice "c" is correct. It is difficult at best to figure out what the word "controls" is doing in any of these
choices in a disaster recovery question. So let's just ignore it; it really does not make any difference to
the answer. In addition, and more importantly, we have to make sure that we note the word
"uninterrupted" in the question. We have to assume that the disaster recovery being referenced here is
more stringent than either the hot site recovery or cold site recovery discussed in the text (i.e., the ability
to recover from a disaster instantaneously with absolutely no downtime of any kind). This type of disaster
recovery would normally be some kind of "mirror" facility, where two identical processing facilities are
maintained at different geographical locations and all transactions are processed simultaneously at both
facilities, and where either facility can take over instantaneously for the other if one is lost. This kind of
disaster recovery is normally quite expensive, but it is sometimes worth it in some businesses. Downtime
(or the complete lack thereof) is a key factor in the disaster recovery plan. Backup is always essential in
any disaster recovery plan. Choice "c" is the only choice with both downtime and backup.
Choice "a" is incorrect. Backup is always essential in any disaster recovery plan. These days, data
transmission is an integral part of normal processing and of disaster recovery, and data transmission
would definitely be important in any disaster recovery plan (normal data transmission has to be reestablished at the disaster recovery facility, and this sometimes is one of the more difficult things to do).
However, this choice does not include the word "downtime" and this choice is thus not as good as choice
"c" because it does not address the "uninterrupted" factor.
Choice "b" is incorrect. Data input controls (and here the word does have meaning) have little to do with
disaster recovery. Data input controls are an essential part of normal processing, and the normal controls
would be available in the recovered applications once they are recovered. Downtime is addressed in this
choice, but the inclusion of the data input controls makes this choice not as good as choice "c".
Choice "d" is incorrect. It is difficult to determine what this choice even means, with or without the word
"controls." It is, thus, not as good as choice "c".
CPA-05584
Type1 M/C
A-D
Corr Ans: B
PM#30
B 4-04
84. CPA-05584 Released 2007 Page 51
Which of the following configurations of elements represents the most complete disaster recovery plan?
a. Vendor contract for alternate processing site, backup procedures, names of persons on the disaster
recovery team.
b. Alternate processing site, backup and off-site storage procedures, identification of critical
applications, test of the plan.
c. Off-site storage procedures, identification of critical applications, test of the plan.
d. Vendor contract for alternate processing site, names of persons on the disaster recovery team, offsite storage procedures.
CPA-05584
Explanation
Choice "b" is correct. All of the factors listed in the various choices are important for disaster recovery,
but this question asks for the "most complete" disaster recovery plan. Any disaster plan must include an
alternate processing site (of some kind), backup (of some kind) of programs and data, and a test of the
plan. Normally, there must be some identification of critical applications; although, it is certainly possible
42
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
in certain situations for "all" applications to be considered critical. This choice contains all of the required
factors and is, thus, the best choice.
Choice "a" is incorrect. A vendor contract for an alternate processing site is normally included in a
disaster recovery plan; however, it is possible for an organization to use its own facilities so that an
outside vendor is not necessary. The names of persons on the disaster recovery team are not essential;
the individuals involved could be identified by position and not by name. Also, testing of the plan must be
included in the disaster recovery plan, and it is not in this choice.
Choice "c" is incorrect. A disaster recovery plan has to include some sort of alternate processing site,
and this choice does not include that factor. In addition, backup is missing. Offsite storage tends to imply
backup (since there has to be something to store offsite), but backup is not specifically included. So this
choice is thus not as good as choice "b".
Choice "d" is incorrect. An alternate processing site, backup, and testing are not included in this choice.
Electronic Business
CPA-03652
Type1 M/C
85. CPA-03652 4D.C02 - 7
A-D
Corr Ans: A
PM#3
B 4-05
Page 57
Management accountants often access the website for the Institute of Management Accountants and
order publications from that organization. As part of that process, they provide their name and address
and a password establishing their identity and provide credit or debit card information to pay for goods
purchased. Use of the Internet to effect purchases of this type is called:
a.
b.
c.
d.
E-Commerce.
Electronic Data Interchange (EDI).
E-Mail.
Enterprise Resource Planning (ERP).
CPA-03652
Explanation
Choice "a" is correct. Ordering goods or services over the Internet from a corporate website is an
example of e-commerce.
Choice "b" is incorrect. Electronic Data Interchange (EDI) typically occurs between parties with a
previous relationship normally over a privately owned value added network, not the Internet. However,
use of the Internet for EDI is becoming more common.
Choice "c" is incorrect. E-mail is a form of electronic communication not necessarily a medium in which to
transact exchange transactions.
Choice "d" is incorrect.
CPA-03654
Type1 M/C
86. CPA-03654 4D.C02 - 8
A-D
Corr Ans: C
PM#4
B 4-05
Page 57
Transactions between businesses are frequently handled through electronic media. Business to business
transactions, often called B2B transactions, typically happen:
a.
b.
c.
d.
Only through pre-established Electronic Data Interchange (EDI) protocols.
Only through Internet sites.
Through Internet, EDI, intranets or extranets.
E-mail verified by certified postal delivery.
CPA-03654
Explanation
Choice "c" is correct. Business to business (B2B) transactions typically occur through any number of
different networks including the Internet, private corporate intranets, extranets, or Electronic Data
Interchange (EDI) arrangements.
43
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "a" is incorrect. B2B is not required to take place only through a single network such a private
Value Added Network (VAN) established to effect Electronic Data Interchange (EDI).
Choice "b" is incorrect. B2B is not required to take place only through a single network such as an
intranet.
Choice "d" is incorrect. Confirmation of business transactions typically occurs online and does not require
or generally even use hard copy confirmations mailed through the United States Postal Service.
CPA-03658
Type1 M/C
87. CPA-03658 4D.C02 - 9
A-D
Corr Ans: B
PM#5
B 4-05
Page 54
The communications network typically used to effect Electronic Data Interchange (EDI) between
businesses is:
a.
b.
c.
d.
The Internet.
A Value Added Network (VAN).
A corporate intranet.
An extranet.
CPA-03658
Explanation
Choice "b" is correct. Electronic Data Interchange (EDI) is usually effected through a Value Added
Network (VAN). However it can be effected through the Internet.
Choice "a" is incorrect. Electronic Data Interchange (EDI) is usually effected through a Value Added
Network (VAN), not the Internet. However, EDI may be effected through the Internet.
Choice "c" is incorrect. Electronic Data Interchange (EDI) is usually effected through a Value Added
Network (VAN), not a private corporate intranet.
Choice "d" is incorrect. Electronic Data Interchange (EDI) is usually effected through a Value Added
Network (VAN), not an extranet.
CPA-03661
Type1 M/C
88. CPA-03661 4D.C02 - 10
A-D
Corr Ans: C
PM#6
B 4-05
Page 34
Online transaction processing (OLTP) systems play a strategic role in electronic commerce. One of the
key features of OLTP systems is:
a.
b.
c.
d.
Selection of products from previously distributed catalogues.
Postal confirmation of transactions within three days of execution.
Immediate real time processing of transactions.
Inspection of other consumer purchases as a basis for recommendations.
CPA-03661
Explanation
Choice "c" is correct. Online transaction processing (OLTP) systems generally require immediate real
time processing of transactions including exchange of consideration by the buyer.
Choice "a" is incorrect. OLTP does not require use of hard copy catalogues. Available goods are
generally displayed online.
Choice "b" is incorrect. OLTP generally does not require postal confirmation of transactions.
Confirmations are often provided at the time of execution of the transaction.
Choice "d" is incorrect. Inspection of other consumer purchases is inappropriate. Typically OLTP
provides specific security measures to ensure that the buyer cannot view what others buy and others
cannot view what they buy.
CPA-03672
Type1 M/C
A-D
Corr Ans: C
PM#8
B 4-05
44
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
89. CPA-03672 4D.C02 - 19
Page 60
After a B2B transaction occurs, the area of management that is concerned with what goods were ordered,
when and where the goods were to be delivered, and what the amount paid is:
a.
b.
c.
d.
The Database Management group.
The Management Information System group.
The Supply Chain Management group.
The Business Information Systems group.
CPA-03672
Explanation
Choice "c" is correct. Supply Chain Management (SCM) is concerned with four important characteristics
for every sale: what, when and where the goods were delivered and how much the goods cost.
CPA-03675
Type1 M/C
90. CPA-03675 Au R02 #7
A-D
Corr Ans: A
PM#9
B 4-05
Page 54
Which of the following characteristics distinguishes electronic data interchange (EDI) from other forms of
electronic commerce?
a.
b.
c.
d.
EDI transactions are formatted using standards that are uniform worldwide.
EDI transactions need not comply with generally accepted accounting principles.
EDI transactions ordinarily are processed without the Internet.
EDI transactions are usually recorded without security and privacy concerns.
CPA-03675
Explanation
Choice "a" is correct. EDI requires that all transactions be submitted in standard (by industry) data
format. However, there are at least two sets of standards in different parts of the world. So this question
is actually incorrect in that none of the answers are really correct. This choice is just better than the
others.
Choice "b" is incorrect. Use of EDI does not reduce the need to comply with GAAP in recording
transactions.
Choice "c" is incorrect. EDI is a computer-to-computer exchange of business data that often involves use
of the Internet.
Choice "d" is incorrect. The greatest risk regarding the use of EDI is the improper distribution of EDI
transactions, so security and privacy concerns are of great importance.
CPA-03678
Type1 M/C
91. CPA-03678 Au R02 #18
A-D
Corr Ans: A
PM#10
B 4-05
Page 54
In building an electronic data interchange (EDI) system, what process is used to determine which
elements in the entity's computer system correspond to the standard data elements?
a.
b.
c.
d.
Mapping.
Translation.
Encryption.
Decoding.
CPA-03678
Explanation
Choice "a" is correct. Mapping is the process of determining the correspondence between elements in a
company's terminology and elements in standard EDI terminology. Once the mapping has been
completed, translation software can be developed to convert transactions from one format to the other.
Choice "b" is incorrect. Translation is the conversion of data from one format to another, such as from
EDI format to an internal company format.
Choice "c" is incorrect. Encryption is the encoding of data for security purposes.
45
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "d" is incorrect. Decoding is the process used by the recipient of encoded information, whereby a
"key" is used to decipher the message.
CPA-03682
Type1 M/C
92. CPA-03682 Au R99 #8
A-D
Corr Ans: C
PM#11
B 4-05
Page 63
Which of the following is usually a benefit of using electronic funds transfer for international cash
transactions?
a.
b.
c.
d.
Improvement of the audit trail for cash receipts and disbursements.
Creation of self-monitoring access controls.
Reduction of the frequency of data entry errors.
Off-site storage of source documents for cash transactions.
CPA-03682
Explanation
Choice "c" is correct. Use of electronic funds transfer for any funds transfer reduces the need for manual
data entry, thus reducing the occurrence of data entry errors.
Choice "a" is incorrect. Use of electronic funds transfer is likely to result in a reduction of the paper audit
trail surrounding cash receipts and disbursements.
Choice "b" is incorrect. Use of electronic funds transfer creates a need for more stringent access
controls.
Choice "d" is incorrect. Use of electronic funds transfer does not affect company policy regarding storage
of source documents (e.g., an accounts payable invoice) for cash transactions.
CPA-03686
Type1 M/C
93. CPA-03686 Au R99 #12
A-D
Corr Ans: B
PM#12
B 4-05
Page 54
Which of the following statements is correct concerning the security of messages in an electronic data
interchange (EDI) system?
a. When the confidentiality of data is the primary risk, message authentication is the preferred control
rather than encryption.
b. Encryption performed by physically secure hardware devices is more secure than encryption
performed by software.
c. Message authentication in EDI systems performs the same function as segregation of duties in other
information systems.
d. Security at the transaction phase in EDI systems is not necessary because problems at that level will
usually be identified by the service provider.
CPA-03686
Explanation
Choice "b" is correct. Encryption performed by physically secure hardware is more secure than that
performed by software because software may be more accessible from remote locations. In addition,
because hardware decrypts faster than software, more complex algorithms (which are more difficult to
"crack") may be used.
Choice "a" is incorrect. If data confidentiality is a primary concern, encryption would be more important
than verifying message authenticity.
Choice "c" is incorrect. Message authentication in EDI systems ensures that only authorized trading
partners are submitting transactions, whereas controls related to the segregation of (many system) duties
are designed to prevent any one person from having the ability to both perpetrate and conceal fraudulent
activities.
CPA-03693
Type1 M/C
94. CPA-03693 Au R98 #9
A-D
Corr Ans: C
PM#13
B 4-05
Page 54
46
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Which of the following represents an additional cost of transmitting business transactions by means of
electronic data interchange (EDI) rather than in a traditional paper environment?
a. Redundant data checks are needed to verify that individual EDI transactions are not recorded twice.
b. Internal audit work is needed because the potential for random data entry errors is increased.
c. Translation software is needed to convert transactions from the entity's internal format to a standard
EDI format.
d. More supervisory personnel are needed because the amount of data is greater in an EDI system.
CPA-03693
Explanation
Choice "c" is correct. Translation software is a required component in an EDI environment, and it
represents an additional cost not incurred in the traditional paper environment.
Choice "a" is incorrect. Redundant data checks to verify that transactions are not recorded twice may be
used in an EDI environment (especially if a VAN is used), but they are not specifically required.
Choices "b" and "d" are incorrect. In an EDI environment, communication between trading partners is
automated. Because the receiving company no longer has to manually input transaction data into its own
internal computer system, data entry labor and the potential for errors are both reduced.
CPA-03696
Type1 M/C
95. CPA-03696 Au R98 #10
A-D
Corr Ans: A
PM#14
B 4-05
Page 54
Many entities use the Internet as a network to transmit electronic data interchange (EDI) transactions. An
advantage of using the Internet for electronic commerce rather than a traditional value-added network
(VAN) is that the Internet:
a.
b.
c.
d.
Permits EDI transactions to be sent to trading partners as transactions occur.
Automatically batches EDI transactions to multiple trading partners.
Possesses superior characteristics regarding disaster recovery.
Converts EDI transactions to a standard format without translation software.
CPA-03696
Explanation
Choice "a" is correct. The Internet permits EDI transactions to be sent to trading partners as transactions
occur, rather than batching them periodically (as with a VAN).
Choice "b" is incorrect. A VAN batches transactions to multiple trading partners, whereas transactions
over the Internet are sent to each trading partner as they occur.
Choice "c" is incorrect. A VAN is superior to the Internet in terms of disaster recovery because the
additional service provided by VANs often includes the archiving of data. Records of EDI transactions
may be kept for months or years, which can aid in the disaster recovery process.
Choice "d" is incorrect. Regardless of the method of transport used, translation software is still needed in
an EDI environment.
CPA-03698
Type1 M/C
96. CPA-03698 Au R98 #27
A-D
Corr Ans: D
PM#15
B 4-05
Page 54
Which of the following characteristics distinguishes electronic data interchange (EDI) from other forms of
electronic commerce?
a. The cost of sending EDI transactions using a value-added network (VAN) is less than the cost of
using the Internet.
b. Software maintenance contracts are unnecessary because translation software for EDI transactions
need not be updated.
c. EDI commerce is ordinarily conducted without establishing legally binding contracts between trading
partners.
d. EDI transactions are formatted using strict standards that have been agreed to worldwide.
47
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-03698
Explanation
Choice "d" is correct. Electronic data interchange (EDI) (intercompany exchange of computer-processible
business information) requires strict adherence to a standard data format. Translation software is
required to convert internal company data to this format.
Choice "a" is incorrect. EDI can be accomplished using direct links between the trading partners, through
communication intermediaries (called "service bureaus"), through value added networks (VANs), or over
the Internet. Internet-based communication is the least expensive communications method.
Choice "b" is incorrect. Translation software is required in order to achieve the specified data format.
Like all software, translation software will need to be updated as requirements change in order to follow
changing conditions.
Choice "c" is incorrect. EDI is always accompanied by contracts, which specify the types of data to be
exchanged, the rules governing transaction processing, and data and file security standards.
CPA-04800
Type1 M/C
A-D
Corr Ans: C
PM#16
B 4-05
97. CPA-04800 2005 Released Page 57
Which of the following statements is correct concerning the security of messages in an electronic data
interchange (EDI) system?
a. Removable drives that can be locked up at night provide adequate security when the confidentiality of
data is the primary risk.
b. Message authentication in EDI systems performs the same function as segregation of duties in other
information systems.
c. Encryption performed by a physically secure hardware device is more secure than encryption
performed by software.
d. Security at the transaction phase in EDI systems is not necessary because problems at that level will
be identified by the service provider.
CPA-04800
Explanation
Choice "c" is correct. Encryption performed by a physically secure hardware device is more secure than
encryption performed by software. In this question, the hardware is stated to be physically secure. It is
possible in a networked environment (implied because of EDI) for software to be compromised in some
manner and thus for the encryption to be interfered with if it accomplished by software.
Choice "a" is incorrect and has almost got to be a joke. Removable disk drives are not going to help in
EDI system security.
Choice "b" is incorrect. It says message authentication performs the same function as segregation of
duties. All message authentication does is say that the message is received. It really has nothing to do
with segregation of duties. Besides, what is segregation of duties "in other information systems?" This
choice is just putting good sounding words together; however, the end result is not particularly
meaningful.
Choice "d" says that the service provider will provide transaction security. That would come as a real
surprise to most service providers. EDI service providers are responsible for network security but not for
transaction security.
CPA-05188
Type1 M/C
A-D
Corr Ans: C
PM#17
B 4-05
98. CPA-05188 Page 62
Detroit Services Corporation provides services to various companies in the automotive industry. Detroit
uses a CRM system. Which of the following statements is correct with respect to CRM systems?
a. CRM systems provide sales force automation and customer services.
b. The objectives of CRM systems are to increase customer satisfaction and customer revenue.
48
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
c. Both statements are correct.
d. Neither statement is correct.
CPA-05188
Explanation
Choice "c" is correct. Both statements are correct.
CRM systems provide sales force automation and customer services. CRM systems record and manage
customer contacts, manage salespeople, forecast sales and sales targets and goals, manage sales leads
and potential sales leads, provide and manage online quotes and product specifications and pricing, and
analyze sales data. This statement is correct.
The objectives of CRM systems are to increase customer satisfaction and customer revenue. This
statement is correct.
Choice "d" is incorrect. Both statements are correct.
CPA-05260
Type1 M/C
A-D
Corr Ans: B
PM#18
B 4-05
99. CPA-05260 Released 2006 Page 54
A manufacturing company that wanted to be able to place material orders more efficiently most likely
would utilize which of the following?
a.
b.
c.
d.
Electronic check presentment.
Electronic data interchange.
Automated clearinghouse.
Electronic funds transfer.
CPA-05260
Explanation
Choice "b" is correct. A manufacturing company that wanted to be able to "place" material orders more
efficiently would utilize EDI for placing those orders and probably also for other "paperwork" between the
company and its vendors.
Choice "a" is incorrect. Electronic check presentment, whatever that is, would be used for making
payments and would not do anything with regard to the placing of orders.
Choice "c" is incorrect. An automated clearinghouse presumably has to do with the automated clearing of
checks and other payments. Again, it would be used for making payments and would not do anything
with regard to the placing of orders.
Choice "d" is incorrect. Electronic funds transfer would again be used for making payments and would
not do anything with regard to the placing of orders.
CPA-05557
Type1 M/C
100. CPA-05557
A-D
Corr Ans: B
PM#19
B 4-05
Released 2007 Page 54
Which of the following is usually a benefit of transmitting transactions in an electronic data interchange
(EDI) environment?
a.
b.
c.
d.
Elimination of the need to continuously update antivirus software.
Assurance of the thoroughness of transaction data because of standardized controls.
Automatic protection of information that has electronically left the entity.
Elimination of the need to verify the receipt of goods before making payment.
CPA-05557
Explanation
Choice "b" is correct. One of the benefits of EDI is that transactions are transmitted in a standardized
manner with the same controls at all times because the transmission is done by an application system
instead of by a person (unless the application controls are changed in some manner). What the word
"thoroughness" might mean is unclear. It might mean that all (as opposed to just some) transactions are
49
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
transmitted or it might mean something else. It's hard to tell, but that does not keep us from answering the
question correctly. The other choices are certainly incorrect.
Choice "a" is incorrect. EDI does not have anything to do with antivirus software. It certainly does not
eliminate the need to update antivirus software continuously; that need is still there. Virus software
(actually the virus definitions, not necessarily the software itself) needs to be updated regularly; most antivirus software vendors provide updated virus definitions on at least a weekly basis.
Choice "c" is incorrect. EDI has nothing to do with the automatic protection of information that has left the
entity, electronically or in any other manner. Once data or information has left the entity, the entity can do
nothing more to protect it. Any protection (such as encryption) would have to have been applied to the
data or information before that data or information left the entity.
Choice "d" is incorrect. EDI does not have anything to do with the need to verify receipt of goods before
making payment. Purchased goods should normally be received before payment is made (unless some
kind of advance payment is being made). Once goods are received or payment is authorized by another
means, the payment can be made, with manually or by EDI, as appropriate.
Many of the released IT questions are not some of the best examples of questions we have received
(maybe that is one reason why they were released). This question is a perfect example of that kind of
problem. The majority of the incorrect choices for a good question should have at least a chance of being
correct and thus a chance of being selected by a candidate without the requisite knowledge; in this
question, the incorrect choices are not even close and the correct answer can be obtained by a candidate
with only the very slightest idea of what EDI is. However, remember that points can be obtained even for
poorly-written questions, and points on all questions count the same.
CPA-05596
Type1 M/C
101. CPA-05596
A-D
Corr Ans: C
PM#20
B 4-05
Released 2007 Page 64
Which of the following allows customers to pay for goods or services from a web site while maintaining
financial privacy?
a.
b.
c.
d.
Credit card.
Site draft.
E-cash.
Electronic check.
CPA-05596
Explanation
Choice "c" is correct. Electronic payment systems are discussed in the B4 Technical Addendum; they are
not discussed in the main text. E-cash is currency in an electronic form that moves outside the normal
channels of money. It maintains financial privacy just like real cash does.
Choice "a" is incorrect. A credit card cannot be used to pay for goods or services while maintaining
(complete) financial privacy. While a particular site may be very secure, the mere fact of presenting the
credit card does not maintain financial privacy.
Choice "b" is incorrect. A "site draft" (which is actually a "sight draft" which means that it can be seen) is
a draft (see R6 Commercial Paper); it is a negotiable instrument that is payable on demand. It does not
maintain (complete) financial privacy any more than a check does.
Choice "d" is incorrect. An electronic check does not maintain financial privacy any more than a paper
check does.
Supplemental Questions
CPA-03720
Type1 M/C
102. CPA-03720
A-D
D94 - 1.13
Corr Ans: C
PM#1
B 4-99
Page 7
Which one of the following systems best characterizes a decision support system (DSS)?
50
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
a.
b.
c.
d.
Transaction processing system (TPS).
Database management system (DBMS).
Interactive system.
Computer-integrated manufacturing system (CIM).
CPA-03720
Explanation
Choice "c" is correct. Decision support systems are interactive.
Choice "a" is incorrect. DSS are not transaction-based.
Choice "b" is incorrect. DSS use database management systems as tools, but these are not the main
thrusts of a DSS.
Choice "d" is incorrect. DSS are for decision-making, not manufacturing.
CPA-03723
Type1 M/C
103. CPA-03723
A-D
BEC C03 #11
Corr Ans: A
PM#2
B 4-99
Page 31
The Internet can be defined as:
a.
b.
c.
d.
An international network of computers that are all linked together.
A network controlled and managed by an international committee.
A network controlled and managed by the United States government.
An international network of computers used primarily for selling retail goods.
CPA-03723
Explanation
Choice "a" is correct. The Internet is composed of hundreds of thousands, if not millions, of
interconnected business, government, military, and education networks from all around the world that all
can communicate with one another. It is a true international network of computers that are linked
together.
Choice "b" is incorrect. There is no international committee that controls the Internet.
Choice "c" is incorrect. The United States government does not control the Internet.
Choice "d" is incorrect. The Internet is used for much more than retail purchases; it is used for
educational, governmental, and many other types of informational purposes.
CPA-03729
Type1 M/C
104. CPA-03729
A-D
4D.C02 - 27
Corr Ans: A
PM#3
B 4-99
Page 23
Which of the following statements concerning data mining is(are) correct?
I.
Data mining is the analysis of data in a data warehouse performed in order to attempt to discover
hidden patterns and trends in business.
II. Data mining assists managers in making business decisions and strategic planning.
III. Although it will take a little longer without a computer, a manager would be able to perform data
mining analysis manually.
a.
b.
c.
d.
I and II.
I and III.
II and III.
I, II, and III.
CPA-03729
Explanation
Choice "a" is correct. Statements I and II are correct.
Statement I: A major use of data warehouse databases is data mining. Data mining is the analysis of
data in a data warehouse in order to attempt to discover hidden patterns and trends in historical business
activities.
51
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Statement II: Data mining would help mangers understand the changes that are occurring in a business
and would also assist in making strategic business decisions in order to attempt to get a competitive
advantage in the marketplace.
Statement III is a false statement. Data mining is used to sift through inordinate amounts of data,
sometimes several terabytes of information. (One terabyte is equal to one trillion bytes or one thousand
gigabytes.) Without the use of a computer, a person would never be able to analyze this much data and
uncover trends using algorithms and other mathematical and statistical procedures.
Choices "b", "c", and "d" are incorrect, per the above explanation.
CPA-03731
Type1 M/C
105. CPA-03731
A-D
Au Nov 95 #3
Corr Ans: B
PM#4
B 4-99
Page 39
Able Co. uses an online sales order processing system to process its sales transactions. Able's sales
data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely
would be a:
a.
b.
c.
d.
Report of all missing sales invoices.
File of all rejected sales transactions.
Printout of all user code numbers and passwords.
List of all voided shipping documents.
CPA-03731
Explanation
Choice "b" is correct. Edit checks are designed to ensure that invalid inputs are rejected. A list of
rejected transactions would be produced to allow the correction and re-submission of such transactions.
Choice "a" is incorrect. An order processing system would not be aware of which sales invoices are
missing or have been lost.
Choice "c" is incorrect. A report containing user code numbers and passwords would not be generated
by an edit check.
Choice "d" is incorrect. The existence of voided shipping documents would not be something that an edit
check on sales transactions would detect.
CPA-03733
Type1 M/C
106. CPA-03733
A-D
Corr Ans: A
PM#5
B 4-99
Au May 93 #16 Page 39
Mill Co. uses a batch processing method to process its sales transactions. Data on Mill's sales
transaction tape are electronically sorted by customer number and are subjected to programmed edit
checks in preparing its invoices, sales journals, and updated customer account balances. One of the
direct outputs of the creation of this tape most likely would be a:
a.
b.
c.
d.
Report showing exceptions and control totals.
Printout of the updated inventory records.
Report showing overdue accounts receivable.
Printout of the sales price master file.
CPA-03733
Explanation
Choice "a" is correct. In a batch processing system, one of the input controls would be a report showing
exceptions and a control total for all invoices processed in each batch.
Choice "b" is incorrect. There would be no printout of the updated inventory records because the batch
has not been processed and the inventory records are not updated when the tape is created.
Choice "c" is incorrect. When the tape is created, the batch has not been processed, so sales have not
been posted to the accounts receivable ledger. There would be no report showing overdue accounts
receivable.
52
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "d" is incorrect. The sales price master file is not a direct output of the tape.
CPA-03738
Type1 M/C
107. CPA-03738
A-D
Au R99 #9
Corr Ans: A
PM#6
B 4-99
Page 54
Which of the following is usually a benefit of transmitting transactions in an electronic data interchange
(EDI) environment?
a.
b.
c.
d.
A compressed business cycle with lower year-end receivables balances.
A reduced need for an auditor to test computer controls related to sales and collections transactions.
An increased opportunity to apply statistical sampling techniques to account balances.
No need to rely on third-party service providers to ensure security.
CPA-03738
Explanation
Choice "a" is correct. Because EDI speeds transaction processing, the business cycle is generally
shortened and year-end receivable balances are reduced.
Choice "b" is incorrect. An EDI environment requires greater testing of computer controls.
Choice "c" is incorrect. An EDI environment does not affect the ability to apply statistical sampling
techniques to account balances.
Choice "d" is incorrect. EDI is often implemented through communication intermediaries, requiring
reliance on those providers for provision of appropriate security measures.
CPA-03741
Type1 M/C
108. CPA-03741
A-D
D94 - 1.17
Corr Ans: C
PM#7
B 4-99
Page 54
A system that permits suppliers and buyers to have indirect access to portions of each other's databases,
including inventory data, to enhance service and deliveries is:
a.
b.
c.
d.
Electronic mail.
Interactive processing.
Electronic data interchange.
Distributed processing.
CPA-03741
Explanation
Choice "c" is correct. Electronic data interchange (EDI) permits suppliers and buyers to have indirect
access to portions of each other's databases, including inventory data, to enhance service and deliveries.
Developed to enhance inventory management, EDI allows the transmission of electronic documents
between computer systems in different organizations.
Choice "a" is incorrect. Electronic mail allows the transfer, receipt, and storage of "messages" between
computer users.
Choice "b" is incorrect. Interactive processing allows "end users" to access a database and to "process"
data.
Choice "d" is incorrect. Distributed processing involves a network of computers located throughout an
organization's different facilities to fulfill information processing needs.
CPA-04806
Type1 M/C
109. CPA-04806
A-D
Corr Ans: D
PM#8
B 4-99
2005 Released Page 67
Which of the following activities would most likely detect computer-related fraud?
a.
b.
c.
d.
Using data encryption.
Performing validity checks.
Conducting fraud-awareness training.
Reviewing the systems-access log.
53
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
CPA-04806
Explanation
Choice "d" is correct. The question addresses computer-related fraud. Most of the time, computerrelated fraud has something to do with an unauthorized access to systems and/or data. Of the choices
available, review of system access logs is the best choice. System access logs are electronic lists of who
has accessed or has attempted to access systems or parts of systems or data or subsets of data.
Choice "a" is incorrect. Data encryption might keep intercepted data from being understood, but it will do
absolutely nothing to detect fraud.
Choice "b" is incorrect. Validity checks might prevent erroneous data from being entered into a system,
but they will do absolutely nothing to detect fraud.
Choice "c" is incorrect. If fraud-awareness training means training employees on how better to spot fraud,
it might have some value; however, even then, choice "d" would be the best choice to answer his
question.
CPA-04807
Type1 M/C
110. CPA-04807
A-D
Corr Ans: D
PM#9
B 4-99
2005 Released Page 67
The computer operating system performs scheduling, resource allocation, and data retrieval functions
based on a set of instructions provided by the:
a.
b.
c.
d.
Multiplexer.
Peripheral processors.
Concentrator.
Job control language.
CPA-04807
Explanation
Choice "d" is correct. Even if we do not know what Job Control Language (JCL) is, we can get the right
answer by the process of elimination if we have some kind of idea as to what the other choices are.
Multiplexers, peripheral processors, and concentrators all are hardware that something to do with
telecommunications. Job Control Language is the "odd man out." Finally, the word "language" implies
some kind of software (just like any other programming language), while the other choices sound like
hardware. Again, "odd man out."
Job Control Language is something associated with IBM mainframes, specifically batch processing
applications. Job Control Language, which can be almost as complex as any programming language, is
used to "interface" between the jobs that are to be run and the operating system. Jobs normally consist
of multiple programs to be run, and the Job Control Language controls the running of the jobs and
programs. It also allows the programs to be written somewhat generically, and the Job Control Language
makes the translation, for example, from the generic file names used in the programs (INPUTFILE) and
the specific files names (ACCOUNTSRECEIVABLEMASTER) and version names that are actually to be
used when the job is run.
This question is a little weak because it relates to a specific computing environment (i.e., IBM
mainframes). Even today’s best "techie" who has never worked in an IBM mainframe environment might
not know what Job Control Language is (other computing environments sometimes have the same kind of
job control software, but it has a different name). But, even then, it is quite possible to figure out the
correct answer by a process of elimination and a little word analysis. You don’t always have to know
everything to get the right answer!
Choices "a", "b", and "c" are incorrect because these are all hardware that have nothing to do with the
computer operating system.
CPA-04821
Type1 M/C
A-D
Corr Ans: A
PM#10
B 4-99
54
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
111. CPA-04821
2005 Released Page 67
What is a major disadvantage to using a private key to encrypt data?
a.
b.
c.
d.
Both sender and receiver must have the private key before this encryption method will work.
The private key cannot be broken into fragments and distributed to the receiver.
The private key is used by the sender for encryption but not by the receiver for decryption.
The private key is used by the receiver for decryption but not by the sender for encryption.
CPA-04821
Explanation
Choice "a" is correct. The wording of the question is a little suspect because the "using a private key"
should be written more clearly as "using private key encryption," which distinguishes it from public key
encryption (public key encryption includes the use of private and public keys). Changing the wording of
the question is really the only way that the released answer can be correct. In private key encryption,
both parties must have the private key, and that is a major disadvantage of private key encryption. If the
private key has to be sent, it should be sent separately from the message; otherwise, nothing much has
been accomplished.
Choice "b" is incorrect. The private key in private key encryption has to be transmitted to the receiver in
some manner. Breaking the private key into fragments is a way to attempt to keep the private key as
secure as possible.
Choice "c" is incorrect. In private key encryption, both the sender and the receiver have to have the
private key.
Choice "d" is incorrect. In private key encryption, both the sender and the receiver have to have the
private key.
CPA-05324
Type1 M/C
112. CPA-05324
A-D
Corr Ans: A
PM#11
B 4-99
Released 2006 Page 67
An organization relied heavily on e-commerce for its transactions. Evidence of the organization's security
awareness manual would be an example of which of the following types of controls?
a.
b.
c.
d.
Preventative.
Detective.
Corrective.
Compliance.
CPA-05324
Explanation
Note: It is very much unclear what the word "manual" means in this question. For that reason, the
question will be answered ignoring the word. Possibly it means that the organization's security
awareness is documented in some manual. Also, "preventative" controls in Choice "a" should probably
be "preventive" controls. Even Google did not like the word "preventative." We did, however, use the
word "preventative" in the Glossary, so we will stick with that spelling.
Choice "a" is correct. Preventative controls are controls that are designed to prevent potential problems
from occurring. An organization that relied heavily on e-commerce would probably want as many
preventative controls as possible because it might be difficult or impossible to correct errors after the fact.
This question is more an Audit question than an IT question, even though preventative controls, detective
controls, and corrective controls are all defined in the Glossary of the BEC text.
Choice "b" is incorrect. An organization that relied heavily on e-commerce would probably want as many
preventative controls as possible because it might be difficult or impossible to correct errors after the fact.
Of course, detective controls should not be ignored because it is difficult to prevent all errors.
Choice "c" is incorrect. An organization that relied heavily on e-commerce would probably want as many
preventative controls as possible because it might be difficult or impossible to correct errors after the fact.
Of course, corrective controls should not be ignored, because, if errors are detected, they must be
corrected properly.
55
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.
Becker CPA Review, PassMaster Questions
Lecture: Business 4
Choice "d" is incorrect. Compliance controls appears to be a made-up term.
56
© 2009 DeVry/Becker Educational Development Corp. All rights reserved.