Information Systems Security Final
Test Solutions
Course Introduction
Information Systems Security is a comprehensive course focused on the principles and practices used to safeguard information assets in organizational environments. The course covers key topics including risk management, security policies and standards, cryptography, network and application security, and security technologies. Students will explore threats and vulnerabilities in information systems, learn about methods for detecting, preventing, and responding to security breaches, and develop strategies for implementing robust security measures. The course also addresses legal, ethical, and social issues related to information security, preparing students to design and manage secure systems in today's interconnected world.
Recommended Textbook
Information Technology Auditing 4th Edition by James Hall
Available Study Resources on Quizplus
12 Chapters
1122 Verified Questions
1122 Flashcards
Source URL: https://quizplus.com/study-set/1104
Page 2
Chapter 1: Auditing and Internal Control
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21726
Sample Questions
Q1) Explain the relationship between internal controls and substantive testing. Answer: The stronger the internal controls, the less substantive testing must be performed.
Q2) Distinguish between inherent risk and control risk. How do internal controls and detection risk fit in?
Answer: Inherent risk is associated with the unique characteristics of the business or industry of the client. Firms in declining industries are considered to have more inherent risk than firms in stable or thriving industries. Control risk is the likelihood that the control structure is flawed because internal controls are either absent or inadequate to prevent or detect errors in the accounts. Internal controls may be present in firms with inherent risk, yet the financial statements may be materially misstated due to circumstances outside the control of the firm, such as a customer with unpaid bills on the verge of bankruptcy. Detection risk is the risk that auditors are willing to accept that errors are not detected or prevented by the control structure. Typically, detection risk will be lower for firms with higher inherent risk and control risk.
Q3) Not permitting the computer programmer to enter the computer room is an example of _______________________________.
Answer: segregation of duties
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Auditing IT Governance Controls
Available Study Resources on Quizplus for this Chatper
91 Verified Questions
91 Flashcards
Source URL: https://quizplus.com/quiz/21727
Sample Questions
Q1) All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except
A) inspection of the second site backup
B) analysis of the fire detection system at the primary site
C) review of the critical applications list
D) composition of the disaster recovery team
Answer: B
Q2) Adequate backups will protect against all of the following except
A) natural disasters such as fires
B) unauthorized access
C) data corruption caused by program errors
D) system crashes
Answer: B
Q3) Which is the most critical segregation of duties in the centralized computer services function?
A) systems development from data processing
B) data operations from data librarian
C) data preparation from data control
D) data control from data librarian
Answer: A
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Auditing Operating Systems and Networks
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/21728
Sample Questions
Q1) Discuss the key features of the one-time password technique:
Answer: The one-time password was designed to overcome the problems associated with reusable passwords. The user's password changes continuously. This technology employs a credit card-sized smart card that contains a microprocessor programmed with an algorithm that generates, and electronically displays, a new and unique password every 60 seconds.
The card works in conjunction with special authentication software located on a mainframe or network server computer. Each user's card is synchronized to the authentication software, so that at any point in time both the smart card and the network software are generating the same password for the same user.
Q2) In a telecommunications environment, line errors can be detected by using an echo check.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Auditing Database Systems
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21729
Sample Questions
Q1) What are the four elements of the database approach? Explain the role of each.
Q2) The physical database is an abstract representation of the database.
A)True
B)False
Q3) A recovery module suspends all data processing while the system reconciles its journal files against the database.
A)True
B)False
Q4) A customer name and an unpaid balance is an example of a one-to-many relationship.
A)True
B)False
Q5) What types of problems does data redundancy cause?
Q6) Why are the hierarchical and network models called navigational databases?
Q7) In the database method of data management, access authority is maintained by systems programming.
A)True
B)False
Page 6
Q8) Describe an environment in which a firm should use a partitioned database.
Q9) What is a data dictionary, and what purpose does it serve?
To view all questions and flashcards with answers, click on the resource link above.
Page 7
Chapter 5: Systems Development and Program Change
Activities
Available Study Resources on Quizplus for this Chatper
94 Verified Questions
94 Flashcards
Source URL: https://quizplus.com/quiz/21730
Sample Questions
Q1) When converting to a new system, which cutover method is the most conservative?
A) cold turkey cutover
B) phased cutover
C) parallel operation cutover
D) data coupling cutover
Q2) Routine maintenance activities require all of the following controls except
A) documentation updates
B) testing
C) formal authorization
D) internal audit approval
Q3) Examples of recurring costs include
A) software acquisition
B) data conversion
C) personnel costs
D) systems design
Q4) An accountant's responsibility in the SDLC is to ensure that the system applies proper accounting conventions and rules and possesses adequate control.
A)True
B)False
Q5) What is a systems selection report?
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 6: Transaction Processing and Financial Reporting
Systems Overview
Available Study Resources on Quizplus for this Chatper
98 Verified Questions
98 Flashcards
Source URL: https://quizplus.com/quiz/21731
Sample Questions
Q1) Which of the following is a turn-around document?
A) remittance advice
B) sales order
C) purchase order
D) payroll check
Q2) The most important advantage of an alphabetic code is that
A) meaning is readily conveyed to users
B) sorting is simplified
C) the capacity to represent items is increased
D) missing documents can be identified
Q3) What type of data is found in the general ledger master file?
A) a chronological record of all transactions
B) the balance of each account in the chart of accounts
C) budget records for each account in the chart of accounts
D) subsidiary details supporting a control account
Q4) The revenue cycle has two subsystems. What are they and what occurs within each?
Q5) Explain when it is appropriate to use special journals.
Q6) Why is the audit trail necessary?
9
Q7) How are computer system flowcharts and program flowcharts related?
Q8) What information is provided by a record layout diagram?
To view all questions and flashcards with answers, click on the resource link above.
Page 10
Chapter 7: Computer Assisted Audit Tools and Techniques
Available Study Resources on Quizplus for this Chatper
82 Verified Questions
82 Flashcards
Source URL: https://quizplus.com/quiz/21732
Sample Questions
Q1) Which of the following is not an example of a processing control?
A) hash total.
B) record count.
C) batch total.
D) check digit
Q2) Recalculation of hash totals is an example of a
A) completeness test
B) redundancy test
C) both a. and b.
D) neither a. nor b.
Q3) When using the test data method, the presence of multiple error messages indicates a flaw in the preparation of test transactions.
A)True
B)False
Q4) The black box approach to testing computer applications allows the auditor to explicitly review program logic.
A)True
B)False
Q5) Describe two types of transposition errors.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 8: Data Structures and Caatts for Data Extraction
Available Study Resources on Quizplus for this Chatper
81 Verified Questions
81 Flashcards
Source URL: https://quizplus.com/quiz/21733
Sample Questions
Q1) Explain the purpose of an ER diagram in database design.
Q2) In the relational database model all of the following are true except A) data is presented to users as tables
B) data can be extracted from specified rows from specified tables
C) a new table can be built by joining two tables
D) only one-to-many relationships can be supported
Q3) The physical database is an abstract representation of the database.
A)True
B)False
Q4) Improperly normalized databases are associated with three types of anomalies: the update anomaly, the insertion anomaly, and the deletion anomaly.
A)True
B)False
Q5) What is the relationship between a database table and a user view?
Q6) Each of the following is a relational algebra function except A) join
B) project
C) link
D) restrict
To view all questions and flashcards with answers, click on the resource link above. Page 12
Q7) Comment on the following statement: "Legacy systems use flat file structures."
Chapter 9: Auditing the Revenue Cycle
Available Study Resources on Quizplus for this Chatper
97 Verified Questions
97 Flashcards
Source URL: https://quizplus.com/quiz/21734
Sample
Questions
Q1) What specific internal control procedure would detect the misplacement of a sales invoice after preparation and not mailed to the customer? The invoice was never found.
Q2) What is the role of the shipping notice?
Q3) What specific internal control procedure would prevent an accounts receivable clerk from issuing a fictitious credit memo to a customer (who is also a relative) for goods that were "supposedly" returned from previous sales?
Q4) The warehouse is responsible for updating the inventory subsidiary ledger.
A)True
B)False
Q5) In most large organizations, the journal voucher file has replaced the formal general journal.
A)True
B)False
Q6) In the revenue cycle, the internal control "limit access" applies to physical assets only.
A)True
B)False
Q7) Describe the key tasks in the sales order process.
Page 13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Auditing the Expenditure Cycle
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/21735
Sample Questions
Q1) In the payroll subsystem, which function should distribute paychecks?
A) personnel
B) timekeeping
C) paymaster
D) payroll
Q2) Usually the open voucher payable file is organized by
A) vendor
B) payment due date
C) purchase order number
D) transaction date
Q3) The blind copy of the purchase order that goes to the receiving department contains no item descriptions.
A)True
B)False
Q4) The major risk exposures associated with the receiving department include all of the following except
A) goods are accepted without a physical count
B) there is no inspection for goods damaged in shipment
C) inventories are not secured on the receiving dock
D) the audit trail is destroyed
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 11: Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
90 Verified Questions
90 Flashcards
Source URL: https://quizplus.com/quiz/21736
Sample Questions
Q1) Auditors of ERP systems
A) need not be concerned about segregation of duties because these systems possess strong computer controls.
B) focus on output controls such as independent verification to reconcile batch totals.
C) are concerned that managers fail to exercise adequate care in assigning permissions.
D) do not view the data warehouse as an audit or control issue at all because financial records are not stored there.
E) need not review access levels granted to users because these are determined when the system is configured and never change.
Q2) Which of the following is usually not part of an ERP's core applications?
A) OLTP applications
B) sales and distribution applications
C) business planning applications
D) OLAP applications
Q3) Why does the data warehouse need to be separate from the operational databases?
Q4) Scalability has several dimensions. What are they? What do they mean for ERP installation?
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 12: Business Ethics, Fraud, and Fraud Detection
Available Study Resources on Quizplus for this Chatper
84 Verified Questions
84 Flashcards
Source URL: https://quizplus.com/quiz/21737
Sample Questions
Q1) According to common law, there are five conditions that must be present for an act to be deemed fraudulent. Name and explain each.
Q2) Database management fraud includes altering, updating, and deleting an organization's data.
A)True
B)False
Q3) Explain the problems associated with lack of auditor independence.
Q4) The objective of SAS 99 is to seamlessly blend the auditor's consideration of fraud into all phases of the audit process.
A)True
B)False
Q5) Four principal types of corruption are discussed. Name all four and explain at least two.
Q6) Skimming involves stealing cash from an organization after it is recorded on the organization's books and records
A)True
B)False
Q7) Explain the shell company fraud.
Q8) As a form of computer fraud, what is eavesdropping?
To view all questions and flashcards with answers, click on the resource link above. Page 16