Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
39) Modest Expectations Investment Services (MEIS) allows customers to manage their
investments over the Internet. If customers attempt to spend more money than they have in their
account, an error message is displayed. This is an example of a
A) reasonableness test.
B) field check.
C) validity check.
D) limit check.
40) The Spontaneous Combustion Rocket Shoppe in downtown Fargo, North Dakota, generates
three quarters of its revenue from orders taken over the Internet. The revenue clearing account is
debited by the total of cash and credit receipts and credited by the total of storefront and Internet
sales. This is an example of a
A) data integrity test.
B) zero-balance test.
C) trial balance audit.
D) cross-footing balance test.
41) This control entails verifying that the proper number of bits are set to the value 1 in each
character received.
A) echo check
B) field check
C) parity check
D) trailer record
42) Which of the following is not a risk associated with the data input process?
A) Data is invalid.
B) Data is incomplete.
C) Data is inaccurate.
D) Data is corrupted.
43) Which of the following is an example of a turnaround document?
A) a receipt a customer must use to return the goods purchased
B) a telephone bill the customer must return with payment
C) a paycheck stub that must be used in the employee's tax return
D) a customer loyalty card used every time a customer purchases goods or services
44) Which of the following is a control is an important way to prevent buffer overflow
vulnerabilities?
A) limit check
B) size check
C) range check
D) field check
45) Prompting is a control that helps ensure
A) transaction data are not lost.
B) transactions data are accurate.
C) transactions data are complete.
D) transaction data are valid.
10.2 Identify and explain controls designed to ensure systems availability.
1) What is the most effective way to ensure information system availability?
A) high bandwidth
B) maintain a hot site
C) maintain a cold site
D) frequent backups
2) Which of the following statements is true with regards to system availability?
A) Human error does not threaten system availability.
B) Threats to system availability can be completely eliminated.
C) Proper controls can maximize the risk of threats causing significant system downtime.
D) Threats to system availability include hardware and software failures as well as natural and
man-made disasters.
3) Which of the following is not an objective of a disaster recovery plan?
A) Minimize the extent of the disruption, damage or loss.
B) Permanently establish an alternative means of processing information.
C) Resume normal operations as soon as possible.
D) Train employees for emergency operations.
4) A disaster recovery plan typically does not include
A) scheduled electronic vaulting of files.
B) backup computer and telecommunication facilities.
C) a system upgrade due to operating system software changes.
D) uninterruptible power systems installed for key system components.
5) A facility that contains all the computing equipment the organization needs to perform its
essential business activities is known as a
A) cold site.
B) hot site.
C) remote site.
D) subsidiary location.
6) A facility that is pre-wired for necessary telecommunications and computer equipment, but
doesn't have equipment installed, is known as a
A) cold site.
B) hot site.
C) remote site.
D) subsidiary location.
7) When a computer system's files are automatically duplicated on a second data storage system
as they are changed, the process is referred to as
A) real-time mirroring.
B) batch updating.
C) consistency control.
D) double-secure storage.
8) ________ enables a system to continue functioning in the event that a particular component
fails.
A) An incremental backup procedure
B) Fault tolerance
C) Preventive maintenance
D) A concurrent update control
9) A copy of a database, master file, or software that will be retained indefinitely as a historical
record is known as a(n)
A) archive.
B) cloud computing.
C) differential backup.
D) incremental backup.
10) While this type of backup process takes longer than the alternative, restoration is easier and
faster.
A) archive
B) cloud computing
C) differential backup
D) incremental backup
11) ________ involves copying only the data items that have changed since the last partial
backup.
A) Archive
B) Cloud computing
C) Differential backup
D) Incremental backup
12) ________ copies all changes made since the last full backup.
A) Archive
B) Cloud computing
C) Differential backup
D) Incremental backup
13) The maximum amount of time between backups is determined by a company's
A) recovery time objective.
B) recovery point objective.
C) recovery objective.
D) maximum time recovery objective.
14) The maximum acceptable down time after a computer system failure is determined by a
company's
A) recovery time objective.
B) recovery point objective.
C) recovery objective.
D) maximum time recovery objective.
15) The accounting department at Synergy Hydroelectric records an average of 12,500
transactions per hour. By cost-benefit analysis, managers have concluded that the maximum
acceptable loss of data in the event of a system failure is 25,000 transactions. If the firm's
recovery time objective is 120 minutes, then the worst case recovery time objective is
A) 1 hour.
B) 2 hours.
C) 3 hours.
D) 4 hours.
16) The accounting department at Aglaya Telecom records an average of 5,000 transactions per
hour. A cost-benefit analysis leads management to conclude that the maximum acceptable
amount of data loss is 20,000 transactions. If the firm's recovery time objective is 60 minutes,
then the worst case recovery time objective is
A) 1 hour.
B) 2 hours.
C) 3 hours.
D) 4 hours.
17) The accounting department at Aglaya Telecom records an average of 5,000 transactions per
hour. By cost-benefit analysis, managers have concluded that the maximum acceptable loss of
data in the event of a system failure is 50,000 transactions. The firm's recovery point objective is
therefore
A) 50,000 transactions.
B) 5,000 transactions.
C) 10 hours.
D) 4 hours.
18) The accounting department at Aglaya Telecom records an average of 2,500 transactions per
hour. Managers state that the maximum acceptable loss of data in the event of a system failure is
2,500 transactions. The firm's recovery point objective is therefore
A) 2,500 transactions.
B) 5,000 transactions.
C) 1 hour.
D) 2 hours.
19) Probably the most important change management control is
A) monitoring user rights and privileges during the change process.
B) testing all changes thoroughly prior to implementation on a stand-alone computer.
C) updating all documentation to reflect changes made to the system.
D) management's careful monitoring and review.
20) Identify the statement below which is true.
A) Cloud computing is a control technique for system availability.
B) Cloud computing eliminates the need for backup of applications and data.
C) Cloud computing eliminates the need for companies to own their own software and servers.
D) Cloud computing refers to the practice of storing application files and backup data on
satellites "in the clouds."
21) Discuss how cloud computing could both positively and negatively affect system
availability.
22) Define and contrast a recovery point objective and a recovery time objective.
23) What is the primary objective of ensuring systems and information are available for use
whenever needed?
A) to minimize system downtime
B) to minimize system expense
C) to maximize system processing speed
D) to maximize sales
24) True or False: It is impossible to eliminate the risk of downtime.
25) With regards to systems availability, deploying and using multiple components provides an
AIS with
A) fault tolerance.
B) cost savings.
C) enhanced processing speed.
D) maximum sales.
26) Which of the following is not a common design feature of housing mission-critical servers
and databases?
A) adequate air-conditioning systems to reduce the likelihood of damage due to overheating
B) overhead sprinklers to provide protection from fire
C) cables with special plugs that cannot be easily removed
D) surge-protection devices to provide protection against temporary power fluctuations
27) To protect against malware, it is important that antivirus software automatically examine
________ introduced into a system.
A) CDs
B) e-mail
C) flash drives
D) all of the above
28) Which of the following is a key control regarding the minimization of system downtime?
A) fault tolerance
B) disaster recovery plans
C) backup procedures
D) all of the above
29) Which COBIT5 management practice addresses system backup procedures?
A) DSS01.06
B) DSS04.07
C) DSS03.05
D) DSS04.04
30) Whose responsibility is it to determine the amount of time an organization can afford to be
without its information system?
A) the board of directors
B) senior management
C) external auditors
D) COBIT
31) Is it best practice for an organization to practice periodically restoring a system from its
backup files?
A) No, doing so might introduce errors into the system's data.
B) No, doing so takes the system offline and prevents customers from being able to access the
system.
C) Yes, doing so verifies the procedure and backup media are working correctly.
D) Yes, doing so improves the efficiency of the system.
32) True or False: Best practice requires backups be retained indefinitely.
33) Which of the following is incorrect with regards to a data archive?
A) Archives can be a copy of a database.
B) Archives should be stored in different locations.
C) Archives are usually encrypted.
D) Physical and logical controls are the primary means of protecting archive files.
34) Loreen Tina is the chief lawyer for Tamara Incorporated. The CEO of Tamara Incorporated
asks Loreen whether the company should periodically delete all company e-mail. If Loreen is
well-versed in AIS best practices, she would mostly likely respond,
A) Yes, if we are ever sued, the other attorney will not be able to comb through our e-mail for
evidence.
B) Yes, since e-mail requires a lot of storage space, deleting it periodically will reduce the
amount of information we need to store.
C) No, deleting an organization's e-mail is against the law.
D) No, if we are ever sued we will not be able to draw upon our e-mail records to defend
ourselves.
35) Identify the most important component of a disaster recovery plan below.
A) documentation
B) operating instructions
C) periodic testing
D) on-site and off-site storage
36) Identify one organization that quickly recovered from September 11th, 2001 due to its
disaster recovery and business continuity plan.
A) New York Stock Exchange
B) NASDAQ
C) New York Fire Department
D) United Airlines
