D217 AIS SET 1
Which of the following is NOT a task performed in the audit planning phase?
a. Reviewing an organization's policies and practices
b. Planning substantive testing procedures
c. Reviewing general controls
d. Determining the degree of reliance on controls
d. Determining the degree of reliance on controls
Which of the following is the best example of an application control objective?
a. Ensure that the computer operating system functions efficiently
b. Provide backup facilities in the event of a disaster
c. Prevent unauthorized access to corporate databases
d. Ensure the validity, completeness, and accuracy of sales transactions
d. Ensure the validity, completeness, and accuracy of sales transactions
Which of the following statements is true?
a. Both the SEC and the PCAOB require the use of the COSO framework
b. Any framework can be used that encompasses all of COCO's general themes.
c. The SEC recommends COBIT and the PCAOB recommends COSO
d. Both the SEC and the PCAOB require the COBIT framwork
e. None of the above are true
b. Any framework can be used that encompasses all of COCO's general themes.
Which of the following is NOT a control concern in a distributed data processing
environment?
a. Redundancy
b. Hiring qualified professionals
c. Incompatibility
d. Lack of standards
e. All of the above are control concerns
e. All of the above are control concerns
Which of the following disaster recovery techniques may be least optimal in the case of
a wide spread natural disaster?
a. Empty shell
b. Internally provided backup
c. ROC
d. They are all equally beneficial
c. ROC
Which of the following is NOT a potential threat to computer hardware and peripherals?
a. Low humidity
b. High humidity
c. Carbon dioxide fire extinguishers
d. Water sprinkler fire extinguishers
c. Carbon dioxide fire extinguishers
Which of the following is NOT requirement of Section 302 of SOX?
a. Corporate management (including the CEO) must certify monthly and annually their
organization's internal controls over financial reporting
,b. Auditors must interview management regarding significant changes in the design or
operation of internal control that occurred since the last audit
c. Auditors must determine whether changes in internal control have materially affected,
or are likely to materially affect, internal control over financial reporting.
d. Management must disclose any material changes in the company's internal controls
that have occurred during the most recent fiscal quarter.
e. All of the above are requirements
a. Corporate management (including the CEO) must certify monthly and annually their
organization's internal controls over financial reporting
Which of the following is NOT a requirement in management's report on the
effectiveness of internal controls over financial reporting?
a. Describe the flow of transactions in sufficient detail to points at which misstatement
could arise
b. An evaluation of entity-wide controls that correspond to the COSO framework
c. A statement that the organization's internal auditors have issued an attestation report
on management's assessment of the company's internal controls
d. An explicit written conclusion as the effectiveness of internal control over financial
reporting
e. All of the above are requirements
c. A statement that the organization's internal auditors have issued an attestation report
on management's assessment of the company's internal controls
Which of the following is associated with the unique characteristics of an industry?
a. Inherent risk
b. Detection risk
c. Control risk
d. None of the above
a. Inherent risk
Which of the following is not true about the SSAE 16 report?
a. It is a third-party attestation report
b. It replaced Statement on Auditing Standards No. (SAS 70)
c. The service provider prepares a separate SSAE 16 report tailored to the needs of
each of its client firms, which the client auditors rely upon
d. When using the carve-out method, service provider management would exclude the
sub-service organization's relevant controls
e. All of the above are true
c. The service provider prepares a separate SSAE 16 report tailored to the needs of
each of its client firms, which the client auditors rely upon
When someone disguises the source of Internet messages to make appear that it is
coming from a different source, this is called:
a. Deep packet inspection
b. Message packet switching
c. Dual-homed signaling
d. IP screening
e. None of the above
e. None of the above
,A program that attaches to another legitmate program but does NOT replicate itself is
called a
a. virus
b. worm
c. Trojan horse
d. logic bomb
e. none of the above
c. Trojan horse
The purpose of a checkpoint procedure is to facilitate restarting after
a. data processing errors
b. data input errors
c. the failure to have all input data ready on time
d. computer operator intervention
e. none of the above
a. data processing errors
A user's application may consist of several modules stored in separate memory
locations, each with its own data. One module must not be allowed to destroy or corrupt
another module. This is an objective of
a. EDI controls
b. network controls
c. Detection Risk controls
d. application controls
e. none of the above
e. none of the above
An integrated group of programs that supports the applications and facilitates their
access to specified resources is called a(n)
a. operating system
b. database management system
c. utility system
d. facility system
e. none of the above
a. operating system
Which of the following is NOT a network control objective?
a. Preventing illegal access
b. Correcting message loss due to equipment failure
c. Maintaining the critical application list
d. Rendering useless any data that a perpetrator successfully captures
e. All the above are network control objectives
c. Maintaining the critical application list
Reviewing database authority tables is an example of a(n)
a. Operating resource controls
b. Organizational structure control
c. Data resource control
d. None of the above
d. None of the above
, The database attributes that individual users have permission to access are defined in
the
a. Operating system
b. User manual
c. Database schema
d. User view
e. Application listing
d. User view
Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an
ACK, is
a. a DES message
b. a denial of service attack
c. the request-response technique
d. a call-back device
e. none of the above
b. a denial of service attack
Which of the following is not an operating system objective?
a. The operating system must protect itself from users
b. The operating system must protect users from themselves
c. The operating system must be protected from its environment
d. The operating system must protect users from each other
e. All of the above are operating system objectives
e. All of the above are operating system objectives
b. may take the form of either a SYN flood or smurf attack.
A DDoS attack is more intensive than
a. DoS attack because it emanates from single source.
b. may take the form of either a SYN flood or smurf attack.
c. is so named because it affects many victims simultaneously, which are distributed
across the Internet.
d. turns the target victim's computers into zombies that are unable to access the
Internet.
e. none of the above is correct.
a. operating system.
An integrated group of programs that supports the applications and facilitates their
access to specified resources is called a(n)
a. operating system.
b. database management system.
c. utility system.
d. facility system.
e. object system.
e. none of the above.
A user's application may consist of several modules stored in separate memory
locations, each with its own data. One module must not be allowed to destroy or corrupt
another module. This is an objective of
a. EDI controls.
b. network controls.
Which of the following is NOT a task performed in the audit planning phase?
a. Reviewing an organization's policies and practices
b. Planning substantive testing procedures
c. Reviewing general controls
d. Determining the degree of reliance on controls
d. Determining the degree of reliance on controls
Which of the following is the best example of an application control objective?
a. Ensure that the computer operating system functions efficiently
b. Provide backup facilities in the event of a disaster
c. Prevent unauthorized access to corporate databases
d. Ensure the validity, completeness, and accuracy of sales transactions
d. Ensure the validity, completeness, and accuracy of sales transactions
Which of the following statements is true?
a. Both the SEC and the PCAOB require the use of the COSO framework
b. Any framework can be used that encompasses all of COCO's general themes.
c. The SEC recommends COBIT and the PCAOB recommends COSO
d. Both the SEC and the PCAOB require the COBIT framwork
e. None of the above are true
b. Any framework can be used that encompasses all of COCO's general themes.
Which of the following is NOT a control concern in a distributed data processing
environment?
a. Redundancy
b. Hiring qualified professionals
c. Incompatibility
d. Lack of standards
e. All of the above are control concerns
e. All of the above are control concerns
Which of the following disaster recovery techniques may be least optimal in the case of
a wide spread natural disaster?
a. Empty shell
b. Internally provided backup
c. ROC
d. They are all equally beneficial
c. ROC
Which of the following is NOT a potential threat to computer hardware and peripherals?
a. Low humidity
b. High humidity
c. Carbon dioxide fire extinguishers
d. Water sprinkler fire extinguishers
c. Carbon dioxide fire extinguishers
Which of the following is NOT requirement of Section 302 of SOX?
a. Corporate management (including the CEO) must certify monthly and annually their
organization's internal controls over financial reporting
,b. Auditors must interview management regarding significant changes in the design or
operation of internal control that occurred since the last audit
c. Auditors must determine whether changes in internal control have materially affected,
or are likely to materially affect, internal control over financial reporting.
d. Management must disclose any material changes in the company's internal controls
that have occurred during the most recent fiscal quarter.
e. All of the above are requirements
a. Corporate management (including the CEO) must certify monthly and annually their
organization's internal controls over financial reporting
Which of the following is NOT a requirement in management's report on the
effectiveness of internal controls over financial reporting?
a. Describe the flow of transactions in sufficient detail to points at which misstatement
could arise
b. An evaluation of entity-wide controls that correspond to the COSO framework
c. A statement that the organization's internal auditors have issued an attestation report
on management's assessment of the company's internal controls
d. An explicit written conclusion as the effectiveness of internal control over financial
reporting
e. All of the above are requirements
c. A statement that the organization's internal auditors have issued an attestation report
on management's assessment of the company's internal controls
Which of the following is associated with the unique characteristics of an industry?
a. Inherent risk
b. Detection risk
c. Control risk
d. None of the above
a. Inherent risk
Which of the following is not true about the SSAE 16 report?
a. It is a third-party attestation report
b. It replaced Statement on Auditing Standards No. (SAS 70)
c. The service provider prepares a separate SSAE 16 report tailored to the needs of
each of its client firms, which the client auditors rely upon
d. When using the carve-out method, service provider management would exclude the
sub-service organization's relevant controls
e. All of the above are true
c. The service provider prepares a separate SSAE 16 report tailored to the needs of
each of its client firms, which the client auditors rely upon
When someone disguises the source of Internet messages to make appear that it is
coming from a different source, this is called:
a. Deep packet inspection
b. Message packet switching
c. Dual-homed signaling
d. IP screening
e. None of the above
e. None of the above
,A program that attaches to another legitmate program but does NOT replicate itself is
called a
a. virus
b. worm
c. Trojan horse
d. logic bomb
e. none of the above
c. Trojan horse
The purpose of a checkpoint procedure is to facilitate restarting after
a. data processing errors
b. data input errors
c. the failure to have all input data ready on time
d. computer operator intervention
e. none of the above
a. data processing errors
A user's application may consist of several modules stored in separate memory
locations, each with its own data. One module must not be allowed to destroy or corrupt
another module. This is an objective of
a. EDI controls
b. network controls
c. Detection Risk controls
d. application controls
e. none of the above
e. none of the above
An integrated group of programs that supports the applications and facilitates their
access to specified resources is called a(n)
a. operating system
b. database management system
c. utility system
d. facility system
e. none of the above
a. operating system
Which of the following is NOT a network control objective?
a. Preventing illegal access
b. Correcting message loss due to equipment failure
c. Maintaining the critical application list
d. Rendering useless any data that a perpetrator successfully captures
e. All the above are network control objectives
c. Maintaining the critical application list
Reviewing database authority tables is an example of a(n)
a. Operating resource controls
b. Organizational structure control
c. Data resource control
d. None of the above
d. None of the above
, The database attributes that individual users have permission to access are defined in
the
a. Operating system
b. User manual
c. Database schema
d. User view
e. Application listing
d. User view
Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an
ACK, is
a. a DES message
b. a denial of service attack
c. the request-response technique
d. a call-back device
e. none of the above
b. a denial of service attack
Which of the following is not an operating system objective?
a. The operating system must protect itself from users
b. The operating system must protect users from themselves
c. The operating system must be protected from its environment
d. The operating system must protect users from each other
e. All of the above are operating system objectives
e. All of the above are operating system objectives
b. may take the form of either a SYN flood or smurf attack.
A DDoS attack is more intensive than
a. DoS attack because it emanates from single source.
b. may take the form of either a SYN flood or smurf attack.
c. is so named because it affects many victims simultaneously, which are distributed
across the Internet.
d. turns the target victim's computers into zombies that are unable to access the
Internet.
e. none of the above is correct.
a. operating system.
An integrated group of programs that supports the applications and facilitates their
access to specified resources is called a(n)
a. operating system.
b. database management system.
c. utility system.
d. facility system.
e. object system.
e. none of the above.
A user's application may consist of several modules stored in separate memory
locations, each with its own data. One module must not be allowed to destroy or corrupt
another module. This is an objective of
a. EDI controls.
b. network controls.
