Chapter 12 AIS – Flashcards
Unlock all answers in this set
Unlock answersquestion
operating system (OS)
answer
-most important system software because it performs the tasks that enable a computer to operate --ensures the integrity of the system -controls the flow the flow of multiprogramming and tasks of scheduling in the computer --allocates computer resources to users and applications --manages the interfaces with the computer
question
5 fundamental control objects of the operating system
answer
1.it has protect itself from users 2.it must protect users form each other 3.it must protect users form themselves 4.it must be protected by itself 5. it must be protected from its environment
question
database
answer
shared collection of logically related data that meets the information needs of a firm
question
database system
answer
a term typically used to encapsulate the constructs of data mode, database managements system (DBSM) and database
question
data warehouse
answer
a centralized collection of firmwide data for a relatively long period of time -no updates when transactions are processed (nonvolatile) -purpose is to provide a rich data set for management to identify patterns and to examine trends of business events
question
operational databases
answer
often includes data for the current fiscal year only -it is updated as transactions are processed
question
data mining
answer
is the process of searching for patterns in the data in ta data warehouse and analyzing these patterns for decision making -often used to predict customer's buying behavior -OLAP (online analytical processing) (243)
question
Data governance
answer
the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a firm
question
local area network (LAN)
answer
group of computers, printers, and other devices connected to the same network and covers a limited geographic range such as a home, office -mainly use hubs and switches -faster -use MAC address
question
hubs (245)
answer
LAN devices include hubs -contains multiple ports -broadcasts data packets
question
switches (245)
answer
an intelligence device that provides a path for each pair of connections on the switch by storing address information in its switching table -it is significant improvement over hubs, because each device connected via the network only sees traffic that has been directed to it via its MAC -directs data packets bases on media access controls addresses
question
packet
answer
formatted, small unit of data, part of the message of data set that is transmitted over the network
question
MAC (media access controls) address (246)
answer
a designated address that is connected to same network that covers a limited geographic range such as a home, small office, or a campus building
question
WANs (wide area networks)
answer
links different sites together , transmits information across geographically dispersed LANs and covers a broad geographic area such as a city, region nation or an international link -routers and firewalls -slower -use IP address
question
3 main purposes of WANs
answer
1.provide remote access to employees or customers 2.to link two ore more sties within the firm 3.to provide corporate access to the Internet
question
router 246
answer
software based intelligent device that chooses the most efficient communication through a network to the required destination -it connects different LANS
question
firewall 246
answer
a security system comprised of hardware and software that is build using routers, servers and variety of software -when data packet arrives it examines it to determine whether it should be allowed to continue in the transmission process
question
virtual private network (VPN)
answer
securely connect s firms' WAN's by sending /receiving encrypted packets via virtual connections over the public Internet to distant offices -provides users with secure, remote access to their firm's networking using the internet -
question
remote access 247
answer
connection to a data processing system from a remote location e.g. through a VPN
question
The ... system is the most important system software because it performs the tasks that enable a computer to operate
answer
operating
question
one important operating system control is to protect the OS from ... applications, which must not be able to gain control of or damage the OS
answer
user
question
In today's electronic world, most accounting records are stored in a ...
answer
database
question
a data ... is a centralized collection of firm wide data for a relatively long period of time
answer
warehouse
question
data .. is the process of searching for patters in the data and analyzing these patterns for decision making
answer
mining
question
data governance is the convergence of which of the following items> 1.risk management on data 2.business process management on data 3.data quality, data management, and data policies 4. data accuracy of financial statements
answer
1, 2 and 3
question
LAN deices include hubs and switches. From a security perspective ... provide a significant improvement over ..
answer
switches, hubs
question
test data technique (white box )
answer
uses a set of input data to validate system integrity
question
parallel simulation (white box)
answer
attempts to simulate the firm's key features or processes
question
integrated test facility ( white box )
answer
enables test data to be continually evaluated during the normal operation of a system
question
what is continuous auditing?
answer
-testing in a continuous audits often consists of continuous controls monitoring and continuous data assurance -continuous auditing is to perform audit related activities on a continuous basis
question
devices used in LANs
answer
hubs, switches
question
devices used in VPN
answer
access points stations
question
devices used in WANs
answer
-firewalls -routers
question
to audit a system, auditors use the test data technique to .. system integrity. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logic and controls of the system
answer
validate
question
computer assisted audit techniques enable auditors to gather and analyze audit ... to test the adequacy and reliability of financial information and internal controls in a computerized environment
answer
evidence
question
how to make a wide area network secure? -using a virtual private network -using dedicated leased lines -using a local area network
answer
-using a virtual private network -using dedicated leased lines-using a virtual private network -using dedicated leased lines
question
common benefits o using wireless technology
answer
mobility, rapid deployment, and flexibility, and scalability of network
question
black box approach
answer
auditing around the computer
question
embedded audit module
answer
a programmed module added to the system so that the auditors can monitor and collect data over online transactions
question
relevant technologies in performing continuous auditing
answer
1.CAATs 2.Data analytic and or data mining 3.XML and XBRL
question
main purpose of WAN
answer
1.to provide corporate access to the internet 2.to provide remote access to employees or customers 3.to link various sites within the firm
question
security controls for wireless networks can be categorized into 3 groups
answer
technical controls operational controls management controls
question
technical controls
answer
change the default configuration of all access points that have been deployed
question
operational controls
answer
-conduct appropriate training on wireless networks and provide regular updates on organizational policies and procedures to employees -determine and produce terms and conditions of employment that states the employee's responsibilities for the firm's wireless network-determine and produce terms and conditions of employment that states the employee's responsibilities for the firm's wireless network
question
management controls
answer
-determine which types of information that may or may not be sent over wireless networks -determine requirements for the use of encryption and for cryptographic key management -determine which parties are authorized and responsible for installing and configuring access points
question
a ... ... ... securely connects a firm's WANs by sending/receiving encrypted packets via virtual connections over the public internet to distant offices, salespeople, and business partners
answer
VPNs
question
non technical barriers encountered in implementing continuous auditing
answer
-readiness of the internal audit group to develop and adopt continuous auditing -unrealistic expectations of the benefits of continuous auditing -perceived negative impact
question
technical challenges encountered in implementing continuous auditing
answer
-access to all relevant data in a timely manner -developing a suitable scoring /weighting mechanism to prioritize exceptions -defining the appropriate analytic that will effectively identify exceptions to controls -accumulating and quantifying the risks and the exposures that have been identified -balancing the costs and efforts of reviewing large volumes of exceptions against the exposures of the exception themselves
question
GAS
answer
provides auditors with an independent means to gain access to various types of data for analysis
question
a Wireless network is comprised of two fundamental architectural components:
answer
access points and stations
question
Most threats with regard to wireless networks typically involve an attacker with access to the radio link between a station and an access point, or between two stations T/F
answer
TRUE
question
operational controls in wireless networks typically include: select all that 1.preventing and detecting physical security breaches 2.assigning roles and responsibilities of employees 3.providing security training to employees 4.protecting a firm's premises and facilities
answer
1.3.4.
question
security controls for wireless networks can be categorized into three groups: management, ... and technical controls
answer
operational
question
auditors can use computer assisted audit techniques (CAATs) in which areas? 1.predictive business analytics and forecasting 2.analytical review procedures 3.compliance tests of IT general and application controls 4.test of details of transactions and balances
answer
2.3.4.
question
in auditing information systems auditors use parallel .. to verify the firm's key features or processes.
answer
simulation
question
the audit activities related to continuous auditing range from continous... assessment to contininous .. assessment
answer
control, risk
question
Another name for data warehousing is data mining. A) True B) False
answer
False
question
Data warehousing refers to the short-term storage of large amounts of data for an entire enterprise. A) True B) False
answer
False
question
An operating system handles input and output to and from attached hardware devices, such as hard disks, printers, and dial-up ports and sends messages to each application or interactive user about the status of operation and any errors that may have occurred. A) True B) False
answer
True
question
Which of the following is not a function of generalized audit software? A) To aid in the random selection of transactions for substantive testing. B) To run in parallel with the client's application software and compare the output. C) To test the mathematical accuracy by footing and cross-foot items in the accounting system. D) To keep an independent log of access to computer application software.
answer
D) To keep an independent log of access to computer application software.
question
Which of the following is not a computer-assisted audit technique? A) Test data B) Tagging and lagging C) Integrated test facility D) Parallel simulation
answer
B) Tagging and lagging
question
When would "auditing around the computer" be appropriate? A) When significant controls over the computer system are adequate. B) When significant controls over the computer system are not required. C) It is never appropriate to audit around the computer.
answer
B) When significant controls over the computer system are not required.
question
A virtual private network (VPN) sends encrypted messages though public Internet service providers. A) True B) False
answer
True
question
A _____ is a type of network equipment that directs information or data to transmit over the Internet. A) Server B) Router C) Firewall D) Switch
answer
B) Router
question
A ____ is a network with security and controlled access for a private group but built on top of a public network. A) Wide area network. B) Virtual organization. C) Middleware network. D) Virtual private network.
answer
D) Virtual private network.
question
Common IT techniques that are needed to implement continuous auditing include: A) Database management systems B) Computer-assisted audit techniques (CAATs) C) Data warehouses D) All of the above
answer
D) All of the above
question
Which of the following describes a group of computers that connects the internal users of a company distributed over an office building? Internet Virtual private network (VPN) Decentralized network LAN
answer
LAN
question
A data warehouse is for daily operations and often includes data for the current fiscal year only. True False
answer
False
question
Which of the following statements regarding the black-box approach for systems auditing is correct? -The auditors need to gain detailed knowledge of the systems' internal logic -The black-box approach could be adequate when automated systems applications are complicated -The auditors first calculating expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results. -All of the above are correct
answer
The auditors first calculating expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results.
question
What is the test data technique? A)It uses a set of input data to validate system integrity. B)It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system C)It is an automated technique that enables test data to be continually evaluated during the normal operation of a system D)A and B are correct E)None of the above is correct
answer
A and B are correct
question
Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a company. True False
answer
True
question
Which of the following is not a use of CAATs in auditing? A)Produce terms and conditions of employment B)Fraud examination C)Test of details of transactions and balances D)Analytical review procedures
answer
A)Produce terms and conditions of employment
question
Which of the following statements is wrong regarding continuous audit? A)Technology plays a key role in continuous audit in analyzing trends and patterns of transactions, identifying exceptions and anomalies, and testing controls B)Continuous audit is to perform audit-related activities on a continuous basis C)Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance D)Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis
answer
D)Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis
question
What is the man-in-the-middle threat for wireless LANs? A)The attacker steals or makes unauthorized use of a service B)The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data. C)The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network D)The attacker passively monitors wireless networks for data, including authentication credentials
answer
B)The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.
question
A continuous audit is to perform audit-related activities on a continuous basis. True False
answer
True
question
Virtual private network (VPN) is a private network, provided by a third party, for exchanging information through a high capacity connection. True False
answer
False
question
Which of the following statements is not correct? A)The MAC address of a desktop computer often changes B)The IP address of a Web server does not change C)Each hardware device must have a MAC address D)The IP address of a desktop computer often changes
answer
A)The MAC address of a desktop computer often changes
question
Data mining is the process of searching for patterns in the data in a data warehouse and to analyze the patterns for decision making. True False
answer
True
question
Which of the following is the primary reason that many auditors hesitate to use embedded audit modules? A)Embedded audit modules cannot be protected from computer viruses. B)Embedded audit modules can easily be modified through management tampering. C)Auditors are required to monitor embedded audit modules continuously to obtain valid results. D)Auditors are required to be involved in the system design of the application to be monitored.
answer
D)Auditors are required to be involved in the system design of the application to be monitored.
question
Embedded audit module is a programmed audit module that is added to the system under review. True False
answer
True
question
Masquerading threat for wireless LANs is: A)The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network B)The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it C)The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data D)The attacker passively monitors wireless networks for data, including authentication credentials
answer
A)The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network
question
Which of the following statements regarding the purposes of an operating system is correct? A)To ensure the integrity of a system B)To control the flow of multiprogramming and tasks of scheduling in the computer C)To allocate computer resources to users and applications D)All of the above are correct
answer
D)All of the above are correct
question
Parallel simulation uses an independent program to simulate a part of an existing application program, and is designed to test the validity and to verify the accuracy of an existing application program. True False
answer
True
question
Which of the following statements about switches is correct? A)Switch is widely used in WANs. B)Hub is smarter than Switch. C)Switches provide more security protections than hubs do for a company's internal network. D)A Switch contains multiple ports.
answer
C)Switches provide more security protections than hubs do for a company's internal network.
question
Parallel simulation attempts to simulate the firm's key features or processes. True False
answer
True
question
What is data mining? A)A particular attribute of information. B)A common term for the representation of multidimensional data. C)The process of analyzing data to extract of information that is not affected by the raw data alone. D)None of the above is correct.
answer
C)The process of analyzing data to extract of information that is not affected by the raw data alone.
