Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 4: Internal Controls and Risks in IT Systems

Full screen (f)
exit full mode
Question
General controls are divided into five broad categories.Which of the following is not one of these categories?

A)Authentication of users and limiting unauthorized access
B)Hacking and other network break-ins
C)Fraud Prevention
D)Business Continuity
Use Space or
up arrow
down arrow
to flip the card.
Question
Internal controls that apply overall to the IT system are called:

A)Overall Controls
B)Technology Controls
C)Application Controls
D)General Controls
Question
In order to master risks and controls and how they fit together, which of the following is NOT one of the areas to fully understand?

A)The accounting information system.
B)The description of the general and application controls that should exist in IT system.
C)The type and nature of risks in IT systems.
D)The recognition of how controls can be used to reduce risk.
Question
Which programmed input validation makes sure that a value was entered in all of the critical fields?

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check
Question
Which programmed input validation check determines whether the appropriate type of data, either alphabetic or numeric, was entered?

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check
Question
Unchecked risks and threats to the IT system could result in:

A)An interruption of the computer operations
B)Damage to an organization
C)Incorrect or incomplete accounting information
D)All of the above
Question
The average annual cost of cyber crime to U.S.companies is:

A)$3.8 million
B)$6.2 million
C)$1.1 billion
D)Not determinable
Question
Internal controls used specifically in accounting applications to control inputs, processing, and outputs are referred to as an):

A)Specific Controls
B)Application Controls
C)General Controls
D)IT Controls
Question
Management of an internet retail company is concerned about the possibility of computer data eavesdropping and wiretapping, and wants to maintain the confidentiality of its information as it is transmitted.The company should make use of:

A)Data encryption
B)Redundant servers
C)Input controls
D)Password codes
Question
Which control total is the total of field values that are added for control purposes, but not added for any other purpose?

A)Record count
B)Hash total
C)Batch total
D)Field total
Question
An IT governance committee has several responsibilities.Which of the following is least likely to be a responsibility of the IT governance committee?

A)Develop and maintain the database and ensure adequate controls over the database.
B)Develop, monitor, and review security policies.
C)Oversee and prioritize changes to IT systems.
D)Align IT investments to business strategy.
Question
The risk that an unauthorized user would shut down systems within the IT system is an):

A)Security risk
B)Availability risk
C)Processing integrity risk
D)Confidentiality risk
Question
Which programmed input validation check compares the value in a field with related fields which determine whether the value is appropriate?

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check
Question
Which of the following is not a control intended to authenticate users?

A)User log-in
B)Security token
C)Encryption
D)Biometric devices
Question
Internal controls that apply overall to the IT accounting system, that are not restricted to any particular accounting application, are referred to as an):

A)Specific Controls
B)Application Controls
C)General Controls
D)IT Controls
Question
In entering client contact information in the computerized database of a telemarketing business, a clerk erroneously entered nonexistent area codes for a block of new clients.This error rendered the block of contacts useless to the company.Which of the following would most likely have led to discovery of this error into the company's computerized system?

A)Limit check
B)Validity check
C)Sequence check
D)Record count
Question
All of the following are General controls except for:

A)Passwords
B)Physical hardware controls
C)Software Controls
D)Inventory Controls
Question
AICPA Trust Principles describe five categories of IT risks and controls.Which of these five categories would be described by the statement, "The system is protected against unauthorized access"?

A)Security
B)Confidentiality
C)Processing integrity
D)Availability
Question
Hacking can be prevented by using which of the following?

A)Firewalls
B)Encryption
C)Virtual Private Networks
D)None of the Above
E)All of the above
Question
The risk of an unauthorized user gaining access is likely to be a risk for which of the following areas?

A)Telecommuting workers
B)Internet
C)Wireless networks
D)All of the above
Question
This term relates to making the computer recognize a user in order to create a connection at the beginning of the computer session.

A)User ID
B)Password
C)Smart card
D)Login
Question
Nonrepudiation means that:

A)A user is not authorized to change configuration settings.
B)A user is not allowed access to the authority tables.
C)A user can prevent the unauthorized flow of data in both directions.
D)A user cannot deny any particular act that he or she did on the IT system.
Question
Hardware, software, or a combination of both that is designed to block unauthorized access to an IT system is called:

A)Computer log
B)Biometric device
C)Firewall
D)Security token
Question
A new technology that is used to authenticate users is one that plugs into the USB port and eliminates the need for a card reader.This item is called a:

A)Biometric reader
B)Smart card
C)USB smart key
D)Security token
Question
Which of the following is NOT one of the rules for the effective use of passwords?

A)Passwords should not be case sensitive.
B)Passwords should be at least 6 characters in length.
C)Passwords should contain at least one nonalphanumeric character.
D)Password should be changed every 90 days.
E)
Question
The IT system includes this type of table for software, hardware, and application programs that contain the appropriate set-up and security settings.

A)Configuration table
B)Authentication table
C)User table
D)Authority table
Question
All of the following are environmental control issues for physical hardware except for:

A)High temperatures
B)Fires
C)Excessive Humidity
D)All of the Above
E)None of the Above
Question
General controls in IT systems are divided into five broad categories.Which of the following is NOT one of those categories?

A)Authentication of uses and limiting unauthorized access
B)Output controls
C)Organization structure
D)Physical environment and physical security of the system.
Question
This table contains a list of valid, authorized users and the access level granted to each one.

A)User table
B)Authority table
C)Authentication table
D)Configuration table
Question
This item, that strengthens the use of passwords, is plugged into the computer's card reader and helps authenticate that the use is valid; it has an integrated circuit that displays a constantly changing ID code.These statement describe:

A)Security token
B)USB control key
C)Smart card
D)Biometrics
Question
A process or procedure in an IT system to ensure that the person accessing the IT system is valid and authorized is called:

A)Hacking and other network break-ins
B)Physical environment and physical security
C)Authentication of users and limiting unauthorized access
D)Organizational structure
Question
The use of the smart card or security tokens is referred to as a two factor authorization because:

A)It is based on something the user has, the token or card, and something the user knows, the password.
B)It requires that the user is granted the card / token in a secure environment and that the user actually uses the card / token.
C)It requires that the user has two different authorizations: 1) to receive the card / token, and 2) to use the card / token.
D)It requires the use the card / token to 1) login to the system and 2) access the applications.
Question
Which of the following is not an example of physical characteristics being used in biometric devices?

A)Retina scans
B)Fingerprint matching
C)Social security number
D)Voice verification
Question
This should be established for every authorized user and determines each user's access level to hardware, software, and data according to the individual's job responsibilities.

A)User profile
B)User password
C)User ID
D)User log
Question
The process of converting data into secret codes referred to cipher text is called:

A)Deciphering
B)Encryption
C)Nonrepudiation
D)Enciphering
Question
This type of authentication uses some unique physical characteristic of the user to identify the user and allow the appropriate access to the system.

A)Nonrepudiation card
B)Biometric device
C)Configuration table
D)Computer log
Question
This term means that a user cannot deny any particular act that he or she did on the IT system is referred to as:

A)Configuration
B)Proliferation
C)Verification
D)Nonrepudiation
Question
This complete records of all dates, times, and uses for each person is referred to as an):

A)User password
B)Computer log
C)User profile
D)Configuration table
Question
There are a number of reasons that all access to an IT system be logged.Which of the following is not one of the reasons for the log to be maintained?

A)Any login or use abnormalities can be examined in more detail to determine any weaknesses in the login procedures.
B)A user cannot deny any particular act that he or she did on the system.
C)To establish nonrepudiation of sales transactions by a customer.
D)To establish a user profile.
Question
Which of the following is not a good example of an effective password?

A)ABC*$123
B)a1b2c3
C)A*1b?2C$3
D)MSU#Rules$
Question
A small piece of program code that attaches to the computer's unused memory space and replicates itself until the system becomes overloaded and shuts down is called:

A)Infections
B)Virus
C)Serum
D)Worm
Question
Which of the following URL's would indicate that the site is using browser software that encrypts data transferred to the website?

A)shttp://misu
B)https://misu
C)http://smisus
D)https://smisus
Question
A self-replicating piece of program code that can attach itself to other programs and data and perform malicious actions is referred to as an):

A)Worm
B)Encryption
C)Virus
D)Infection
Question
This method of monitoring exposure can involve either manual testing or automated software tools.The method can identify weaknesses before they become network break-ins and attempt to fix these weaknesses before they are exploited.

A)Vulnerability assessment
B)Intrusion detection
C)Encryption examination
D)Penetration testing
Question
This security feature, used on wireless networks, is a password that is passed between the sending and receiving nodes of a wireless network.

A)Secure sockets layer
B)Service set identifier
C)Wired provided access
D)Virtual private network
Question
The systematic steps undertaken to plan, prioritize, authorize, oversee, test, and implement large-scale changes to the IT system are called:

A)IT Governance System
B)Operations Governance
C)System Development Life Cycle
D)Systems Analysis
Question
The process of proactively examining the IT system for weaknesses that can be exploited by hackers, viruses, or malicious employees is called:

A)Intrusion detection
B)Virus management
C)Vulnerability assessment
D)Penetration testing
Question
Which of the following would normally not be found on the IT Governance Committee?

A)Computer input operators
B)Chief Executive Officer
C)Chief Information Officer
D)Heads of business units
Question
The IT Governance Committee has several important responsibilities.Which of the following is not normally one of those responsibilities?

A)Align IT investments to business strategies.
B)Oversee and prioritize changes to IT systems.
C)Develop, monitor, and review security procedures.
D)Investing excess IT funds in long-term investments.
Question
Authorized employees may need to access the company IT system from locations outside the organization.These employees should connect to the IT system using this type of network.

A)Secure socket network
B)Service set identifier
C)Virtual private network
D)Wireless encryption portal
Question
This type of software should be used to avoid destruction of data programs and to maintain operation of the IT system.It continually scans the system for viruses and worms and either deletes or quarantines them.

A)Penicillin Software
B)Antivirus Software
C)Infection Software
D)Internet Software
Question
The functional responsibilities within an IT system must include the proper segregation of duties.Which of the following positions is not one of the duties that is to be segregated from the others?

A)Systems analysts
B)Chief information officer
C)Database administrator
D)Operations personnel
Question
This encryption method requests connection to the network via an access point and that point then requests the use identity and transmits that identity to an authentication server, substantially authenticating the computer and the user.

A)Wired Equivalency Privacy WEP)
B)Wired Encryption Provider WEP)
C)Wireless Provider Authentication WPA)
D)Wireless Protection Access WPA)
Question
The function of this committee is to govern the overall development and operation of IT systems.

A)IT Budget Committee
B)IT Audit Committee
C)IT Governance Committee
D)IT Oversight Committee
Question
The type of network uses tunnels, authentication, and encryption within the Internet network to isolate Internet communications so that unauthorized users cannot access or use certain data.

A)Residential user network
B)Service internet parameter network
C)Virtual private network
D)Virtual public network
Question
This form of encryption uses a public key, which is known by everyone, to encrypt data, and a private key, to decode the data.

A)Multiple encryption
B)Public key encryption
C)Wired encryption
D)Symmetric encryption
Question
This communication protocol is built into web server and browser software that encrypts data transferred on that website.You can determine if a website uses this technology by looking at the URL.

A)Secure sockets layer
B)Service security line
C)Secure encryption network
D)Secure service layer
Question
This encryption method, used with wireless network equipment, is symmetric in that both the sending and receiving network nodes must use the same encryption key.It has been proven to be susceptible to hacking.

A)Wired Equivalency Privacy WEP)
B)Wired Encryption Policy WEP)
C)Wireless Protection Access WPA)
D)Wired Privacy Authentication WPA)
Question
This form of encryption uses a single encryption key that must be used to encrypt data and also to decode the encrypted data.

A)Multiple encryption
B)Public key encryption
C)Wired encryption
D)Symmetric encryption
Question
Specific software tools that monitor data flow within a network and alert the IT staff to hacking attempts or other unauthorized access attempts is called:

A)Security detection
B)Vulnerability assessment
C)Penetration testing
D)Intrusion detection
Question
General controls for an IT system include:

A)Controls over the physical environment only.
B)Controls over the physical access only.
C)Controls over the physical environment and over the physical access.
D)None of the above.
Question
Examples of Business Continuity include all of the following except:

A)Disaster Recovery Plan
B)Backup Data
C)Environmental Backup Recovery Plan
D)Offsite Backup
Question
The AICPA Trust Services Principles categorizes IT controls and risks into categories.Which of the following is not one of those categories?

A)Confidentiality
B)Security
C)Recovery
D)Availability
Question
A computer network covering a small geographic area, which, in most cases, are within a single building or a local group of buildings is called a:

A)Land area network
B)Local access network
C)Local area network
D)Locality arena network
Question
A large disk storage for accounting and operating data is referred to as an):

A)Operating system
B)Application software
C)Database
D)Binary monetary system
Question
Availability risks, related to the authentication of users would include:

A)Shutting down the system and shutting down programs
B)Altering data and repudiating transactions
C)Stealing data and recording nonexistent transactions
D)Sabotaging systems and destroying data
Question
Many companies use a public cloud computing model for software, data storage or both.Which of the following is an advantage to the public cloud computing model?

A)Expanded access
B)Cost savings
C)Scalability
D)All of the above are advantages
Question
A proactive program for considering risks to the business continuation and the development of plans and procedures to reduce those risks is referred to as:

A)Redundant business planning
B)Business continuity planning
C)Unnecessary in the current safe environments
D)Emergency backup power
Question
The establishment of log-in procedures can help prevent or lessen security risks and are referred to as:

A)Reactive controls
B)Preventive controls
C)Availability controls
D)Confidentiality controls
Question
Unauthorized access to the operating system would allow the unauthorized user to:

A)Browse disk files for sensitive data or passwords.
B)Alter data through the operating system.
C)Alter application programs.
D)All of the above
Question
The accuracy, completeness, and timeliness of the process in IT systems is referred to as:

A)Availability Risks
B)Security Risks
C)Confidentiality Risks
D)Processing Integrity Risks
Question
Large-scale IT systems should be protected by physical access controls.Which of the following is not listed as one of those controls?

A)Limited access to computer rooms
B)Video surveillance equipment
C)Locked storage of backup data
D)Encryption of passwords.
Question
The company-to-company transfer of standard business documents in electronic form is called:

A)Facsimile Transmission
B)PDF Interchange
C)Electronic Data Interchange
D)Tele-transmission
Question
Companies who provide mobile devices for employees, normally has a policy that allows the company's IT professional to remove company data and applications from the mobile device.This process is referred to as:

A)Cloud exchange
B)Operations removal
C)Data integrity
D)Remove wipe
Question
The work arrangement where employees work from home using some type of network connection to the office is referred to as:

A)Telecommuting
B)Telemarketing
C)Network Employment
D)Electronic working
Question
Two or more computer network or data servers that can run identical processes or maintain the same data are called:

A)Emergency power supply
B)Uninterruptible power source
C)Redundant servers
D)Business continuity planning
Question
The software that controls the basic input and output activities of the computer are called:

A)Operating System
B)Application Software
C)Data Base Management System
D)Electronic Data Interchange
Question
An alternative power supply that provides electrical power in the event that a main source is lost is called:

A)Uninterruptible power supply
B)System power supply
C)Emergency power supply
D)Battery power supply
Question
A group of LANs connected to each other to cover a wider geographic area is called a:

A)Connected local network
B)Wide area network
C)Connected wide area
D)Wide geographic network
Question
A software system that manages the interface between many users and the database is called:

A)Database security system
B)Database management system
C)Database binary monetary system
D)Database assessment
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/164
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 4: Internal Controls and Risks in IT Systems
1
General controls are divided into five broad categories.Which of the following is not one of these categories?

A)Authentication of users and limiting unauthorized access
B)Hacking and other network break-ins
C)Fraud Prevention
D)Business Continuity
C
Fraud Prevention
2
Internal controls that apply overall to the IT system are called:

A)Overall Controls
B)Technology Controls
C)Application Controls
D)General Controls
D
General Controls
3
In order to master risks and controls and how they fit together, which of the following is NOT one of the areas to fully understand?

A)The accounting information system.
B)The description of the general and application controls that should exist in IT system.
C)The type and nature of risks in IT systems.
D)The recognition of how controls can be used to reduce risk.
A
The accounting information system.
4
Which programmed input validation makes sure that a value was entered in all of the critical fields?

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
5
Which programmed input validation check determines whether the appropriate type of data, either alphabetic or numeric, was entered?

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
6
Unchecked risks and threats to the IT system could result in:

A)An interruption of the computer operations
B)Damage to an organization
C)Incorrect or incomplete accounting information
D)All of the above
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
7
The average annual cost of cyber crime to U.S.companies is:

A)$3.8 million
B)$6.2 million
C)$1.1 billion
D)Not determinable
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
8
Internal controls used specifically in accounting applications to control inputs, processing, and outputs are referred to as an):

A)Specific Controls
B)Application Controls
C)General Controls
D)IT Controls
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
9
Management of an internet retail company is concerned about the possibility of computer data eavesdropping and wiretapping, and wants to maintain the confidentiality of its information as it is transmitted.The company should make use of:

A)Data encryption
B)Redundant servers
C)Input controls
D)Password codes
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
10
Which control total is the total of field values that are added for control purposes, but not added for any other purpose?

A)Record count
B)Hash total
C)Batch total
D)Field total
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
11
An IT governance committee has several responsibilities.Which of the following is least likely to be a responsibility of the IT governance committee?

A)Develop and maintain the database and ensure adequate controls over the database.
B)Develop, monitor, and review security policies.
C)Oversee and prioritize changes to IT systems.
D)Align IT investments to business strategy.
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
12
The risk that an unauthorized user would shut down systems within the IT system is an):

A)Security risk
B)Availability risk
C)Processing integrity risk
D)Confidentiality risk
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
13
Which programmed input validation check compares the value in a field with related fields which determine whether the value is appropriate?

A)Completeness check
B)Validity check
C)Reasonableness check
D)Field check
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following is not a control intended to authenticate users?

A)User log-in
B)Security token
C)Encryption
D)Biometric devices
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
15
Internal controls that apply overall to the IT accounting system, that are not restricted to any particular accounting application, are referred to as an):

A)Specific Controls
B)Application Controls
C)General Controls
D)IT Controls
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
16
In entering client contact information in the computerized database of a telemarketing business, a clerk erroneously entered nonexistent area codes for a block of new clients.This error rendered the block of contacts useless to the company.Which of the following would most likely have led to discovery of this error into the company's computerized system?

A)Limit check
B)Validity check
C)Sequence check
D)Record count
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
17
All of the following are General controls except for:

A)Passwords
B)Physical hardware controls
C)Software Controls
D)Inventory Controls
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
18
AICPA Trust Principles describe five categories of IT risks and controls.Which of these five categories would be described by the statement, "The system is protected against unauthorized access"?

A)Security
B)Confidentiality
C)Processing integrity
D)Availability
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
19
Hacking can be prevented by using which of the following?

A)Firewalls
B)Encryption
C)Virtual Private Networks
D)None of the Above
E)All of the above
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
20
The risk of an unauthorized user gaining access is likely to be a risk for which of the following areas?

A)Telecommuting workers
B)Internet
C)Wireless networks
D)All of the above
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
21
This term relates to making the computer recognize a user in order to create a connection at the beginning of the computer session.

A)User ID
B)Password
C)Smart card
D)Login
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
22
Nonrepudiation means that:

A)A user is not authorized to change configuration settings.
B)A user is not allowed access to the authority tables.
C)A user can prevent the unauthorized flow of data in both directions.
D)A user cannot deny any particular act that he or she did on the IT system.
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
23
Hardware, software, or a combination of both that is designed to block unauthorized access to an IT system is called:

A)Computer log
B)Biometric device
C)Firewall
D)Security token
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
24
A new technology that is used to authenticate users is one that plugs into the USB port and eliminates the need for a card reader.This item is called a:

A)Biometric reader
B)Smart card
C)USB smart key
D)Security token
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
25
Which of the following is NOT one of the rules for the effective use of passwords?

A)Passwords should not be case sensitive.
B)Passwords should be at least 6 characters in length.
C)Passwords should contain at least one nonalphanumeric character.
D)Password should be changed every 90 days.
E)
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
26
The IT system includes this type of table for software, hardware, and application programs that contain the appropriate set-up and security settings.

A)Configuration table
B)Authentication table
C)User table
D)Authority table
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
27
All of the following are environmental control issues for physical hardware except for:

A)High temperatures
B)Fires
C)Excessive Humidity
D)All of the Above
E)None of the Above
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
28
General controls in IT systems are divided into five broad categories.Which of the following is NOT one of those categories?

A)Authentication of uses and limiting unauthorized access
B)Output controls
C)Organization structure
D)Physical environment and physical security of the system.
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
29
This table contains a list of valid, authorized users and the access level granted to each one.

A)User table
B)Authority table
C)Authentication table
D)Configuration table
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
30
This item, that strengthens the use of passwords, is plugged into the computer's card reader and helps authenticate that the use is valid; it has an integrated circuit that displays a constantly changing ID code.These statement describe:

A)Security token
B)USB control key
C)Smart card
D)Biometrics
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
31
A process or procedure in an IT system to ensure that the person accessing the IT system is valid and authorized is called:

A)Hacking and other network break-ins
B)Physical environment and physical security
C)Authentication of users and limiting unauthorized access
D)Organizational structure
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
32
The use of the smart card or security tokens is referred to as a two factor authorization because:

A)It is based on something the user has, the token or card, and something the user knows, the password.
B)It requires that the user is granted the card / token in a secure environment and that the user actually uses the card / token.
C)It requires that the user has two different authorizations: 1) to receive the card / token, and 2) to use the card / token.
D)It requires the use the card / token to 1) login to the system and 2) access the applications.
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
33
Which of the following is not an example of physical characteristics being used in biometric devices?

A)Retina scans
B)Fingerprint matching
C)Social security number
D)Voice verification
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
34
This should be established for every authorized user and determines each user's access level to hardware, software, and data according to the individual's job responsibilities.

A)User profile
B)User password
C)User ID
D)User log
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
35
The process of converting data into secret codes referred to cipher text is called:

A)Deciphering
B)Encryption
C)Nonrepudiation
D)Enciphering
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
36
This type of authentication uses some unique physical characteristic of the user to identify the user and allow the appropriate access to the system.

A)Nonrepudiation card
B)Biometric device
C)Configuration table
D)Computer log
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
37
This term means that a user cannot deny any particular act that he or she did on the IT system is referred to as:

A)Configuration
B)Proliferation
C)Verification
D)Nonrepudiation
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
38
This complete records of all dates, times, and uses for each person is referred to as an):

A)User password
B)Computer log
C)User profile
D)Configuration table
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
39
There are a number of reasons that all access to an IT system be logged.Which of the following is not one of the reasons for the log to be maintained?

A)Any login or use abnormalities can be examined in more detail to determine any weaknesses in the login procedures.
B)A user cannot deny any particular act that he or she did on the system.
C)To establish nonrepudiation of sales transactions by a customer.
D)To establish a user profile.
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
40
Which of the following is not a good example of an effective password?

A)ABC*$123
B)a1b2c3
C)A*1b?2C$3
D)MSU#Rules$
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
41
A small piece of program code that attaches to the computer's unused memory space and replicates itself until the system becomes overloaded and shuts down is called:

A)Infections
B)Virus
C)Serum
D)Worm
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
42
Which of the following URL's would indicate that the site is using browser software that encrypts data transferred to the website?

A)shttp://misu
B)https://misu
C)http://smisus
D)https://smisus
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
43
A self-replicating piece of program code that can attach itself to other programs and data and perform malicious actions is referred to as an):

A)Worm
B)Encryption
C)Virus
D)Infection
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
44
This method of monitoring exposure can involve either manual testing or automated software tools.The method can identify weaknesses before they become network break-ins and attempt to fix these weaknesses before they are exploited.

A)Vulnerability assessment
B)Intrusion detection
C)Encryption examination
D)Penetration testing
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
45
This security feature, used on wireless networks, is a password that is passed between the sending and receiving nodes of a wireless network.

A)Secure sockets layer
B)Service set identifier
C)Wired provided access
D)Virtual private network
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
46
The systematic steps undertaken to plan, prioritize, authorize, oversee, test, and implement large-scale changes to the IT system are called:

A)IT Governance System
B)Operations Governance
C)System Development Life Cycle
D)Systems Analysis
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
47
The process of proactively examining the IT system for weaknesses that can be exploited by hackers, viruses, or malicious employees is called:

A)Intrusion detection
B)Virus management
C)Vulnerability assessment
D)Penetration testing
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
48
Which of the following would normally not be found on the IT Governance Committee?

A)Computer input operators
B)Chief Executive Officer
C)Chief Information Officer
D)Heads of business units
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
49
The IT Governance Committee has several important responsibilities.Which of the following is not normally one of those responsibilities?

A)Align IT investments to business strategies.
B)Oversee and prioritize changes to IT systems.
C)Develop, monitor, and review security procedures.
D)Investing excess IT funds in long-term investments.
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
50
Authorized employees may need to access the company IT system from locations outside the organization.These employees should connect to the IT system using this type of network.

A)Secure socket network
B)Service set identifier
C)Virtual private network
D)Wireless encryption portal
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
51
This type of software should be used to avoid destruction of data programs and to maintain operation of the IT system.It continually scans the system for viruses and worms and either deletes or quarantines them.

A)Penicillin Software
B)Antivirus Software
C)Infection Software
D)Internet Software
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
52
The functional responsibilities within an IT system must include the proper segregation of duties.Which of the following positions is not one of the duties that is to be segregated from the others?

A)Systems analysts
B)Chief information officer
C)Database administrator
D)Operations personnel
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
53
This encryption method requests connection to the network via an access point and that point then requests the use identity and transmits that identity to an authentication server, substantially authenticating the computer and the user.

A)Wired Equivalency Privacy WEP)
B)Wired Encryption Provider WEP)
C)Wireless Provider Authentication WPA)
D)Wireless Protection Access WPA)
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
54
The function of this committee is to govern the overall development and operation of IT systems.

A)IT Budget Committee
B)IT Audit Committee
C)IT Governance Committee
D)IT Oversight Committee
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
55
The type of network uses tunnels, authentication, and encryption within the Internet network to isolate Internet communications so that unauthorized users cannot access or use certain data.

A)Residential user network
B)Service internet parameter network
C)Virtual private network
D)Virtual public network
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
56
This form of encryption uses a public key, which is known by everyone, to encrypt data, and a private key, to decode the data.

A)Multiple encryption
B)Public key encryption
C)Wired encryption
D)Symmetric encryption
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
57
This communication protocol is built into web server and browser software that encrypts data transferred on that website.You can determine if a website uses this technology by looking at the URL.

A)Secure sockets layer
B)Service security line
C)Secure encryption network
D)Secure service layer
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
58
This encryption method, used with wireless network equipment, is symmetric in that both the sending and receiving network nodes must use the same encryption key.It has been proven to be susceptible to hacking.

A)Wired Equivalency Privacy WEP)
B)Wired Encryption Policy WEP)
C)Wireless Protection Access WPA)
D)Wired Privacy Authentication WPA)
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
59
This form of encryption uses a single encryption key that must be used to encrypt data and also to decode the encrypted data.

A)Multiple encryption
B)Public key encryption
C)Wired encryption
D)Symmetric encryption
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
60
Specific software tools that monitor data flow within a network and alert the IT staff to hacking attempts or other unauthorized access attempts is called:

A)Security detection
B)Vulnerability assessment
C)Penetration testing
D)Intrusion detection
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
61
General controls for an IT system include:

A)Controls over the physical environment only.
B)Controls over the physical access only.
C)Controls over the physical environment and over the physical access.
D)None of the above.
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
62
Examples of Business Continuity include all of the following except:

A)Disaster Recovery Plan
B)Backup Data
C)Environmental Backup Recovery Plan
D)Offsite Backup
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
63
The AICPA Trust Services Principles categorizes IT controls and risks into categories.Which of the following is not one of those categories?

A)Confidentiality
B)Security
C)Recovery
D)Availability
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
64
A computer network covering a small geographic area, which, in most cases, are within a single building or a local group of buildings is called a:

A)Land area network
B)Local access network
C)Local area network
D)Locality arena network
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
65
A large disk storage for accounting and operating data is referred to as an):

A)Operating system
B)Application software
C)Database
D)Binary monetary system
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
66
Availability risks, related to the authentication of users would include:

A)Shutting down the system and shutting down programs
B)Altering data and repudiating transactions
C)Stealing data and recording nonexistent transactions
D)Sabotaging systems and destroying data
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
67
Many companies use a public cloud computing model for software, data storage or both.Which of the following is an advantage to the public cloud computing model?

A)Expanded access
B)Cost savings
C)Scalability
D)All of the above are advantages
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
68
A proactive program for considering risks to the business continuation and the development of plans and procedures to reduce those risks is referred to as:

A)Redundant business planning
B)Business continuity planning
C)Unnecessary in the current safe environments
D)Emergency backup power
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
69
The establishment of log-in procedures can help prevent or lessen security risks and are referred to as:

A)Reactive controls
B)Preventive controls
C)Availability controls
D)Confidentiality controls
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
70
Unauthorized access to the operating system would allow the unauthorized user to:

A)Browse disk files for sensitive data or passwords.
B)Alter data through the operating system.
C)Alter application programs.
D)All of the above
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
71
The accuracy, completeness, and timeliness of the process in IT systems is referred to as:

A)Availability Risks
B)Security Risks
C)Confidentiality Risks
D)Processing Integrity Risks
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
72
Large-scale IT systems should be protected by physical access controls.Which of the following is not listed as one of those controls?

A)Limited access to computer rooms
B)Video surveillance equipment
C)Locked storage of backup data
D)Encryption of passwords.
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
73
The company-to-company transfer of standard business documents in electronic form is called:

A)Facsimile Transmission
B)PDF Interchange
C)Electronic Data Interchange
D)Tele-transmission
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
74
Companies who provide mobile devices for employees, normally has a policy that allows the company's IT professional to remove company data and applications from the mobile device.This process is referred to as:

A)Cloud exchange
B)Operations removal
C)Data integrity
D)Remove wipe
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
75
The work arrangement where employees work from home using some type of network connection to the office is referred to as:

A)Telecommuting
B)Telemarketing
C)Network Employment
D)Electronic working
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
76
Two or more computer network or data servers that can run identical processes or maintain the same data are called:

A)Emergency power supply
B)Uninterruptible power source
C)Redundant servers
D)Business continuity planning
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
77
The software that controls the basic input and output activities of the computer are called:

A)Operating System
B)Application Software
C)Data Base Management System
D)Electronic Data Interchange
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
78
An alternative power supply that provides electrical power in the event that a main source is lost is called:

A)Uninterruptible power supply
B)System power supply
C)Emergency power supply
D)Battery power supply
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
79
A group of LANs connected to each other to cover a wider geographic area is called a:

A)Connected local network
B)Wide area network
C)Connected wide area
D)Wide geographic network
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
80
A software system that manages the interface between many users and the database is called:

A)Database security system
B)Database management system
C)Database binary monetary system
D)Database assessment
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 164 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree