help in homework

New User?

Fill This Form To Receive Instant Help

Help in Homework
trustpilot ratings
google ratings


Homework answers / question archive / Utah State University ACCT 610 Chapter 16-IT Controls Part II: Security and Access TRUE/FALSE 1)In a computerized environment, the audit trail log must be printed onto paper documents

Utah State University ACCT 610 Chapter 16-IT Controls Part II: Security and Access TRUE/FALSE 1)In a computerized environment, the audit trail log must be printed onto paper documents

Business

Utah State University

ACCT 610

Chapter 16-IT Controls Part II: Security and Access

TRUE/FALSE

1)In a computerized environment, the audit trail log must be printed onto paper documents.

 

 

 

  1. Disguising message packets to look as if they came from another user and to gain access to the host’s network is called spooling.

 

 

 

  1. Access controls take on increased importance in a computerized environment because all of the records may be found in one place.

 

 

 

  1. Computer viruses usually spread throughout the system before being detected.

 

 

 

  1. A worm is software program that replicates itself in areas of idle memory until the system fails.

 

 

 

  1. Viruses rarely attach themselves to executable files.

 

 

 

  1. Subschemas are used to authorize user access privileges to specific data elements.

 

 

 

  1. A recovery module suspends all data processing while the system reconciles its journal files against the database.

 

 

 

  1. The Database Management System controls program files.

 

 

 

  1. Operating system controls are of interest to system professionals but should not concern accountants and auditors.

 

 

 

  1. The most frequent victims of program viruses are microcomputers.

 

 

 

  1. Access controls protect databases against destruction, loss or misuse through unauthorized access.

 

 

 

  1. Operating system integrity is not of concern to accountants because only hardware risks are involved.

 

 

 

  1. Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual keystrokes and event-oriented logs.

 

 

 

  1. In a telecommunications environment, line errors can be detected by using an echo check.

 

 

 

  1. Firewalls are special materials used to insulate computer facilities
  2. The message authentication code is calculated by the sender and the receiver of a data transmission.

 

 

 

  1. The request-response technique should detect if a data communication transmission has been diverted.

 

 

 

  1. Electronic data interchange translation software interfaces with the sending firm and the value added network.

 

 

 

  1. A value added network can detect and reject transactions by unauthorized trading partners.

 

 

 

  1. Electronic data interchange customers may be given access to the vendor's data files.

 

 

 

  1. The audit trail for electronic data interchange transactions is stored on magnetic media.

 

 

 

  1. A firewall is a hardware partition designed to protect networks from power surges.

 

 

 

  1. To preserve audit trails in a CBIS environment, transaction logs are permanent records of transactions.

 

 

 

  1. Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating subschemas.

 

 

 

MULTIPLE CHOICE

 

  1. The operating system performs all of the following tasks except

a.

translates third-generation languages into machine language

b.

assigns memory to applications

c.

authorizes user access

d.

schedules job processing

 

 

  1. Which of the following is considered an unintentional threat to the integrity of the operating system?

a.

a hacker gaining access to the system because of a security flaw

b.

a hardware flaw that causes the system to crash

c.

a virus that formats the hard drive

d.

the systems programmer accessing individual user files

 

 

  1. A software program that replicates itself in areas of idle memory until the system fails is called a

a.

Trojan horse

b.

worm

c.

logic bomb

d.

none of the above

 

 

  1. A software program that allows access to a system without going through the normal logon procedures is called a

a.

logic bomb

b.

Trojan horse

c.

worm

d.

back door

 

 

  1. All of the following will reduce the exposure to computer viruses except

a.

install antivirus software

b.

install factory-sealed application software

c.

assign and control user passwords

d.

install public-domain software from reputable bulletin boards

 

 

  1. Which backup technique is most appropriate for sequential batch systems?

a.

grandfather-father-son approach

b.

staggered backup approach

c.

direct backup

d.

remote site, intermittent backup

 

 

 

  1. When creating and controlling backups for a sequential batch system,

a.

the number of backup versions retained depends on the amount of data in the file

b.

off-site backups are not required

c.

backup files can never be used for scratch files

d.

the more significant the data, the greater the number of backup versions

 

 

  1. Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host’s network using a technique called

a.

spoofing.

b.

spooling.

c.

dual-homed.

d.

screening.

 

 

  1. In a direct access file system

a.

backups are created using the grandfather-father-son approach

b.

processing a transaction file against a maser file creates a backup file

c.

files are backed up immediately before an update run

d.

if the master file is destroyed, it cannot be reconstructed

 

 

  1. Which of the following is not an access control in a database system?

a.

antivirus software

b.

database authorization table

c.

passwords

d.

voice prints

 

 

  1. Which is not a biometric device?

a.

password

b.

retina prints

c.

voice prints

d.

signature characteristics

 

 

  1. Which of the following is not a basic database backup and recovery feature?

a.

checkpoint

b.

backup database

c.

transaction log

d.

database authority table

 

 

  1. All of the following are objectives of operating system control except

a.

protecting the OS from users

b.

protesting users from each other

c.

protecting users from themselves

d.

protecting the environment from users

 

 

 

  1. Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all of the following except

a.

failure to change passwords on a regular basis

b.

using obscure passwords unknown to others

c.

recording passwords in obvious places

d.

selecting passwords that can be easily detected by computer criminals

 

 

  1. Audit trails cannot be used to

a.

detect unauthorized access to systems

b.

facilitate reconstruction of events

c.

reduce the need for other forms of security

d.

promote personal accountability

 

 

  1. Which control will not reduce the likelihood of data loss due to a line error?

a.

echo check

b.

encryption

c.

vertical parity bit

d.

horizontal parity bit

 

 

  1. Which method will render useless data captured by unauthorized receivers?

a.

echo check

b.

parity bit

c.

public key encryption

d.

message sequencing

 

 

  1. Which method is most likely to detect unauthorized access to the system?

a.

message transaction log

b.

data encryption standard

c.

vertical parity check

d.

request-response technique

 

 

  1. All of the following techniques are used to validate electronic data interchange transactions except

a.

value added networks can compare passwords to a valid customer file before message

transmission

b.

prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database

c.

the recipient's application software can validate the password prior to processing

d.

the recipient's application software can validate the password after the transaction has been processed

 

 

  1. In an electronic data interchange environment, customers routinely access

 

a.

the vendor's price list file

b.

the vendor's accounts payable file

c.

the vendor's open purchase order file

d.

none of the above

 

 

 

  1. All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except

a.

verifying that only authorized software is used on company computers

b.

reviewing system maintenance records

c.

confirming that antivirus software is in use

d.

examining the password policy including a review of the authority table

 

 

  1. Audit objectives for the database management include all of the following except

a.

verifying that the security group monitors and reports on fault tolerance violations

b.

confirming that backup procedures are adequate

c.

ensuring that authorized users access only those files they need to perform their duties

d.

verifying that unauthorized users cannot access data files

 

 

  1. All of the following tests of controls will provide evidence that access to the data files is limited except

a.

inspecting biometric controls

b.

reconciling program version numbers

c.

comparing job descriptions with access privileges stored in the authority table

d.

attempting to retrieve unauthorized data via inference queries

 

 

  1. Audit objectives for communications controls include all of the following except

a.

detection and correction of message loss due to equipment failure

b.

prevention and detection of illegal access to communication channels

c.

procedures that render intercepted messages useless

d.

all of the above

 

 

  1. When auditors examine and test the call-back feature, they are testing which audit objective?

a.

incompatible functions have been segregated

b.

application programs are protected from unauthorized access

c.

physical security measures are adequate to protect the organization from natural disaster

d.

illegal access to the system is prevented and detected

 

 

  1. In an Electronic Data Interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?

a.

all EDI transactions are authorized

b.

unauthorized trading partners cannot gain access to database records

c.

authorized trading partners have access only to approved data

d.

a complete audit trail is maintained

 

 

 

  1. Audit objectives in the Electronic Data Interchange (EDI) environment include all of the following except

a.

all EDI transactions are authorized

b.

unauthorized trading partners cannot gain access to database records

c.

a complete audit trail of EDI transactions is maintained

d.

backup procedures are in place and functioning properly

 

 

  1. In determining whether a system is adequately protected from attacks by computer viruses, all of the following policies are relevant except

a.

the policy on the purchase of software only from reputable vendors

b.

the policy that all software upgrades are checked for viruses before they are implemented

c.

the policy that current versions of antivirus software should be available to all users

d.

the policy that permits users to take files home to work on them

 

 

  1. Which of the following is not a test of access controls?

a.

biometric controls

b.

encryption controls

c.

backup controls

d.

inference controls

 

 

  1. In an electronic data interchange environment, customers routinely

a.

access the vendor's accounts receivable file with read/write authority

b.

access the vendor's price list file with read/write authority

c.

access the vendor's inventory file with read-only authority

d.

access the vendor's open purchase order file with read-only authority

 

 

  1. In an electronic data interchange environment, the audit trail

a.

is a printout of all incoming and outgoing transactions

b.

is an electronic log of all transactions received, translated, and processed by the system

c.

is a computer resource authority table

d.

consists of pointers and indexes within the database

 

 

  1. All of the following are designed to control exposures from subversive threats except

a.

firewalls

b.

one-time passwords

c.

field interrogation

d.

data encryption

 

 

  1. Many techniques exist to reduce the likelihood and effects of data communication hardware failure. One of these is

a.

hardware access procedures

b.

antivirus software

 

c.

parity checks

d.

data encryption

 

 

 

  1. Which of the following deal with transaction legitimacy?

a.

transaction authorization and validation

b.

access controls

c.

EDI audit trail

d.

all of the above

 

 

  1. Firewalls are

a.

special materials used to insulate computer facilities

b.

a system that enforces access control between two networks

c.

special software used to screen Internet access

d.

none of the above

 

 

  1. The database attributes that individual users have permission to access are defined in

a.

operating system.

b.

user manual.

c.

database schema.

d.

user view.

e.

application listing.

 

 

  1. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an)

a.

operating system.

b.

database management system.

c.

utility system

d.

facility system.

e.

object system.

 

 

SHORT ANSWER

 

  1. Briefly define an operating system.

 

 

  1. What is a virus?

 

 

  1. Describe one benefit of using a call-back device.

 

 

  1. Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages.

 

 

  1. List three methods of controlling unauthorized access to telecommunication messages.

 

 

  1. Describe two ways that passwords are used to authorize and validate messages in the electronic data interchange environment.

 

  1. Explain how transactions are audited in an electronic data interchange environment.

 

 

  1. Describe are some typical problems with passwords?

 

  1. Discuss the key features of the one-time password technique:

 

 

 

 

  1. Describe two tests of controls that would provide evidence that the database management system is protected against unauthorized access attempts.

 

 

  1. What is event monitoring?

 

 

  1. What are the auditor's concerns in testing EDI controls?

 

 

  1. What is a database authorization table?

 

:

 

  1. What is a user-defined procedure?

 

 

  1. What are biometric devices?

 

 

ESSAY

 

  1. What are the three security objectives of audit trails? Explain.

 

 

  1. What is an operating system? What does it do? What are operating system control objectives?

 

 

  1. Discus three sources of exposure (threats) to the operating system.

 

 

 

  1. There are many techniques for breaching operating system controls. Discuss three.

 

 

 

  1. A formal log-on procedure is the operating system’s first line of defense. Explain this works.

 

 

  1. Explain the concept of discretionary access privileges.

 

  1. One purpose of a database system is the easy sharing of data. But this ease of sharing can also jeopardize security. Discuss at least three forms of access control designed to reduce this risk.

 

 

  1. Explain how the one-time password approach works.

 

 

 

  1. Network communication poses some special types of risk for a business. What are the two broad areas of concern? Explain.

 

 

  1. What is EDI? How does its use affect the audit trail?

 

 

Option 1

Low Cost Option
Download this past answer in few clicks

15.83 USD

PURCHASE SOLUTION

Already member?

Option 2

Custom new solution created by our subject matter experts

GET A QUOTE

rated 5 stars

Purchased 8 times

Completion Status 100%
View Answer

Sitejabber (5.0)

BBC (5.0)

Trustpilot (4.9)

Google (5.0)

Related Questions