Deck 13: Monitoring and Auditing Ais

A data warehouse is for daily operations and often includes data for the current fiscal year only.

Which of the following describes a group of computers that connects the internal users of a company distributed over an office building?
A. Internet
B. LAN
C. Virtual private network (VPN)
D. Decentralized network

Which of the following is not an approach used for online analytical processing (OLAP).
A. Exception reports
B. What-if simulations
C. Consolidation
D. Data mining

Parallel simulation attempts to simulate the firm's key features or processes.

The Generally Accepted Auditing Standards (GAAS) issued by PCAOB provide guidelines for conducting an IS/IT audit.

Parallel simulation uses an independent program to simulate a part of an existing application program, and is designed to test the validity and to verify the accuracy of an existing application program.

Computer-assisted audit techniques (CAAT) are often used when auditing a company's IT infrastructure.

A continuous audit allows companies to perform audit-related activities on a continuous basis.

An integrated test facility (ITF) is an automated technique that enables test data to be continually evaluated during the normal operation of a system.

Which of the following is not a management control for wireless networks?
A. Assigning roles and responsibilities of employees for access control
B. Conducting risk assessment on a regular basis
C. Conducting appropriate awareness training on wireless networks
D. Creating policies and procedures

Data mining is the process of searching for patterns in the data in a data warehouse and to analyze the patterns for decision making.

Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a company.

A virtual private network (VPN) is a private network, provided by a third party, for exchanging information through a high capacity connection.

Which of the statements regarding a data warehouse is incorrect?
A. It is a centralized collection of firm-wide data
B. The purpose of a data warehouse is to provide a rich data set for management to identify patterns and to examine trends of business events
C. Includes data for the current fiscal year only
D. The data in a data warehouse is pulled from each of the operational databases periodically

An embedded audit module is a programmed audit module that is added to the system under review.

The data in a data warehouse are updated when transactions are processed.

Firewalls are security systems comprised of hardware and software that is built using routers, servers, and a variety of software.

A wireless network is comprised of access points and stations. Access points logically connect stations to a firm's network.

Accountants increasingly participate in designing internal controls and improving business and IT processes in a database environment.

Which of the following tools is typically used in data mining?
A. COBIT.
B. OLAP.
C. REA.
D. DBA.

Which of the following is least likely to be considered a component of a computer network?
A. Application programs.
B. Computers.
C. Servers.
D. Routers.

Which of the following statements regarding the black-box approach for systems auditing is correct?
A. The auditors need to gain detailed knowledge of the systems' internal logic
B. The black-box approach could be adequate when automated systems applications are complicated
C. The auditors first calculate expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results.
D. All of the above are correct

What is the man-in-the-middle threat for wireless LANs?
A. The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network
B. The attacker passively monitors wireless networks for data, including authentication credentials
C. The attacker steals or makes unauthorized use of a service
D. The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.

What is the test data technique?
A. It uses a set of input data to validate system integrity.
B. It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system
C. It is an automated technique that enables test data to be continually evaluated during the normal operation of a system
D. A and B are correct
E. None of the above is correct

Which of the following statements about firewalls is wrong?
A. A firewall is a security system comprised of hardware and software that is built using routers, servers, and a variety of software
B. A firewall allows individuals on the corporate network to send and receive data packets from the Internet
C. A firewall can filter through packets coming from outside networks to prevent unauthorized access
D. A firewall connects different LANs, software-based intelligent devices, and examines IP addresses

What is data mining?
A. A particular attribute of information.
B. A common term for the representation of multidimensional data.
C. The process of analyzing data to extract information that is not affected by the raw data alone.
D. None of the above is correct.

Which of the following statements is wrong regarding continuous audit?
A. Continuous audit is used to perform audit-related activities on a continuous basis
B. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance
C. Technology plays a key role in continuous audit in analyzing trends and patterns of transactions, identifying exceptions and anomalies, and testing controls
D. Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis

LAN is the abbreviation for
A. Large Area Network.
B. Local Area Network.
C. Longitudinal Analogue Network.
D. Low Analytical Nets.

Which of the following strategies will a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?
A. Continuous monitoring and analysis of transaction processing with an embedded audit module.
B. Increased reliance on internal control activities that emphasize the segregation of duties.
C. Verification of encrypted digital certificates used to monitor the authorization of transactions.
D. Extensive testing of firewall boundaries that restrict the recording of outside network traffic.

Which statements are incorrect about virtual private network (VPN)?
A. It is a way to use the public telecommunication infrastructure in providing secure access to an organization's network.
B. It enables the employees to work remotely by accessing their firm's network securely using the Internet
C. The packets sent through VPN are encrypted and with authentication technology.
D. The expensive cost is one major disadvantage of VPN.

Which of the following is the primary reason that many auditors hesitate to use embedded audit modules?
A. Embedded audit modules cannot be protected from computer viruses.
B. Auditors are required to monitor embedded audit modules continuously to obtain valid results.
C. Embedded audit modules can easily be modified through management tampering.
D. Auditors are required to be involved in the system design of the application to be monitored.

One control objective for an operating system is that it must be protected from itself. Which of the following statements best explains this concept?
A. The operating system should be able to gracefully terminate activities, and later recover to its previous state.
B. No operating system module should be allowed to corrupt or destroy another operating system module.
C. User applications must not be allowed to gain control of or damage the operating system.
D. The operating system must be able to prevent unauthorized users from accessing, corrupting, or destroying other users' data.

Which of the following best describes a data warehouse?
A. Users typically post operational transactions directly to the data warehouse.
B. Data warehouses contain real-time data.
C. A data warehouse typically hold no more than one year's worth of data.
D. A data warehouse contains nonvolatile data.

The masquerading threat for wireless LANs is:
A. The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data
B. The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it
C. The attacker passively monitors wireless networks for data, including authentication credentials
D. The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network

Which of the following statements is not correct?
A. The IP address of a desktop computer often changes
B. The MAC address of a desktop computer often changes
C. The IP address of a Web server does not change
D. Each hardware device must have a MAC address

Accounting professionals should understand database systems for all of the following reasons except:
A. Accountants have a strong understanding of risks, controls and business processes.
B. Accountants increasingly participate in creating internal control systems.
C. Accountants typically manage organizations' operational databases.
D. Accountants frequently help improve business and IT processes.

The results of a generalized audit software simulation of the aging of accounts receivable revealed substantial differences in the aging contribution, even though grand totals reconciled. Which of the following should the IS auditor do first to resolve the discrepancy?
A. Recreate the test, using different software.
B. List a sample of actual data to verify the accuracy of the test program.
C. Ignore the discrepancy because the grand totals reconcile and instruct the controller to correct the program.
D. Create test transactions and run test data on both the production and simulation program.

Which of the following uses best describes the use of a VPN?
A. Connect computers, printers, and file servers in an office building.
B. Lease dedicated communication lines to guarantee connection performance between remote office locations.
C. Allow employees traveling for business to connect to home office computing resources.
D. Allocates computing resources among multiple processors and operating systems.

Which of the following is not a use of CAATs in auditing?
A. Test of details of transactions and balances
B. Analytical review procedures
C. Fraud examination
D. Produce terms and conditions of employment

Which of the following is not one of the categories of security controls for wireless networks?
A. Operational controls.
B. Application controls.
C. Management controls.
D. Technical controls.

Which of the following is not one of the reasons auditors should consider the use of CAATs?
A. ISACA standards require IS auditors to obtain sufficient, reliable, and relevant evidence, and should perform appropriate analysis of this evidence.
B. GAAP stipulates that audits should be performed using tools and techniques appropriate to the evidence being reviewed.
C. The IIA professional practices state that auditor must consider the use of technology-based auditing tools when conducting audits.
D. GAAS requires auditors to gather sufficient and appropriate evidence in the course of audit field work.

Which of the following approaches and/or tools are not typically used as part of a CAAT approach to auditing?
A. Integrated testing facility (ITF).
B. Generalized audit software (GAS).
C. Audit calculation engine (ACE).
D. Embedded audit module (EAM).

What are the two approaches of CAATs in auditing systems? What are the differences between them?

Which of the following best describes continuous auditing?
A. Audit-related activities are peformed throughout the period under review.
B. The full audit team remains on the client site for the entire fiscal year.
C. The database extracts every 10^th transaction and flags it for audit review.
D. Auditors can generate greater fees by increasing the amount of manual testing performed for the client.

CAATs are commonly used in all of the following situations except:
A. Transaction testing.
B. Network penetration testing.
C. Encryption testing.
D. Operating system vulnerability assessments.

Which of the following is not considered an advantage of using a continuous auditing approach?
A. Transactions can be tested and analyzed closer in time to when they actually occur.
B. Better compliance with laws and regulations.
C. It can reduce the effort required for routine testing.
D. It can be costly and time consuming to set up continuous auditing processes.

Which of the following is not one of the benefits of using a wireless network?
A. Flexibility and scalability.
B. Mobility.
C. Greater security.
D. Rapid deployment.

Which of the following is not considered one of the primary CAAT approaches?
A. The black-box approach.
B. Encryption testing.
C. Auditing through the computer.
D. The white-box approach.

ACL and IDEA are two prominent examples of which of the following?
A. ITF.
B. GAS.
C. EAM.
D. DBMS.