Accounting Information Systems: Test Review

Data fraud Which of the following will not reduce the likelihood of an occurrence of fraud? Encryption of data and programs SE of forensic accountants Required vacations and rotation of duties Adequate insurance coverage A part of a program that remains idle until some date or event occurs and then is activated to cause havoc in the system is a Logic bomb Virus Data diddle Trap door The unauthorized copying of company data is known as Eavesdropping Masquerading Pushing Data leakage illegal acts are typically called Preparers Hackers Jerks Crackers Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called Data leakage Piggybacking Hacking

Superposing Spy;are is Software that monitors whether spies are looking at the computer Software that tells the user if anyone is spying on his computer Software that monitors computing habits and sends the data it gathers to someone else None of the above It was late on Friday when troy Wolcott…. Social engineering Identify theft War dialing Partaking Computers that are part of a bootee and are controlled by a boot herder are referred to as Evil twins Zombies Posers Boutiques Jiao Jan had been the web master….. The company had been the victim of an… Cyber extortion attack Zero day attack Mallard attack Denial of service attack Jiao Jan had been the web master…. He author of the email was engaged in Hacking A denial of service attack Internet terrorism Cyber extortion A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of Corrective control Preventive control Authorization control Detective control At a movie theater box office, all tickets are sequentially purebred. At the end of each day, the beginning ticket number is subtracted from the ending number to lactate the number of tickets sold. These ticket stubs collected at the theater entrance are counted and compared with the number of tickets sold. Which of the following situations does this control detect?

The ticket taker admits his friends without tickets customers presented tickets purchased on a previous day when there wasn’t a ticket taker at the theater entrance A group of kids snuck into the theater through a back door when customers left after a show One of the objectives of the segregation of duties is to Make sure that different people handle different parts of the same transaction Make ere that different people handle different transactions Achieve an optimal division of labor for efficient operations Ensure that no collusion will occur According to the Serbians Solely act of 2002, the audit committee of the board of directors is directly responsible for Hiring and firing the external auditors certifying the accuracy of the company’s financial reporting process overseeing day- to-day operations of the internal audit department performing tests of the company’s internal control structure The risk that remains after management implements internal controls is Inherent risk Risk appetite Residual risk Risk assessment River rafting adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injure or killed. Settlement of resulting lawsuits have an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most that the business should pay for the insurance? $50 $650 $500 $600 Which of the following is not one of the three fundamental information security incepts?

Security is a management issue, not a technology issue The time based model of security focuses on the relationship between preventive, detective and corrective controls The idea of defense-in-depth employs multiple layers of controls Information security is a technology issue based on prevention Verifying the identity of the person or device attempting to access the system is Identification monitoring Authentication Authorization Threat Which of the following is an example of a detective control Physical access controls Encryption Emergency response teams Log analysis Multi-factor authentication Requires the use of more than one effective password Provides weaker authentication than the use of effective passwords Is a table specifying which portions of the systems users are permitted to access The most common input-related vulnerability is Buffer overflow attack Hardening This is an authorized attempt by an internal audit team or an external security consultant to attempt to break into the organizations information system Vulnerability scan Intrusion detection system Penetration test It was 9:08….. ESSAY: Describe four requirements of effective passwords Explain social engineering