Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
75 Cards in this Set
- Front
- Back
A user's authentication credentials are of most value when they:
|
can pass a compatibility test at logon.
|
|
User reviews are an example of
|
output controls.
|
|
The edit check that would catch the erroneous entry of the letter "A" instead of the digit "1" in the zip code field is called a(n):
|
field check.
|
|
Peabody Enterprises suffered greatly when their system was down longer than expected for system maintenance. The issue was that the changes that were to be implemented during maintenance proved to be incomplete. Which control should have been implemented to prevent this from happening?
|
Engineers should have developed backout plans.
|
|
Information about data entry errors should be provided to management in a(n):
|
error log.
|
|
A text file created by a website and stored on a visitor's hard disk.
|
cookie.
|
|
A data transmission control that checks the number of bits in each character and turns on an extra bit if necessary to make the number always odd or even is called:
|
parity checking.
|
|
Forms design is an example of this type of control.
|
source data controls.
|
|
The downside of passwords is that they can be:
|
guessed, forgotten, and given away.
|
|
Visual scanning is an example of
|
source data controls.
|
|
Burns Inc. discovered that they were issuing more paychecks than there were employees on the payroll. Which of the following controls most likely lead them to this discovery?
|
A reconciliation with external data.
|
|
In data transmission, a good technique to let the sender know if the message has been received is called:
|
message acknowledgement.
|
|
A data entry device can be programmed to test for a(n) _________ every time an ID number is entered.
|
check digit.
|
|
Data conversion checks are an example of
|
processing controls.
|
|
A data input error was referred to the originating department for correction. A week later the department complained that the inventory in question was incorrect. Data processing could not easily determine whether or not the item had been processed by the computer. The best control procedure would be:
|
an error log/report.
|
|
This determines the correctness of the logical relationship between two data items.
|
reasonableness test.
|
|
Sensitive, confidential, or security-related documents should be:
|
shredded.
|
|
The most common input-related vulnerability is
|
buffer overflow attack.
|
|
Which message acknowledgment technique allows the sender to see if the message was received in its entirety?
|
echo check.
|
|
The master inventory file, contained on a backup tape, was destroyed by a small fire next to the area where it was stored. Since this was the only copy of the backup tape, the company had to take a special complete inventory in order to reestablish the file. The best control procedure that may have prevented the need to recreate the file would be
|
an offsite copy of the backup tape.
|
|
A twenty-minute power failure which shot down a firm's computer system resulted in loss of data for several transactions which were being entered into the system from remote terminals. The best control procedure is:
|
uninterruptible power supply (UPS).
|
|
The goal of information systems controls is
|
to ensure that systems are reliable.
|
|
A small electronic component within the control unit of the central processor failed during a peak processing period, causing the system to be down for two hours. The component, normally lasting 6 months, had not been replaced for two years. The best control process would be:
|
preventive maintenance.
|
|
The AICPA and the CICA have created an evaluation service known as SysTrust. SysTrust follows four principles to determine if a system is reliable. The reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as
|
availability.
|
|
Means of controlling the accuracy and completeness of data entered online into a computer system includes all of the following except:
|
trailer labels.
|
|
Which of the following preventive controls are necessary to provide adequate security that deals with social engineering?
|
training
|
|
Inputting data, a user accidentally keys in a customer's name in the area reserved for the quantity sold. One control which should be effective in detecting this would be:
|
field check
|
|
The system and processes used to issue and manage asymmetric keys and digital certificates
|
public key infrastructure
|
|
A factory worker entering production transactions over an on-line terminal mistakenly failed to enter the product stock number. A control which should detect this is:
|
completeness test
|
|
The _______ disseminates information about fraud, errors, breaches and other improper system uses and their consequences.
|
chief security officer
|
|
In preparing payroll checks, the computer omitted 15 out of 2115 checks which should have been processed. The error was not detected until the foreman distributed the checks. The best control is:
|
record count
|
|
One way to circumvent the counterfeiting of public keys is by using
|
a digital certificate
|
|
What control evaluates the logical correctness of the relationship between an item of input data and another data item?
|
a reasonableness test
|
|
Concerning virtual private networks (VPN), true or false:
It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the corresponding physical connections in a privately owned network. |
False
|
|
Which internal file label usually contains control totals and summary data about the file's contents?
|
trailer record
|
|
This ensures that the input data will fit into the assigned field
|
size check
|
|
By inserting an unauthorized transaction into the batch of 50 payroll transactions, an operator was able to add a fictitious employee to the payroll file. The best control procedure would be:
|
record count
|
|
Sequentially pre-numbered forms is an example of
|
source data controls
|
|
Because of a failure in a $400 communication device serving terminals at eight drive-in windows, a bank was forced to shut down the windows for two hours during a busy Friday afternoon. The best control procedure is:
|
redundant components
|
|
This screens individual IP packets based solely on the contents of the source or destination fields in the packet header.
|
static packet filtering
|
|
The edit check most likely to signal that an error exists because the quantity on hand field negative is:
|
sign check
|
|
These are established to deal with major security breaches
|
CERTs
(computer emergency response team) |
|
Which of the following is the best way to control physical access to the computing center?
|
security cards, passwords
|
|
If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is
|
effective
|
|
Password effectiveness is enhanced by frequent changes, not displaying the password on the screen, automatic disconnection after several failed attempts, but not
|
user selection of passwords
|
|
Which of the following is used to determine what rights a particular user has?
|
compatibility test
|
|
_________ involves copying only the data items that have changed since the last backup.
|
Incremental backup
|
|
The "time worked" field for salaried employees is supposed to contain a "01" for one week. for one employee, this field contained the number 40 and a check for $16,872.41 was accidentally prepared and mailed to this employee. The best control procedure would be:
|
limit check
|
|
Giving users regular, periodic reminders about security policies and training in complying with them is an example of which of the following trust services criteria?
|
effective communication of policies
|
|
Parity bits provide protection against:
|
data transmission errors
|
|
Which are the three important factors determining the strength of any encryption system?
|
1. encryption algorithm
2. key length 3. key management policies |
|
The best method to reduce the risk of unauthorized access to data while it is transmitted across communication lines (electronic eavesdropping) is:
|
data encryption
|
|
Which of the following is not associated with asymmetric encryption?
|
speed
|
|
The capability of a system to perform when one or more of its components has failed is called:
|
fault tolerance
|
|
An arrangement for backup facilities that has a completely operational facility, including a computer configured to match the organization's needs is called a:
|
hot site
|
|
A batch total that represents total cash receipts is called a:
|
financial total
|
|
The edit check that would detect the entry of a customer number that does not exist:
|
validity check
|
|
A more rigorous test of the effectiveness of an organization's computer security.
|
penetration test
|
|
The edit check most likely to discover a transposition error in entering a part number:
|
check digit verification
|
|
The edit check that compares the amount of the salary raise to the base salary to flag an possible errors is called a:
|
reasonableness test
|
|
Which step would be inappropriate in trying to achieve good control over program changes?
|
prohibiting all changes
|
|
The device that connects an organization's information system to the Internet is a
|
router
|
|
Periodic creation of a copy of the database at a point in time is called:
|
a checkpoint
|
|
This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet
|
transmission control protocol
|
|
A backup computer center that has everything necessary to quickly install computer equipment in case of a disaster is called a _______.
|
cold site
|
|
This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.
|
Internet protocol
|
|
Suppose a batch of data needs to be transmitted on data communication lines as part of its processing. The sending unit computes a summary measure of the data sent and the receiving unit computes the same summary measure on the data received. The totals are then compared. This is called a(n):
|
echo check
|
|
Which of the following describes on weakness of encryption?
|
encrypted packets cannot be examined by a firewall
|
|
A batch total that equals the sum of all part numbers ordered is called a:
|
hash total
|
|
Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information?
|
reimbursement
|
|
The control that would be used to ensure that all pay rates were less than $25.35 per hour is a(n):
|
limit check
|
|
This compares the results produced by more than one method to verify accuracy
|
cross-footing balance test
|
|
An on-line system asks the user for each item to be entered. This is called:
|
prompting
|
|
This protects records from errors that occur when two or more users attempt to update the same record simultaneously.
|
concurrent update controls
|
|
Allowing customers to access and alter information about themselves within the corporate information system is
|
a best practice of privacy
|