Deck 12: Monitoring and Auditing AIS

A) Internet
B) LAN
C) Virtual private network (VPN)
D) Decentralized network

A) It is a centralized collection of firm-wide data
B) The purpose of a data warehouse is to provide a rich data set for management to identify patterns and to examine trends of business events
C) Includes data for the current fiscal year only
D) The data in a data warehouse is pulled from each of the operational databases periodically

A) Hub is smarter than Switch.
B) Switches provide more security protections than hubs do for a company's internal network.
C) Switch is widely used in WANs.
D) A Switch contains multiple ports.

A) Guard against spoofing
B) Filtering packets
C) Deny computer hackers access to sensitive data
D) All of the above

A) A firewall is a security system comprised of hardware and software that is built using routers, servers, and a variety of software
B) A firewall allows individuals on the corporate network to send and receive data packets from the Internet
C) A firewall can filter through packets coming from outside networks to prevent unauthorized access
D) A firewall connects different LANs, software-based intelligent devices, examines IP addresses

A) To ensure the integrity of a system
B) To control the flow of multiprogramming and tasks of scheduling in the computer
C) To allocate computer resources to users and applications
D) All of the above are correct

A) A particular attribute of information.
B) A common term for the representation of multidimensional data.
C) The process of analyzing data to extract of information that is not affected by the raw data alone.
D) None of the above is correct.

A) Continuous audit is to perform audit-related activities on a continuous basis
B) Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance
C) Technology plays a key role in continuous audit in analyzing trends and patterns of transactions, identifying exceptions and anomalies, and testing controls
D) Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis

A) Large Area Network.
B) Local Area Network.
C) Longitudinal Analogue Network.
D) Low Analytical Nets.

A) Continuous monitoring and analysis of transaction processing with an embedded audit module.
B) Increased reliance on internal control activities that emphasize the segregation of duties.
C) Verification of encrypted digital certificates used to monitor the authorization of transactions.
D) Extensive testing of firewall boundaries that restrict the recording of outside network traffic.

A) The auditors need to gain detailed knowledge of the systems' internal logic
B) The black-box approach could be adequate when automated systems applications are complicated
C) The auditors first calculating expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results.
D) All of the above are correct

A) It uses a set of input data to validate system integrity.
B) It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system
C) It is an automated technique that enables test data to be continually evaluated during the normal operation of a system
D) A and B are correct
E) None of the above is correct

A) Data warehouse and data mining
B) Transaction logging and query tools
C) Computer-assisted audit techniques.
D) All of the above.

A) Assigning roles and responsibilities of employees for access control
B) Conducting risk assessment on a regular basis
C) Conducting appropriate awareness training on wireless networks
D) Creating policies and procedures

A) Provide the communication within the network
B) Select network pathways within a network for the flow of data packets.
C) Amplify and rebroadcast signals in a network
D) Forward data packets to their internal network destination

A) The IP address of a desktop computer often changes
B) The MAC address of a desktop computer often changes
C) The IP address of a Web server does not change
D) Each hardware device must have a MAC address

A) Recreate the test, using different software.
B) List a sample of actual data to verify the accuracy of the test program.
C) Ignore the discrepancy because the grand totals reconcile and instruct the controller to correct program.
D) Create test transactions and run test data on both the production and simulation program.

A) Mobility
B) Rapid deployment
C) Flexibility and Scalability
D) Security

A) Test of details of transactions and balances
B) Analytical review procedures
C) Fraud examination
D) Produce terms and conditions of employment

A) Embedded audit modules cannot be protected from computer viruses.
B) Auditors are required to monitor embedded audit modules continuously to obtain valid results.
C) Embedded audit modules can easily be modified through management tampering.
D) Auditors are required to be involved in the system design of the application to be monitored.

A) The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network
B) The attacker passively monitors wireless networks for data, including authentication credentials
C) The attacker steals or makes unauthorized use of a service
D) The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.

A) It is a way to use the public telecommunication infrastructure in providing secures access to an organization's network.
B) It enables the employees to work remotely by accessing their firm's network securely using the Internet
C) The packets sent through VPN are encrypted and with authentication technology.
D) The expensive cost is one major disadvantage of VPN.

A) Application programs.
B) Computers.
C) Servers.
D) Routers.

A) The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data
B) The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it
C) The attacker passively monitors wireless networks for data, including authentication credentials
D) The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network