Information Systems Security Exam Preparation Guide
Course Introduction
Information Systems Security explores the fundamental principles, techniques, and practices required to protect information assets within an organization. The course covers essential topics such as risk management, cryptography, access control, threat and vulnerability assessment, security policies, network security, and incident response. Students will learn to analyze security requirements, identify potential threats, and implement safeguards to ensure the confidentiality, integrity, and availability of information systems. Emphasis is placed on understanding emerging security technologies, compliance with legal and ethical standards, and developing strategies for preventing and mitigating cyber-attacks.
Recommended Textbook Information Technology Auditing 4th Edition by James Hall
Available Study Resources on Quizplus
12 Chapters
1122 Verified Questions
1122 Flashcards
Source URL: https://quizplus.com/study-set/1104
Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21726
Sample Questions
Q1) Application controls apply to a wide range of exposures that threaten the integrity of all programs processed within the computer environment.
A)True
B)False
Answer: False
Q2) According to COSO, an effective accounting system performs all of the following except
A) identifies and records all valid financial transactions
B) records financial transactions in the appropriate accounting period
C) separates the duties of data entry and report generation
D) records all financial transactions promptly
Answer: C
Q3) Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that are materially misstated.
A)True
B)False
Answer: True
Q4) Locking petty cash in a safe is an example of __________________________. Answer: access controls
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
91 Verified Questions
91 Flashcards
Source URL: https://quizplus.com/quiz/21727
Sample Questions
Q1) Cloud computing
A) pools resources to meet the needs of multiple client firms
B) allows clients to expand and contract services almost instantly
C) both a. and b.
D) neither a. not b.
Answer: C
Q2) For most companies, which of the following is the least critical application for disaster recovery purposes?
A) month-end adjustments
B) accounts receivable
C) accounts payable
D) order entry/billing
Answer: A
Q3) Which of the following is not an essential feature of a disaster recovery plan?
A) off-site storage of backups
B) computer services function
C) second site backup
D) critical applications identified
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/21728
Sample Questions
Q1) A formal log-on procedure is the operating system's first line of defense. Explain how this works.
Answer: When the user logs on, he or she is presented with a dialog box requesting the user's ID and password. The system compares the ID and password to a database of valid users. If the system finds a match, then the log-on attempt is authenticated. If, however, the password or ID is entered incorrectly, the log-on attempt fails and a message is returned to the user. The message should not reveal whether the password or the ID caused the failure. The system should allow the user to reenter the log-on information. After a specified number of attempts (usually no more than five), the system should lock out the user from the system.
Q2) The rules that make it possible for users of networks to communicate are called protocols.
A)True
B)False
Answer: True
Q3) The client-server model can only be applied to ring and star topologies.
A)True
B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above.
Page 5
Chapter 4: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21729
Sample Questions
Q1) _________________________ occurs when a specific file is reproduced for each user who needs access to the file.
Q2) In a direct access file system
A) backups are created using the grandfather-father-son approach
B) processing a transaction file against a maser file creates a backup file
C) files are backed up immediately before an update run
D) if the master file is destroyed, it cannot be reconstructed
Q3) The task of searching the database to locate a stored record for processing is called A) data deletion
B) data storage
C) data attribution
D) data retrieval
Q4) Discuss the key factors to consider in determining how to partition a corporate database.
Q5) What are two types of distributed databases?
Q6) What is the flat-file model?
Q7) What services are provided by a database management system?
Q8) What is the internal view of a database?
Q9) What is a legacy system?
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
94 Verified Questions
94 Flashcards
Source URL: https://quizplus.com/quiz/21730
Sample Questions
Q1) When implementing a new system, the costs associated with transferring data from one storage medium to another is an example of
A) a recurring cost
B) a data conversion cost
C) a systems design cost
D) a programming cost
Q2) Program testing
A) involves individual modules only, not the full system
B) requires creation of meaningful test data
C) need not be repeated once the system is implemented
D) is primarily concerned with usability
Q3) Why is cost-benefit analysis more difficult for information systems than for many other types of investments organizations make?
Q4) All of the steps in the Systems Development Life Cycle apply to software that is developed in-house and to commercial software.
A)True
B)False
Q5) What is a systems selection report?
Q6) Explain the role of accountants in the conceptual design stage.
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Transaction Processing and Financial Reporting
Systems Overview
Available Study Resources on Quizplus for this Chatper
98 Verified Questions
98 Flashcards
Source URL: https://quizplus.com/quiz/21731
Sample Questions
Q1) Sequential codes may be used to represent complex items or events involving two or more pieces of related data.
A)True
B)False
Q2) Risk exposures in the General Ledger and Financial Reporting Systems include all of the following except
A) loss of the audit trail
B) unauthorized access to the general ledger
C) loss of physical assets
D) general ledger account out of balance with the subsidiary account
Q3) Compare and contrast the relative advantages and disadvantages of sequential, block, group, alphabetic and mnemonic codes.
Q4) Is a DFD an effective documentation technique for identifying who or what performs a particular task? Explain.
Q5) Individuals with access authority to general ledger accounts should not prepare journal vouchers.
A)True
B)False
Q6) With regard to an entity relationship diagram, what is an entity?
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Computer Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
82 Verified Questions
82 Flashcards
Source URL: https://quizplus.com/quiz/21732
Sample Questions
Q1) Name three types of transcription errors.
Q2) Auditors do not rely on detailed knowledge of the application's internal logic when they use the __________________________ approach to auditing computer applications.
Q3) Which input control check would detect a payment made to a nonexistent vendor?
A) missing data check
B) numeric/alphabetic check
C) range check
D) validity check
Q4) Which input control check would detect a posting to the wrong customer account?
A) missing data check
B) check digit
C) reasonableness check
D) validity check
Q5) Contrast the black box approach to IT auditing and the white box approach. Which is preferred?
Q6) The white box tests of program controls are also known as auditing through the computer.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Data Structures and Caatts for Data Extraction
Available Study Resources on Quizplus for this Chatper
81 Verified Questions
81 Flashcards
Source URL: https://quizplus.com/quiz/21733
Sample Questions
Q1) Which of the following is not a common form of conceptual database model?
A) hierarchical
B) network
C) sequential
D) relational
Q2) Generalized audit software packages perform all of the following tasks except
A) recalculate data fields
B) compare files and identify differences
C) stratify statistical samples
D) analyze results and form opinions
Q3) It is appropriate to use a sequential file structure when A) records are routinely inserted.
B) single records need to be retrieved.
C) records need to be scanned using secondary keys.
D) a large portion of the file will be processed in one operation.
Q4) How can a poorly designed database result in unintentional loss of critical records?
Q5) Explain the three types of anomalies associated with database tables that have not been normalized.
Q6) Give an advantage and a disadvantage of the sequential data structure
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
97 Verified Questions
97 Flashcards
Source URL: https://quizplus.com/quiz/21734
Sample Questions
Q1) The packing slip is also known as the shipping notice.
A)True
B)False
Q2) What makes point-of-sale systems different from revenue cycles of manufacturing firms?
Q3) The data processing method that can shorten the cash cycle is
A) batch, sequential file processing
B) batch, direct access file processing
C) real-time file processing
D) none of the above
Q4) In a manual system, the billing department is responsible for recording the sale in the sales journal.
A)True
B)False
Q5) A customer payment of $247 was correctly posted in the general ledger but was recorded as $274 in the customer's account receivable. Describe a specific internal control procedure that would detect this error.
Q6) Sales orders should be prenumbered documents.
A)True
B)False
Page 11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21735
Sample Questions
Q1) How does a voucher payable system work? What documents are reconciled? Who prepares the voucher? How is the A/P balance determined? How does the voucher payable system improve control over cash?
Q2) In a merchandising firm, authorization for the payment of inventory is the responsibility of
A) inventory control
B) purchasing
C) accounts payable
D) cash disbursements
Q3) Explain the purpose of each of the following documents used in the payroll system: the personnel action form, the job ticket, the time card.
Q4) The reason that a blind copy of the purchase order is sent to receiving is to A) inform receiving when a shipment is due
B) force a count of the items delivered
C) inform receiving of the type, quantity, and price of items to be delivered
D) require that the goods delivered are inspected
Q5) Differentiate between a purchase requisition and a purchase order.
Q6) Why should employee paychecks be drawn against a special checking account?
Q7) Why does the payroll process lend itself to batch processing?
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
90 Verified Questions
90 Flashcards
Source URL: https://quizplus.com/quiz/21736
Sample Questions
Q1) Distinguish between the two-tier and three-tier client server model. Describe when each would be used?
Q2) Data in a data warehouse are in a stable state. Explain how this can hamper data mining analysis? What can an organization do to alleviate this problem?
Q3) Why does the data warehouse need to be separate from the operational databases?
Q4) What is the closed database architecture?
Q5) What is a data warehouse?
Q6) Explain the risks associated with the creation of unnecessary roles and why it can happen.
Q7) Drill-down capability is an OLAP feature of data mining tools. A)True B)False
Q8) What is meant by the OLAP term "slicing and dicing"?
Q9) Why must an organization expect the implementation of an ERP to disrupt operations?
Q10) In two-tier architecture, the database and application functions are separated. A)True B)False
Q11) How are OLTP and OLAP different? Give examples of their use. Page 13
To view all questions and flashcards with answers, click on the resource link above.
Page 14
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
84 Verified Questions
84 Flashcards
Source URL: https://quizplus.com/quiz/21737
Sample Questions
Q1) Explain the pass through fraud.
Q2) The most common access point for perpetrating computer fraud is at the data collection stage.
A)True
B)False
Q3) Ethical issues and legal issues are essentially the same.
A)True
B)False
Q4) Contrast management fraud with employee fraud.
Q5) Explain why collusion between employees and management in the commission of a fraud is difficult to both prevent and detect.
Q6) Define operational fraud.
Q7) Explain the shell company fraud.
Q8) Of the three fraud factors (situational pressure, ethics, and opportunity), situational pressure is the factor that actually facilitates the act.
A)True
B)False
Q9) Name three forms of computer fraud.
Q10) Explain the Pay and Return scheme.
To view all questions and flashcards with answers, click on the resource link above. Page 15