Student Provided Questions Test 2
advertisement
Vipul Agrawal Chapter 5 1. Which of the following is a fraud in which later payments on account are used to pay off earlier payments that were stolen? a. Lapping b. Kiting c. Ponzi Scheme d. Salami technique A is correct answer 2. Which type of fraud is associated with as many as 50% of all lawsuits against auditors? a. Kiting b. Fraudulent financial reporting. c. Ponzi scheme d. Lapping B is correct answer 3. Which of the following statement is false? a. The psychological profiles of white-collar criminals differ from those of violent criminals b. The psychological profiles of white-collar criminals are significantly different from those of the general public c. There is no difference between computer fraud perpetrators and other types of white-collar criminals d. Computer fraud perpetrators often do not view themselves as criminals B is correct answer Chapter 6 4. COSO identified five interrelated components of internal controls. Which of the following is not one of those five? a. Risk assessment b. Internal control policies c. Monitoring d. Information and communication B is correct answer 5. In the ERM model, COSO specified four types of objectives that management must meet to achieve company goals. Which of the following is not one of those types? a. Responsibility objectives b. Strategic objectives c. Compliance objectives d. Reporting objectives e. Operations objectives A is correct answer 6. Which of the following statements is true? a. The COSO report on enterprise risk management is narrow in scope and is limited to financial controls. b. COSO=s internal control integrated framework report has been widely accepted as the authority on internal controls. c. The Foreign Corrupt Practices Act had no impact on internal accounting control systems. d. It is easier to add controls to an already designed system than to include them during the initial design stage. B is correct answer Chapter 7 7. Which of the following statements is true? a. The concept of defense in-depth reflects the fact that security involves the use of few, sophisticated technical controls b. Computer security is primarily a management issue c. The time-based model of security can be expressed in the following formula: P< D+C d. All the above are true 1 B is correct answer Firewalls are an example of: a. Preventative controls b. Detective controls c. Corrective controls d. Reactive controls A is correct answer 9. The control procedure designed to verify a user=s identity is called? a. Authorization b. authentication c. Intrusion prevention systems d. Intrusion detection systems B is correct answer Chapter 8 10. Back-up procedures are relevant to which Trust Services framework principle? a. Confidentiality b. Privacy c. Processing integrity d. Availability D is correct answer 11. An input validation routine in which the computer sums the first four digits of a customer number to calculate the value of fifth digit and then compares the calculated number to the number typed in during data entry is an example of which type of control? a. Check digit verification b. Parity bit checking c. Redundant data check d. Reasonableness test A is correct answer 12. Which of the following statements is true? a. Encrypting data is sufficient to protect confidentiality and privacy b. Cookies are text files that only store information and cannot do anything c. A hot site is an empty facility that is prewired for telephone and internet access d. Verifying that a customer is of legal age to purchase alcohol is an example of a reasonableness test B is correct answer Chapter 9 13. Which of the following is a characteristic of auditing? a. Auditing is a systematic, step-by-step process. b. Auditing involves the collection and review of evidence. c. Auditing involves the use of established criteria to evaluate evidence. d. All of the above are characteristic of auditing D is correct answer 14. Which of the following is not a reason an internal auditor should participate in internal control reviews during the design of new systems? a. It is more economical to design controls during the design stage than to do so later. b. It eliminates the need for testing controls during regular audits c. It minimizes the need for expensive postimplementation modifications d. It permits the design of audit trails while they are economical. B is correct answer 15. Which type of audit involves a review of general and application controls, with a focus on determining if there is compliance with policies and adequate safeguarding of assets? a. Information systems audit b. Financial audit c. Operational audit d. Compliance audit A is correct answer 8. Amy Everett 2 Chapter 5 1. Which is not an example of an intentional threat? a) Sabotage b) Corruption c) Logic errors d) Financial Statement Fraud 2. Which of the following are computer fraud and abuse techniques? a) Adware b) Hacking c) Identity theft d) All of the above 3. __________ is tapping into telecommunications line and latching on to a legitimate user before the user logs into a system. a) Phising b) Scavenging c) Piggybacking d) Spamming Chapter 6 1. Which of the following are important functions to be performed by internal controls? a) b) c) d) 2. Which of the following is not an objective that management must meet to achieve company goals? a) b) c) d) 3. Preventive Detective Corrective All of the above Strategic Operations Pricing Repairing __________ is the amount of risk a company is willing to accept in order to achieve its goals and objectives. a) b) c) d) Risk behavior Risk goals Risk appetite Risk experience Chapter 7 1. ________ focuses on verifying the identity of the person or device attempting to access the system. a) Authorization b) Access control mix c) Authentication d) Compatibility 2. _________ maintains a table that lists all established connections between the organization’s computers and the Internet. a) Deep packet inspection b) Intrusion prevention systems c) Stateful packet filtering 3 d) Static packet filtering 3. ________ is unreadable gibberish. a) Encryption b) Plaintext c) Cipher text d) Decryption Chapter 8 1. ________ is a text file created by a web site and stored on a visitor’s hard disk. a) Collection b) Firewall c) Cookie d) Spam 2. _________ is the process of installing the backup copy for use. a) Backup b) Incremental backup c) Restoration d) Differential backup 3. __________is a facility that is not only prewired for telephone and Internet use, but also contains all the computing and office equipment the organization needs to perform its essential business activities. a) Company b) Firewall c) Hotspot d) Supplier Chapter 9 1. Which of the following is a type of risk? a) Inherent b) Control c) Detection d) All of the above 2. _________ examines the way transactions are processed. a) Integrated test facility b) Audit log c) Snapshot technique d) Audit hooks 3. _________ search a program for occurrences of a specified variable name or other character combination. a) Mapping programs b) Program tracing c) Scanning routines d) Automated decision table programs Paul Ambrozewicz Chapter 5 1. Misappropriation of assets is often referred to as a. sabotage b. cookie c. employee fraud d. lying answer: c. employee fraud 4 2. a. b. c. d. This is a person's incentive or motivation for committing fraud pressure reason laziness insanity answer: a. pressure 3. a. b. c. d. This is the theft of information and intellectual property fraud copying economic espionage spoofing answer: c. economic espionage Chapter 6 1. This type of internal control deters problems before they arise a. general controls b. preventive controls c. detective controls d. corrective controls answer: b. preventive controls 2. a. b. c. d. This system measures company progress by comparing actual performance to planned performance belief system boundary system diagnostic control system interactive control system answer: c. diagnostic control system 3. a. b. c. d. Objectives that are high-level goals that are aligned with and support the company's mission are strategic objectives operations objectives reporting objectives compliance objectives answer: a. strategic objectives Chapter 7 1. This specifies the procedures for dividing files and documents into packets to be sent over the Internet and the methods for reassembly of the original document or file at the destination a. Internet Protocol b. Transmission Control Protocol c. social engineering d. Access Control List answer: b. Transmission Control Protocol 2. a. b. c. d. Which of these are not important factors in determining the strength of any encryption system Key length Key name Key management policies Nature of the encryption algorithm 5 answer: b. Key name 3. a. b. c. d. These encryption systems use the same key both to encrypt and decrypt Asymmetric encryption systems Symmetric encryption systems Diagonal encryption systems Numeric encryption systems answer: b. Symmetric encryption systems Chapter 8 1. This check determines if the data in a field have the appropriate arithmetic sign a. field check b. limit check c. sign check d. range check answer: c. sign check 2. a. b. c. d. The system displays a document with highlighted blank spaces and waits for the data to be entered in prompting preformatting closed-loop verification transaction log answer: b. preformatting 3. a. b. c. d. This is an exact copy of the most current version of a database, file, or software program backup restoration checkpoint hot site answer: a. backup Chapter 9 1. This is the risk that auditors and their audit procedures will not detect a material error or misstatement a. detection risk b. inherent risk c. social risk d. control risk answer: a. detection risk 2. a. b. c. d. These are segments of program code that perform audit functions concurrent audit techniques embedded audit modules snapshot technique audit log answer: b. embedded audit modules 3. a. b. c. This software package interprets program source code and generates a corresponding program flow chart automated decision table program automated flowcharting programs scanning routines 6 d. program tracing answer: b. automated flowcharting programs Chapter 5 Questions: 1.) Fraud perpetrators are often referred to as: a. Violent b. Blue-collar crimals c. White-collar criminals d. Poor 2.) Which of these requirements for auditors come from SAS No. 99? a. Understand Fraud b. Obtain information c. Document and communicate findings d. All of the above 3.) The simplest and most common way to commit fraud is to alter: a. Financial statements b. Computer output c. Computer input d. None of the above Chapter 6 Questions 1.) Which of these was created to prevent the bribery of foreign officials in order to obtain business? a. Sarbanes-Oxley Act b. COSO c. Foreign Corrupt Practices Act d. AICPA 2.) The most important component of the ERM and internal control framework is: a. External environment b. Audit committee c. Policy and procedures manual d. Internal environment 3.) Which of the following is not a way to respond to risk? a. Collapse b. Reduce c. Avoid d. Share Chapter 7 Questions 1.) The most commonly used authentication method is: a. Biometric technique b. Physical identification techniques c. Passwords d. None of the above 2.) What maintains a table that lists all established connections between the organization’s computers and the Internet? a. Deep packet inspection b. Stateful packet filtering c. Static packet filtering d. An access control list 7 3.) The Trust Services framework developed by the AICPA and the Canadian Institute of Chartered Accountants identifies _____ basic principles that contribute to systems reliability. a. 7 b. 2 c. 11 d. 5 Chapter 8 Questions 1.) ________ protect records from errors that occur when two or more users attempt to update the same record simultaneously? a. Validity check b. Transaction log c. Concurrent update controls d. Parity checking 2.) Incremental and differential backups are made: a. Weekly b. Daily c. Monthly d. Yearly 3.) Which one is not an important output control? a. User review of output b. Reconciliation procedures c. Echo check d. External data reconciliation Chapter 9 Questions 1.) Determining _______, what is and is not important in a given set of circumstances, is primarily a matter of judgment. a. Materiality b. Control risk c. Validity d. Reliability 2.) Which are audits commonly performed? a. Financial audit b. Internal control audit c. Management audit d. All of the above 3.) __________ is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. a. Planning b. Controlling c. Auditing d. Communicating Kelli Black Acct 322 11:30-12:45 Chapter 5 1) The business people who commit fraud by using trickery and violate trust or confidence are called? A. fraudulent employees B. white-collar criminals C. blue-collar criminals D. employee theft 8 2) This is when perpetrators trick employees into giving them the information they need to get into the system? A. Social Engineering B. Piggybacking C. Masquerading D. Packet Sniffers 3) This is when hackers who search for an idle modem by programming their computers to dial thousands of phone lines? A. War chalking B. War driving C. War dialing D. Virus drivers Chapter 6 1) These are high level goals that are aligned with and support the company’s mission? A. Operations Objectives B. Reporting Objectives C. Compliance Objectives D. Strategic Objectives 2) The risk that remains after management implements internal controls, or some other response to risk? A. Residual Risk B. Inherent Risk C. Internal Risk D. External Risk 3) All other things being equal, which of the following is true? A. Detective controls are superior to preventive controls B. Corrective controls are superior to preventive controls C. Preventive controls are equivalent to detective controls D. Preventive controls are superior to detective controls Chapter 7 1) Which equation for the time based model of security shows the organizations security procedures are effective? A. P< D+C B. P= D+C C. P> D+C D. D< P+C 2) The process of transforming normal text? A. Plaintext B. Encryption C. Ciphertext D. Decryption 3) The system that uses the same key both to encrypt and to decrypt? A. Symmetric Encryption Systems B. Asymmetric Encryption Systems C. MD5 D. SHA-1 Chapter 8 1) A text file created by a Web site and stored on a visitor’s hard disk? A. Cookie B. Spam C. Virus D. Flyer 9 2) Backup procedures are relevant to which Trust Services framework principle? A. Confidentiality B. Privacy C. Availability D. Processing Integrity 3) Sums of a nonfinacial numeric field, such as the total of the quantity ordered field in a batch of sales transactions? A. Record Count B. Financial Total C. Prompting D. Hash Total Chapter 9 1) This examines the reliability and integrity of accounting records and correlates with the first of the five scope standards? A) Internal Audit B) Management Audit C) Operational Audit D) Financial Audit 2) The risk that a material misstatement will get through the internal control structure and into the financial statement is what kind of risk? A) Inherent Risk B) Detection Risk C) Control Risk D) Audit Risk 3) Audit routines that flag suspicious transactions are what? A) Audit Hooks B) Audit Logs C) Real-time Notification D) Embedded Audit Modules Tyler Bridgette Ch. 5 1. The theft of assets and is committed by a person or group of people for personal financial gain is a… a) Cookie b) Sabotage c) Employee fraud d) None of the above Answer: C 2. The third element of the fraud triangle is a, behavior. a) Opportunity b) Rationalization c) Pressure d) Fraud , that allows perpetrators to justify their illegal Answer: B 3. What refers to the unauthorized copying of company data? a) Data leakage b) denial-of-service attack c) Spoofing d) Phreakers 10 Answer: A Ch. 6 1. What helps employees act ethically by setting limits beyond which an employee must not pass? a) belief system b) Diagnostic Control System c) Boundary system d) All of the above Answer: C 2. What includes verifying educational and work experience, talking to reference, checking for a criminal record, and checking credit records? a) Compensating b) Training c) Background check d) None of the above Answer: C 3. Which is not a event or threat a company will face? a) Choosing an inappropriate technology b) Unauthorized system access c) Tapping into data transmissions d) All of the above Answer: D Ch. 7 1. Which is the model for the time-based model of security? a) P> D+C b) P< D+C c) P= XM+B d) P > D-C Answer: A 2. Piggybacking is an example of… a) A children’s game b) Farm lingo c) Social engineering d) None of the above Answer: C 3. Which of these is an important factor to determine the strength of any encryption system? a) Key length b) Key management polices c) Nature of the encryption algorithm d) All of the above Answer: D Ch. 8 1. If someone put an “A” in a box that was to be filled with a number, what data input test would catch this error? a) Sign check 11 b) Size check c) Field check d) Validity check Answer: C 2. Which can be the source of a threat to system availability? a) Hardware and software failures b) Natural and man-made disasters c) Human error d) All of the above Answer: D 3. An exact copy of the most current version of a database, file, or software program is a a) Backup b) Back-down c) Restoration d) None of the above Answer: A Ch. 9 1. Which is an audit routine that flags suspicious transactions? a) Snapshot technique b) Audit Log c) Audit Hooks d) SCARF Answer: C 2. Which step in the collection of audit evidence is used to understand how a particular AIS or internal control system is supposed to function? a) Observation b) Review of documentation c) Discussion d) Questionnaires Answer: B 3. Which kind risk will a material misstatement get through the internal control structure and into the financial statements? a) Inherent risk b) Control risk c) Detection risk d) None of the above Answer: B Scott Campbell Chapter 5 1) Opportunity is the condition or situation that lets a person or organization to do what? a) Commit the fraud b) Conceal the fraud c) Convert the theft or misrepresentation to personal gain d) All of the above 12 2) _____________ is the unauthorized use of special system programs to bypass regular system controls and perform illegal acts. a) Spamming b) Key logging c) Superzapping d) War dialing 3) Tiny slices of money being stolen over a period of time is part of what technique? a) Ham technique b) Salami technique c) Turkey technique d) Bologna technique Chapter 6 1) Controls used to discover problems as soon as they arise are? a) Detective controls b) Preventive controls c) Application controls d) General controls 2) In what year was the Sarbanes-Oxley Act passed? a) 2001 b) 2002 c) 2003 d) 2004 e) None of the above 3) Which of the following is a vantage point from which the COBIT framework is controlled? a) Business objectives b) IT resources c) IT processes d) All of the above Chapter 7 1) The equation for the time based model of security should be a) P < D + C b) P = D + C c) D = P + C d) P > D + C 2) Users can be authenticated by verifying a) Something they know b) Something they have c) A physical characteristic d) All of the above 3) When an attacker sends a program more data than it can handle they a performing a a) vulnerability b) decryption c) buffer overflow attack d) encryption Chapter 8 1) Encrypting information before sending it over the internet creates a VPN also known as a a) Video Processing Network b) Vast Protection Network 13 c) Virtual Private Network d) Very Professional Network 2) A transposition error has likely occurred if the hash total discrepancy is evenly divisible by what number? a) 7 b) 9 c) 5 d) 2 3) All of the following are threats to system availability except a) Human error b) Worms and viruses c) Too much information d) Hardware and Software failures Chapter 9 1) What can go wrong in program development? a) Inadvertent errors due to misunderstanding or careless programming b) Unauthorized instructions deliberately inserted into programs c) both a and b d) neither a or b 2) Which of the following is a general function of Computer Audit Software? a) Statistics b) Data analysis c) Calculation d) All of the above 3) Which of the following is a type of risk when conducting an audit? a) Control Risk b) Premature Risk c) Speculative Risk d) All of the above Cara colavita Chapter 5 1. A _________ is data that web sites store on your computer. a. file b. cookie c. cracker d. packet 2. _________ is changing data before, during, or after it is entered into the system. a. data diddling b. hijacking c. phreaking d. spoofing 3. _______ is e-mailing the same unsolicited message to many people at the same time, often in an attempt to sell them some product. a. key logging b. hacking c. spamming d. spyware 14 Chapter 6 1. Which type of controls are needed to discover problems as soon as they arise? a. preventive b. good ones c. detective d. corrective 2. A ____________ measures the company progress by comparing actual performance to planned performance. a. diagnostic control system b. measurement control system c. interactive control system d. boundary system 3. A _________ shows how a project will be completed, including the modules or tasks to be performed and who will perform them, the dates they should be completed, and project costs. a. performance evaluation b. system performance measurement c. master plan d. project development plan Chapter 7 1. Which is NOT one of the five basic principles to that contribute to system reliability? a. privacy b. honesty c. security d. availability 2. The idea of _______________ is to employ multiple layers of controls in order to avoid having a single point of failure. a. offense-in-depth b. multi-layer control c. defense-in-depth d. the time based model 3. ________ focuses on verifying the identity of the person or device attempting to access the system. a. authentication b. access control c. authorization d. social engineering Chapter 8 1. A ________ is similar to a limit check except that is has both upper and lower limits. a. field check b. range check c. size check d. sign check 2. A ________ sums a field that contains dollar values, such as the total dollar amount of all sales for a batch of sales transactions. a. financial total b. record count c. hash total d. master total 15 3. A ________ is an empty building that is prewired for necessary telephone and Internet access, plus a contract with one or more vendors to provide all necessary computer and other office equipment within a specified period of time. a. cold site b. internet site c. hot site d. wired site Chapter 9 1. __________ is the risk that auditors and their audit procedures will not detect a material error or misstatement. a. control risk b. preventive risk c. detection risk d. inherent risk 2. The __________ examines the way transactions are processed. a. snapshot technique b. integrated test facility(ITF) c. embedded audit modules d. system control audit review file (SCARF) 3. __________ search a program for occurrences of a specified variable name or other character combinations. a. mapping programs b. scanning routines c. input controls matrix d. concurrent audit techniques Brian Crabtree Chapter 5 1. Which of the following are not types of system threats to information systems? a. Natural Disasters b. Political Disasters c. Software Errors d. All the above 2. What is the term used for fraud perpetrators? a. Molesters b. Blue Collar Criminals c. White Collar Criminals d. Robbers 3. What is kiting? a. The act of creating cash by transferring money between banks b. The act of creating cash by transferring money between stocks c. The act of creating cash by putting it in the bank and accruing interest d. All of the above Chapter 6 1. What surprised the accounting profession when the Foreign Corrupt Practices Act was passed? a. That it allowed Americans to rip of foreign countries b. That the act incorporated language from an AICPA pronouncement c. All the above d. None of the above 2. Which of the following organizations is not a part of the Committee of Sponsoring Organizations? 16 a. b. c. d. 3. The AICPA The American Accounting Association The Institute of Internal Auditors None of the above Which of the following is part of the crucial components of COSO’s internal control model? a. Control environment b. Risk Assessment c. Information and communication d. Monitoring e. All the above Chapter 7 1. Security is a ________ issue not a _________ issue. a. accounting; finance b. management; accounting c. finance; management d. management; technological 2. What kind of target is security? a. moving b. stationary c. large d. none of the above 3. Which of the following are not necessary controls? a. Preventive b. Corrective c. Detective d. All the above are necessary controls Chapter 8 1. Which of the following items determines if all required information has been entered? a. Field Check b. Sign Check c. Completeness Check d. Range Check 2. Which process control compares arithmetic results produced by two different methods? a. File Labels b. Recalculation of batch totals c. Field Check d. Cross foot balance test 3. Which of the following are message acknowledgement techniques? a. Echo Check b. Trailer Record c. Numbered Batches d. All the above Chapter 9 1. Which of the following is not a type of internal auditing? a. Financial Auditing b. Information Systems Auditing c. Operational Auditing d. Subsurface Auditing 17 2. Which of the following is not part of the auditing process? a. Planning b. Collecting evidence c. Evaluating Evidence d. All the above are part of the audit process 3. Which of the following is not a type of risk incurred when auditing? a. Coherent Risk b. Inherent Risk c. Control Risk d. Detection risk Peter Estes Ch. 5 1. ______________ is theft of assets and is committed by a person or group of people for personal financial gain, it is also known as employee fraud. a. white collar criminals b. misappropriation of assets c. sabotage d. fraudulent financial reporting 2. Which of the following is the theft of information and intellectual property? a. computer fraud b. rationalization c. economic espionage d. data diddling 3. _______ is gaining control of someone else’s computer to carry out illicit activities without the user’s knowledge. a. identity theft b. hijacking c. shoulder surfing d. identity theft Ch. 6 1. Which is the job of CSO? a. fraud detection and investigations. b. discovering, extracting safeguarding and documenting computer evidence authenticity, accuracy and integrity will not succumb to legal problems. c. in charge of AIS security and should be independent of the information function and report to COO or the CEO. d. examination of the relationship between different sets of data. such that its system 2.________ are high level goals that are aligned with and support the community goals. a. operation objectives b. reporting objectives c. compliance objectives d. strategic objectives 4. The internal environment includes all of the following except: a. the board of directors b. human resources c. organization structure d. employee benefits 18 Ch 7. 1. ________ focuses on verifying the identity of the person or device attempting to access the system a. authorization b. authentication c. defense-in-depth d. access control matrix 2. In the equation P>D+C, what does the C stand for? a. the time it takes for an attacker to break through the organization’s preventive controls b. the time it takes to respond to the attack c. the time it takes to detect that an attack is on progress. d. none of the above. 3. _________ is a set of rules determines which packets are allowed entry and which are dropped. a. static packet filtering b. transmission control protocol c. access control list d. routers ch. 8 1. A _________ is an empty building that is prewired for necessary telephone and internet access, plus a contract with one or more vendors. a. hot site b. cold site c. warm site d. cool site 2. _________ is a copy of a database, master file, or software that will be indefinitely as an historical record. a. check point b. backup c. archive d. restoration retained 3. __________ is when the system displays a document with highlighted spaces and waits for the data to be entered. a. Prompting b. Closed loop verification c. Preformatting d. Transaction log Ch.9 blank 1. a. b. c. d. A _________ risk is the susceptibility to material risk in the absence of controls Control Risk Detection Risk Coherent Risk Inherent Risk 2. a. b. c. d. The ________ examines the way transactions are processed. Audit hooks Concurrent audit techniques Snapshot technique CIS 3. __________ search a program for occurrences of a specified variable name or other character combinations 19 a. b. c. d. Program Tracing Scanning routines Mapping programs Input Controls Matrix Michael Gainer Chapter 5 1. Misappropriation of assets is often referred to as what? a. employee fraud b. accidents c. miscalculations d. mistakes 2. Which is not an auditor’s responsibility? a. understand fraud b. obtain information c. rationalize fraud d. Document and communicate findings 3. Which is not a reason computer fraud is increasing? a. Many computer frauds go undetected b. Many networks have a low level of security c. The total dollar value of losses is difficult to calculate d. Computer fraud isn’t as lucrative as it once was Chapter 6 1. Preventive Controls do what? a. discover problems as soon as they arise b. remedy control problems that have been discovered c. deter problems before they arise d. make sure an organization’s control environment is stable 2. Sarbanes-Oxley Act did all of the following except? a. create a public company accounting oversight board b. make new rules for auditors c. make new rules for management d. hold companies to higher ethical standards 3. The COBIT framework addresses the issue of control from which vantage point(s)? a. business objectives b. IT resources c. IT processes d. All of the above Chapter 7 1. 2. What is the weakness of the Time based model of security? a. It costs to much b. It’s hard to derive accurate reliable measures of the parameters c. IT developments don’t help it d. It is time consuming to operate Users can be authenticated by verifying? a. something they know b. something they have c. some physical characteristic d. all of the above 20 3. Chapter 8 1. Which principle doesn’t contribute to systems reliability? a. Security b. Confidentiality c. Privacy d. Redundancy Which is the best practice for protecting the privacy of customers’ personal information? a. Collection b. Management c. Notice d. All of the above e. None of the above 2. Which data entry test determines if the characters in a field are of the proper type? a. field check b. sign check c. limit check d. range check 3. Which backup is made during the middle of the day? a. incremental b. differential c. archive d. checkpoint Chapter 9 1. Which type of audit is commonly performed? a. Financial b. Information systems c. Operational d. All of the above 2. Which type of risk is susceptible to material risk in the absence of controls? a. control risk b. detection risk c. inherent risk d. validation risk 3. Which is not a responsibility of an internal auditor? a. Review how assets are safeguarded b. Examine company resources to determine how effectively and efficiently they are used c. Review company operations and programs to determine if they are being carried out as planned d. To make sure the company is making its target profits Danielle Grimm Test 2 Questions Chapter 5 1. SAS No. 99 requires auditors to: a) Discuss the risks of material fraudulent misstatements b) Obtain information c) Understand fraud d) All of the above Answer: d 21 2. The theft of information and intellectual property is called _________? a) Misappropriation of assets b) Computer fraud c) Economic espionage d) Sabotage Answer: c 3. Changing data before, during, or after it is entered in the system is called ________? a) Data diddling b) Phishing c) Hacking d) Data leakage Answer: a Chapter 6 1. What applies to publicly held companies and their auditors and was intended to prevent financial statement fraud and strengthen the internal controls of a company? a) Foreign Corrupt Practices Act b) SAS No. 99 c) Sarbanes Oxley Act d) None of the above Answer: c 2. The COBIT framework vantage points consists of all the following except: a) Internal controls b) Business objectives c) IT resources d) IT processes Answer: a 3. High-level goals that are aligned with and support the company’s mission are: a) Strategic objectives b) Operations objectives c) Reporting objectives d) Compliance objectives Answer: a Chapter7 1. The trust Services framework consists of all the following except: a) Availability b) Systems integrity c) Security d) Privacy Answer: b 2. Restricting access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform is called_______. a) Physical access control b) Encryption c) Authentication d) Authorization 22 Answer: d 3. Static packet filtering: a) Examines the data in the body of an IP packet b) Examines each IP packet in isolation c) Screens individual IP Packets solely on the contents of the IP packet header d) Is designed to identify and drop packets that are apart of an attack Answer: c Chapter 8 1. ________ determines if the data in a field have the appropriate arithmetic sign. a) Field check b) Limit check c) Sign check d) Range check Answer: c 2. The risk of _________ consists of invalid, inaccurate, or incomplete data. a) Source data controls b) Processing controls c) Output controls d) Data entry controls Answer: a 3. Commonly used batch totals are all of the following except: a) Record total b) Financial total c) Hash total d) Header record Answer: d Chapter 9 1. _________ is a risk that auditors and their audit procedures will not detect a material error or misstatement a) Control risk b) Inherent risk c) Observation risk d) Detection risk Answer: d 2. This audit techniques examines the way transactions are processed: a) Snapshot technique b) Concurrent audit techniques c) Integrated test facility d) Audit log Answer: a 3. Which of the following is a control procedure? a) Review software license agreements b) Review program testing and test approval procedures c) Review test specifications, test data, and results of systems tests 23 d) All of the above Answer: a LeeAnne Harris Chapter 5 1. Fraud perpetrators are often referred to as _________ A. white-collar criminals B. violent criminals C. no-collar criminals D. fraud criminals Answer: A 2. A(n) ________ is a person’s incentive or motivation for committing the fraud. A. opportunity B. pressure C. kiting scheme D. crime Answer: B 3. _______ is changing data before, during, or after it is entered into the system. A. data leak B. data diddling C. data attack D. data removal Answer: B Chapter 6 1. ______ controls deter problems before the arise. A. preventive B. corrective C. detective D. reactive Answer: A 2. ______ is the amount of risk a company is willing to accept in order to achieve its goals and objectives. A. risk amount B. risk appetite C. risk loss D. risk hunger Answer: B 3. A _______ should be formed to guide and oversee systems development and acquisition. A. steering committee B. leading group C. front line committee D. network manager Answer: A Chapter 7 1. The process of turning off unnecessary features is called ______. 24 A. B. C. D. softening layering overflowing hardening Answer: D 2. ______ screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header. A. static packet filtering B. deep packet filtering C. light packet filtering D. long packet filtering Answer: A 3. Training is a critical _______. A. detective control B. objective control C. preventive control D. useless control Answer: C Chapter 8 1. _______ is a fundamental control procedure for protecting confidentiality of sensitive information. A. encryption B. primary key C. cookies D. archive Answer: A 2. All of these are one of the 10 internationally recognized best practices for protecting privacy of customer’s personal information EXCEPT A. management B. secrets C. notice D. collection Answer: B 3. A ________ tests if a batch of input data is in the proper numerical or alphabetical sequence. A. sequence check B. size check C. check digit D. limit digit Answer: A Chapter 9 1. _____ is the susceptibility to material risk in the absence of controls. A. big risk B. test risk C. inherent risk 25 D. detective risk Answer: C 2. Procedures that compensate for deficiency are _________. A. compensating controls B. extra controls C. review controls D. special control Answer: A 3. When performing an information systems audit, auditors should make certain that the following ___ objectives are met. A. 1 B. 3 C. 4 D. 6 Answer: D Megan Hartman Chapter 5 1.) ___________ refers to watching people as they enter telephone calling card or credit card numbers or listening to conversations as people give their credit card number over the phone or to sales clerks. A: Piggybacking B: Shoulder Surfing C: Phishing D: Dumpster Diving Answer: B 2.) Hackers who search for an idle modem by programming their computers to dial thousands of phone lines are _______________. A: War Driving B: War Chalking C: War Dialing D: None of the above Answer: C 3.) Which of the following is not one of the elements in the fraud triangle? A: Situation B: Rationalization C: Pressure D: Opportunity Answer: A Chapter 6 1.) ____________ __________ deter problems before they arise. A: Corrective Controls B: Application Controls C: Detective Controls D: Preventive Controls Answer: D 2.) __________________helps employees act ethically by setting limits beyond which an employee must not pass. 26 A: Belief System B: Boundary System C: Diagnostic System D: Control System Answer: B 3.) _________________ is the process of making sure changes do not negatively affect systems reliability, security, confidentiality, integrity, and availability. A: Security Management B: Program Management C: Change Management D: Information Management Answer: C Chapter 7 1.) Which of the following is not one of the five basic principles identified by the AICPA and the Canadian Institute of Chartered Accountants as a contributing factor to systems reliability? A: Security B: Confidentiality C: Availability D: Technology Answer: D 2.) What concept involves the idea of employing multiple layers of control in order to avoid having a single point of failure? A: Defense-in-depth B: Time-based model C: Authentication controls D: None of the above Answer: A 3.) Firewalls that examine the data in the body of the IP packet are called ___________. A: Stateful packet filtering B: Static packet filtering C: Deep packet filtering D: None of the above Answer: C Chapter 8 1.) What involves copying only the data items that have been changed since the last backup? A: Incremental Backup B: Differential Backup C: Full Backup D: None of the above Answer: A 2.) Which common test is used to test a numerical amount to ensure that it does not exceed a predetermined value? A: Field Check B: Validity Check C: Limit Check D: Size Check Answer: C 3.) All of the following are listed on the AICPA/CICA Trust Services Privacy’s ten internationally recognized best practices for protecting for protecting the privacy of customer’s personal information except: 27 A: Security B: Management C: Notice D: Prompting Answer: D Chapter 9 1.) ___________ is the susceptibility to material risk in the absence of controls. A: Control risk B: Inherent risk C: Detection risk D: None of the above Answer: B 2.) Audit routines that flag suspicious transactions are known as _______________. A: Audit logs B: Audit notifications C: Audit hooks D: None of the above Answer: C 3.) Which of the following examines the reliability and integrity of accounting records and correlates with the first five scope standards? A: Financial Audit B: Internal Audit C: Operational Audit D: None of the above Answer: A Amy Hines Chapter 5 1. A person’s incentive or motivation for committing fraud is called __________. a. opportunity b. pressure c. justification d. attitude e. NONE OF THE ABOVE 2. A perpetrator covers up this type of theft by creating cash through the transfer of money between banks. a. lapping b. hijacking c. kiting d. spoofing e. NONE OF THE ABOVE 3. Which of the following statements is correct? a. Phishing is gaining access to confidential information by searching corporate or personal records. b. Password cracking is used most frequently in financial institutions that pay interest c. Piggybacking occurs when hackers use the Internet to disrupt electronic commerce and to destroy company and individual communications d. In social engineering, perpetrators trick employees into giving them the information they need to get into the system Chapter 6 1. This type of control is needed to remedy control problems that have been discovered 28 a. b. c. d. e. Corrective Preventive Detective General NONE OF THE ABOVE 2. The purpose of an interactive control system is to a. Communicate company core values to employees and inspire them to live by them b. Help employees act ethically by setting limits beyond which an employee must not pass c. Help top-level managers with high-level activities that demand frequent and regular attention d. Measure company progress by comparing actual performance to planned performance 3. Which organization developed the Control Objectives for Information and related Technology (COBIT) framework? a. Committee of Sponsoring Organizations (COSO) b. AICPA c. Institute of Internal Auditors d. Institute of Management Accountants e. NONE OF THE ABOVE Chapter 7 1. Which of the following statements about policy development are incorrect? a. Planning is more effective than reacting b. Developing a comprehensive set of security policies begins by taking an inventory of information systems resources. c. Once the organization’s information systems resources have been identified, they need to be valued in order to select the most cost-effective control procedures d. Only careful review my IS personnel can insure that the organization’s security policies adequately address all aspects of operation and strategy. e. NONE OF THE ABOVE 2. Which preventive control restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform a. defense-in-depth b. authorization c. multifactor authentication d. hardening e. NONE OF THE ABOVE 3. ________________ refers to the system and processes used to issue and manage asymmetric keys and digital certificates. a. certificate authority b. public key infrastructure c. asymmetric encryption d. key escrow e. NONE OF THE ABOVE Chapter 8 1. A ___________ checks the accuracy of input data by using to retrieve and display other related information a. closed-loop verification b. concurrent update control c. validity check d. reasonableness test e. NONE OF THE ABOVE 2. The primary goal of information systems is to ensure that systems are __________. 29 a. b. c. d. e. confidential private reliable available NONE OF THE ABOVE 3. Which of the following is NOT a source data control? a. check digit verification b. forms design c. turnaround document d. visual scanning e. All of the above are source controls Chapter 9 1. The ________________ audit examines the reliability and integrity of accounting records and correlates with the first of the five scope standards. a. internal control b. financial c. operational d. management e. NONE OF THE ABOVE 2. Which of the following is NOT a method for collecting audit evidence? a. b. c. d. e. observation questionnaires analytical review materiality assurance NONE OF THE ABOVE 3. ________________ are audit routines that flag suspicious transactions. a. b. c. d. e. Integrated test facility techniques Embedded audit modules Audit hooks Concurrent audit techniques NONE OF THE ABOVE Jay Henry Acct. 322 Test #2 Study Questions Chapter 5 1. Gaining access to confidential information by searching corporate or personal records. A. Scavenging or dumpster diving B. Phishing C. Packet sniffers D. Piggybacking 2. A. B. C. D. 3. In _________ , perpetrators trick employees into giving them the information they need to get into the system. software piracy internet terrorism phishing social engineering Opportunity is the condition that allows a person or organization to do three things. Which does not belong? 30 A. B. C. D. commit the fraud conceal the fraud convert the theft or misrepresentation to personal gain get stopped by proper controls Chapter 6 1. _______ controls deter problems before they arise. A. detective B. corrective C. preventive D. application 2. A. B. C. D. E. There are four ways to respond to risk according to the ERM model. Which does not belong? reduce accept share avoid decline 3.______________ are responsible for ensuring that the different parts of an information system operate smoothly and efficiently. A. systems analysts B. programmers C. systems administrators Chapter 7 1. A. B. C. _________ is the process of transforming normal text into gibberish. encryption decryption hashing 2. A. B. C. D. _______ is a process that takes plaintext of any length and transforms it into a short code. encryption hashing certifying decryption 3. _________ create logs of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrustions. Intrusion detection systems (IDS) Log analysis Patch management Digital certificates A. B. C. D. Chapter 8 1. A. B. C. D. A _____________ provides the functionality of a privately owned network, while using the internet. virtual private network (VPN) cookie sign check field check 2. A. B. C. D. A _________ determines if the data in a field have the appropriate arithmetic sign. sign check field check range check size check 31 3. A. B. C. D. A _________ check tests if a batch of input data is in the proper numerical or alphabetical sequence. size limit validity sequence Chapter 9 1. __________ risk is the risk that auditors and their audit procedures will not detect a material error or misstatement. A. Detection B. Inherent C. Control D. Accounting 2. A. B. C. D. 3. A. B. C. D. ___________ is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to users. Auditing Accounting Controlling Detecting The _______ audit examines the reliability and integrity of accounting records and correlates with the first of the five scope standards. financial internal control operational accounting Mitzy Kenny Chapter 5 1) Which of the following is not an example of a financial pressure? a. Bad investments b. Unreasonable goals c. Greed d. All are examples of financial pressures 2) In a kiting scheme, a. a perpetrator covers up a theft by creating cash through the transfer of money between banks. b. a perpetrator steals the cash or check that Customer A mails in to pay its accounts receivable. c. Neither a nor b d. Both a and b 3) “Everyone else is doing it, so it is not that wrong.” is an example of a. Opportunity b. Rationalization c. Fraud d. Stupidity Chapter 6 1) _____________ controls prevent, detect, and correct transaction errors and fraud. a. Detective b. Preventive 32 c. d. General Application 2) An internal environment consists of a. The board of directors b. Organizational Structure c. Human Resource Standards d. A and B e. A and C f. All of the above 3) Reduce, Accept, Share and Avoid are four ways to respond to a. Risk b. Security c. Information d. Done of the above Chapter 7 1) Authentication focuses on a. access of users b. verification of the identity of users c. detection of users d. All of the above 2) ABC Corporation decides to use fingerprint analysis to verify authorization of employees for entry to various departments. This type of verification is based on a. a biological identifier b. a biographical identifier c. a biometric identifier d. a biochemical identifier 3) A process that takes plaintext of any length and transforms it into a short code is a. Hashing b. Encrypting c. Decrypting d. Encoding Chapter 8 1) A(n) ___________________ is a copy of a database, master file, or software that will be retained indefinitely as an historical record. a. incremental backup b. differential backup c. checkpoint d. archive 2) An error indicating that 344-678-54933 is not an actual phone number would be a a. sign check b. validity check c. reasonableness check d. all of the above 3) The process of installing a backup copy of a database is called a. backup b. reinstallation c. restoration d. none of the above 33 Chapter 9 1) Merging customer transaction files with the receivables master file is an example of a. Report generation b. data selection c. file manipulation d. file integration 2) When conducting an audit, the susceptibility to material risk in the absence of controls a. detection risk b. control risk c. inherent risk d. none of the above is called 3) Some of the most commonly used methods of collecting audit evidence include: a. Observation b. Questionnaires c. Reperformance d. A and B e. all of the above Jennifer Losch Chapter 5 1. Which of the following involves stealing tiny slices of money over a period of time? a. b. c. d. lapping kiting Ponzi scheme salami technique answer: d. salami technique 2. a. b. c. d. Which of the following is a program that is hidden in a host program and copies and actively transmits itself directly to other systems? virus worm trap door Trojan horse Answer: b. worm 3. a. b. c. d. Which of the following is not a method of reducing fraud losses once fraud has occurred? insurance regular backup of data and programs contingency plan segregation of duties Answer: d. segregation of duties Chapter 6 1. Maintaining backup copies of transaction files is an example of which of the following: a. Preventive controls b. Detective controls c. Corrective controls d. General controls 34 Answer: c. corrective controls 2. a. b. c. d. Which of the following is not a basic principle of ERM? Companies are formed to create value for their owners. Company management must decide how much uncertainty it will accept as it creates value. Uncertainty results in risk. All are basic principles. Answer: d. All are basic principles 3. a. b. c. d. e. An examination of the relationships between different sets of data is an example of which of the following type of independent checks on performance? Top level review Analytical review Double entry accounting Independent Review None of the above Answer: b. Analytical review Chapter 7 1. Which of the following asymmetric encryption algorithm can be used to both encrypt and decrypt information? a. RSA b. DES c. MD5 d. AES Answer: a. RSA 2. Which of the following examines the contents of the data in the body of the IP packet? a. static packet filtering b. stateful packet filtering c. deep packet filtering d. deep packet inspection Answer: d. deep packet inspection 3. Which is a trusted third party who issues a pair of public and private keys? a. PKI b. Digital certificate c. Certificate authority d. Digital signature Answer: c. certificate authority Chapter 8 1. A special binary digit added to each character to enable checking whether it is transmitted without error a. Check digit verification b. Parity bit checking c. Redundant data check d. Reasonableness test Answer: b. parity bit checking 2. a. b. c. d. Which is used to identify missing records? completeness check field check validity check sequence check 35 Answer: d. sequence check 3. Which backup method is the slowest? a. full daily backup b. complete daily backup c. differential daily backup d. Both a and b Answer: Both a and b Chapter 9 1. Which of the following is a concurrent audit technique that places a small set of fictitious records in the master files? a. integrated test facility b. snapshot technique c. SCARF d. Audit hooks Answer: a. integrated test facility 2. a. b. c. d. Which of the following is a concurrent audit technique that embeds an audit module in a database management system? GAS CAAT ITF CIS Answer: d. CIS 3. a. b. c. d. Which of the following is a computer technique that assists an auditor in identifying unexecuted program code that may have been inserted to erase all computer files when an unscrupulous programmer was terminated? mapping program program tracing automated flowcharting scanning routine Answer: a. mapping program John Lutz Ch. 5 1. _______ is any and all means a person uses to gain an unfair advantage over another person. a. Fraud b. Sabotage c. Pressure d. Kiting 2. Answer: a. There are three types of pressures that lead to employee fraud. Which one of these is not one of those pressures? a. Financial b. Emotional c. Justification d. Lifestyle Ans. c. 3. _________ occurs when hackers use the Internet to disrupt electronic commerce and to destroy company and individual communications. a. Internet misinformation 36 b. c. d. Phishing Shoulder surfing Internet terrorism Ans. d. Ch. 6 1. _______ are needed to discover problems as soon as they arise. a. Preventive controls b. Detective controls c. Corrective controls d. General controls Ans. b. 2. 3. The Sarbanes-Oxley Act created a group to control the auditing profession. What is that group's acronym? a. FASB b. COBIT c. PCAOB d. COSO Ans. c. The Enterprise Risk Management model indicates that there are four ways to respond to risk. Which of the following is not one of the ways? a. Eliminate b. Reduce c. Accept d. Share e. Avoid Ans. a. Ch. 7 1. ________ focuses on verifying the identity of the person or device attempting to access the system, while _________ restricts access to specific portions of the system. a. Authentication; security b. Authorization; passwords c. Authentication; authorization d. Access control; limiting Ans. c. 2. Special-purpose devices called _______ are designed to read the destination address fields in IP packet headers to decide where to send the packet next. a. Firewalls b. Switches c. ACL's d. Routers Ans. d. 3. What is hashing? a. Information encrypted with a private key b. A process that takes plaintext of any length and transforms it into a short code c. Transforming plaintext into unreadable gibberish d. Turning off unnecessary features 37 Ans. b Ch. 8 1. Which one of the following is a principle of reliable systems? a. Encryption b. Confidentiality c. Transmission d. Reasonableness Ans. b. 2. A _______ tests a numerical amount to ensure that it does not exceed a predetermined value. a. Field check b. Sign check c. Limit check d. Range check Ans. c. 3. How often are backups usually made? a. Hourly b. Daily c. Weekly d. Monthly Ans. b. Ch. 9 1. Which one of the following is not one of the three types of audits commonly performed? a. Financial audit b. Information systems audit c. Operational audit d. Managerial audit Ans. d. 2. ________ is the susceptibility to material risk in the absence of controls. a. Inherent risk b. Control risk c. Detection risk d. Preventive risk Ans. a. 3. Auditors use a/an _________ to document the review of source data controls. a. Input controls matrix b. Parallel simulation c. Audit log d. Mapping program Ans. a. Marty Fagler Exam 2 Questions Accounting 322 Chapter 5 38 1) Fraud perpetrators are often referred to as _______________, to distinguish them from criminals who commit violent crimes. a. crooks b. sabotagers c. white-collar criminals d. misdemeanors ANSWER: c. white collar criminals 2) Which one of the following are conditions or situations that allow a person or organization to commit the fraud, conceal the fraud, and convert the theft or misrepresentation to personal gain: a. pressures b. opportunity c. rationalization d. burglary ANSWER: b. opportunity 3) ______________ refers to the unauthorized copying of company data. a. denial-of-service attack b. data diddling c. hijacking d. data leakage ANSWER: d. data leakage Chapter 6 1) Congress passed the __________________ of 2002, which applies to publicly held companies and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud. a. Public Company Accounting Oversight Board (PCAOB) b. Foreign Corrupt Practices Act c. Sarbanes-Oxley Act d. 10 commandments ANSWER: c. Sarbanes-Oxley Act 2) Which one of the following are high-level goals that are aligned with and support the company’s mission. a. Strategic objectives b. Compliance objectives c. Reporting objectives d. Operations objectives ANSWER: a. Strategic objectives 3) What is the most important component of the ERM and internal control frameworks? a. risk appetite b. operating style c. internal environment d. audit committee ANSWER: c. internal environment CHAPTER 7 1) Which of the following is not one of the five basic principles that contribute to systems reliability identified by 39 The Trust Services framework? a. Security b. Privacy c. Process Integrity d. Profitability ANSWER: d. Profitability 2) Authorization controls are implemented by creating an(a) ____________, which is a table specifying which portions of the system users are permitted to access and what actions they can perform. a. access control matrix b. compatibility test c. multifactor authentication d. access database ANSWER: a. access control matrix 3) This specifies the structure of those packets and how to route them to the proper destination: a. Transmission Control Protocol (TPC) b. Internet Protocol (IP) c. Router d. Access Control List (ACL) ANSWER: b. Internet Protocol (IP) CHAPTER 8 1) This type of check determines if the characters in a field are of the proper type, such as a U.S. Zip code, that is supposed to contain only numeric values, would indicate an error if it contained alphabetic character. a. sign check b. limit check c. field check d. validity check ANSWER: c. field check 2) __________ is located at the beginning of each file and contains the file name, expiration date, and other identification data. a. trailer record b. transaction log c. preformatted diagram d. header record. ANSWER: d. header record 3) Threats to system availability originate from many sources, including: a. Hardware and software failures b. Natural and man-made disasters c. Human error d. Denial-of-service attacks and other acts of sabotage e. a, b, and c only f. All of the Above ANSWER: f. All of the Above CHAPTER 9 40 1) What is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users? a. Accounting b. Auditing c. Observation d. None of the Above ANSWER: b. Auditing 2) There are three types of risks when conducting an audit, which risk is the susceptibility to material risk in the absence of controls? a. Control Risk b. Detection Risk c. Inherent Risk d. None of the above ANSWER: c. Inherent Risk 3) Which of the following is a computer program written especially for audit use? a. GAS b. CAAT c. ITF d. CIS ANSWER: a. GAS Matthew March Acct. 322 Ch. 5 ________ are programs that capture data from information packets as they travel over the Internet or company networks. Password crackers Piggybackers Packet sniffers Pirates _________ is sending out e-mail pretending to be a legitimate company, usually a financial company, and requesting information. Scavenging Phishing Spoofing Hijacking __________ is the un authorized use of special system programs to bypass regular system controls and perform illegal acts. Trojan Horse Spamming Spyware Superzapping Ch. 6 1. All of these are internal controls which perform an important function except: A. preventative controls B. detective controls C. corrective controls D. saving controls 2. A _____________ system helps employees act ethically by setting limits beyond which an employee must not pass. A. boundary B. belief 41 3. Ch. 7 1. 2. 3. Ch. 8 1. 2. 3. Ch. 9 1. 2. 3. C. control D. interactive control ____________objectives ensure the accuracy, completeness, and reliability of internal and external company reports, of both a financial and nonfinancial nature. A. Strategic B. Operations C. Reporting D. Compliance These are all basic principles that contribute to system reliability except: A. security B. confidentiality C. availability D. timeliness A preventative control would be: A. encryption B. patch management C. computer emergency response teams D. log analysis All of these are important factors when it comes to encryption strength except: A. key length B. key management policies C. randomness D. nature of encryption algorithm An example of a data entry control would be: A. validity check B. data matching C. file labels D. header record All of these are examples of batch totals except: A. record count B. hash total C. financial total D. transaction total An___________ involves copying only the data items that have changed since the last backup. A. differential backup B. incremental backup C. restoration backup D. hot site backup The ___________ audit examines the reliability and integrity of accounting records. A. financial B. internal control C. operational D. management __________ search a program for occurrences of a specified variable name or other character combinations: A. Program tracers B. Mapping programs C. Scanning routines D. Automated decision table programs An example of ____________ is sorting inventory records by location; merging customer transaction files with the receivables master file. A. data selection B. statistics C. reformatting 42 D. file manipulation Jill Mayor Test #2 Chapter 5 1) What are the 3 types of pressures that motivate a person to commit a fraud? a) Physical, Emotional, Mental b) Emotional, Financial, Justifiable c) Emotional, Lifestyle, Financial d) Lifestyle, Mental, Developmental Answer: C 2) When a person creates cash by transferring money between banks in order to hide a theft, it is called: a) Kiting b) Lapping c) Drinking d) Spoofing Answer: A 3) A perpetrator can trick an employee into providing information needed to get into a system through: a) Identity Theft b) Hijacking c) Phishing d) Social Engineering Answer: D Chapter 6 1) The Public Company Accounting Oversight Board (PCAOB) was created to: a) Prevent bribery of foreign officials b) Encourage employees to act ethically c) Control the auditing profession d) Provide guidance for evaluating of enhancing internal control systems Answer: C 2) Expected loss equals a) Inherent risk + residual risk b) Benefits – Costs c) Benefits - Risks d) Impact x Likelihood Answer: D 3) Forensic accounting is part of what component of the ERM? a) Event identification b) Risk Response c) Information & Communication d) Monitoring Answer: D Chapter 7 1) An access control matrix is a _____________ kind of control. a) Corrective b) Detective 43 c) Preventive d) Selective Answer: C 2) Hosts that have unnecessary features should undergo the process of: a) Hardening b) Penetrating c) Buffering d) Inspecting Answer: A 3) War dialing is a program designed to call phone lines in order to find: a) Prevent a buffer overflow attack b) Which phone number is connected to a modem c) Information to engage in social engineering d) If an user has correct authentication Answer: B Chapter 8 1) A journal entry that debits inventory and credits wages payable fails the: a) Reasonableness Test b) Limit check c) Validity Check d) Completeness Check Answer: A 2) Incremental and differential backups should be done: a) Daily b) Weekly c) Monthly d) Semiannually Answer: A 3) One way to regulate the integrity of input is to: a) Design forms in order to ensure errors and omissions are minimized b) Cancel documents that have been entered into the system c) Scan documents for reasonableness before entering them into the system d) All of the above Answer: D Chapter 9 1) The risk that a material misstatement will get through the internal control structure and into the financial statements is called the: a) Inherent Risk b) Financial Risk c) Control Risk d) Detection Risk Answer: C 2) What Computer Audit Software function reviews data files to retrieve records meeting specified criteria? a) File Manipulation b) File Processing c) Data Analysis d) Data Selection Answer: D 44 3) Auditors use this to document the review of source data controls: a) Input controls matrix b) Mapping programs c) System control audit review file (SCARF) d) Program Tracing Answer: A Keith Morgan 700240315 Test #2 Questions CHAPTER 5 1) Which of the following is not a type of threat that a company faces in their information systems? A) Natural and Political disasters B) Software errors and equipment malfunctions C) Unintentional acts D) Intentional acts E) All of the above Answer : E 2) ____________ is any and all means a person uses to gain an unfair advantage over another person. A) White collar crime B) Fraud C) Misappropriation of assets D) Corruption Answer: B 3) Economic espionage is A) The theft of information and intellectual property B) Any illegal act for which knowledge of computer technology is essential C) The simplest and most common way to commit a fraud D) Computer fraud committed through unauthorized system use Answer: A CHAPTER 6 1) Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization is referred to as a A) impact B) exposure C) threat D) likelihood Answer: C 2) Internal controls perform which of the following functions A) Preventive controls B) detective controls C) corrective controls D) all of the above Answer: D 3) A ______________ measures company progress by comparing actual performance to planned performance 45 A) Belief system B) diagnostic control system C) boundary system D) progress system Answer: B CHAPTER 7 1) The Trust Services framework identifies five basic principles that contribute to system reliability. Which of the following is not a basic principal A) Security B) Confidentiality C) Trust D) Privacy Answer: C 2) In the time-based model of security, if __________ then the organization security procedures are effective. A) P>D+C B) P<D+C C) P=D+C D) P>D-C Answer: A 3) __________ software calls every telephone number assigned to the organization to identify those which are connected to modems. A) RADIUS B) war dialing C) buffer overflow attack D) none of the above Answer: B CHAPTER 8 1) According to the Trust Services framework, reliable systems satisfy which of these principles? A) Security B) Confidentiality C) Privacy D) Processing Integrity E) All of the above Answer: E 2) The virtual private network creates private communication channels referred to as A) passageways B) channels C) tunnels D) subways Answer: C 1) A field check A) Determines if the characters in a field are of the proper type B) determines if the data in a field have the appropriate arithmetic sign C) tests whether an amount exceeds a predetermined value 46 D) ensures that the data will fit into the assigned field Answer: A CHAPTER 9 1) A financial audit A) Reviews the controls of an accounting information system B) Examines reliability and integrity of accounting records C) Is concerned with economical and efficient use of resources and accomplishments D) None of the above Answer: B 2) Which of the following is not a risk faced when conducting an audit? A) Inherent risk B) Control risk C) Information risk D) Detection risk Answer: C 3) Which of the following steps are involved in a risk based audit approach? A) Identify the control procedures implemented B) Evaluate weaknesses C) Evaluate control procedures D) Determine the threats E) All of the above Answer: E Marjorie Mullins Chapter 5 1. Which of the following conditions are usually necessary for fraud to occur? A. pressures B. opportunity C. rationalization D. all of the above Answer: D 2. Which of the following is the most important, basic, and effective control to deter fraud?. A. enforced vacations B. segregation of duties C. virus protection controls D. logical access control Answer: B 3. Which of the following are methods of reducing fraud losses once fraud has occurred? A. insurance B. regular backup of data and programs C. contingency plan D. all of the above Answer: D 47 Chapter 6 1. Which of the following is not an independent check? A. bank reconciliation B. periodic comparison of subsidiary ledger totals to control accounts C. re-adding the total of a batch of invoices and comparing it with you first total D. trial balance Answer: C 2. COSO identified five interrelated components of internal controls. Which of the following is not one of the five? A. internal control policies B. risk assessment C. monitoring D. information and communication Answer: A 3. Which of the following is a control procedure relating to both the design and use of documents and records? A. locking blank checks in a drawer B. reconciling the bank account C. comparing actual physical quantities with recorded amounts D. sequentially prenumbering sales invoices Answer: D Chapter 7 1. Which of the following algorithms is a one-way transformation that cannot be reversed to recover the original message? A. RSA B. MD5 C. AES D. CES Answer: B 2. Encrypting text with the sender’s private key creates a A. digital certificate B. PKI C. certificate authority D. digital signature Answer: D 3. Firewalls are an example of A. reactive controls B. corrective controls C. preventive controls D. detective controls Answer: C Chapter 8 1. Backup procedures are relevant to which Trust Services framework principle? A. availability B. privacy 48 C. processing integrity D. confidentiality Answer: A 2. A batch total that is calculated by summing the part numbers sold in a batch of 50 sales invoices is called a A. part count B. hash total C. financial total D. record count Answer: B 3. Which backup method is the fastest? A. full daily backup B. differential daily backup C. complete daily backup D. incremental daily backup Answer: D Chapter 9 1. Which type of audit involves a review of general and application controls, with a focus on determining if there is compliance with policies and adequate safeguarding of assets? a. information systems audit b. financial audit c. operational audit d. compliance audit Answer: A 2. At what step in the audit process do the concepts of reasonable assurance and materiality enter into the auditor’s decision process? a. planning b. evidence collection c. evidence evaluation d. They are all important in all three steps Answer: D 3. Which of the following is a computer program written especially for audit use? a. GAS b. CAAT c. CIS d. ITF Answer: A Chapter 5 Exam Questions 1. Fraud perpetrators are called: a. White collar criminals b. Fraudulent employees c. Corrupt employees 49 d. 2. 3. 4. Criminals Answer: A “Cooking the books” includes: a. recording fictitious revenues b. recording revenues prematurely c. concealing losses and liabilities d. all of the above Answer: D Pressure in fraud can be related to a. Finances b. Looks c. Family life d. Psychological demeanor Answer: A Economic espionage is the theft of a. Information b. Intellectual information c. A and B d. Neither A nor B Answer: C Chapter 6 1. When is it easier to build controls into a system? a. Throughout use of the system b. Initial stage c. At the end d. After the design is implemented Answer: B 2. Which is not an internal control? a. Preventive controls b. Detective controls c. Corrective controls d. All are internal controls Answer: D 3. The board of directors plays an important role in a. Internal control b. External control c. The audit committee d. Management Answer: A 4. Organizational Structure includes: a. Planning b. Executing c. Controlling d. All of the above Answer: D Chapter 7 1. There are _____ basic principle to systems reliability a. 6 b. 5 c. 4 d. 3 Answer: B 2. Security is a ________________ issue a. Management b. Technology 50 c. d. 3. 4. Internal control Operation Answer: A You can effectively communicate by: a. Handbook b. Make employees aware of policies c. Have them complete a tutorial d. All of the above Answer: D Effective control involves a continuous cycle of: a. Developing and communicating policies b. Implementing control c. Telling people d. Options A and B Answer: D Chapter 8 Questions 1. _____________________ is a fundamental control procedure for protecting the confidentiality of sensitive information. a. Encryption b. Virtual private network c. Transmission d. disposal Answer: A 2. Processing integrity including: a. Notice b. Choice and consent c. Collection d. None of the above Answer: D 3. Partial backup includes: a. Exact copy of data b. Incremental and differential backup c. Installing the backup copy d. None of the above Answer: B 4. A (n) _______________________ is a copy of a database, master file, or software that will be retained indefinitely as a historical record, usually to satisfy legal and regulatory requirements. a. Availability b. Archive c. Data backup d. Full backup Answer: B Chapter 9 Questions 1. Which is a type of internal audit? a. Financial audit b. Information systems audit c. Operational or management audit d. All of forms of internal audit Answer: D 2. What is the auditing process? a. Planning, collecting evidence, evaluating evidence, communicating results b. Collecting evidence, evaluating evidence, and communicating results c. Collecting evidence, planning, evaluating evidence, and communicating results d. Planning, collecting evidence, and communicating results Answer: A 51 3. 4. When you talk with employees about heir hobs and how they carry out certain procedures is the __________ part of the collection of audit evidence a. Observation b. Discussion c. Review of documentation d. Physical examination Answer: B Which is not an objective of audit? a. Overall security b. Program modification c. Programs d. Computer processing Answer: C Naoko Hirose Chapter 5 1. Which conditions is reason to commit a fraud? a. Poor credit rating b. Fear of losing job c. Drug / alcohol addiction d. All of the above Answer: d 2. Computer fraud tends to be……. a. Older b. Younger c. Lack of experience d. None of the above Answer: b 3. ------------- scheme, the perpetrator steals the cash or checks that customer A mails into pay its accounts receivable. a. Kiting b. Lacking c. Lapping d. Failing Answer: c Chapter 6 1. ------------ controls deter problems before they arise. a. corrective b. Preventive c. detective d. None of the above 52 Answer: b 2. Which of following organizations issued internal control? a. committee of sponsoring organization b. public accounting organization c. Audit committee organization d. None of the above Answer: a 3. Which of following is not component of COSO’s internal control model? a. control activities b. risk assessment c. monitoring d. resources and processes Answer: d Chapter 7 1. Which of following are not five basic principles that contribute to system reliability? a. Privacy b. security c. Availability d. possibility Answer: d 2. Encryption is ---------- Control. a. detective b. preventive c. Corrective d. All of the above Answer: b 3. Typing password when you sign in homepage is a. Authentication b. Authorization c. None of the above d. All of the Above Answer: a Chapter 8 53 1. A check ensures that the input data will fit in to the assigned field called a. limit b. size c. range d. field Answer: b 2. Which regulation requires organizations to protect the privacy of their customers personal information? a. Health Insurance Portability b. Accounting Act c. Financial services modernization act d. All of the above Answer: d 3. In batch totals, which total sums a field that contains dollar value? a. hash b. record c. financial d. None of the above Answer: c Chapter 9 1. Which audit examines reliability and integrity of accounting records? a. Internal b. management c. financial d. operational Answer: c 2. ---------- risk is the auditors and their audit procedures will not detect a material error or misstatement. a. detection b. control c. inherent d. None of the above Answer: a 3. Which of following is the first processing of auditing? a. Collection of audit evidence 54 b. Evaluation of audit evidence c. Communication of audit result d. Audit planning Answer: d Ryan Owens Chapter 5 1. ___________ is any and all means a person uses to gain an unfair advantage over another person. a) Computer crime b) Fraud c) Miscommunication d) Corruption Answer b 2. Which is not part of the “Fraud Triangle”. a) Pressure b) Greed c) Rationalization d) Opportunity Answer b 3. ___________ are vulnerable to viruses. a) Cell phones b) PDAs c) Computers d) All of the above Answer d Chapter 6 1. Which of the following is not a function of internal controls. a) Preventative Controls b) Detective Controls c) Productive Controls d) Corrective Controls Answer c 2. ___________ can help minimize employee Fraud. a) Offering competitive wages b) Extensive Training c) Firing Disgruntled employees d) All of the above Answer d 3. ___________ can be accomplished with a series of ongoing events or by separate evaluations. a) Monitoring b) Control Activities c) Objective Setting d) All of the above 55 Answer a Chapter 7 1. ___________ is responsible for access to the system and its data. a) Security b) Confidentiality c) Privacy d) Availability Answer a 2. Security is a _________ issue. a) Management b) Governmental c) Minor d) Technology Answer a 3. The time based model of security focuses on implementing all of the following controls except a) Preventative b) Detective c) Corrective d) Passive Answer d Chapter 8 1. Confidential information should be encrypted a) While Stored b) During Transmission c) Never d) A and B Answer d 2. VPN Software creates private communication channels often referred to as _________. a) Bridges b) Tunnels c) Highways d) Pipelines Answer b 3. Spam is ___________. a) responsible for reducing email efficiency b) a source of malicious content c) unsolicited email d) All of the above Answer d Chapter 9 1. The risk that auditors and their procedures will miss a material error or misstatement pertains to _________. a) Detection risk b) Inherent risk 56 c) Control risk d) none of the above Answer a 2. Commonly used evidence collection methods used in auditing are a) Observation b) Discussions c) Confirmation d) all of the above Answer d 3. The first step in the Risk-Based Audit Approach is to _________. a) Determine the threats facing the AIS b) Identify control procedures implemented to minimize each threat by preventing or detecting such errors and irregularities. c) Evaluate the control procedures d) Evaluate weaknesses (errors and irregularities not covered by control procedures) to determine their effect on the nature, timing, or extent of auditing procedures and client suggestions. Answer A Megan Petruso Chapter 5-9 questions Chapter 5 Questions 1. Which of these is not a type of occupational fraud? a. misappropriation of assets b. insurance fraud c. corruption d. fraudulent statements answer: B 2. Financial statements are falsified for which of the following reasons? a. deceive investors and creditors b. cause a company’s stock price to rise c. meet cash flow needs d. all of the above answer: D 3. Perpetrators of computer fraud are: a. 35 or older b. younger and more computer knowledgable c. college educated d. usually social and outgoing Answer: B Chapter 6 Questions 1. Which of these is not a function of internal controls? a. prevention b. detection. c. manipulation d. correction Answer: C 57 2. The intent of SOX is to: a. prevent financial statement fraud b. make financial reports more transparents c. protect investors d. all of the above Answer: D 3. Public companies must have a/an ____________, composed of entirely independent outside directors. a. executive committee b. audit committee c. staff d. owner/manager Answer: B Chapter 7 Questions 1. Which of these is not part of the Trust Services Framework? a. confidentiality b. privacy c. processing integrity d. availability e. all of these are part of the framework Answer: E 2. Security is a _______ issue. a. time b. technology c. management d. none of these Answer: C 3. Which of these is not part of corrective controls? a. computer emergency response teams b. chief security officer c. log analysis d. patch management Answer: C Chapter 8 Questions 1. Use of a VPN software creates private communication channels called ________. a. virtual private networks b. tunnels c. caves d. alleys Answer: B 2. Which of these is not a category of integrity controls? a. source data controls b. processing controls c. output controls d. input controls Answer: D 3. Which of these is a type of partial backup? a. differential backup b. incremental backup c. both a & b 58 d. none of these Answer: C Chapter 9 1. The AAA stands for: a. Accounting Areas of America b. American Accounting Association c. Association of American Accountants d. None of these Answer: B 2. This is a type of internal auditing work: a. Information systems audit b. Operational/Management audit c. Financial audit d. All of the above Answer: D 3.Which of these is the first step in the auditing process: a. Collecting evidence b. evaluating the evidence c. communicating the results d. planning Answer: D Test 2 Questions CH. 5 1. 2. 3. CH. 6 1. 2. A ______ is data that Web sites store on your computer. A. Spoofing B. Cookies C. Spyware Answer: B ___________ is E-mailing unsolicited messages to many people at the same time. A. Adware B. Spyware C. Spamming D. Trojan Horse Answer: C Which one is not part of the fraud triangle? A. Opportunity B. Rationalization C. Pressure D. All of the above are part of the fraud triangle Answer: D ________ controls deter problems before they arrive A. Corrective controls B. Detective controls C. General controls D. Preventative controls Answer D Which one is not one of the four ways to respond to risk. A. Reduce B. Accept C. Share D. Avoid 59 3. CH. 7 1. 2. 3. CH. 8 1. 2. 3. CH. 9 1. 2. Answer: All of the above are ways to respond to risk ________ ensures that all aspects of the system are secure and protected from all internal and external threats. A. Security Management B. Computer operators C. Network managers D. System administrators Answer: A Process of transforming normal text into unreadable gibberish A. Encryption B. Decryption C. Plaintext D. Ciphertext Answer: A ___________specifies the procedure for dividing files and documents into packets to be sent over the Internet A. Internet Protocol (IP) B. Transmission Control Protocol (TCP) C. Access Control List (ACL) Answer: A Biometric techniques are an example of A. Authorization B. Authentication C. Hardening D. Filtering Answer: B Which one is not a control in the disposal of confidential information A. Shredding B. Thorough Erasure C. Encryption D. Physical Description Answer: C ___________ provides the functionality of a privately owned network while using the internet. A. Virtual Private Network (VPN) B. Firewall C. Cookie Answer: A _______ checks the accuracy of input data by using it to retrieve and display other related information A. Prompting B. Preformatting C. Closed-loop verification D. Transaction log Answer: C _________ examines the reliability and integrity of accounting records. A. Operational Audit B. Information Systems / Internal Control Audit C. Financial Audit Answer: C Which is not one of the three types of risk associated with conducting an audit A. Inherent risk B. Control risk C. Material risk D. Detection risk Answer: C 60 3. ______ interpret program source code and generate a corresponding program flowchart. A. Automated Flowcharting Programs B. Automated Decision Table Programs C. Snapshot Technique D. Integrated Test Facility (ITF) Answer: A Scott Reider Accounting 322 Test 2 Questions Chapter 5 1.) A(n) _________ is data that Websites store on your computer. a. Spam b. Fraud c. Cookie d. Opportunity Answer: C 2.) This is a person’s incentive or motivation for committing a fraud. a. Opportunity b. Opening c. Reward d. Pressure Answer: D 3.) What allows perpetrators to justify their illegal behavior? a. Pressure b. Rationalization c. Opportunity d. Data leakage Answer: B Chapter 6 1.) What is referred to as the potential dollar loss should a particular threat become a reality? a. Impact b. Threat c. Detective Controls d. Corrective Controls Answer: A 2.) What controls deter problems before they arise? a. General b. Corrective c. Preventive d. Detective Answer: C 3.) Who specializes in fraud detection and investigation? a. Public Accountants b. Computer Security Officer (CSO) c. CIA Agent d. Forensic Accountants Answer: D Chapter 7 1.) Which one of these is NOT a fundamental information security concept? a. Security is a management issue b. Time-based model of security 61 c. d. Defense-in-depth Security is a Technical issue Answer: D 2.) Where are the organization’s Web servers and e-mail servers placed? a. Firewall b. Demilitarized Zone (DMZ) c. Router d. Filter Answer: B 3.) What kind of attack is where an attacker sends a program more data than it can handle? a. Key escrow b. Cipertext c. Hardening d. Buffer overflow attack Answer: D Chapter 8 1.) Many businesses are replacing bar codes and manual tags with _________ tags that can store up to 128 bytes of data. a. Radio Frequency Identification (RFID) b. UPC c. Check Digit d. Parity bit Answer: A 2.) What sums a field that contains dollar values? a. Hash total b. Batch total c. Record total d. Financial total Answer: D 3.) What is located at the end of each file and contains the batch totals calculated during input? a. Header record b. Trailer record c. Record count d. Hash total Answer: B Chapter 9 1.) Which of these is not one of the three commonly performed audits? a. Financial Audit b. Information Systems Audit c. External Control Audit d. Operational Audit Answer: C 2.) Which is not a type of risk when conducting an audit? a. Material risk b. Inherent risk c. Control risk d. Detection risk Answer: A 3.) What automatically prepares test data based on program specifications? 62 a. b. c. d. Integrated test facility Audit hooks Continuous and Intermittent simulation (CIS) Test data generator Answer: D Ch.5 1. Fraud takes the form of a. misappropriation of assets b. fraudulent financial reporting c. both a and b d. none of the above answer: c 2. A(n) _____________ is a person’s incentive or motivation for committing fraud. a. opportunity b. rationalization c. kiting scheme d. pressure answer: d 3. _____________ is sending out an e-mail pretending to be a legitimate company, usually a financial institution, and requesting information. a. Phishing b. Dumpster Diving c. Shoulder Surfing d. Spoofing answer: a Ch. 6 1. What was created to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies, and punish executives who perpetrate fraud? a. Foreign Corrupt Practices Act b. Sarbanes-Oxley Act of 2002 (SOX) c. Public Company Accounting Oversight Board (PCAOB) d. Control Objectives for Information and related Technology (COBIT) answer: b 2. Which type of objectives deal with the effectiveness and efficiency of company operations, such as performance and profitability goals and safeguarding assets? a. Strategic Objectives b. Reporting Objectives c. Compliance Objectives d. Operations Objectives answer: d 3. __________________ are responsible for ensuring that the different parts of an information system operate smoothly and efficiently. a. Systems Administrators b. Network Managers c. Programmers d. Data Control Group answer: a 63 Ch. 7 1. Which of these choices is not one of the five basic principles that contribute to systems reliability? a. Security b. Privacy c. Compensation d. Confidentiality answer: c 2. _______________ focuses on verifying the identity of the person or device attempting to access the system. a. Authentication b. Authorization c. Privacy d. Compatibility answer: a 3. What is the process of transforming normal text into unreadable gibberish? a. Hashing b. Encryption c. Decryption d. Hardening answer: b Ch.8 1. A(n) ___________ is a text file created by a Web site and stored on a visitor’s hard disk. a. Spam b. Archive c. Backup d. Cookie answer: d 2. Which type of test ensures that the input data will fit into the assigned field? a. field check b. sign check c. size check d. validity check answer: c 3. _______________ is an online data entry control in which the computer displays a form on the screen and the user fills in the blanks on the form as needed. a. Preformatting b. Prompting c. Closed-loop Verification d. Data Matching answer: a Ch.9 1. Which type of audit reviews the controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets? a. financial audit b. operational audit c. managerial audit d. information systems audit answer: d 64 2. A(n) _______________ is the risk that auditors and their audit procedures will not detect a material error or misstatement. a. Inherent risk b. Control risk c. Detection risk d. None of the above answer: c 3. _______________ search a program for the occurrence of a particular variable name or other combinations of characters. a. Program tracing b. Scanning routines c. Mapping programs d. Automated decision table programs answer: b Ryan McCauley Craig Schiffbauer Ch. 5 1) Hackers that specifically attack phone systems and use telephone lines to transmit viruses and to access, steal, and destroy data are known as: a. Hijackers b. Phreakers c. Phishermen d. Spammers 2) Assuming someone’s identity, usually for economic gain by illegally obtaining confidential information is: a. Identity theft b. Piracy c. Email Forgery d. Salami technique 3) Software the monitors computing habits and sends the date to someone else, often without the user’s permission or knowledge is (a): a. Virus b. Worm c. Adware d. Spyware Ch. 6 1) Controls that deter problems before they arise are called: a. General controls b. Preventative controls c. Detective controls d. Corrective controls 2) What type of control system measures company progress by comparing actual performance to planned performance? a. Belief system b. Boundary system c. Diagnostic system d. Interactive system 3) Those who ensure that all applicable devices are linked to the organization’s internal and external networks and the networks operate continuously and properly are: a. System administrators b. Network administrators c. Security managers d. Users 65 Ch. 7 1) Patch management is what type of control? a. Preemptive b. Preventative c. Detective d. Corrective 2) Which is not a type of authentication control? a. Compatibility test b. Password c. Fingerprint d. ID Badge 3) What is the outermost (closest to the internet) layer of a properly designed network as it is described in the text? a. Department server b. Main firewall c. Border router d. Authentication server Ch. 8 1) Verifying that a value is between 768 and 1024 is an example of a: a. Sign check b. Limit check c. Completeness check d. Range check 2) Which of the following is an example of an online data entry control? a. Prompting b. Preformatting c. Closed-loop verification d. All of the above 3) Which of the following protects against power outages? a. UPS b. DoS c. DoA d. DMZ Ch. 9 1) Which audit type examines the reliability and integrity of accounting records? a. Financial audit b. Information systems audit c. Operation audit d. Management audit 2) Which is meant to identify unexecuted program code? a. Program tracing b. Mapping programs c. Scanning routines d. Automated flowcharting programs 3) Which is a general function of computer audit software? a. Reformatting b. File manipulation c. Calculation d. All of the above Exam 2 questions Chapter 5 1. Which is not something considered fraud? 66 A. B. C. D. 2. 3. Intent to deceive. Injury or loss suffered by victim. False statement, representation, or disclosure. Whistle blowing. SAS 99 requires auditors to: A. Document and communicate findings. B. Prepare taxes in a timely manner. C. Advise management on firing decisions. D. Only include a sample of information in report. A worm differs from a virus in that: A. a worm is a stand alone program B. a worm can not be fixed C. worms replicate themselves D. A & C E. None of the above. Chapter 6 1. This is the processes implemented by the board of directors or management and those under their direction to provide reasonable assurance that the following control objectives are achieved. A. GAAP B. Sarbanes Oxley C. Internal Controls D. Foreign Corrupt practices act 2. Internal environment consists of all of the following except A. External Influences B. Organizational Structure C Competitors D. Board of directors 3. Segregation is achieved when which of the following functions are separated. A. Custody B. Recording C. Authorization D. All of the above E. None of the above Chapter 7 1. Security is a management issue A. True B. False C. Not a technology issue D. Is everyone’s responsibility 2. User can be verified by A. Passwords or PINs B. Smartcards or ID badges C. Verification is never necessary D. Biometric identifiers E. A,B &D 3. Transforming plaintext into ciphertext is known as A. Transposition B. Encryption C. Translation D. Encoding 67 Chapter 8 1. 2. 3. This is a text file created by a web site and stored on a visitor’s hard disk. A. Cookie B. Visitor log C. Trail D. VPN This control protects records from errors that occur when 2 or more users try to update the record simultaneously. A. Cross Control B. Current batching C. Concurrent update D. Same time saving The use of redundant components, such as dual processors and arrays of multiple hard drives is know as A. Backup B. Fault tolerance C. Fault denial D. Redundant tolerance Chapter 9 1. 2. 3. Which is not a common audit? A. Internal Control B. Operational C. Financial D. Employment what are the types of risk associated with audits A. Detection B. Control Risk C. Inherent D. All of the above E. B & C only this examines the way transactions are processed? A. Integrated test B. Embedded models C. Snapshot technique D. Audit hooks Shane Mowery Test 2 Chapter 5 1. ________ is often referred to as employee fraud, is the theft of assets and is committed by a person or a group of people for personal financial gain. a) Misappropriation of assets b) Fraudulent financial reporting c) Data diddling d) Denial-of-service attack 2. Tricking an employee into providing the information needed to get into a system is referred to as ________. a) Password cracking b) Social engineering c) Piggybacking d) Shoulder surfing 3. Copying computer software without the publisher’s permission is referred to as_______. 68 a) Spamming b) Superzapping c) Software piracy d) Adware Chapter 6 1. ________ deter problems before they arise. a) Preventive controls b) Detective controls c) Corrective controls d) General controls 2. ________ are needed to discover problems as soon as they arise. a) Preventive controls b) Detective controls c) Corrective controls d) General controls 3. The Sarbanes Oxley Act of 2002 created _________. a) Public Company Accounting Oversight Board b) Securities and Exchange Commission c) Committee of Sponsoring Organizations d) Institute of Management Accountants Chapter 7 1. A device called a _________ connects an organization’s information system and the internet. a) Border router b) Firewall c) Transmission Control Protocol d) Internet Protocol 2. Firewalls are an example of _________. a) Preventive controls b) Detective controls c) Corrective controls d) Reactive controls 3. _________ is the process of examining logs to monitor security. a) Log analysis b) Vulnerability scans c) Penetration test d) Filtering Chapter 8 1. A ________ is a text file created by a Web site and stored on a visitor’s hard disk. a) Cookie b) Backup c) Checkpoint d) Archive 2. A ________ is a facility that is not only prewired for telephone and internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities. a) Cold site b) Hot site c) Virtual Private Network d) Archive 3. A _________ determines if the data in a field have the appropriate arithmetic signs. a) Sign check b) Field check c) Limit check d) Size check 69 Shane Mowery Test 2 Chapter 9 1. A systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users is the definition of __________. a) Auditing b) Systems review c) Tests of controls d) Reasonable assurance 2. ________ interprets program source code and generates a corresponding program flowchart. a) Real-time notification b) Continuous and intermittent simulation c) Automated flowcharting program d) Automated decision table program 3. _________ generates a decision table representing the program logic. a) Real-time notification b) Continuous and intermittent simulation c) Automated flowcharting program d) Automated decision table program Jessica Simpson Chapter 5 1. Attacking phone systems and using telephone lines to transmit viruses and to access, steal, and destroy data is referred to as: a. Phishing b. Phreaking c. Hacking d. Hijacking Answer: b 2. The salami technique is used to: a. Trick an employee into providing information to get into a system b. Gain access to confidential information by scavenging corporate records c. Steal small amounts of money over time d. Decrease expenses by a fraction of a percent Answer: c 3. Which of the following is not a characteristic of a work? a. Resides in email attachments b. Has a short life c. Can be very destructive d. It is dependent on other programs Answer: d Chapter 6 1. An interactive control system: a. Helps employees act ethically by setting limits beyond which an employee must not pass b. Helps top-level management with high-level activities that demand frequent and regular attention c. Helps measure company progress by comparing actual performance to planned performance e. Helpd communicate the company’s core values to employees and inspires them to live by them 70 Answer: b 2. Which one of the following is not a way to respond to risk? a. Reduce b. Avoid c. Accept d. None of the above Answer: d 3. Which one of the following is not a function in the segregation of accounting duties? a. Authentication b. Authorization c. Custody d. Recording Answer: a Chapter 7 1. Which one of the following techniques involves a process that takes plaintext of any length and transforms it into a short code? a. Hashing b. Symmetric encryption c. Asymmetric encryption d. Hardening Answer: a 2. Searching for an idle modem by programming a computer to dial thousands of phone lines is called: a. Patching b. Scanning c. Encrypting d. None of the above Answer: d 3. What are the three important factors in determining the strength of any encryption system? a. Key length, key management policies, and nature of the encryption algorithm b. Key length, key strength, and key management policies c. Key length, key strength, and nature of the encryption d. Key strength, key management policies, and the nature of the encryption algorithm Answer: a Chapter 8 1. Which type of check determines if the data in a field have the appropriate arithmetic sign? a. Limit check b. Validity check c. Range check d. Sign check Answer: d 2. Which of the following is not a type of processing control? a. Data matching b. Prompting c. Recalculation of batch totals d. File labels Answer: b 71 3. What type of backup is a copy of a database, master file, or software that will be retained indefinitely as a historical record? a. Checkpoint b. Archive c. Differential backup d. Incremental backup Answer: b Chapter 9 1. What is the best method to begin with when collecting audit evidence? a. Observation b. Analytical review c. Review of documentation d. Discussion with employees Answer: b 2. The risk that auditors and their audit procedures will not detect a material error or misstatement is referred to as: a. Detection risk b. Inherent risk c. Collective risk d. Control risk Answer: a 3. Which of the following is a characteristic of auditing? a. Auditing is a systematic, step-by-step process b. Auditing involves the collection and review of evidence c. Auditing involves the use of established criteria evidence d. All of the above are characteristic of auditing Answer: d Stefanie Snyder 1p-2:15p class Chapter 5 1. Gaining access to confidential information by searching corporate or personal records is known as __________. a. Password cracking b. Social engineering c. Salami technique d. Dumpster diving Answer: D If someone were to say, “Everyone else is doing it, so it is not that wrong” they would be using a form of _________. a. Rationalization b. Kiting c. Undiversified risk d. Opportunity Answer: A 2. 3. The fraud triangle consists of these elements: a. Commitment, willingness, secrets b. Opportunity, rationalization, pressure 72 c. d. Opportunity, rationalization, planning Guilt, denial, threat Answer: B Chapter 6 4. Expected loss equals ______ a. Impact divided by likelihood b. Impact multiplied by likelihood c. Impact minus likelihood d. Impact plus likelihood Answer: B 5. A CSO is the ___________ a. Control standards officer b. Computer skilled officer c. Capital structure officer d. Computer security officer Answer: D 6. The _________ system helps employees act ethically by setting limits beyond which and employee must not pass. a. Boundary b. Horizon c. Border d. Honor Answer: A Chapter 7 7. If someone with authorization enters a locked door and is followed before the door closes again by someone who perhaps does not have access to enter, the second person entering is doing what? a. Lock testing b. Piggybacking c. Trailing d. Gliding Answer: B 8. The process of transforming plain text into unreadable gibberish is known as ___. a. Encryption b. Hardening c. Linking d. Auditing Answer: A 9. To examine logs to monitor security would be to perform a ______. a. Log roll b. Log analysis c. Log examination d. Log filter Answer: B Chapter 8 10. When a system requests each input data item and waits for an acceptable response the system is ________. a. Prompting b. Promoting 73 c. d. Progressing Prolonging Answer: A 11. A ________ is an exact copy of the most current version of a database, file or software program. a. Xerox b. Backup c. Restoration d. Scanning Answer: B 12. Similar to a limit check a ________ check has both upper and lower limits. a. Domain b. High/Low c. Range d. Field Answer: C Chapter 9 13. The most crucial step in the auditing process is ______. a. Audit planning b. Collection of audit evidence c. Evaluation of audit evidence d. Communication of audit results Answer: A 14. ________ is the susceptibility to material risk in the absence of controls. a. Materiality b. Control risk c. Inherent risk d. Vouching Answer: C 15. What is and is not important in a given set of circumstances is known as _____. a. Majority b. Matter of fact c. Mandatory d. Materiality Answer: D George Sperdute Chapter 5 1. Which one of these is not a threat to companies information systems? A. Natural and Political Disasters B. Software errors and equipment malfunctions C. Unintentional Acts D. Responsible Acts 2. _____________ is any and all means a person uses to gain an unfair advantage over another person. A. Fraud B. Lying C. Deceiving D. Falsifying 3. ACFE stands for: 74 A. B. C. D. American Committee For Everyone Association of Certified Fraud Examiners Association of Certified False Equity Association of Callable Former Employees Chapter 6 1. The primary purpose of the Foreign Corrupt Practices Act is: A. Prevent the bribery of foreign officials to obtain business. B. Prevent the CEO from having too much power. C. Prevent foreign companies from investing in American companies. D. Prevent companies from investing in other companies. 2. The intent of SOX is all of the following except: A. To prevent financial statement fraud. B. To make financial reports more transparent. C. To Protect investors D. All are the intent of SOX 3. According to SOX, auditors cannot perform certain non-audit services such as all of the following except: A. Bookkeeping B. Information systems design and implementation C. Management functions D. Examining the books of publicly traded companies. Chapter 7 1. All of the following are fundamental information security concepts except: A. Security as a management issue , not a technology issue B. Time-based model of security C. Defense in Depth D. Relational Database Model 2. Authentication is a _____________ type of control. A. Preventitive B. Corrective C. Detective D. Encrypted 3. __________ restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform. A. Authentication B. Authorization C. Training D. Firewall Chapter 8 1. A _____________ determines if the characters in a field are of the proper type. A. field check B. limit check C. range check D. size check 2. _________ summarize key values for a batch of input records should be calculated. A. Batch Totals B. Prompting C. Transposition Error D. Cross-Footing Balance Test 75 3. A ___________ is a text file created by a web site and stored on a visitor’s hard disk. A. Cookie B. Trojan Horse C. Spam D. Worm Chapter 9 1. All of the following are types of audits except: A. Financial Audit B. Internal Control Audit C. Management Audit D. All of the following are types of Audits 2. All of the following are risks associated with conducting an audit: A. Inherent Risk B. Control Risk C. Correction Risk D. Detection Risk 3. The _______________ technique also uses a verified copy of the source code. A. Processing B. Reprocessing C. Auditing D. Simulation Samantha Tennant CH. 5 1. A __________ is data that Web sites store on your computer. a. virus b. cookie c. spy ware d. file 2. Phreakers are hackers that attack: a. e-mail b. databases c. computer systems d. telephone lines 3. A set of unauthorized computer instructions in an authorized and otherwise properly functioning program is called a: a. Trojan horse b. key logger c. spam d. trap door CH. 6 1. 2. __________ __________ deter problems before they arise a. preventice controls b. detective controls c. general controls d. application controls The ERM model indicates that there are four ways to respond to risk. Which of the following is not a way to respond to risk? a. accept 76 b. c. d. 3. CH. 7 1. avoid monitor share A __________ __________ should be formed to guide and oversee systems development and acquisition. a. performance evaluation b. project milestone c. data group d. steering committee _________ focuses on verifying the identity of the person or device attempting to access the system. a. authorization b. authentication c. compatibility d. security 2. Examples of preventive controls include a. training b. encryption c. remote access controls d. all of the above 3. Modifying default configurations to improve security is called a. hardening b. filtering c. encryption d. hashing CH. 8 1. Which of the following is not a source data control that regulates input integrity? a. forms design b. visual scanning c. prompting d. check digit verification 2. A _________ ensures that the data will fit into the assigned field. a. limit b. field c. size d. validity 3. Which of the following are message acknowledgement techniques? a. echo check b. trailer record c. numbered batches d. all of the above CH. 9 1. 2. A __________ audit examines the reliability and integrity of accounting records and correlates with the first of the five scopes standards. a. operational b. financial c. management d. none of the above _________ __________ are audit routines that flag suspicious transactions. 77 a. b. c. d. 3. audit logs audit hooks snapshot techniques internal controls Which of the following are general functions of computer audit software? a. reformatting b. data selection c. statistics d. all of the above Andrew DeVincent Chapter 5 1. Which of the following is not a side of the fraud triangle? A. Opportunity B. Rationalization C. Justification D. Pressure 2. Accessing and using computer systems without permission is called _____. A. Hijacking B. Password Cracking C. Piggybacking D. Hacking 3. One way to help reduce fraud losses is to _____. A. Maintain adequate insurance B. Develop comprehensive fraud contingency plans C. Store Back-up files in a secure off-sight location D. All of the above Chapter 6 1. A company should provide training in which of the following areas? A. Fraud awareness B. Ethical considerations C. Punishment for fraud and unethical behavior D. All of the above 2. Studies show that as many as _____ of all applicants include false information in their applications or on their resumes. A. 30% B. 50% C. 10% D. 60% 3. The risk that exists before management takes any steps to control the likelihood or impact of a risk is _____. A. Inherent risk B. Residual risk C. Avoidable risk D. Control risk Chapter 7 1. Who is primarily responsible for information security? A. IT department B. Management C. Shareholders D. Board of Directors 2. Which of the following is a corrective control? A. Managerial reports B. Patch management C. Encryption D. Training 78 3. Encryption is the process of turning _____ into _____. A. ciphertext; plaintext B. plaintext; wingdings C. symbols; bitmap D. plaintext; ciphertext Chapter 8 1. Which of the following is a protective measure to prevent identity theft? A. Shred all documents that contain personal information B. Never send personally identifying information in unencrypted e-mail C. Monitor your credit reports regularly D. All of the above 2. A _____ determines if the characters in a field are of the proper type. A. sign check B. range check C. field check D. limit check 3. The process of copying the data items that have changed since the last backup is called _____? A. Differential backup B. Incremental backup C. Recovery D. Batch processing Chapter 9 1. Which of the following is not a function of computer audit software? A. Data analysis B. File processing C. Reformatting D. Data entry 2. _____ uses embedded audit modules to continuously monitor transaction activity and collect data on transactions with special audit significance. A. ITF B. SCARF C. ERM D. DTI 3. The audit results are sent to which of the following parties? A. Board of Directors B. Management C. Audit Committee D. All of the above Josh Underwood Accounting 322 Test 2 Questions Chapter 5 1. Fraud perpetrators are often referred to as ___________ . A. white-collar criminals B. sabotage C. opportunists D. pressure Answer: A 2. According to the text which of the following is NOT a condition or situation that opportunity facilitates. A. Commit the fraud 79 B. Conceal the fraud C. Convert the theft or misrepresentation to personal gain. D. not getting caught participating in the fraud Answer: D 3. In a _____ scheme, the perpetrator covers up a theft by creating cash through the transfer of money between banks. A. lapping B. kiting C. phishing D. war dialing Answer: B Chapter 6 1. __________ controls deter problems before they arise. A. Preventive B. Detective C. Corrective D. General Answer: A 2. A __________ system helps employees act ethically by setting limits beyond which an employee must not pass. A. boundary B. diagnostic C. belief D. interactive Answer: A 3. The risk that remains after management implements internal controls, or some other response to risk, is __________ risk. A. inherent B. digital C. residual D. general Answer: C Chapter 7 1. _________ restricts access of authenticated users to specific portions of the system and specifies what actions they permitted to perform. A. Authentication B. Private key C. Hashing D. Authorization Answer: D 2. __________ uses deception to obtain unauthorized access to information resources. A. Social engineering B. Hashing C. Firewall D. Demilitarized zone Answer: A 80 3. ________ calls every telephone number assigned to an organization to identify those which are connected to modems. A. Deep packet inspection B. Stateful packet filtering C. Static packet filtering D. War dialing Answer: D Chapter 8 1. A ____________ tests if a batch of input data is in proper numerical or alphabetical sequence. A. sequence check B. error log C. field check D. size check Answer: A 2. A ________ is an extra copy of the most current version of a database, file, or software program. A. backup B. restoration C. hot site D. cookie Answer: A 3. An _______ is a copy of a database, master file, or software that will be retained indefinitely as an historical record. A. cold site B. hot site C. checkpoint D. archive Answer: D Chapter 9 1. _________ risk is the susceptibility to material risk in the absence of controls. A. Inherent B. Control C. Detection D. Jail Answer: A 2. ___________ is similar to reprocessing except that the auditor writes a program instead of saving a verified copy of the source code. A. Parallel simulation B. Mapping programs C. Real-time notifications D. Snapshot technique Answer: A 3. _______ are audit routines that flag suspicious transactions. A. Audit logs B. Embedded audit modules 81 C. Audit hooks D. materiality Answer: C Kristin Walton Test 2 Questions October 3, 2006 Chapter 5 1. ___________ is the theft of assets and is committed by a person or group of people for personal financial gain. a) employee fraud b) white-collar crime c) misappropriation of assets d) both a and c are correct Answer: D 2. In respect to AIS, opportunity is the condition or situation that allows a person or organization to…. a) Commit the fraud, conceal the fraud, convert the theft or misrepresentation into personal gain b) Financial statement misrepresentation c) Steal a lot of office supplies d) Cheat on a test Answer: A 3.A ____________ occurs when an attacker sends so many email-bombs, often from randomly generated false addresses, that the Internet service provider’s email server is overloaded and shuts down. a) Data leakage b) Hijacking c) Phreakers d) Denial-of-service attack Answer: D Chapter 6 1. This a reason that most fraud cases and hacker attacks go unreported and are not prosecuted. a) Many law enforcement officials, lawyers, and judges lack the computer skills needed to investigate, prosecute, and evaluate computer crimes b) There are too many external influences c) Law enforcement officials and the courts are so busy with violent crimes that they have little time for computer crimes in which no physical harm occurs. d) Both a and b e) Both a and c Answer: E 2. The four ways to respond to risk include: reduce, accept, share and ___________. a) Identify controls b) Determine cost-benefit effectiveness c) Avoid d) Segregate accounting duties Answer: C 3. ____________ specialize in fraud detection and investigation. 82 a) b) c) d) Cost accountants Forensic accountants Fraud accountants Computer security officer Answer: B Chapter 7 1. Three important factors determine the strength of any encryption system: key length, key management policies and _________________. a) Nature of the encryption algorithm b) Nature of plaintext c) Decryption d) Key escrow Answer: A 2. A digital signature is….. a) Process that takes plaintext of any length and transforms it into a short code. b) Use the same key both to encrypt and decrypt c) The process of examining logs to monitor security. d) Information encrypted with the creator’s private key Answer: D 3. A _____________ is an authorized attempt by either an internal audit team or an external security consulting firm to break into the organization’s information system. a) Vulnerability scan b) Penetration test c) Computer emergency response team d) Fraud detection test Answer: B Chapter 8 1. All of these except ________ are listed by the AICPA/CICA as part of the 10 internationally recognized best practices for protecting the privacy of customers’ personal information. a) Management b) Collection c) Use and retention d) Source data controls Answer: D 2. A validity check…. a) Determines if the characters in a field are of the proper type b) Ensures that the input data will fit into the assigned field c) Compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists d) Determines the correctness of the logical relationship between two data items Answer: C 3. A _______ copies all changes made since the last full backup. a) Differential backup b) Incremental backup c) Restoration 83 d) Hot site Answer: A Chapter 9 1. ___________ is a type of audit that is commonly performed. a) Financial audit b) Information systems audit c) Management audit d) Resource audit e) a, b and c are all correct f) all the above are correct Answer: E 2. __________ are audit routines that flag suspicious transactions. a) Audit modules b) Audit hooks c) Audit log d) Snapshot audits Answer: B 3. __________ is the susceptibility to material risk in the absence of controls. a) Detection risk b) Inherent risk c) Control risk d) Material risk Answer: B Erica Wolford Chapter 5 1. Which of the following is a pressure that leads to employee fraud? a. Financial pressure b. Emotional pressure c. Lifestyle d. None of the above e. All of the above 2. ___________ is the simplest and most common way to commit fraud. It requires little computer skills and perpetrator only needs to understand how the system operates. a. Processor Fraud b. Output Fraud c. Input Fraud d. Data Fraud 3. Which of the following methods of committing fraud involves sending an email message that appears to have come from someone other than the actual sender? a. Spoofing b. Data Leakage c. Eavesdropping d. Email Threats Chapter 6 1. Any potential adverse occurrence or unwanted event that could injure the AIS or the organization is a. An impact b. A threat c. An exposure 84 2. 3. d. A likelihood Which of the following does the audit committee not oversee? a. The company’s internal control structure b. It financial reporting process c. Its compliance with laws, regulations, and standards d. The payment of employees Which of the following is not part of COSO’s internal control model a. Risk assessment b. Internal control policies c. Monitoring d. Information and communication Chapter 7 1. The Trust Services Framework identifies five basic principals that contribute to system reliability. Which principal insures that data is processed accurately? a. Privacy b. Confidentiality c. Processing Integrity d. Availability 2. Which of the following of a detective control? a. Patch Management b. Log Analysis c. Training d. Encryption 3. An effective password must satisfy a number of requirements, this includes: a. Length b. Random c. Secret d. Multiple character types e. None of the above f. All of the above Chapter 8 1. Which back up method is an exact copy of the data recorded on another physical media? a. Full Backup b. Incremental Backup c. Differential Backup d. Archive Backup 2. A _______________ is an input validation test that determines whether a logical relationship seems to be correct. a. Field check b. Size check c. Reasonableness test d. Limit check 3. Back up procedures are relevant to which Trust Services framework principle? a. Confidentiality b. Privacy c. Processing Integrity d. Availability e. None of the above Chapter 9 1. ____________ is an internal audit that examines reliability and integrity of accounting records. a. Information Systems Audit b. Operational Audit c. Management Audit d. Financial Audit 85 2. 3. This stage of the auditing process is when the auditor prepares a written report summarizing audit findings and recommendations. a. Planning b. Communicating Audit Results c. Collecting Evidence d. Evaluating Evidence Which of the following is a computer program written especially for auditors? a. CAAT b. CAS c. ITF d. CAD Laura Yost 10-5-06 Chpt. 5 1. Information systems are becoming increasingly more __________ and society is becoming increasingly more ____________ on these systems. A. expensive; independent B. affordable; reliant C. complex; dependent D. simple; dependent Answer: C 2. What percent of companies suffer a security breach? A. 67% B. 50% C. 82% D. 10% Answer: A 3. Chpt 6 1. Perpertrators of computer fraud tend to be which of the following? A. older and computer savy B. uneducated C. young and computer savy D. None of the above Answer: C Control risks have ________ in the last few years. A. Decreased B. Remained constant C. Increased D. None of the above Answer: C 2. Companies are taking positive steps to achieve better control. Which of the following is/are examples of the steps being taken? A. Moving sensitive data to more secure environment B. Educating employess about control measures. C. Devoting full time staff to security and control concerns. D. All of the above Answer: D 3. Achieving adequate security and control over information resources of an organization should be a ________ priority for management/ 86 A. B. C. D. Non-existent Top Bottom Low Answer: B Chpt 7 1. The trust services framework identifies four essential criteria for implementing principles of system reliability which includes which of the following? A. Monitor the system B. Design and employ control procedures C. Develop and document policies D. All of the above Answer: D 2. Technology advances create new threats and ______________ risks associated threats. A. alters B. doesn’t change C. decreases D. None of the above. Answer: A with existing 3. Defense in depth should be made up of ___________. A. a single layer B. a double layer C. multiple layers D. there are no layers Answer: C Chpt 8 1. ___________ is a fundamental control procedure for protecting the confidentiality of sensitive information. A. Classic coding B. Encryption C. Privacy D. None of the above Answer: B 2. Use of _______-creates private communication channels, often referred to as A. VPN; telephone lines B. MDI; canals C. VPN; tunnels D. PPA; tunnels Answer: C _____________. 3. Which country uses the “opt out” method which states: A. US, can not collect information unless the customer explicitly gives permission. B. Europe, can not collect information unless the customer explicitly gives permission. C. US, can collect information unless the customer explicitly objects. D. Europe, can collect information unless the customer explicitly objects. Answer: C Chpt 9 1. According to the IIA the purpose of an internal audit is to: A. Evaluate adequacy of a company’s internal control system 87 B. Evaluate effectiveness of a company’s internal control system C. Determine the extent to which assigned responsibilities are carried out D. All of the Above Answer: D 2. Today’s organizations use a computerized AIS to ____________company A. Process B. Store C. Control D. All of the above Answer:D 3. Which of the following is a type of internal audit? A. Financial audit B. Information Systems audit C. Operational Audit D. All of the above Answer: D information. 88
