Deck 4: Internal Controls and Risks in IT Systems

A)Overall Controls
B)Technology Controls
C)Application Controls
D)General Controls

A)The accounting information system.
B)The description of the general and application controls that should exist in IT system.
C)The type and nature of risks in IT systems.
D)The recognition of how controls can be used to reduce risk.

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check

A)An interruption of the computer operations
B)Damage to an organization
C)Incorrect or incomplete accounting information
D)All of the above

A)$3.8 million
B)$6.2 million
C)$1.1 billion
D)Not determinable

A)Specific Controls
B)Application Controls
C)General Controls
D)IT Controls

A)Data encryption
B)Redundant servers
C)Input controls
D)Password codes

A)Record count
B)Hash total
C)Batch total
D)Field total

A)Develop and maintain the database and ensure adequate controls over the database.
B)Develop, monitor, and review security policies.
C)Oversee and prioritize changes to IT systems.
D)Align IT investments to business strategy.

A)Security risk
B)Availability risk
C)Processing integrity risk
D)Confidentiality risk

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check

A)User log-in
B)Security token
C)Encryption
D)Biometric devices

A)Specific Controls
B)Application Controls
C)General Controls
D)IT Controls

A)Limit check
B)Validity check
C)Sequence check
D)Record count

A)Passwords
B)Physical hardware controls
C)Software Controls
D)Inventory Controls

A)Security
B)Confidentiality
C)Processing integrity
D)Availability

A)Firewalls
B)Encryption
C)Virtual Private Networks
D)None of the Above
E)All of the above

A)Telecommuting workers
B)Internet
C)Wireless networks
D)All of the above

A)User ID
B)Password
C)Smart card
D)Login

A)A user is not authorized to change configuration settings.
B)A user is not allowed access to the authority tables.
C)A user can prevent the unauthorized flow of data in both directions.
D)A user cannot deny any particular act that he or she did on the IT system.

A)Computer log
B)Biometric device
C)Firewall
D)Security token

A)Biometric reader
B)Smart card
C)USB smart key
D)Security token

A)Passwords should not be case sensitive.
B)Passwords should be at least 6 characters in length.
C)Passwords should contain at least one nonalphanumeric character.
D)Password should be changed every 90 days.
E)

A)Configuration table
B)Authentication table
C)User table
D)Authority table

A)High temperatures
B)Fires
C)Excessive Humidity
D)All of the Above
E)None of the Above

A)Authentication of uses and limiting unauthorized access
B)Output controls
C)Organization structure
D)Physical environment and physical security of the system.

A)User table
B)Authority table
C)Authentication table
D)Configuration table

A)Security token
B)USB control key
C)Smart card
D)Biometrics

A)Hacking and other network break-ins
B)Physical environment and physical security
C)Authentication of users and limiting unauthorized access
D)Organizational structure

A)It is based on something the user has, the token or card, and something the user knows, the password.
B)It requires that the user is granted the card / token in a secure environment and that the user actually uses the card / token.
C)It requires that the user has two different authorizations: 1) to receive the card / token, and 2) to use the card / token.
D)It requires the use the card / token to 1) login to the system and 2) access the applications.

A)Retina scans
B)Fingerprint matching
C)Social security number
D)Voice verification

A)User profile
B)User password
C)User ID
D)User log

A)Deciphering
B)Encryption
C)Nonrepudiation
D)Enciphering

A)Nonrepudiation card
B)Biometric device
C)Configuration table
D)Computer log

A)Configuration
B)Proliferation
C)Verification
D)Nonrepudiation

A)User password
B)Computer log
C)User profile
D)Configuration table

A)Any login or use abnormalities can be examined in more detail to determine any weaknesses in the login procedures.
B)A user cannot deny any particular act that he or she did on the system.
C)To establish nonrepudiation of sales transactions by a customer.
D)To establish a user profile.

A)ABC*$123
B)a1b2c3
C)A*1b?2C$3
D)MSU#Rules$

A)Infections
B)Virus
C)Serum
D)Worm

A)shttp://misu
B)https://misu
C)http://smisus
D)https://smisus

A)Worm
B)Encryption
C)Virus
D)Infection

A)Vulnerability assessment
B)Intrusion detection
C)Encryption examination
D)Penetration testing

A)Secure sockets layer
B)Service set identifier
C)Wired provided access
D)Virtual private network

A)IT Governance System
B)Operations Governance
C)System Development Life Cycle
D)Systems Analysis

A)Intrusion detection
B)Virus management
C)Vulnerability assessment
D)Penetration testing

A)Computer input operators
B)Chief Executive Officer
C)Chief Information Officer
D)Heads of business units

A)Align IT investments to business strategies.
B)Oversee and prioritize changes to IT systems.
C)Develop, monitor, and review security procedures.
D)Investing excess IT funds in long-term investments.

A)Secure socket network
B)Service set identifier
C)Virtual private network
D)Wireless encryption portal

A)Penicillin Software
B)Antivirus Software
C)Infection Software
D)Internet Software

A)Systems analysts
B)Chief information officer
C)Database administrator
D)Operations personnel

A)Wired Equivalency Privacy WEP)
B)Wired Encryption Provider WEP)
C)Wireless Provider Authentication WPA)
D)Wireless Protection Access WPA)

A)IT Budget Committee
B)IT Audit Committee
C)IT Governance Committee
D)IT Oversight Committee

A)Residential user network
B)Service internet parameter network
C)Virtual private network
D)Virtual public network

A)Multiple encryption
B)Public key encryption
C)Wired encryption
D)Symmetric encryption

A)Secure sockets layer
B)Service security line
C)Secure encryption network
D)Secure service layer

A)Wired Equivalency Privacy WEP)
B)Wired Encryption Policy WEP)
C)Wireless Protection Access WPA)
D)Wired Privacy Authentication WPA)

A)Multiple encryption
B)Public key encryption
C)Wired encryption
D)Symmetric encryption

A)Security detection
B)Vulnerability assessment
C)Penetration testing
D)Intrusion detection

A)Controls over the physical environment only.
B)Controls over the physical access only.
C)Controls over the physical environment and over the physical access.
D)None of the above.

A)Disaster Recovery Plan
B)Backup Data
C)Environmental Backup Recovery Plan
D)Offsite Backup

A)Confidentiality
B)Security
C)Recovery
D)Availability

A)Land area network
B)Local access network
C)Local area network
D)Locality arena network

A)Operating system
B)Application software
C)Database
D)Binary monetary system

A)Shutting down the system and shutting down programs
B)Altering data and repudiating transactions
C)Stealing data and recording nonexistent transactions
D)Sabotaging systems and destroying data

A)Expanded access
B)Cost savings
C)Scalability
D)All of the above are advantages

A)Redundant business planning
B)Business continuity planning
C)Unnecessary in the current safe environments
D)Emergency backup power

A)Reactive controls
B)Preventive controls
C)Availability controls
D)Confidentiality controls

A)Browse disk files for sensitive data or passwords.
B)Alter data through the operating system.
C)Alter application programs.
D)All of the above

A)Availability Risks
B)Security Risks
C)Confidentiality Risks
D)Processing Integrity Risks

A)Limited access to computer rooms
B)Video surveillance equipment
C)Locked storage of backup data
D)Encryption of passwords.

A)Facsimile Transmission
B)PDF Interchange
C)Electronic Data Interchange
D)Tele-transmission

A)Cloud exchange
B)Operations removal
C)Data integrity
D)Remove wipe

A)Telecommuting
B)Telemarketing
C)Network Employment
D)Electronic working

A)Emergency power supply
B)Uninterruptible power source
C)Redundant servers
D)Business continuity planning

A)Operating System
B)Application Software
C)Data Base Management System
D)Electronic Data Interchange

A)Uninterruptible power supply
B)System power supply
C)Emergency power supply
D)Battery power supply

A)Connected local network
B)Wide area network
C)Connected wide area
D)Wide geographic network

A)Database security system
B)Database management system
C)Database binary monetary system
D)Database assessment