D217 AIS SET2, (ANswered) Complete Verified Solution Graded A+

D217 AIS SET2 The domain address of a web page is the equivalent of its universal rescue locator (URL) True XBRL allows users to extract and compare financial data from many different companies HTML tags describe how data and graphics should be presented by a web browser EDI automates the exchange of business information, particularly with respect to source documents True Data encryption renders a text message unreadable during data transmission, even if intercepted Public key transcription requires the use of a pair of public/ private encryption keys True Digital signatures can never be as secure as written signatures False 3 types of access security are What you have What you know Who you are Phishing use of web pages or other means to trick viewer into revealing their passwords or other personal information True Click Fraud inflating the number of uses of a link to an alternate website DES an encryption standard used by the US government EDI the exchange of electronic documents such as contracts HTML the makeup language typically used to display web pages in a web browser Phishing an activity designed to steal a person's financial identity Proxy Server a local area network file server typically devoted to providing Internet service TCP/ IP a transmission protocol used to send email messages sent over the Internet VPN a secure method of transmitting messages cheaply over existing Internet connections VoIP a transmission protocol enabling users to send voice-grade messages over the internet According to the chapter, a computer virus is an example of a type of cybercrime called "denial of service" False Many types of cybercrime have other, more common names such as "vandalism" and "embezzlement" True The US Congress passed the first federal computer crime law in 1986 making it illegal to alter or destroy federal information True We believe that most cybercrime is not discovered True Worm programs are viruses that insert themselves into computer systems and disrupt operations or files True A computer virus may lie dormant in a system until software is copied and run on non-licensed machines True Lockout systems disconnect telephone connections if users fail to provide a correct password in a set number of tries True ACL auditing software used to test computer data CSI acronym for security institute that studies computer crime activities EnCase software program specifically designed for computer forensic investigations Salami Technique type of fraud where perpetrator steals a small amount from many different accounts Worm malicious software similar to a computer virus The data field that distinguishes one computer record from another on a computer file is called the primary record key True For a file of employee workers, it would make more sense to use their last name as a primary key rather than the SS number False A foreign key is a data field in the records of one file that references a primary key in the records of another file True 3 database concerns when creating large databases data integrity processing accuracy data security Data dictionary computer file describing the data items of an accounting database Transaction control requirement that a database system either processes a transaction entirely or not at all An example of a transitive relationship in a parking-tickets application is the one between "ticket code" and "fine amount" True Master files used to plan and report on the resources required for the coming period bills of materials, open production orders, work in process inventory, operations list Referential integrity on Microsoft Access inability to delete a parent record if it has subordinate or "child records" in a relational database If you wish to create a select query with alternate criteria using Microsoft Access you should specify them on separate Criteria lines of the query True An update query in Microsoft Access is an example of an action query that enable you to increase the prices by ten percent for all those products starting with product code "123" True An append query in Microsoft Access is an example of an action query that enables you to systematically add the term "Jr." to individual names in a customer database False Database management systems can be implemented on mainframes, minicomputers, and microcomputers Input mask helps users avoid data entry errors Validation text instructs Access to display a particular error message Query enables DBMS to extract only a subset of records from a database Update query can add the term "Jr." to selected names in a customer database Sorting records is unlike indexing records because sorting physically rewrites records on disks whereas indexing does not What is not a recognized data type in Microsoft Access? year "Inheritance" in Microsoft Access the propagation of properties and restrictions from the data field in the underlying table to the field in the form The cost to correct an error in a database is approximately how many times the cost of entering the data initially? 10 What punctuation mark delineates the separation between a calculated field name and the formula for that field colon A report can contain a subform within it False In order to allow data entry for each invoice and multiple items on each invoice, you should create a form with a subform A picture of a bicycle that appears at the top of every invoice form is an example of an unbound control Controls that specifically encourage operating efficiency are often called preventative controls False Controls that attempt to safeguard asset resources are often called detective controls False An organization should always attempt to implement ideal controls into its system False The COSO report failed to define internal control False Control Environment a component of a company's internal control system that influences the control awareness of a company's employees The COSO report emphasized that an internal control system is a tool of management True Input controls ie: POS device Business Continuity Plan (BCP) comprehensive approach to make sure organizational activities continue normally Edit Tests examine fields of input data and reject those that don't fit requirements Flying-start site disaster recovery site that is similar to system it will replace with up to date backup data Virtual Private Network (VPN) runs behind a firewall to allow users access through hand-held devices Cold Site disaster recovery site that has power, environmentally controlled space, and processing equipment that can be installed on short notice Physical Security measures to protect facilities, resources, and proprietary data IT general controls critical to rely on application controls Hot Site disaster recovery system similar to system it replaces Integrated Security logical and physical securities Logical Security limits authorized individuals to organization's systems and information Fault-Tolerant Systems enable computer systems to deal with errors and keep functioning Processing Controls contribute to a good audit trail Output Controls ie: authorized distribution list Security Policy comprehensive plan to help protect enterprise from internal and external threats Eavesdropping Securely transmit data to site Computer Facility Controls ie: "Man Trap" Application Controls prevent, detect, and correct errors and irregularities in processing transactions Control mechanism that is common to both observation and recoding control dual observation This is not a feedback mechanism for observation controls for data collection dual observation The least effective physical security control for a computer center is insurance The grandfather-parent-child approach to providing protection for important computer files is a concept that is most often found in magnetic tape systems File protection rings permit data to be written on a magnetic tape It would be appropriate for the payroll accounting department to be responsible for which of the following functions? preparation of periodic governmental reports as to employees' earnings and withholding taxes A company's disaster recovery site that includes a computer system configured similarly to the system used regularly by the company for data processing purposes is called a hot site Automated Workpaper Software programs that help auditors create common-size income statements and balance sheets that show account balances as percentages Continuous Auditing ie: XBRL Fraud Triangle motive opportunity rationalization of inappropriate behavior in organizations IT Auditing evaluates computer's role in achieving audit control objectives Integrated Test Facility Audit AIS in operational setting IT Governance The process of using IT resources effectively to meet organizational objectives Parallel Simulation live input data used in program written by auditor Third Party Assurance Services specialized audits of Internet systems and websites An internal audit is never performed by external auditors False What is not one of the groups of SOX compliance requirements? Requirements to use an IT auditor to evaluate controls Through-the-computer auditing does not use confirmation sampling it does use: test data, test of program authorization, embedded audit modules Parallel simulation requires the most technical expertise on the part of an auditor The most important advantage of an integrated test facility is that it allows auditors to evaluate transactions in an operational setting A company's disaster recovery site that includes a computer system configured similarly to the system used regularly by the company for data processing purposes is called a hot site Public Company Accounting Oversight Board (PCAOB) Federal organization empowered to set auditing, quality control, and ethics standards; to inspect registered accounting firms; to conduct investigations; and to take disciplinary actions GFS (grandfather-father-son) backup used with systems that use sequential master files output control a combination of programmed routines and other procedures and other procedures to ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated Output Spooling applications designed to direct their output to a magnetic disk file rather than print it directly to avoid bottlenecking blind copy contains no quantity or price information about the products being received. Purpose is to force the receiving clerk to count and inspect inventories prior to completing the receiving report XBRL Instance Documents actual financial reports. Computer programs recognize and interpret the tags associate with the data attributes Strategic Planning Decision planning with a long-term time frame that is associate with a high degree of uncertainty attest function an independent attestation performed by an expert - the auditor CPA - who expresses an opinion regarding financial statement presentation Risk of Material Misstatement the risk that some event, process or activity will lead to a material misstatement in the financial statements and not be prevented or detected, timely application control related to specific applications and ensure validity, completeness and accuracy of financial transactions general control apply to all systems and address IT governance and infrastructure, security of operating systems and databases, and application and program acquisition, change, and development firewall software and hardware that provide a focal point for security by channeling all network connections through a control gateway echo check involves the receptor of the message returning the message to the sender. The sender compares the returned message with a stored copy of the original worm or virus Software program that burrows into computer's memory and replicates itself into areas of idle memory subsidiary ledger contain details for each of the individual accounts that constitute a particular control account such as accounts payable or accounts receivable General ledger all company's accounting records; all account information to prepare financial statements (summary t-accounts) Input control perform tests on transactions to ensure they are free from errors Processing control programmed procedures to ensure an application's logic is functioning properly preventive control passive techniques designed to reduce the frequency of occurrence of undesirable events detective control devices, techniques, and procedures designed to identify and expose undesirable events corrective control actions taken to reverse the effects of errors detected ER (Entity Relationship) Diagram a technique used to represent the relationship between business entities. Degree of relationship is described as carnality expenditure cycle the acquisition of materials, property, and labor in exchange for cash (hardly ever prepaid) (purchase and cash disbursements) conversion cycle comprised of the production system and the cost accounting system. Involves the planning, scheduling, and control of the physical product through the manufacturing process (cost accounting/ production planning) revenue cycle involves the processing of cash sales, credit sales, and the receipt of cash following a credit sale (sales and cash receipts) management reporting system