hypothetical series of valid and invalid transactions.
a. Concurrent audit techniques
b. Test data processing
c. Integrated test facility
d. Dual process
Give this one a try later!
, b. Test data processing
43. Evidence that helps an auditor understand how implemented controls should
function would be gathered as part of which audit activity?
a. Tests of controls
b. Determination of the threats facing the AIS
c. Evaluation of weaknesses
d. Systems review
e. Continuous and intermittent simulation (CIS)
Give this one a try later!
d. Systems review
An internal auditor has set the firm's information system to flag questionable online
transactions. The system then displays information about the transaction on the
auditor's computer system and sends a text message to the auditor's cell phone. This is
an example of collecting audit evidence using
a. An integrated test facility
b. The snapshot technique
c. A system control audit review file
d. Audit hooks
e. Continuous and intermittent simulation
Give this one a try later!
d. Audit hooks
,Fault tolerance
Give this one a try later!
property that enables a system to continue operating properly in the event
of the failure of (or one or more faults within) some of its components
Deduction Register
Give this one a try later!
A list of all deductions for each employee; lists miscellaneous voluntary
deductions for each employee
Time based model of security
Give this one a try later!
, o Time-based model evaluates effectiveness of an organization's security
by measuring & comparing the relationship among 3 variables:
• P = time it takes an attacker to break org's preventative controls
• D = time it takes to detect that an attack is in progress
• C = time to respond to the attack
Evaluated as follows
• If P > (D + C) then security procedures are effective
• Otherwise security is ineffective
Model provides management with a means to identify the most cost-
effective approach to improving security by comparing the effects of
additional investments in preventative, detective, or corrective controls
50. Which of the following would best detect the error of a wrong invoice number
being entered?
a. Field check
b. Size check
c. Check digit
d. Reasonableness test
e. Parity bit
Give this one a try later!
c. Check digit
4. The set of instructions for taking advantage of a flaw in a program is called a(n):
a. Vulnerability
b. Patch
c. Update
d. Exploit