Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 3 - Polytechnic University of The Philippines

    Uploaded by

    Lizette Janiya Sumanting
    2 views9 pages

    Original Title

    Chapter 3 - Polytechnic University of the Philippines

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views9 pages

    Chapter 3 - Polytechnic University of The Philippines

    Uploaded by

    Lizette Janiya Sumanting

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 9

    POLYTECHNIC UNIVERSITY OF THE PHILIPPINES

    Auditing on CIS Environment


    Quiz on Chapter 3
    By: Benjamin Abarquez

    Email *

    lizettesumanting@gmail.com

    Last Name/First Name/M.I. *

    Sumanting, Lizette Janiya C.

    Course/Year/Campus/Branch *

    BSA 3-1, Taguig

    True or False

    Choose the correct answer

    1. In a computerized environment, the audit trail log must be printed onto paper documents. *

    TRUE

    FALSE
    2. A formal log-on procedure is the operating system’s last line of defense against unauthorized *
    access.

    TRUE

    FALSE

    3. Computer viruses usually spread throughout the system before being detected. *

    TRUE

    FALSE

    4. Operating system controls are of interest to system professionals but should not concern *
    accountants and auditors.

    TRUE

    FALSE

    5. The most frequent victims of program viruses are microcomputers *

    TRUE

    FALSE

    6. In a telecommunication’s environment, line errors can be detected by using an echo check. *

    TRUE

    FALSE

    7. Firewalls are special materials used to insulate computer facilities. *

    TRUE

    FALSE
    8. The message authentication code is calculated by the sender and the receiver of a data *
    transmission.

    TRUE

    FALSE

    9. Electronic data interchange customers may be given access to the vendor’s data files. *

    TRUE

    FALSE

    10. The audit trail for electronic data interchange transactions is stored on magnetic media. *

    TRUE

    FALSE

    11. A firewall is a hardware partition designed to protect networks from power surges. *

    TRUE

    FALSE

    12. The standard format for an e-mail address is DOMAIN NAME@USER NAME. *

    TRUE

    FALSE

    13. The network paradox is that networks exist to provide user access to shared resources while *
    one of its most important objectives is to control access.

    TRUE

    FALSE
    14. Cookies are files created by user computers and stored on Web servers. *

    TRUE

    FALSE

    15. Because of network protocols, users of networks built by different manufacturers are able to *
    communicate and share data.

    TRUE

    FALSE

    16. The client-server model can only be applied to ring and star topologies. *

    TRUE

    FALSE

    17. Only two types of motivation drive DoS attacks: (1) to punish an organization with which the *
    perpetrator had a grievance; (2) to gain bragging rights for being able to do it.

    TRUE

    FALSE

    18. A distributed denial of service (DDoS) attack may take the form of a SYN flood but not a smurf *
    attack.

    TRUE

    FALSE

    19. A digital signature is a digital copy of the sender’s actual signature that cannot be forged. *

    TRUE

    FALSE
    20. A smurf attack involves three participants: a zombie, an intermediary, and the victim. *

    TRUE

    FALSE

    Multiple Choice

    Choose the letter of the correct answer

    21. Which method will render useless data captured by unauthorized receivers? *

    a. Echo check

    b. message sequencing

    c. parity bit

    d. public key encryption

    22. Which method is most likely to detect unauthorized access to the system? *

    a. Message transaction log

    b. Data encryption standard

    c. vertical parity check

    d. request-response technique

    23. In an electronic data interchange environment, customers routinely access *

    a. The vendor’s price list file

    b. The vendor’s accounts payable file

    c. the vendor’s open purchase order file

    d. none of the above


    24. Audit objectives for communications controls include all of the following except *

    a. Detection and correction of message loss due to equipment failure

    b. Prevention and detection of illegal access to communication channels

    c. Procedures that render intercepted messages useless

    d. All of the above

    25. When auditors examine and test the call-back feature, they are testing which audit objective? *

    a. Incompatible functions have been segregated

    b. Application programs are protected from unauthorized access

    c. Physical security measures are adequate to protect the organization from natural
    disaster

    d. Illegal access to the system is prevented and detected

    26. Audit objectives in the electronic data interchange (EDI) environment include all of the *
    following except

    a. All EDI transactions are authorized

    b. Unauthorized trading partners cannot gain access to database records.

    c. A complete audit trail of EDI transactions is maintained

    d. Backup procedures are in place and functioning properly

    27. In determining whether a system is adequately protected from attacks by computer viruses, all *
    of the following policies are relevant except

    a. The policy on the purchase of software only from reputable vendors

    b. The policy that all software upgrades are checked for viruses before they are
    implemented

    c. The policy that current versions of antivirus software should be available to all
    users

    d. The policy that permits users to take files home to work on them
    28. Which of the following is not a test of access controls? *

    a. Biometric controls

    b. encryption controls

    c. backup controls

    d. inference controls

    29. All of the following are designed to control exposures from subversive threats except *

    a. Firewalls

    b. one-time passwords

    c. field interrogation

    d. data encryption

    30. Many techniques exist to reduce the likelihood and effects of date communication hardware *
    failure, one of these is

    a. Hardware access procedure

    b. antivirus software

    c. parity checks

    d. data encryption

    31. An integrated group of programs that supports the applications and facilitates their access to *
    specified resources is called

    a. Operating system

    b. database management system

    c. utility system

    d. facility system

    e. object system
    32. Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, is *

    a. A smurf attack

    b. IP spoofing

    c. an ACK echo attack

    d. a ping attack

    e. none of the above

    33. A software program that allows access to a system without going through the normal log on *
    procedures is called a

    a. Logic bomb

    b. Trojan horse

    c. back door

    d. worm

    34. Which is not a biometric device? *

    a. Retina prints

    b. passwords

    c. voice prints

    d. signature characteristics

    35. All of the following are objectives of operating system control except *

    a. Protecting the OS from the users

    b. Protecting the environment from the users

    c. protecting users from themselves

    d. Protesting users from each other

    This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

    Forms

    You might also like