Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

113 Cards in this Set

  • Front
  • Back
master file
used to produce reports; contains account data file containing all the transactions, updated through processing, new master created through process, transaction file (in real time processing, master file continually updated when event occurs, only appropriate if constant update is critical), batch (sequential) update used when large % of master file needs to be updated, foreign key in record used when batch (random access) when less then 35% needs to be updated (destructive update)
reference file
contains relatively constant information used in processing (i.e. tax tables, customer addresses)
archive (history) file
what processed transactions are transferred to; an appended file of processed transactions; contains past tthe surface of the hard disk is divided into concentric circles call tracks; used to specify locations on the hard disk, and to allocate disk space to filesransactions for reference purposes
the surface of the hard disk is divided into concentric circles call tracks; used to specify locations on the hard disk, and to allocate disk space to files
a further division of the tracks, all the same size (therefore, further out on disk = more sectors); but usually all tracks have same number of sectors
Corresponding tracks on all surfaces on a drive, when taken together, make up a cylinder; It takes time to move the heads from one track (cylinder) to another, so by placing the data that is often accessed together (say, a file) so that it is within one cylinder, it is not necessary to move the heads to read all of it. This improves performance. It is not always possible to place files like this; files that are stored in several places on the disk are called fragmented.
sequential data organization
contiguous storage space arranged by primary key, records must be read in order (cannot directly access record without going through predecessors, difficult to retrieve individual data, more efficient when significant (35-40%) of records require update)
random data organization
data isn’t sequentially stored on the hard disk, such as can be the case w/ indexed direct access method
(indexed/virtual sequential access method) – sequentially on direct access device, maintains index, data can be processed sequentially
indexed direct access method
separate index, records dispersed throughout disk randomly (or sequentially), record found by searching index then going to address (more complex/expensive, cumbersome when updating high percentage of records on a file, yet easy to access individual data items).
hashed direct access method
converts primary key of record (via an algorithm) into a unique storage address, no need for index, some addresses will never be selected (do not correspond to legitimate key values)
linked-list (pointer) direct access method
stores in the field of one record the address (pointer) of a related record, records throughout disk (no regard to proximity), pointers can be used to link records between files
batch processing
similar transactions (but independent) grouped over time(time lag exists between event and processing) then processed together. Keystroke > edit run > sort run > update run > backup procedure; can
real-time (online, interactive) processing
process at moment of transaction, no time lag, usually requires online database, as well as greater resources (cost differentials are decreasing), longer system development time
local area network - cover relatively smaller geographic areas (building, campus, up to 40 miles); normally dedicated transmissions media (often twisted pair or coaxial cable/Ethernet but can use fiber optic and wireless media); mostly use some type of shared p2p or client server network OS; typically ring or bus topology though star is possible; frequently linked w/ WANs to form larger network
wide area network - cover large areas (up to global); typically used public (shared) transmissions media (usually based on high-speed fiber optic lines, terrestrial and/or satellite-based microwave transmission); usually hierarchical system in which a large central computer manages all communications and directs processing; usually some type of star hierarchical system topology; frequently used w/ LANs to form larger network
network interface card (NIC) - Often abbreviated as NIC, an expansion board you insert into a computer so the computer can be connected to a network. Most NICs are designed for a particular type of network, protocol, and media, although some can serve multiple networks.
In networks, a processing location. A node can be a computer or some other device, such as a printer. Every node has a unique network address
refers to any computer connected to a local-area network.
A computer or device on a network that manages network resources. For example, a file server is a computer and storage device dedicated to storing files. Any user on the network can store files on the server. A print server is a computer that manages one or more printers, and a network server is a computer that manages network traffic. A database server is a computer system that processes database queries.
connects similar networks
connects dissimilar networks
network topology
specifies the way that the nodes are connected to each other
network of independent processing units (IPUs) with a large central computer (the host, which has direct connections to smaller computers (typically desktops or laptops)), popular for mainframe computing, all communications must go through the host computer except for local computing
this configuration eliminated the central site; all nodes in this configuration are of equal status (peers); network operation systems used on this topology are frequently p2p systems (responsibility for managing communications is distributed among the nodes; however client-server systems can also be used); common resources that are shared by all nodes can be centralized and managed by a file server that is also a node.
the nodes are all connected to a common cable (the bus); the network operating system usually found in this environment is a client-server system (a centralized computer manages much of the data communication on the network, though processing is shared between the client and the server; p2p systems are also possible in this configuration); generally less costly to install and maintain than a ring topology
a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures, in which some computers are dedicated to serving the others. Peer-
A network architecture in which each computer or process on the network is either a client or a server. Servers are powerful computers or processes dedicated to managing disk drives (file servers), printers (print servers), or network traffic (network servers ). Clients are PCs or workstations on which users run applications. Clients rely on servers for resources, such as files, devices, and even processing power.
network control
either P2P/client server (LANs) or hierarchical system where large central computer manages all communication and directs processing (WANs)
data collision
when two nodes listen, hear no messages transmitting, and then simultaneously begin transmitting. The data collides and the two nodes are instructed to hang up and try again.
the master polls the other “slave” sites to determine if they have data to transmit; if a slave responds in the affirmative, the master site locks the network while the data are transmitted (allows priorities to be set for data communications across the network)
token passing
Token passing uses a token, or series of bits, to grant a device permission to transmit over the network. Whichever device has the token can put data into the network. When its transmission is complete,
carrier sensing (CSMA-CD)
random access technique that detects collisions when they occur; the node wishing to transmit “listens” to the line to determine if it is in use. If the line is open, the communication goes forward. If it is busy, it waits a pre-specified amount of time to transmit. Collisions occur and the line may not be used optimally when multiple nodes are trying to transmit simultaneously.
electronic data interchange (EDI) – exchange of business transaction information (between companies, in a standard format (ANSI X.12), via a computerized information system); human involvement not necessary to approve transaction; direct – dedicated communication lines between trading partners; mediated – trading partners are linked together through a third party called value added network (VAN); internet based – trading partners exchange information in standardized format over the internet
value-added network - a private network provider that leases communication lines to its subscribers. VANs provides specialized services such as assisting with EDI (electronic data interchange), extra security, message delivery, or access to a particular database.
LANs based on TCP/IP (usually dedicated to a single entity)
intranets that have been expanded to include related entities; in a business environment, usually providers of goods and services to the organization
IP address
used to uniquely identify each of the nodes on the internet; consisting of 4 groups of 1-3 numbers (separated by periods); static IP – never change; dynamic IP – change each time the user logs on to the internet (typically used of individual users/clients)
uniform resource locator (URL) - the global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located.
domain name
text aliases for (static) IP addresses (more meaningful mnemonic in place of the IP address); usually in format: protocol > server> org type> folder/directory> file name of page to display
subdirectory name
A directory below another directory. Every directory except the root directory is a subdirectory.
document name
In addition to text, documents can contain graphics, charts, and other objects.
An agreed-upon format for transmitting data between two devices.
open system interface (OSI) – layered set of protocols developed by the international standards organization; provides standard by which the products of different manufacturers can interface with one another in a seamless interconnection at the user level.
transfer control protocol/internet protocol (TCP/IP) - uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.
hypertext transfer protocol (HTTP) – controls web browsers
file transfer protocol (FTP) – used to transfer files across the internet
simple mail transfer protocol (SMTP) - a protocol for sending e-mail messages between servers
secure socket layer (SSL) – encryption schemes used primarily in e-commerce
secure electronic transmission (SET) - encryption schemes used primarily in e-commerce
extensible markup language (XML) – designed to meet the needs of online business reporting and e-commerce
extensible business reporting language (XBRL) – consists of a number of tags that identify different types of business and accounting data
control activities
actions, supported by policies and procedures that, when carried out properly and in a timely manner, manage or reduce risks.
general controls
controls for: Organizational structure, Computer center security, Operating system, Data management, Systems development & maintenance, Internet and Intranet, EDI, Personal computer
application controls
such as computer matching and edit checks are programmed steps within application software; they are designed to help ensure the completeness and accuracy of transaction processing, authorization, and validity.
preventive controls
- attempt to deter or prevent undesirable events from occurring. They are proactive controls that help to prevent a loss. Examples of preventive controls are separation of duties, proper authorization, adequate documentation, and physical control over assets.
detective/corrective control pairs
attempt to detect undesirable acts. They provide evidence that a loss has occurred but do not prevent a loss from occurring. Examples of detective controls are reviews, analyses, variance analyses, reconciliations, physical inventories, and audits.
input controls
have to do with the capture/conversion of transaction data to machine-readable form; most critical of all three processing steps
processing controls
run-to-run controls and audit trail controls
output controls
ensure that system output is not lost, misdirected, or corrupted, and that privacy is not violated
source document controls
when physical source document forms are used, control over access to the documents and use of the documents is critical (access, pre-numbered docs, use source docs in sequence, audit sequences periodically)
batch control total
used to account for transactions as the move from the originating department to IT, through the three stages of data processing and back to the originator
record count
total number of transactions to process
financial total
total dollar amount of transactions
hash total
sum of significant non-financial amounts (i.e. hrs worked, qty ordered etc…)
validation controls
frequently known as programmed controls, and are intended to detect errors in transaction data before the data are processed
missing data checks
ensures that something is entered into a field
limit check
ensures that a value is not greater than or less than a specified amount
range check
ensures that a value lies within a specified range (a two-ended limit check)
validity check
ensures that an account code actually exists (can be checked during entry on real time systems)
check digit
ensures that an account code has been entered correctly
reasonableness checks
compares data values in two (or more) related fields to detect inconsistencies
sign checks
required signature when report delivered
sequence checks
when processing pre-numbered documents, check for missing numbers
default values
when a value is relatively constant over a large number of entries, errors can be reduced and efficiency enhanced by pre-entering that value in the field (current date, location)
preformatted screens
data entry error is substantially reduced when screen fields are laid out to match the input document
closed loop verification
when a code is entered, additional information is displayed (may be combined with a confirmation request (the name is displayed with a button that must be clicked if the name is correct)
run-to-run controls
use batch figures to monitor the batch as it moves from one programmed procedure (run) to another (verifies accuracy and completeness of processing)
transaction logs
used to preserve audit trail
creates a file as an intermediate step in the printing process that is a risk
collating the report from the printout. Personnel may be able to xerox or browse
operating system
he most important program that runs on a computer. Every general-purpose computer must have an operating system to run other programs. Operating systems perform basic tasks, such as recognizing input from the keyboard, sending output to the display screen, keeping track of files and directories on the disk, and controlling peripheral devices such as disk drives and printers.
operating system security
logon procedure (first line of defense); access token (contains key info about the user); access control list; discretionary access control (allows user to grant access to another user)
access control list
defines access privileges of users
one-time password
the password constantly changes; it can only be used once and for a short time period
to be an authorized user by getting id and passwords
logic bomb
foreign programs triggered by a specific event
Trojan horse
foreign program that conceals itself with another legitimately imported program
back door
alternative entry into a system
uninterruptible power supplies
auxiliary power source which protects system from unanticipated losses of power
data access controls
user views (based on sub-schemas), database authorization table (allows greater authority to be specified), data encryption (encoding algorithms), biometric devices (fingerprints, retina, etc…), inference controls (necessary in systems which allow queries)
authorization matrix
gives list of accessibility for specific users
grandparent-parent-child backup
the number of generations to backup is a policy issue
off-site storage
guard against disasters and/or physical destruction
transaction log
a list of transactions which provide an audit trail of all processed transactions
suspends all data processing while the system performs reconciliation
source program library management
used to protect the SPL environment by controlling the following: storing programs on the SPL, retrieving programs for maintenance purposes, deleting obsolete programs from the library, and documenting program changes to provide an audit trail of the changes.
systems life cycle
planning > analysis > conceptual design > selection > detailed design > implementation > maintanence
software and hardware that provide security by channeling all network connections through a control gateway
Network firewalls
low cost low security, does not explicitly authenticate outside users, mainly for filtering out junk or improperly routed messages, hackers can easily penetrate the system
Application firewalls
a high level of customizable network security, but can be extremely expensive, performs sophisticated functions such s logging or user authentication
proxy server
A server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. Two main purposes: improve performance and filter requests.
denial of service (DOS) attack
the sender sends hundreds of messages, receives the SYN/ACK packet, but does not respond with an ACK packet. This leaves the receiver with clogged transmission ports, and legitimate messages cannot be received.
computer program transforms a clear message into a coded (cipher) text form using algorithm
digital signature
electronic authentication technique that ensures that the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied
digital certificate
like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender
echo check
the receiver returns the message to the sender
data encryption
must decode even if stolen
biometric identification
fingerprints, retina prints, or signature characteristics
disaster recover plan (DRP)
all actions to be taken before, during, and after a disaster, disaster recovery team identified, critical applications must be identified (restore these first), backups and off-site storage procedures > databases and applications, documentation, supplies
cold site ("empty shell")
two or more user organizations that buy or lease a building and remodel it into a computer site, but without computer equipment
hot site ("recovery operations center")
a completely equipped site, very costly and typically shared among many companies
mutual aid pact
an agreement between two or more organizations (with compatible computer facilities) to aid each other with their data processing needs