CPA ISC Missed MCQs

1. Which of the following framework functions in the Privacy Framework Core best describes the function that would include categories such as identity management, authentication, and access control, as well as data security? - answer-Protect 2. Which of the following framework functions in the Privacy Framework Core best describes how the organization should drive dialogue around privacy risks related to data processing activities? - answer-Communicate 3. Which of the following organizations would most likely be considered a covered entity under the Health Insurance and Portability Act (HIPAA)? - answer-A business specializing in physical therapy for patients with knee and back issues, coordinating with each patients' primary physician 4. TampCorp is an organization based out of Italy specializing in the data processing of third-party human resources data. TampCorp collects the human resource data on all clients and houses the information on company servers located in northern Italy, but the processing is conducted remotely from the United States. Which of the following best describes TampCorp's application of general data protection regulation (GDPR)? - answer-TampCorp must comply with GDPR 5. Which CIS Control best describes using processes and tools to create, align, manage, and revoke access credentials and privileges for user, administrator and service accounts for enterprise assets and software? - answer-Control 6: Access Control Management 6. Which CIS Control best describes the establishment of a program to develop and maintain policies, plans, procedures, defined roles, training, and communication to prepare, detect, and quickly react to an attack? - answer-Incident Response Management 7. Under the COBIT core model, which of the following groups of objectives would best be classified as Build, Acquire, and Implement (BAI)? - answer-Managed knowledge, managed organizational change, and managed availability and capacity 8. Each of the following objectives falls within the domain Monitor, Evaluate, and Assess (MEA), except for the following? - answer-Managed problems 9. Each of the following are components of the governance system except which of the following? - answer-External stakeholders, culture, and competencies 10. A piece of hardware that connects devices within a network by reading and converting protocols so that traffic can be transmitted across those devices is most likely which of the following network components? - answer-Gateway 11. Which of the following best describes a benefit of using a cloud service provider (CSP)? - answer-Redundancy and the ability to recover from a disaster is improved 12. Gibbs Energy Inc. is a power producer and distribution network operator that runs a power grid which generates, transmits, and distributes power to customers. These core business functions require a large amount of computing power to run highly customized software applications. These applications often require modifications to the operating system. Since the usage of energy and computing power varies, Gibbs rents servers, storage, and firewalls from a cloud service provider (CSP). What type of CSP does Gibbs most likely use? - answer-Infrastructure-as-a-Service 13. A cloud service provider's vision is to provide reliable and consistent network connectivity for all customers. Part of its corporate strategy for achieving that is heavily reliant on all of the following except: - answer-Utilizing a community cloud deployment model 14. When evaluating a cloud service provider's data security measures, a company would appropriately consider each of the following risk factors, except: - answer-The provider's vertical scalability 15. An accounting information system (AIS) is distinguished from an enterprise resource planning (ERP) system by the fact that: - answer-An AIS stores financial data, whereas an ERP stores shipping data 16. Peame Mobile sells smartphones, tablets, and other supportive devices directly to consumers via its online marketplace and in-store retail locations. Which of the following economic event and transaction cycle pairings is correct? - answer-Loan payments for retail locations are made in the treasury cycle 17. Andrew is the CFO of a biotech company developing new drugs to combat mental illness. Andrew needs an application allowing: every department to collab in real rime, manage requisitions, issue purchase orders to vendors, project management needs to monitor research projet progress and project spend, accounting department needs reliable financial statements, and finance department needs accurate data to produce high-quality forecasts to investors. The application that can meet all of these requirements is: - answer-An enterprise resource management system (ERP) 18. A pick ticket, the list provided to the warehouse or inventory function detailing the items and quantities that should be picked and packaged and sent to the shipping department for an order, is a common document found in which transaction cycle? - answer-Revenue cycle 19. To become more efficient and lower costs, the company stops accepting paper payments in all countries except for one and shifts to electronic payments only. Any paper payments that are received will be processes through an invoice recognition program that extracts key data using optical character recognition (OCR) technology. This business process improvement solution combines which of the following principles? - answer-Robotic process automation (RPA) and shared services 20. Rulert Systems, a company that manufactures parts for light detection and ranging hardware used in self-driving vehicles, recently started outsourcing several of its components due to a sharp rise is manufacturing costs. Rulert had a well-trained staff, but its end product kept failing in test drives. This is most likely an example of what type of outsourcing risk? - answer-Quality risk related to materials 21. Agri-tech firm Rathway Inc. is about to roll out a new system for its design engineers that will allow different teams to work in sequence. It plans on using the "Waterfall" method because it wants to break the development process into chunks of manageable and distinct tasks. Rathway may use the Waterfall method as a way to: - answer-Focus on testing and change review 22. It may be challenging to apply the COSO control environment component from the internal control framework to blockchain applications because: - answer-Blockchains are decentralized by design 23. Apexom Exchange Inc. operates in the U.S. and adheres to KYC (Know Your Customer) laws by requiring all traders to validate their identity, address, nationality, occupation, and income. Following these laws establishes structure and accountability by ensuring that the company can identify the transacting parties. Which of the following COSO internal control framework components and principles would Apexom follow to satisfy these requirements? - answer-Component: control environment; principle: enforces accountability 24. In an effort to eliminate paper and create transparency in the logistics industry, Elige Supply Chain Inc. implemented a blockchain following the COSO internal control framework. In line with the framework, Elige educated its internal stakeholders on all relevant blockchain processes and developed software that continuously analyzed supply chain functions. Which of the two components of the COSO framework does Elige adhere to by executing these actions? - answer-Information and communication; monitoring activities 25. Which of the following procedures would an entity most likely perform that would be found in its disaster recovery plan? - answer-Store duplicate copies of files off-site 26. An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing? - answer-Disaster recovery plan 27. Which of the following steps in the development of a business continuity plan should a company initiate first? - answer-Conduct a business-impact analysis 28. Suzie, the Senior Accounting Director for her organization, is working with the IT department on a business impact analysis (BIA). They are determining the optimal maximum tolerable downtime (MTD) and the mean time to repair (MTTR) for the company's general ledger software should an outage occur. In which of the following BIA steps would this occur? - answer-Establish recovery priorities 29. Elitado Manufacturing's CFO is working on calculating the annualized rate of occurrence (ARO) and the annualized loss expectancy (ALE) for the business impact analysis (BIA) being performed by its IT department. At which of the following steps during the BIA would this occur? - answer-Estimate losses 30. A consumer-packaged goods (CPG) organization outsources its IT services to a managed services provider. For its distribution system to be continuous and lean, the CPG company specifies in its service level agreement that it must take no longer than 8 hours to restore its IT systems. This is an example of which of the following metrics? - answer-Recovery Time Objective (RTO) 31. During a post implementation review of an AIS, a CPA learned that an AIS with few customized features went over-budget and past the schedule. The steering committee is dissatisfied about the scope creep and would like a recommendation to consider before approving initiation of another large project. Based on those findings, the CPA should recommend implementing: - answer-Change management system 32. Define high-priority customer requirements using a product backlog, assess whether changes are needed to the original product backlog at specific milestones spread across the duration of the project, meet twice per day: in the morning to determine goals and in the afternoon to assess progress, perform testing of new features once per week for the duration of the project. Which of the following system change approaches does Savestone most likely follow? - answer-Agile method 33. Brian works for a CPA firm and is in the process of preparing data for the analysis of client financial statement information for an audit. Brian would likely take each of the following steps to clean the data except: - answer-Create a calculated field to further prepare the financial statement data for additional analysis 34. Each of the following would be considered a complexity when obtaining data from an external source except: - answer-Format 35. Each of the following are considered benefits associated with relational databases except for which of the following? - answer-Combining attributes to create unique identifiers 36. Kidell Corporation is considering establishing a normalized, relational database to store key data needed for decision making. Kidell Corporation contracted with Peggy to help determine whether a relational database is needed. Which of the following would Peggy most likely identify as a benefit associated with relational databases to assist Kidell Corporation? - answer-Relational databases assist with the goal that all data required for a business process is included within the data set 37. Bill is looking to obtain a list of all orders along with corresponding customer names for a customer behavior analysis. There are two relevant tables in the SQL database with the following schema: 'Orders' table: order_id (integer), customer_id (integer), product_sku (variable character string) 'Customers' table: customer_id (integer), customer_name (variable character string) Which of the following SQL queries will correctly provide Bill what he needs? - answer-SELECT O_id, Cmer_name, Oct_sku FROM Orders JOIN Customers ON Omer_id = Cmer_id 38. Lauren is a system administrator, and their ERP vendor found a bug allowing sales order forms to be processed without selecting a valid customer ID on the sales order form. In fact, the bug would set the customer_id field to a dummy system-generated value. To quantify the magnitude of the impact of this bug, Lauren uses SQL queries to query the two tables in the ERP database with the following schema: 'Orders' table: order_id (integer), customer_id (integer), product_sku (variable character string) 'Customers' table: customer_id (integer), customer_name (variable character string) Which of the following queries would most likely help Lauren identify the number of sales orders that do not have a valid customer name? - answer-SELECT COUNT(O_id) FROM Orders LEFT JOIN Customers ON Omer_id = Cmer_id WHERE Cmer_id is NULL 39. An attacker eavesdrops to obtain network packets containing valid data, then resends the captured packets to the target system or network. What type of attack is this? - answer-Replay attack 40. What is the purpose of an organization's company-wide acceptable use policy (AUD)? - answer-Regulate and protect technology resources by assigning varying levels of responsibilities to job roles, listing acceptable behaviors by users