All of the following are issues of computer security except
a. releasing incorrect data to authorized individuals
b. permitting computer operators unlimited access to the computer room
c. permitting access to data by unauthorized individuals
d. providing correct data to unauthorized individuals
B
All of the following are issues of computer security except
a. releasing incorrect data to authorized individuals
b. permitting computer operators unlimited access to the computer room
c. permitting access to data by unauthorized individuals
d. providing correct data to unauthorized individuals
B
Segregation of duties in the computer-based information system includes
a. separating the programmer from the computer operator
b. preventing management override
c. separating the inventory process from the billing process
d. performing independent verifications by the computer operator
A
In a computer-based information system, which of the following duties needs to be
separated?
a. program coding from program operations
b. program operations from program maintenance
c. program maintenance from program coding
d. all of the above duties should be separated
D
Supervision in a computerized environment is more complex than in a manual
environment for all of the following reasons except
a. rapid turnover of systems professionals complicates management’s task of assessing
the competence and honesty of prospective employees
b. many systems professionals have direct and unrestricted access to the organization’s
programs and data
c. rapid changes in technology make staffing the systems environment challenging
d. systems professionals and their supervisors work at the same physical location
D
Adequate backups will protect against all of the following except
a.natural disasters such as fires
b. unauthorized access
c. data corruption caused by program errors
d. system crashes
B
Which is the most critical segregation of duties in the centralized computer services
function?
a. systems development from data processing
b. data operations from data librarian
c. data preparation from data control
d. data control from data librarian
A
Systems development is separated from data processing activities because failure to do
so
a. weakens database access security
b. allows programmers access to make unauthorized changes to applications during
execution
c. results in inadequate documentation
d. results in master files being inadvertently erased
B
Which organizational structure is most likely to result in good documentation
procedures?
a. separate systems development from systems maintenance
b. separate systems analysis from application programming
c. separate systems development from data processing
d. separate database administrator from data processing
A
All of the following are control risks associated with the distributed data processing
structure except
a. lack of separation of duties
b. system incompatibilities
c. system interdependency
d. lack of documentation standards
C
Which of the following is not an essential feature of a disaster recovery plan?
a. off-site storage of backups
b. computer services function
c. second site backup
d. critical applications identified
B
A cold site backup approach is also known as
a. internally provided backup
b. recovery operations center
c. empty shell
d. mutual aid pact
C
The major disadvantage of an empty shell solution as a second site backup is
a. the host site may be unwilling to disrupt its processing needs to process the critical
applications of the disaster stricken company
b. intense competition for shell resources during a widespread disaster
c. maintenance of excess hardware capacity
d. the control of the shell site is an administrative drain on the company
B
An advantage of a recovery operations center is that
a. this is an inexpensive solution
b. the initial recovery period is very quick
c. the company has sole control over the administration of the center
d. none of the above are advantages of the recovery operations center
B
For most companies, which of the following is the least critical application for disaster
recovery purposes?
a. month-end adjustments
b. accounts receivable
c. accounts payable
d. order entry/billing
A
The least important item to store off-site in case of an emergency is
a. backups of systems software
b. backups of application software
c. documentation and blank forms
d. results of the latest test of the disaster recovery program
D
Some companies separate systems analysis from programming/program maintenance.
All of the following are control weaknesses that may occur with this organizational
structure except
a. systems documentation is inadequate because of pressures to begin coding a new
program before documenting the current program
b. illegal lines of code are hidden among legitimate code and a fraud is covered up for a
long period of time
c. a new systems analyst has difficulty in understanding the logic of the program
d. inadequate systems documentation is prepared because this provides a sense of job
security to the programmer
C
All of the following are recommended features of a fire protection system for a computer
center except
a. clearly marked exits
b. an elaborate water sprinkler system
c. manual fire extinguishers in strategic locations
d. automatic and manual alarms in strategic locations
B
All of the following tests of controls will provide evidence about the physical security of
the computer center except
a. review of fire marshal records
b. review of the test of the backup power supply
c. verification of the second site backup location
d. observation of procedures surrounding visitor access to the computer center
C
All of the following tests of controls will provide evidence about the adequacy of the
disaster recovery plan except
a. inspection of the second site backup
b. analysis of the fire detection system at the primary site
c. review of the critical applications list
d. composition of the disaster recovery team
B
The following are examples of commodity assets except
a. network management
b. systems operations
c. systems development
d. server maintenance
C
The following are examples of specific assets except
a. application maintenance
b. data warehousing
c. highly skilled employees
d. server maintenance
D
Which of the following is true?
a. Core competency theory argues that an organization should outsource specific core
assets.
b. Core competency theory argues that an organization should focus exclusively on its
core business competencies
c. Core competency theory argues that an organization should not outsource specific
commodity assets.
d. Core competency theory argues that an organization should retain certain specific
noncore assets in-house.
B
Which of the following is not true?
a. Large-scale IT outsourcing involves transferring specific assets to a vendor
b. Specific assets, while valuable to the client, are of little value to the vendor
c. Once an organization outsources its specific assets, it may not be able to return to its
pre-outsource state.
d. Specific assets are of value to vendors because, once acquired, vendors can achieve
economies of scale by employing them with other clients
D
