Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

75 Cards in this Set

  • Front
  • Back
A user's authentication credentials are of most value when they:
can pass a compatibility test at logon.
User reviews are an example of
output controls.
The edit check that would catch the erroneous entry of the letter "A" instead of the digit "1" in the zip code field is called a(n):
field check.
Peabody Enterprises suffered greatly when their system was down longer than expected for system maintenance. The issue was that the changes that were to be implemented during maintenance proved to be incomplete. Which control should have been implemented to prevent this from happening?
Engineers should have developed backout plans.
Information about data entry errors should be provided to management in a(n):
error log.
A text file created by a website and stored on a visitor's hard disk.
A data transmission control that checks the number of bits in each character and turns on an extra bit if necessary to make the number always odd or even is called:
parity checking.
Forms design is an example of this type of control.
source data controls.
The downside of passwords is that they can be:
guessed, forgotten, and given away.
Visual scanning is an example of
source data controls.
Burns Inc. discovered that they were issuing more paychecks than there were employees on the payroll. Which of the following controls most likely lead them to this discovery?
A reconciliation with external data.
In data transmission, a good technique to let the sender know if the message has been received is called:
message acknowledgement.
A data entry device can be programmed to test for a(n) _________ every time an ID number is entered.
check digit.
Data conversion checks are an example of
processing controls.
A data input error was referred to the originating department for correction. A week later the department complained that the inventory in question was incorrect. Data processing could not easily determine whether or not the item had been processed by the computer. The best control procedure would be:
an error log/report.
This determines the correctness of the logical relationship between two data items.
reasonableness test.
Sensitive, confidential, or security-related documents should be:
The most common input-related vulnerability is
buffer overflow attack.
Which message acknowledgment technique allows the sender to see if the message was received in its entirety?
echo check.
The master inventory file, contained on a backup tape, was destroyed by a small fire next to the area where it was stored. Since this was the only copy of the backup tape, the company had to take a special complete inventory in order to reestablish the file. The best control procedure that may have prevented the need to recreate the file would be
an offsite copy of the backup tape.
A twenty-minute power failure which shot down a firm's computer system resulted in loss of data for several transactions which were being entered into the system from remote terminals. The best control procedure is:
uninterruptible power supply (UPS).
The goal of information systems controls is
to ensure that systems are reliable.
A small electronic component within the control unit of the central processor failed during a peak processing period, causing the system to be down for two hours. The component, normally lasting 6 months, had not been replaced for two years. The best control process would be:
preventive maintenance.
The AICPA and the CICA have created an evaluation service known as SysTrust. SysTrust follows four principles to determine if a system is reliable. The reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as
Means of controlling the accuracy and completeness of data entered online into a computer system includes all of the following except:
trailer labels.
Which of the following preventive controls are necessary to provide adequate security that deals with social engineering?
Inputting data, a user accidentally keys in a customer's name in the area reserved for the quantity sold. One control which should be effective in detecting this would be:
field check
The system and processes used to issue and manage asymmetric keys and digital certificates
public key infrastructure
A factory worker entering production transactions over an on-line terminal mistakenly failed to enter the product stock number. A control which should detect this is:
completeness test
The _______ disseminates information about fraud, errors, breaches and other improper system uses and their consequences.
chief security officer
In preparing payroll checks, the computer omitted 15 out of 2115 checks which should have been processed. The error was not detected until the foreman distributed the checks. The best control is:
record count
One way to circumvent the counterfeiting of public keys is by using
a digital certificate
What control evaluates the logical correctness of the relationship between an item of input data and another data item?
a reasonableness test
Concerning virtual private networks (VPN), true or false:

It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the corresponding physical connections in a privately owned network.
Which internal file label usually contains control totals and summary data about the file's contents?
trailer record
This ensures that the input data will fit into the assigned field
size check
By inserting an unauthorized transaction into the batch of 50 payroll transactions, an operator was able to add a fictitious employee to the payroll file. The best control procedure would be:
record count
Sequentially pre-numbered forms is an example of
source data controls
Because of a failure in a $400 communication device serving terminals at eight drive-in windows, a bank was forced to shut down the windows for two hours during a busy Friday afternoon. The best control procedure is:
redundant components
This screens individual IP packets based solely on the contents of the source or destination fields in the packet header.
static packet filtering
The edit check most likely to signal that an error exists because the quantity on hand field negative is:
sign check
These are established to deal with major security breaches

(computer emergency response team)
Which of the following is the best way to control physical access to the computing center?
security cards, passwords
If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is
Password effectiveness is enhanced by frequent changes, not displaying the password on the screen, automatic disconnection after several failed attempts, but not
user selection of passwords
Which of the following is used to determine what rights a particular user has?
compatibility test
_________ involves copying only the data items that have changed since the last backup.
Incremental backup
The "time worked" field for salaried employees is supposed to contain a "01" for one week. for one employee, this field contained the number 40 and a check for $16,872.41 was accidentally prepared and mailed to this employee. The best control procedure would be:
limit check
Giving users regular, periodic reminders about security policies and training in complying with them is an example of which of the following trust services criteria?
effective communication of policies
Parity bits provide protection against:
data transmission errors
Which are the three important factors determining the strength of any encryption system?
1. encryption algorithm
2. key length
3. key management policies
The best method to reduce the risk of unauthorized access to data while it is transmitted across communication lines (electronic eavesdropping) is:
data encryption
Which of the following is not associated with asymmetric encryption?
The capability of a system to perform when one or more of its components has failed is called:
fault tolerance
An arrangement for backup facilities that has a completely operational facility, including a computer configured to match the organization's needs is called a:
hot site
A batch total that represents total cash receipts is called a:
financial total
The edit check that would detect the entry of a customer number that does not exist:
validity check
A more rigorous test of the effectiveness of an organization's computer security.
penetration test
The edit check most likely to discover a transposition error in entering a part number:
check digit verification
The edit check that compares the amount of the salary raise to the base salary to flag an possible errors is called a:
reasonableness test
Which step would be inappropriate in trying to achieve good control over program changes?
prohibiting all changes
The device that connects an organization's information system to the Internet is a
Periodic creation of a copy of the database at a point in time is called:
a checkpoint
This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet
transmission control protocol
A backup computer center that has everything necessary to quickly install computer equipment in case of a disaster is called a _______.
cold site
This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.
Internet protocol
Suppose a batch of data needs to be transmitted on data communication lines as part of its processing. The sending unit computes a summary measure of the data sent and the receiving unit computes the same summary measure on the data received. The totals are then compared. This is called a(n):
echo check
Which of the following describes on weakness of encryption?
encrypted packets cannot be examined by a firewall
A batch total that equals the sum of all part numbers ordered is called a:
hash total
Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information?
The control that would be used to ensure that all pay rates were less than $25.35 per hour is a(n):
limit check
This compares the results produced by more than one method to verify accuracy
cross-footing balance test
An on-line system asks the user for each item to be entered. This is called:
This protects records from errors that occur when two or more users attempt to update the same record simultaneously.
concurrent update controls
Allowing customers to access and alter information about themselves within the corporate information system is
a best practice of privacy