IT 192 Quests

11/4/2017

WileyCPAexcel-BEC

Custom Assessment Results 11/4/2017

Question 1 (IFTC-0042)

Which of the following is considered to be a server in a local area network (LAN)?



The cabling that physically interconnects the nodes of the LAN.



A device that stores program and data files for users of the LAN.



A device that connects the LAN to other networks.



A workstation that is dedicated to a single user on the LAN.

 You Answered Correctly! This answer is correct. A file server providing files for users of the LAN is one type of server.


Encryption protection is

likely to be used in which of the following situations?



When transactions are transmitted over local area networks.



When wire transfers are made between banks.



When confidential data are sent by satellite transmission.



When financial data are sent over dedicated leased lines.

 You Answered Correctly! This answer is correct. Various factors need to be considered. Encoding is important when confidential data are transmitted between geographically separated locations that can be electronically monitored. Although LANs may need encryption protection, the type of data and the described communication media make the other options appear more vulnerable.

Question 3 (tb.it.secur.princ.004_17)

GAPP stands for

https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

1/83

11/4/2017

WileyCPAexcel-BEC



Governmentally accepted payment processes.



Generally accepted accounting principles.



General Administration of Press and Publication



Generally accepted privacy principles

 You Answered Correctly! Correct! These are 10 principles that govern the controls over privacy in an organization.

Question 4 (tb.it.sytms.data.strctr.003_17)

Scarlett O'Hara “Give a Darn” tours of Atlanta has an automated system that uses information obtained from travel agents to help customers find the best tours for their interests. This is best described as a(n) _____________.



Database



Data warehouse



Expert system



Data mart

 You Answered Incorrectly. Incorrect. This is not a data mart; it is not a specialized system that is tailored for internal use by a company.


Which of the following



likely represents a significant deficiency in the internal control?

The systems analyst reviews applications of data processing and maintains systems documentation.



The systems programmer designs systems for computerized applications and maintains output controls.



The control clerk establishes control over data received by the information systems departments and reconciles totals after processing.


2/83

11/4/2017



WileyCPAexcel-BEC

The accounts payable clerk prepares data for computer processing and enters the data into the computer.

 You Answered Correctly! This answer is correct. The systems programmer should not maintain custody of output in a computerized system. At a minimum, the programming, operating, and library functions should be segregated in such computer systems.

Question 6 (tb.it.mob.001_17)

The call center manager of Wholly Parts Chicken Supply manages all unit resources using an MS Access database that only she has access to. She is not trained in accounting or systems development. The most important concern with this situation is



For internal control reasons, MS Access should not be available to employees.

 

The database likely has never been tested or validated. The database may be incompatible with some operating systems.



Logical access controls may be insufficient.

 You Answered Correctly! Correct! This is an important problem with end user–developed applications and spreadsheets.

Question 7 (tb.it.cobit.002_17)

Internal auditors at Henry Flower's Flower shop are undertaking a comprehensive review of outsourcing contracts and policies as part of improving service quality. In the COBIT model, this is best classified as an example of



Planning and Organization.



Acquisition and Implementation.



Delivery and Support.



Monitoring


3/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Incorrectly. Incorrect. The task of reviewing outsourcing contracts is not part of assessing how to acquire, implement, or develop IT solutions that address business objectives and integrate with critical business process.

Question 8

(AICPA.130503BEC-SIM)

Which of the following risks increases the least with cloud-based computing compared with local server storage for an organization that implements cloud-based computing?



Data loss.



Vendor security failure.



Global visibility.



System hacks.

 You Answered Correctly! Global visibility is not a risk of cloud-based computing.

Question 9



(IFTC-0052)

The Internet is made up of a series of networks which include

 

Gateways to allow mainframe computers to connect to personal computers.



Repeaters to physically connect separate local area networks (LANs).



Routers to strengthen data signals between distant computers.

Bridges to direct messages through the optimum data path.

 You Answered Incorrectly. This answer is incorrect. Repeaters strengthen signal strength.

Question 10 https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

4/83

11/4/2017

WileyCPAexcel-BEC

(IFTC-0055)

Today organizations are using microcomputers for data presentation because microcomputer use, compared to mainframe use, is more



Controllable.



Conducive to data integrity.



Reliable.



Cost effective.

 You Answered Correctly! This answer is correct. In cooperative processing, microcomputers are more cost effective than mainframes for data entry and presentation because microcomputers are better suited to frequent screen updating and graphical user interfaces.


In the COBIT model, __________ is an (are) example(s) of an information criterion while _________ is an example of (an) IT resource(s).



Penetration testing results; routers



Acquisition and Implementation; a capacitor



Standards for user response times, network structure



IT staff, computer servers

 You Answered Correctly! Correct! Standards for user response times is an example of an information criterion related to system availability. The network structure is an example of an IT resource.


Which of the following artificial intelligence information systems



learn from experience?

Neural networks.


5/83

11/4/2017

WileyCPAexcel-BEC



Case-based reasoning systems.



Rule-based expert systems.



Intelligent agents.

 You Answered Correctly! This answer is correct because rule-based expert systems do not learn from experience; they simply execute rules.

Question 13 (tb.it.rsk.info.stms.006_17)

Authorization in an automated system is likely to be



Parallel,



Tagged.

 

Unnecessary. Automated.

 You Answered Incorrectly. Incorrect. This is a nonsense answer.


Mobile devices that connect to important organizational systems should be



Reticulated.



Allowed.



Banned.



Password protected with strong passwords or multifactor authentication.

 You Answered Correctly! Correct! If mobile devices are allowed on the system, they must be protected either by strong passwords or multifactor authentication. This is a basic cybersecurity requirement that should https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

6/83

11/4/2017

WileyCPAexcel-BEC

be present in any organization.


ABC, Inc. assessed the overall risks of MIS systems projects on two standard criteria: technology used and design structure. The following systems projects have been assessed on these risk criteria. Which of the following projects holds the highest risk to ABC?



Current

Sketchy



New

Sketchy



Current

Well defined



New

Welldefined

 You Answered Correctly! This answer is correct because the project involves both new (more risky than current) technology and sketchy (more risky than well-defined) structure.


An accounts payable clerk is accused of making unauthorized changes to previous payments to a vendor. Proof could be uncovered in which of the following places?



Transaction logs.



Error reports.



Error files.



Validated data file.

 You Answered Correctly! This answer is correct because transaction logs maintain records of any changes in data. https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

7/83

11/4/2017

WileyCPAexcel-BEC



defines electronic data interchange (EDI) transactions?



Electronic business information is exchanged between two or more businesses.



Customers’ funds-related transactions are electronically transmitted and processed.



Entered sales data are electronically transmitted via a centralized network to a central processor.



Products sold on central Web servers can be accessed by users anytime.

 You Answered Correctly! This answer is correct. Electronic data interchange involves the electronic exchange of business transaction data in a standard format from one entity’s computer to another entity’s computer.


A brokerage firm has changed a program so as to permit higher transaction volumes. After proper testing of the change, the revised programs were authorized and copied to the production library. This practice is an example of



Prototyping.



Program integration.



SDLC (System Development Life Cycle).



Change control.

 You Answered Correctly! This answer is correct. The practice of authorizing changes, approving tests results, and copying developmental programs to a production library is program change control.



8/83

11/4/2017

WileyCPAexcel-BEC

Which of the following configurations of elements represents the

complete disaster recovery

plan?



Vendor contract for alternate processing site, backup procedures, names of persons on the disaster recovery team.



Alternate processing site, backup and off-site storage procedures, identification of critical applications, test of the plan.

 

Off-site storage procedures, identification of critical applications, test of the plan. Vendor contract for alternate processing site, names of persons on the disaster recovery team, off-site storage procedures.

 You Answered Correctly! This answer is correct because the plan should provide for an alternative processing site, backup and off-site storage procedures, identification of critical applications, and test of the plan.


Employee numbers have all numeric characters. To prevent the input of alphabetic characters, what technique should be used?



Optical character recognition (OCR).



Check digit.



Validity check.



Field (format) check.

 You Answered Correctly! This answer is correct because with a field (format) check, the computer checks the characteristics of the character content, length, or sign of the individual data fields.

Question 21 (tb.it.multistrctr.001_17)

Harvey Mudbath, a hot tub and spa manufacturer, currently has a slow network but computing capacity that is distributed across its 18 locations. The computing capacity, while large, is linked https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

9/83

11/4/2017

WileyCPAexcel-BEC

to each location's processing needs. Without any upgrades to the system, Harvey Mudbath probably uses a ___________ system.



Centralized



Decentralized



Hybrid



Schema

 You Answered Correctly! Correct! A decentralized system is characterized by distributed processing and a lessened need for network resources.



describes a hot site?



Location within the company that is most vulnerable to a disaster.



Location where a company can install data processing equipment on short notice.



Location that is equipped with a redundant hardware and software configuration.



Location that is considered too close to a potential disaster area.

 You Answered Correctly! This answer is correct because a hot site is one that is equipped with redundant hardware and software that may be used quickly when the primary site goes down.


When used in an information technology context, EDI is



Education Discount Interface.



Electronic Data Interchange.



Engineered Duplicate Integration.



Extreme Disaster Inhibitor.


10/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! This answer is correct because EDI stands for electronic data interchange.


In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?



Managing remote access.



Developing application programs.



Reviewing security policy.



Installing operating system upgrades.

 You Answered Correctly! This answer is correct. The network administrator is responsible for maintaining the hardware and software aspects of a computer network.


Which of the following terms refers to a site that has been identified and maintained by the organization as a data processing disaster recovery site but has



Hot.



Cold.



Warm.



Flying start.

been stocked with equipment?

 You Answered Correctly! This answer is correct. A cold site is a backup site that has not been stocked with equipment.


11/83

11/4/2017

WileyCPAexcel-BEC

(it.ntworks2.004_17)

Winifred, an internal auditor, wants to access data about employee pay rates. She will go online and type in a(n) ______ on the ________, which is mostly written in ___________.



Company name; company database; XBRL



URL; www; HTML



www; URL; HTML



Employee name; registry; registry addresses

 You Answered Incorrectly. Incorrect. While the first two answers are plausible here, the company database will not be mostly written in XBRL (i.e., eXtensible business reporting language, which is a tagging language for financial data)


Which of the following is

true? Relational databases



Are flexible and useful for unplanned, ad hoc queries.



Store data in table form.



Use trees to store data in a hierarchical structure.



Are maintained on direct access devices.

 You Answered Incorrectly. This answer is incorrect. This is true about relational databases.


ABC, Inc. assessed overall risks of MIS systems projects on two standard criteria: technology used and design structure. The following systems projects have been assessed on these risk criteria. Which of the following projects holds the highest risk to ABC?


12/83

11/4/2017

WileyCPAexcel-BEC



Current

Sketchy



New

Sketchy



Current

Well defined



New

Welldefined

 You Answered Correctly! This answer is correct because the project involves both new (more risky than current) technology and sketchy (more risky than well-defined) structure.


Which of the following controls would assist in detecting an error when the data input clerk records a sales invoice as $12.99 when the actual amount is $122.99?



Batch control totals.



Echo check.



Limit check.



Sign check.

 You Answered Correctly! This answer is correct. The other controls would not find this error.

Question 30 (tb.mang.cyber.risk.005_17)

Cyber breaches are



Preventable.



Addressed in the srcinal COSO announcements.



Assumable.


13/83

11/4/2017



WileyCPAexcel-BEC

Inevitable.

 You Answered Incorrectly. Incorrect. Not all cyber breaches can be prevented.

Question 31 (tb.it.bckup.001_17)

Womping Wembley Corp. maintains three sets of backups, which are updated monthly, weekly, and daily. This approach illustrates a (an):



Checkpoint and restart approach



RAID approach



Redundant backups approach.



SANs approach

 You Answered Correctly! Correct! This approach illustrates a grandfather, father, son approach to redundant backups which are often executed with this frequency.


Securing client/server systems is a complex task because of all of the following factors



The use of relational databases.



The number of access points.



Concurrent operation of multiple user sessions.



Widespread data access and update capabilities.

 You Answered Incorrectly. This answer is incorrect. This is a factor that makes security complex in client/server environments.


14/83

11/4/2017

WileyCPAexcel-BEC


In updating a computerized accounts receivable file, which one of the following would be used as a batch control to verify the accuracy of the total credit posting?



The sum of the cash deposits plus the discounts less the sales returns.



The sum of the cash deposits.



The sum of the cash deposits less the discounts taken by customers.



The sum of the cash deposits plus the discounts taken by customers.

 You Answered Incorrectly. This answer is incorrect because sales returns would be processed separately.


When a client’s accounts payable computer system was relocated, the administrator provided support through a dial-up connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?



User passwords are



Management procedures for user accounts are



User accounts are



Security logs are

required to be in alphanumeric format. documented.

removed upon termination of employees. periodically reviewed for violations.

 You Answered Correctly! This answer is correct. If accounts are removed upon termination, the terminated administrator can no longer have access to the company's systems.


Companies now can use electronic transfers to conduct regular business transactions. Which of the following terms

describes a system where an agreement is made between two or more parties to


15/83

11/4/2017

WileyCPAexcel-BEC

electronically transfer purchase orders, sales orders, invoices, and/or other financial documents?



Electronic mail (e-mail).



Electronic funds transfer (EFT).



Electronic data interchange (EDI).



Electronic data processing (EDP).

 You Answered Correctly! This answer is correct. Electronic data interchange refers to the electronic transfer of documents between businesses.


_____, ______, and ______ are all elements of a manual accounting system.



Journals; ledgers; e-vouchers



Ledgers, automated transactions, assets



Journals, receivables ledgers, concentration of information



Ledgers, journals, invoices

 You Answered Correctly! Correct! Ledgers, journals, and invoices are all elements of a manual accounting system.


The

appropriate type of network for a company that needs its network to function inexpensively

in widely separated geographical areas is



Local area network (LAN).



Wide area network (WAN).



Value-added network (VAN).



Private branch exchange (PBX).


16/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! This answer is correct. A wide area network (WAN) is the best kind of network because it can connect many sites located across a broad geographical distance.

Question 38 (tb.it.bus.strat.003_17)

An accountant at Holly Golightly Tattoos builds a spreadsheet to manage the customer database. Because of the rapid growth of the business, the spreadsheet quickly becomes unmanageably complex. This problem illustrates which of the following issues?



Inadequate scope and scalability



Lack of strategic focus



Lack of strategic investment



Digitization

 You Answered Correctly! Correct! Inadequate scope and scalability is an example of creating a system that is too small for a much larger problem. The spreadsheet in this case was an inadequate tool for addressing a much larger problem (i.e., customer relationship management).


Catalonian Olive Oil Products runs an ERP system and conducts backup procedures that are _______, ______, and _______.



Grandfather, father, and son



Full, incremental, and differential



Bin, volume, and name



Checkpoint, recovery, restart

You Answered Incorrectly.

 Incorrect. This answer mixes differing approach to backup and recovery.


17/83

11/4/2017

WileyCPAexcel-BEC


Most client/server applications operate on a three-tiered architecture consisting of which of the following layers?



Desktop client, application, and database.



Desktop client, software, and hardware.



Desktop server, application, and database.



Desktop server, software, and hardware.

 You Answered Correctly! This answer is correct because the layers consist of the desktop client, an application server, and a database server.

Question 41 (tb.int.entwide.cloud.syst.002_17)

Hubert Humbert Fashion Designers implemented an organization-wide ERP system that failed. Which of the following is the

likely reason for the failure of such a system?



A poor system development process



Lack of management support



Hardware failures



Underestimating system implementation time and complexity

 You Answered Correctly! Correct! Hardware failures are very unusual. They are an unlikely reason for an ERP failure.

Question 42



(tb.it.phys.accss.ctrl.001_17)

Brownout is an example of a(n) ___________ risk.



Electrical system



Logical control


18/83

11/4/2017

WileyCPAexcel-BEC



Authentication



Encryption

 You Answered Incorrectly. Incorrect. Brownout (i.e., reduced voltage) is a physical system risk related to electricity. It is unrelated to encryption (a logical control) in a system.


Hubert Humbert Fashion Designers is considering implementing an organization-wide ERP. Which of the following is

likely to be a motivation for implementing such a system?



Reducing and eliminating data redundancy



Improving organizational agility



Improving data analytic capabilities



Reducing system complexity

 You Answered Correctly! Correct! Reducing system complexity is an unlikely reason to implement an ERP. ERP systems tend to

Question 44

system complexity.



(AICPA.130502BEC-SIM)

What is an example of the use of the cloud to access hardware?



IaaS



PaaS



SAP



ERP

 You Answered Correctly! IaaS is the use of the cloud to access virtual hardware. https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

19/83

11/4/2017

WileyCPAexcel-BEC


A computer input control is designed to ensure that



Machine processing is accurate.



Only authorized personnel have access to the computer area.



Data received for processing are properly authorized and converted to machine-readable form.



Computer processing has been performed as intended for the particular application.

 You Answered Incorrectly. This answer is incorrect because access controls relate to the plan of organization, a general control, and not the input of data.


A manufacturing company that wanted to be able to place material orders more efficiently

likely

would utilize which of the following?



Electronic check presentment.



Electronic data interchange.



Automated clearinghouse.



Electronic funds transfer.

 You Answered Correctly! This answer is correct because electronic data interchange is used to electronically connect a company to its suppliers and customers.

Question 47



(tb.it.policies.002_17)

SnowDrift Ski Resorts has many celebrity visitors. At a recent meeting, the CIO presented a plan to ensure the complete privacy of all visitors, including compliance with relevant laws and regulations related to privacy. This plan is likely to also be found in a (an) https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

20/83

11/4/2017

WileyCPAexcel-BEC



Use and connection policy.



Procurement policy.



Values and service culture policy.



Regulatory compliance policy.

 You Answered Incorrectly. Incorrect. This policy may be slightly related to the values and service culture policy, but this is not the best answer.

Question 48



(tb.int.entwide.cloud.syst.003_17)

A data analyst at Hubert Humbert Fashion Designers is using a component of its organization-wide ERP system to analyze customer sales to determine the optimal opening and closing times for its retail stores. The analyst is



CRM



OLAP



OLTP



Supply chain management

using the _________ component of the system.

 You Answered Incorrectly. Incorrect. This is not a customer relations issue.


In a system with strong controls, information requirements are linked to _______ and ______.



Patch controls; reticulating splines



Likelihood; damages



Controls; risks



Exploits; outsourcing


21/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! Correct! Information requirements of organizational systems should be linked to internal control and relevant risks, including cyber risks.


An organization’s computer help desk function is usually a responsibility of the



Applications development unit.



Systems programming unit.



Computer operations unit.



User departments.

 You Answered Incorrectly. This answer is incorrect. Applications development is responsible for developing systems. After formal acceptance by users, developers typically cease having day-to-day contact with a system’s users.

Question 51 (tb.it.policies.001_17)

SnowDrift Ski Resorts has a meeting at which the CIO presents a plan for all IT personnel to evidence exceptional service quality in their interactions with other employees (i.e., their customers). This plan is likely to also be found in a (an)



Use and connection policy.



Procurement policy.



Values and service culture policy.



Regulatory compliance policy.

 You Answered Correctly! Correct! This policy will state what is expected of IT function personnel in their interactions with clients and others. That is exactly the initiative that is described in this case.


22/83

11/4/2017

WileyCPAexcel-BEC


What type of computerized data processing system would be

appropriate for a company that is

opening a new retail location?



Batch processing.



Real-time processing.



Sequential-file processing.



Direct-access processing.

 You Answered Correctly! This answer is correct because real-time processing is the best method for use by retail businesses.

Question 53 (tb.erm.cloud.computing.001_17)

Max's Hardware Boutique is considering using a CSP. Max should request all of the information below about the CSP



References from other CSP users.



Privacy compliance policies.



Employee salary information.



Network infrastructure and load reports.

 You Answered Correctly! Correct! This would be unusual information to request from a CSP. It is unclear what value this information would provide.


Which of the following areas of responsibility are normally assigned to a systems programmer in a computer system environment?


23/83

11/4/2017

WileyCPAexcel-BEC



Systems analysis and applications programming.



Data communication hardware and software.



Operating systems and compilers.



Computer operations.

 You Answered Correctly! This answer is correct because systems programmers are given responsibility for maintaining system software, including operating systems and compilers.

Question 55 (tb.prod.cyc.003_17)

Which document lists the items in inventory?



Inventory report

 

Bill of materials



Operations list

Move ticket

 You Answered Correctly! Correct! An inventory report is a listing of the items in inventory.


Bacchus, Inc. is a large multinational corporation with various business units around the world. After a fire destroyed the corporate headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery?



Daily backup.



Network security.



Business continuity.



Backup power.


24/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! This answer is correct. A business continuity plan deals with recovery of business operations after a disaster.

Question 57



(IFTC-0014)

The use of a header label in conjunction with magnetic tape is



Computer operator.



Keypunch operator.



Computer programmer.



Maintenance technician.

likely to prevent errors by the

 You Answered Incorrectly. This answer is incorrect because the keypunch operator does not load magnetic tapes and, therefore, is not affected by the use of header labels.

Question 58



(tb.it.bckup.003_17)

Maintaining an inventory of backup files facilitates



Inventories of assets.



Identifying unrecorded liabilities.



Internal and external labeling.



Recovery.

 You Answered Correctly! Correct! An inventory of backup files enables a more rapid recovery process.



25/83

11/4/2017

WileyCPAexcel-BEC

One of the benefits of a single integrated database information system is



Closer program-data linkage.



Increased data redundancy.



Reduced security.



Increased data accessibility.

 You Answered Correctly! This answer is correct. Increased data accessibility is a benefit of a single integrated database information system.

Question 60



(tb.emerg.tech.big.data.005_17)

Monster Lorenzo Sneakers has a division that combines information from several sources into one comprehensive database. The included data relates to customer information from a company's pointof-sale systems (the cash registers), its website, its mailing lists, and its comment cards. It also includes separate data about employees, including time cards, demographic data, and salary. If Monster Lorenzo Sneakers decided to launch a big data initiative, what is the most likely effect on this division?



Expansion



Contraction



Elimination



Refurbishing

 You Answered Correctly! Correct! The described division is a data warehouse. Big data initiatives generally result in expanding data warehouses.

Question 61



(IFTC-0029)

SQL is



directly related to

String question language processing.


26/83

11/4/2017

WileyCPAexcel-BEC



The "grandfather, father, son" method of record retention.



Electronic commerce.



Relational databases.

 You Answered Incorrectly. This answer is incorrect because the term string question language processing is not used in information technology.


Which of the following is a critical success factor in data mining a large data store?



Pattern recognition.



Effective search engines.



Image processing systems.



Accurate universal resource locator (URL).

 You Answered Correctly! This answer is correct because the benefit of data mining is the confirmation and exploration of data relationships.

Question 63



(tb.rev.cyc.004_17)

Smigly Construction builds large warehouses for many clients. Smigly is more likely than most other businesses to use _____________ in its revenue cycle billing processes.



Remittance advices



Customer invoices



Packing lists



Customer sales orders

 You Answered Correctly! https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

27/83

11/4/2017

WileyCPAexcel-BEC

Correct! Remittance advices help customers match payments with invoices. They are more likely to be used in complex businesses, such as construction and medical billing.

Question 64 (tb.expend.cyc.001_17)

The perpetrator of a fictitious vendor fraud is usually



A stakeholder.



An employee.



A mountebank.



A customer.

 You Answered Correctly! Correct! Many fake vendor frauds are perpetrated by employees.

Question 65 (tb.intro.hrdwr.002_17)

A computer sitting on a user's desk that includes a keyboard and a mouse is unlikely to be a(n):



Desktop.



Laptop.



Server.



Thin client.

 You Answered Incorrectly. Incorrect. A computer that includes a keyboard and mouse could be a desktop.


A computer emergency response team (CERT) is a ______ control.



Defense-in-depth


28/83

11/4/2017

WileyCPAexcel-BEC



Preventive



Detective



Corrective

 You Answered Correctly! Correct! A CERT is a corrective control since it is intended primarily to clean up the mess of a violation of the system's integrity.


Compared to batch processing, real-time processing has which of the following advantages?



Ease of auditing.



Ease of implementation.

 

Timeliness of information. Efficiency of processing.

 You Answered Correctly! This answer is correct because the major advantage of real-time processing is that information is available immediately.




Which of the following is an advantage of using a value-added network for EDI transactions?



Ability to deal with differing data protocols.



Decrease in cost of EDI.



Increase in data redundancy.



Direct communication between trading partners.

 You Answered Incorrectly.


29/83

11/4/2017

WileyCPAexcel-BEC

This answer is incorrect because a value-added network results in communications to the valueadded network, and then to the trading partner.


Which of the following is an advantage of a computer-based system for transaction processing over a manual system? A computer-based system



Does not require as stringent a set of internal controls.



Will produce a more accurate set of financial statements.



Will be more efficient at producing financial statements.



Eliminates the need to reconcile control accounts and subsidiary ledgers.

 You Answered Correctly! This answer is correct because computer-based systems are more efficient than manual systems at producing financial statements.

Question 70



(IFTC-0048)

There are several kinds of hardware and software for connecting devices within a network and for connecting different networks to each other. The kind of connection often used to connect dissimilar networks is a

 

Gateway.



Router.



Wiring concentrator.

Bridge.

 You Answered Correctly! This answer is correct. A gateway, often implemented via software, translates between two or more different protocol families and makes connections between dissimilar networks possible.


30/83

11/4/2017

WileyCPAexcel-BEC

Question 71



(tb.acct.sys.cyc.intro.002_17)

Which of the following steps in the accounting cycle comes after preparing financial statements?



Journalize closing entries.



Analyze transactions.



Prepare reports.



Prepare post-closing trial balance.

 You Answered Incorrectly. Incorrect. Prepare reports comes after posting entries to accounts.

Question 72



(tb.it.sytms.data.strctr.002_17)

A data mart is a specialized type of ____________ that is tailored to the needs of a(n) _______.



Database; user



Data warehouse; organization



OLTP; ERP



AI; ERP

 You Answered Correctly! Correct! A data mart is a type of data warehouse that is customized for an organization.


First Federal S&L has an online real-time system, with terminals installed in all of its branches. This system will not accept a customer’s cash withdrawal instructions in excess of $1,000 without the use of a "terminal audit key." After the transaction is authorized by a supervisor, the bank teller then processes the transaction with the audit key. This control can be strengthened by



Online recording of the transaction on an audit override sheet.



Increasing the dollar amount to $1,500.


31/83

11/4/2017

WileyCPAexcel-BEC



Requiring manual, rather than online, recording of all such transactions.



Using parallel simulation.

 You Answered Correctly! This answer is correct because documentation of all situations in which the "terminal audit key" has been used will improve the audit trail.


Jody's Hardware Store developed a new module for the accounting system to monitor and forecast contractor purchases by vendor month. The old system was a manual. The

risk

related to the new system is



Idiosyncratic processing errors.



Systematic processing errors.



Automated processing of transactions.



Computer-initiated transactions.

 You Answered Correctly! Correct! Systematic processing errors are an important risk of a new system.


A bank wants to reject erroneous checking account numbers to avoid invalid input. Management of the bank was told that there is a method that involves adding another number at the end of the account numbers and subjecting the other numbers to an algorithm to compare with the extra numbers. What technique is this?



Optical character recognition (OCR) software.



Check digit.



Validity check.





32/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! This answer is correct because a check digit is an extra reference number that follows an identification number and bears a mathematical relationship to the other digits. The identification number can be subjected to an algorithm and compared to the check digit.


Which of the following procedures would enhance the control of a computer operations department?

I. Periodic rotation of operators. II. Mandatory vacations. III. Controlled access to the facility. IV. Segregation of personnel who are respons ible for controlling input and output.



I, II.



I, II, III.



III, IV.



I, II, III, IV.

 You Answered Correctly! This answer is correct. All of the above practices are effective control measures. Periodic rotation and mandatory vacations provide other personnel with the ability to detect operator problems. Controlled access and segregation of duties allow for the separation of incompatible functions.

Question 77



(tb.hr.pay.cyc.001_17)


part of the HR and payroll cycle?



Assessing employee performance



Computing payroll taxes


33/83

11/4/2017

WileyCPAexcel-BEC



Maintaining controls over employee data



Assigning labor costs to jobs

 You Answered Incorrectly. Incorrect. Computing and reporting payroll taxes is part of the HR and payroll cycle.

Question 78 (tb.emerg.tech.ais.001_17)

Spirit Line Beverages sponsors a contest for its programmers with prizes for the winning teams. This is an example of ______________ that is intended to __________________.



Online marketing; build social media data



Industrial espionage; build internal data



Data mining; use big data



Gamification; build motivation and team rapport

 You Answered Correctly! Correct! This is an example of gamification that is intended to motivate participants.


Which of the following statements is

?



External parties can help prioritize resources to prevent and manage cyber risks.



External parties should always be informed about cyber incidents.



External, financial statement auditors are unavailable as consultants related to cyber risks.



External communication about cyber security may be relevant to financial analysts.

 You Answered Incorrectly. Incorrect. This is a statement. External financial statement auditors cannot serve as consultants related to cyber risks.


34/83

11/4/2017

WileyCPAexcel-BEC


In an accounting information system, which of the following types of computer files

likely would

be a master file?



Inventory subsidiary.



Cash disbursements.



Cash receipts.



Payroll transactions.

 You Answered Correctly! This answer is correct because a master file is a file containing relatively permanent information used as a source of reference and periodically updated, and this is characteristic of an inventory subsidiary file.


Which of the following items would be

critical to include in a systems specification document for

a financial report?



Cost-benefit analysi.



Data elements needed



Training requirements



Communication of change management considerations

 You Answered Correctly! This answer is correct. A systems specification document should include a description of the data elements needed.


Which of the following is considered an application input control?


35/83

11/4/2017

WileyCPAexcel-BEC



Run control total.



Edit check.



Report distribution log.



Exception report.

 You Answered Correctly! This answer is correct. An edit check is a check on the accuracy of data as it is inputted.


The machine language for a specific computer



May be changed by the programmer.



Is the same as all the other computer languages.



Is determined by the engineers who designed the computer.



Is always alphabetic.

 You Answered Incorrectly. This answer is incorrect because machine languages differ among different computers. Also, machine languages differ from user programs (e.g., written in BASIC, COBOL).


Which of the following is the primary advantage of using a value-added network (VAN)?



It provides confidentiality for data transmitted over the Internet.



It provides increased security for data transmissions.



It is more cost effective for the company than transmitting data over the Internet.



It enables the company to obtain trend information on data transmission.


36/83

11/4/2017

WileyCPAexcel-BEC

This answer is correct. VANs provide increased security over transactions because they use private networks.

Question 85 (tb.rev.cyc.003_17)

RFID tagging is most helpful to



Cash collections.



Receivables billing.



Shipping.



Bank reconciliations.

 You Answered Correctly! Correct! RFID tagging of physical goods can increase the speed and accuracy of shipping processes.

Question 86 (tb.acct.sys.cyc.intro.003_17)

Mars Dreamy Clothing is a retailer with 15 locations. Which cycle is likely of



Financing



General ledger



Production



Revenue

importance to Mars?

 You Answered Incorrectly. Incorrect. The general ledger cycle is important to a retailer.


What is the computer process called when data processing is performed concurrently with a particular activity and the results are available soon enough to influence the particular course of https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

37/83

11/4/2017

WileyCPAexcel-BEC

action being taken or the decision being made?



Batch processing.



Real-time processing.



Integrated data processing.



Random access processing.

 You Answered Correctly! This answer is correct because online real-time systems are those for which processing is performed as data are input and the results are available immediately.

Question 88 (AICPA.130726BEC)

The fixed assets and related depreciation of a company are currently tracked on a passwordprotected spreadsheet. The information technology governance committee is designing a new enterprise-wide system and needs to determine whether the current fixed asset process should be included because the current system seems to be working properly. What long-term solution should the committee recommend?



Continuing to use the current spreadsheet process because there have been

issues in this

area.



Developing a new fixed asset system to manage the assets and related depreciation.



Purchasing a stand-alone fixed asset program for managing the assets and related depreciation.



Adopting the fixed-asset module of the new system for integration.

 You Answered Correctly! One of the goals of an enterprise-wide system is to integrate" all data maintained by the organization into a single database." This option best achieves the goal of a single, organizationwide system with which to bind the entire organization together.



38/83

11/4/2017

WileyCPAexcel-BEC

Compared to manual systems, automated systems have ____ risks related to remote access, ____ risks related to the concentration of information, and, ______ opportunities for directly observing processes:



Increased, increased, increased



Decreased, decreased, decreased



Increased, increased, decreased



Increased, decreased, increased

 You Answered Correctly! Correct. This is an accurate statement. Automated systems have increased risks related to remote access, increased risks related to the concentration of information, and decreased opportunities for directly observing processes.

Question 90 (tb.it.multistrctr.002_17)

Ruth Milkweed, a hot tub and spa manufacturer, currently has a fast network and a large, centralized computer. The computing capacity, while large, is not linked to each location's processing needs. Without any upgrades to the system, Ruth Milkweed probably uses a ___________ system.



Matrix



Centralized



Decentralized



Hybrid

 You Answered Correctly! Correct! A fast network and centralized computing are consistent with a centralized system.


Which of the following procedures should be included in the disaster recovery plan for an Information Technology department?



Replacement of personal computers for user departments.


39/83

11/4/2017

WileyCPAexcel-BEC



Identification of critical applications.



Physical security of warehouse facilities.



Cross-training of operating personnel.

 You Answered Correctly! This answer is correct because a disaster recovery plan must identify the critical applications.

Question 92 (it.ntworks2.002_17)

XBRL is a ____________ that is derived from ________.



Financial tagging language; XML



Protocol; STMP



Company; a stock offering



Financial tagging language; STMP

 You Answered Correctly! Correct! XBRL (i.e., eXtensible business reporting language) is for tagging financial information. It is derived from XML (i.e., eXtensible markup language).


Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (EDI) environment?



Elimination of the need to continuously update antivirus software.



Assurance of the thoroughness of transaction data because of standardized controls.



Automatic protection of information that has electronically left the entity.



Elimination of the need to verify the receipt of goods before making payment.

 You Answered Correctly!


40/83

11/4/2017

WileyCPAexcel-BEC

This answer is correct because in an EDI environment transactions are communicated in standard format to help ensure completeness and accuracy.


Internal auditors at Henry Flower's Flower Shop are undertaking a comprehensive review to determine if the company has complied with privacy regulations regarding customer data. In the COBIT model, this is best classified as an example of












Monitoring.

 You Answered Correctly! Correct! Analyzing compliance with privacy regulations is part of a formal review process to assess how to best assess IT quality and compliance with control requirements.


A data warehouse in an example of



Online analytical processing.



Online transaction processing.



Essential information batch processing.



Decentralized processing.

 You Answered Correctly! This answer is incorrect because online transaction processing involves day-to-day transaction processing operations.


41/83

11/4/2017

WileyCPAexcel-BEC


ISP is a ________, SMTP is a _______________ and XML is a ______________.



Protocol; company; language



Company; language; protocol.



Language; protocol; company



Company; protocol; language

 You Answered Correctly! Correct! ISP (i.e., an internet service provider) is a company; SMTP (i.e., simple mail transfer protocol) is a protocol; and XML (i.e., eXtensible markup language) is a language.

Question 97



(tb.it.compcrim.001_17)

Boris works for Nefarious Corp. Boris's job is to steal genetic engineering trade secrets from the Gentle Lamb Company. He does this by dating employees of Gentle Lamb Company and stealing their access information (e.g., logon and password). Boris is a(n) _____________ who uses the computer system as a __________.



Nation spy; subject



Industrial spy; tool



Member of organized crime; target



Hacker; target

 You Answered Incorrectly. Incorrect. Boris is a spy; he does not hack systems for fun or challenge. (At least, this is not part of the description given for Boris.)


An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems?



Modifications can be made to each module without affecting other modules.


42/83

11/4/2017

WileyCPAexcel-BEC



Increased responsiveness and flexibility while aiding in the decision-making process.



Increased amount of data redundancy, since more than one module contains the same information.



Reduction in costs for implementation and training.

 You Answered Incorrectly. This answer is incorrect. An ERP system is integrated such that any change in one module affects other module.


Leapin’ Lizards (LL) reptile trainers is a small but growing organization that trains lizards and chameleons to do tricks and sells the trained lizards to buyers. Combining which of the following functions would represent the

concern for the system of internal control at LL?



Authorizing vendor creation, authorizing purchases, and custody of purchased items



Granting credit to customers and recording sales



Authorizing chameleon purchases and internal audit of receivables



Custody of chameleons and recording chameleon purchases, sales, and deaths

 You Answered Correctly! Correct! Combining authorization for purchases and internal review of receivables is the least serious threat of the answers listed. This is because purchase responsibilities (e.g., authorization for purchases) occur primarily in the expenditure cycle whereas receivable responsibilities (e.g., reviewing receivables) occur primarily in the sales and revenue cycle. Therefore, the described activities are largely unrelated to one another.


Because log-on procedures may be cumbersome and tedious, users often store log-on sequences in their personal computers and invoke them when they want to use mainframe facilities. A risk of this practice is that



Personal computers become much more likely to be physically stolen.


43/83

11/4/2017

WileyCPAexcel-BEC



Anyone with access to the personal computers could log on to the mainframe.



Backup procedures for data files would not be as effective.



Users with inadequate training would make more mistakes.

 You Answered Correctly! This answer is correct. Since storing the log-on sequences makes log-on easier, anyone with access to the personal computer could potentially log-on to the mainframe through use of the personal computer.


The use of a voucher systems helps control



Unauthorized payment of invoices.

 

Unauthorized orders of goods The use of unauthorized vendors



Underpayments to supplier

 You Answered Correctly! Correct! The primary purpose of a voucher system is to help control unauthorized payment of invoices.


The performance audit report of an information technology department indicated that the department lacked a disaster recovery plan. Which of the following steps should management take first to correct this condition?



Bulletproof the information security architecture.



Designate a hot site.

 

Designate a cold site. Prepare a statement of responsibilities for tasks included in a disaster recovery plan.


44/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! This answer is correct. The first step is to identify the responsibilities for tasks included in the plan.

Question 103 (tb.emerg.tech.ais.002_17)




an example of gamification?

Building graphics and video displays into simulations to teach workers about dangers at a factory



A competition among salespeople to earn points



Dressing up as a cow to promote a fast food restaurant



Creating a game to teach students about managerial accounting

 You Answered Correctly! Correct! Dressing up as a cow to promote a fast food restaurant is not an example of gamification.


Which of the following is often a contract with a vendor for the purchase of goods?



Remittance advice



Vendor invoice



Packing lists



Purchase order

 You Answered Correctly! Correct! A purchase order is often a contract to purchase goods from a vendor.


45/83

11/4/2017

WileyCPAexcel-BEC

(tb.it.mob.004_17)

Each of the following is a greater risk in the small business computing environment



Physical controls.



Encryption.



Logical controls.



Program development.

 You Answered Correctly! Correct! Encryption is not a risk. It is a procedure to reduce risk.


An accountant at Hubert Humbert Fashion Designers is using a component of its organization-wide ERP system to prepare a payroll tax return. The accountant is

using the _________

component of the system.



CRM



OLAP



OLTP




 You Answered Correctly! Correct! The preparation of a simple payroll report is an application of an online transaction processing (OLTP) system.

Question 107



(tb.gen.led.rep.cyc.004_17)

One purpose of closing entries is to



Record accruals and deferrals.



Zero out the revenue and expense accounts.



Estimate unrecorded liabilities.


46/83

11/4/2017



WileyCPAexcel-BEC

Comply with laws and regulations.

 You Answered Incorrectly. Incorrect. This is not a goal of closing entries.

Question 108 (tb.it.logacc.001_17)

Billy Wingate enters his college dorm by typing an access code and putting his hand in a scanner. This is an example of _________ identification.



Biometric



Password



Multifactor



Hypergeometric

 You Answered Correctly! Correct! This system uses both biometric and password identification, so it is multifactor.

Question 109



(IFTC-0031)

The machine-language program that results when a symbolic-language program is translated is called a(n)



Processor program.



Object program.



Source program.



Wired program.

 You Answered Incorrectly. This answer is incorrect because a source program is another term for a symbolic-language program.


47/83

11/4/2017

WileyCPAexcel-BEC

Question 110




Which of the following is least likely to be a source of big data?



Wearables



A thermostat



A single-page pdf document



A cow

 You Answered Incorrectly. Incorrect. Livestock are likely to have embedded wearable technology. This technology will generate large streams of data and therefore will be a source of big data, particularly for large herds.


Which of the following transaction processing modes provides the

accurate and complete

information for decision making?



Batch.



Distributed.



Online.



Application.

 You Answered Correctly! This answer is correct. In an online system data is readily available for decision making.

Question 112



(IFTC-0002)

Which of the following would lessen internal control in a computer processing system?



The computer librarian maintains custody of computer program instructions and detailed listings.


48/83

11/4/2017

WileyCPAexcel-BEC



Computer operators have access to operator instructions and detailed program listings.



The control group is solely responsible for the distribution of all computer output.



Computer programmers write and debug programs which perform routines designed by the systems analyst.

 You Answered Correctly! This answer is correct because computer operators who have access to detailed program listings have the opportunity to modify the programs.

Question 113



(IFTC-0087)

Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?



Reasonableness test.



Field check.



Digit verification check.



Validity check.

 You Answered Incorrectly. This answer is incorrect because a field check is a control that limits the types of characters accepted.


Risk identification should be mapped to:



An organization's industry.



Organizational personnel.



Liabilities.



Asset utilization.


49/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! Correct! Cyber risks are often planned by hackers to exploit specific weaknesses, and achieve specific outcomes, in an industry—for example, targeting financial services firms to steal money.

Question 115 (tb.gen.led.rep.cyc.001_17)

The general ledger cycle receives _____________ and generates ________________.



Transactions, reports



Reports, transactions



Reports, funds



Controls, funds

 You Answered Correctly! Correct! The general ledger cycle receives transactions and generates reports, including financial statements.

Question 116



(IFTC-0126)

A company has a significant e-commerce presence and self-hosts its website. To assure continuity in the event of a natural disaster, the firm should adopt which of the following strategies?

 

Back up the server database daily.



Purchase and implement RAID technology.



Establish off-site mirrored Web server.

Store records off-site.

 You Answered Correctly! This answer is correct. Establishing an off-site mirrored Web server would provide for continuous duplication of data in geographically separated locations.


50/83

11/4/2017

WileyCPAexcel-BEC

Question 117



(tb.prod.cyc.002_17)

Which document lists the components needed in making a product?



Inventory report



Bill of materials



Move ticket



Operations list

 You Answered Incorrectly. Incorrect. As is indicated by the name, this document lists the steps (or operations) needed to make a product.

Question 118




A hospital that is launching a big data initiative should initially consider all the following



Privacy law.



Qualitative characteristics of the data.



Roles and responsibilities.



Load at capacity.

 You Answered Incorrectly. Incorrect. Considering roles and responsibilities is an important initial consideration for a big data initiative. Establishing a governance structure will require considering appropriate roles and responsibilities.

Question 119



(tb.int.entwide.cloud.syst.005_17)

A marketing manager at Hubert Humbert Fashion Designers is using a component of its organizationwide ERP system to determine which accounts generate the most profitable returns to the company. The manager is using the _________ component of the system.


51/83

11/4/2017

WileyCPAexcel-BEC



CRM



OLAP



OLTP




 You Answered Incorrectly. Incorrect. This activity is unrelated to online analytical processing (OLAP) system.


Compared to online real-time processing, batch processing has which of the following disadvantages?



A greater level of control is necessary.



Additional computing resources are required.



Additional personnel are required.



Stored data are current only after the update process.

 You Answered Correctly! This answer is correct because batch-processed data is not updated until the batch is processed.


In a client/server environment, the "client" is

likely to be the



Supplier of the computer system.



Computers of various users.



Computer that contains the network’s software and provides services to a server.



Database administrator.

 You Answered Correctly! This answer is correct because the "client" may be viewed as the computer or workstation of the individual user. https://app.efficientlearning.com/pv5/v8/5/app/cpa/bec.html?#quizBuilder

52/83

11/4/2017

WileyCPAexcel-BEC

Question 122 (tb.intro.hrdwr.001_17)

An accountant at Henry Higgins Language Lessons must sort the master file before processing recent transactions to update the master file. Henry Higgins uses ______ file storage.



Sequential



RAID



Optical disk



Data mart

 You Answered Correctly! Correct! This is an example of sequential file storage.

Question 123




Adjusting journal entries are often the responsibility of



Production managers.



The corporate finance officer.



The controller.



The JE clerk.

 You Answered Correctly! Correct! Adjusting entries are usually posted by the controller in the general ledger cycle.


Which of the following controls is mostly likely to prevent a kickback to a purchasing agent?



Prenumbering of purchase order



Matching packing lists to vendor invoices


53/83

11/4/2017

WileyCPAexcel-BEC



Periodically requiring purchasing agents to disclose their relationships to all vendors



Requiring authorization to receive goods from vendors

 You Answered Correctly! Correct! This control will help prevent kickbacks to purchasing agents. Requiring a statement from vendors as to whether they are: (1) related to or have had (2) non-work related contact with vendors would help prevent kickbacks. Of course, the agents can lie, but at least there is a stronger evidence trail of misconduct if they lie in response to these questions.

Question 125 (tb.hr.pay.cyc.002_17)


a goal of the HR/payroll cycle?



Accurately computing taxes



Minimizing the time required to move goods from raw materials to in-process inventory



Securing information about an employee's drug addiction



Complying with employment laws and regulations

 You Answered Correctly! Correct! This is a goal of the production cycle, not the HR/payroll cycle.

Question 126



(tb.erm.cloud.computing.002_17)

Cloud computing is an appropriate topic for a board of directors’ discussion when



Cloud computing risks are high.



Most board members are knowledgeable about cloud computing.



The potential for management override of controls is high.



Management sets a tone at the top of strong performance incentives.

 You Answered Incorrectly.


54/83

11/4/2017

WileyCPAexcel-BEC

Incorrect. While knowledgeable board members would facilitate a discussion of cloud computing, this is not a motivation for including this topic at a board meeting.

Question 127



(IFTC-0101)

Which of the following internal control procedures would prevent an employee from being paid an inappropriate hourly wage?



Having the supervisor of the data entry clerk verify that each employee’s hours worked are correctly entered into the system.



Using real-time posting of payroll so there can be no after-the-fact data manipulation of the payroll register.



Giving payroll data entry clerks the ability to change any suspicious hourly pay rates to a reasonable rate.



Limited access to employee master files to authorized employees in the personnel department.

 You Answered Incorrectly. This answer is incorrect because using real-time posting of payroll would not improve the accuracy of wage rates.


Fictitious customers are an important risk of the



General ledger cycle.



Revenue cycle.



Financing cycle.



Expenditure cycle.

 You Answered Correctly! Correct! Fictitious customers can be, and often are (in frauds), used to overstate revenue and sales.


55/83

11/4/2017

WileyCPAexcel-BEC

Question 129 (aq.it.bus.strat.001_2017)

_____ is the name of the processes and structures, implemented by the board, to achieve organizational goals.



Governance



Matching



Oversight



Strategy

 You Answered Incorrectly. Incorrect - this is the definition of governance.


Which of the following terms

describes a payroll system?



Database management system (DBMS).



Transaction processing system (TPS).



Decision support system (DSS).



Enterprise resource planning (ERP) system.

 You Answered Correctly! This answer is correct. A payroll system is a transaction processing system.

Question 131



(IFTC-0023)

In a daily computer run to update checking account balances and print out basic details on any customer’s account that was overdrawn, the overdrawn account of the computer programmer was never printed. Which of the following control procedures would have been

effective in detecting

this fraud?



Use of the test-data approach by the author in testing the client’s program and verification of


56/83

11/4/2017

WileyCPAexcel-BEC

the subsidiary file.



Use of a running control total for the master file of checking account balances and comparison with the printout.



A program check for valid customer code.



Periodic recompiling of programs from documented source files, and comparison with programs currently in use.

 You Answered Incorrectly. This answer is incorrect because using a running control total of all checking account balances could not be meaningfully compared with a printout of overdrawn accounts.


A system in which the end user is responsible for the development and execution of the computer application that he or she uses is referred to as



Microcomputing.



End-user computing.



Distributed computing.



Decentralized computing.

 You Answered Correctly! This answer is correct because in end-user computing, the user is responsible for the development and execution of the computer application that generates the information used by that same user.

Question 133



(tb.it.cobit.001_17)

The

target audience of COBIT includes ___________ while the

target audience of

COSO includes __________________.

 

Internal auditors; external auditors Board of directors; management


57/83

11/4/2017

WileyCPAexcel-BEC



Board of directors; external auditors



Management; internal auditors

 You Answered Incorrectly. Incorrect. The target audience of COBIT does not include the board of directors. However, managers are part of the target audience for COSO.


Reggie Sloanback, the operations manager, writes a spreadsheet to keep track of fixed assets at Mason's Masonry and Stoneworks, a manufacturer of stone structures and sculptures. His spreadsheet does not link to the ERP used at Mason's. The most serious internal control concern about this situation is



Incompatibility of operating systems.



Overcentralization of systems.



User-developed systems can create control issues.



The use of incompatible devices.

 You Answered Correctly! Correct! User-created systems can create multiple control issues. Users often inadequately test and review the systems that they develop.

Question 135 (tb.it.compcrim.003_17)

Imagine software at a bank that, on a specific future date, began to accumulate the remainders from calculations into an account owned by the perpetrator. This attack is a combination of a ______ and a ________.



DoS attack; man-in-middle attack



Logic bomb; data leakage



Phishing attack; software piracy



Salami fraud; logic bomb


58/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! Correct! The remainder accumulation is a salami fraud; the future date execution is a logic bomb.

Question 136




A zombie computer is used most frequently to perpetrate a _________ attack:



DoS



Man-in-the-middle



Phishing



Session

 You Answered Correctly! Correct! Zombie or botnet computers are often used perpetrate denial of service (DoS) attacks.

Question 137



(tb.it.cobit.004_17)

The IT Steering Committee at Henry Flower's Flower shop is assessing whether to purchase, or internally develop, a new CRM (customer relationship management) system. In the COBIT model, this is best classified as an example of

 







Monitoring.


 You Answered Incorrectly. Incorrect. A make or purchase decision, such as is described in this case, is not a part of assessing how IT can best contribute to business objectives.


59/83

11/4/2017

WileyCPAexcel-BEC


Which of the following is least likely to be considered an advantage of a value-added network (VAN)?



Reduce communication and data protocol problems.



Increased security.



Reduced cost.



Partners do not have to establish numerous point-to-point connections.

 You Answered Correctly! This answer is correct since VAN are often costly.


To maintain effective segregation of duties within the information technology function, an application programmer should have which of the following responsibilities?



Modify and adapt operating system software.



Correct detected data entry errors for the cash disbursement system.



Code approved changes to a payroll program.



Maintain custody of the billing program code and its documentation.

 You Answered Correctly! This answer is correct. An appropriate function for an application programmer includes making code approved changes to a payroll program.

Question 140



(tb.it.bus.strat.004_17)

Gus McCrae, an accountant at Lonesome Dove Cattle Ranch, builds a spreadsheet to track cow movements between locations. However, there are so few movements of cattle between locations that the spreadsheet is unhelpful. This problem illustrates which of the following issues?



Inadequate scope and scalability


60/83

11/4/2017

WileyCPAexcel-BEC



Lack of strategic focus



Lack of strategic engagement



Digitization

 You Answered Incorrectly. Incorrect. This is not primarily an issue of scope or scalability. Scope concerns whether a system is built too small or too large. Scalability concerns whether a system can expand with growth. This is, quite frankly, a system that should not have been created. Therefore, scope and scalability are not the primary concerns.


A fast-growing service company is developing its information technology internally. What is the first step in the company’s systems development life cycle?



Analysis



Implementation



Testing



Design

 You Answered Correctly! This answer is correct. The steps in the systems development life cycle are analysis, design, build, test, and implement.


A validation check used to determine if a quantity ordered field contains only numbers is an example of a(n)



Input control.



Audit trail control.



Processing control.



Data security control.


61/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! This answer is correct. A validation check at data entry that verifies that a quantity field contains only numbers is an example of a programmatic means of ensuring the accuracy of the value in that no nonnumeric characters are permitted; this is an input control.


Billy Bigswater reviews a listing of each customer and how long each amount owed by a customer has been outstanding. This is most likely



An aged trial balance, to determine the age and collectability of accounts receivable.



A customer order document, to determine if the correct items were shipped to a customer.



A customer invoice, to determine if a customer's bill is correct.



A bill of lading, to determine if the correct items were shipped to a customer.

 You Answered Correctly! Correct! This is an accurate description of an aged trial balance and a good reason for reviewing it.

Question 144 (aq.it.bus.strat.002_2017)

_____ is the name of the processes and structures, implemented by the board, to achieve organizational goals.



Governance



Matching



Oversight



Strategy

You Answered Incorrectly.

 Correct – this is the definition of governance.


62/83

11/4/2017

WileyCPAexcel-BEC


An entity doing business on the Internet

likely could use any of the following methods to prevent

unauthorized intruders from accessing proprietary information



Password management.



Data encryption.



Digital certificates.



Batch processing.

 You Answered Correctly! This answer is correct. Batch processing is a method of processing transactions. It does not serve to protect information processed on the Internet.

Question 146 (it.ntworks2.003_17)

Roger buys seashells from Sally's SeaShore Sales. A more secure way for Roger to access Sally's website is by



XBRL.



An intranet.



The Internet.



An extranet.

 You Answered Correctly! Correct! This is the most secure access means of the available choices.


A customer’s order was never filled because an order entry clerk transposed the customer identification number while entering the sales transaction into the system. Which of the following controls would likely have detected the transposition?


63/83

11/4/2017

WileyCPAexcel-BEC



Sequence test.



Completeness test.



Validity check.



Limit test.

 You Answered Incorrectly. Incorrect. A sequence test is a test to see if a sequence is in the right order. It would not determine whether the account was valid.


To prevent interrupted information systems operation, which of the following controls are typically included in an organization’s disaster recovery plan?



Backup and data transmission controls.



Data input and downtime controls.



Backup and downtime controls.



Disaster recovery and data processing controls.

 You Answered Correctly! This answer is correct because a disaster recovery plan should include both backup and downtime controls.

Question 149




Winifred, an internal auditor, wants to determine if employee pay rates are accurate. Her best strategy for accomplishing this goal is to



Review W-2s.



Review Form 941.

 

Review W-3s. Review the cumulative earnings register.


64/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! Correct! This review will enable Winifred to determine if employee pay rates are accurate. She can evaluate these over time, and across job descriptions and ranks.


The strength of a “defense-in-depth” security strategy is in its ability to



Implement layered, mutually supportive levels of control.



Respond, collect evidence, and prosecute violators.



Prevent, detect, and substitute logical for physical controls.



Operationalize patches to prevent intrusion.

 You Answered Correctly! Correct! A defense-in-depth strategy implements layered, multi-level controls to minimize system risks.

Question 151



(IFTC-0020)

If a control total were to be computed on each of the following data items, which would

be

identified as a hash total for a payroll application?

 

Hours worked. Total debits and total credits.



Net pay.



Department numbers.

 You Answered Incorrectly. This answer is incorrect because the total of net pay normally has a meaning, such as equaling the credit to cash based on the payroll.


65/83

11/4/2017

WileyCPAexcel-BEC


Which of the following statements best characterizes the function of a physical access control?



Protects systems from the transmission of Trojan horses.



Provides authentication of users attempting to log in to the system.



Separates unauthorized individuals from computer resources.



Minimizes the risk of incurring a power or hardware failure.

 You Answered Correctly! This answer is correct because physical access controls are those that limit the access to computer equipment, files, and documentation.


An enterprise resource planning system is designed to



Allow nonexperts to make decisions about a particular problem.



Help with the decision-making process.



Integrate data from all aspects of an organization's activities.



Present executives with the information needed to make strategic plans.

 You Answered Correctly! It is a primary objective of an enterprise resource planning system to integrate data from all aspects of an organization's activities into a centralized data repository. Hence, this is the best answer to the question.


A distributed processing environment would be

beneficial in which of the following situations?



Large volumes of data are generated at many locations and fast access is required.



Large volumes of data are generated centrally and fast access is not required.


66/83

11/4/2017



WileyCPAexcel-BEC

Small volumes of data are generated at many locations, fast access is required, and summaries of the data are needed promptly at a central site.



Small volumes of data are generated centrally, fast access is required, and summaries are needed monthly at many locations.

 You Answered Correctly! This answer is correct because a distributed data processing system is useful when processing is done in multiple locations. It enables processing of a large volume of transactions and fast access to data.


An employee mistakenly enters April 31 in the date field. Which of the following programmed edit checks offers the

solution for detecting this error?

 

Online prompting. Mathematical accuracy.



Preformatted screen.



Reasonableness.

 You Answered Correctly! This answer is correct. A reasonableness test would not allow an invalid date to be accepted.

Question 156




Winifred, an internal auditor, wants to determine if payroll taxes have been properly withheld and paid. Her best strategy for accomplishing this goal is to



Review W-2s.



Review Form 941.



Review W-4s.



Review the cumulative earnings register.


67/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Incorrectly. Incorrect. W-2s do not show aggregate withholdings and payments. This is not the most efficient way to determine the answer to this question.

Question 157



(AICPA.130718BEC)

In an e-commerce environment that requires that the information technology (IT) system be available on a continuous basis, more emphasis will be placed on which of the following aspects of the planning than in a traditional organization?



Maintain appropriate written source documents so the data can be re-entered if it is lost or compromised.



Maintain redundant systems for instant availability to assure the flow of transactions.



Review additional expenses to obtain the required amount of business interruption insurance coverage for the organization.



Assure that appropriate data backups are stored in an off-site location.

 You Answered Correctly! This is the best answer since system redundancy is essential to ensuring business continuity.

Question 158 (tb.prod.cyc.001_17)

Which document lists the steps in making a product?



Inventory report



Bill of materials



Move ticket



Operations list

 You Answered Correctly! Correct! As is indicated by the name, this document lists the steps (or operations) needed to make a product.


68/83

11/4/2017

WileyCPAexcel-BEC


During the annual audit, it was learned from an interview with the controller that the accounting system was programmed to use a batch processing method and a detailed posting type. This would mean that individual transactions were



Posted upon entry, and each transaction had its own line entry in the appropriate ledger.



Assigned to groups before posting, and each transaction had its own line entry in the appropriate ledger.



Posted upon entry, and each transaction group had a cumulative entry total in the appropriate ledger.



Assigned to groups before posting, and each transaction group had a cumulative entry total in the appropriate ledger.

 You Answered Correctly! This answer is correct. This describes a batch processing method and a detailed posting type.


Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals?



Network maintenance and wireless access.



Data entry and antivirus management.



Data entry and application programming.



Data entry and quality assurance.

 You Answered Correctly! This answer is correct. Performing data entry and application programming are incompatible duties.



69/83

11/4/2017

WileyCPAexcel-BEC

The ability to add or update documentation items in data dictionaries should be restricted to



Database administrators.



System programmers.



System librarians.



Application programmers.

 You Answered Correctly! This answer is correct. Access must be controlled to ensure integrity of documentation although "read" access should be provided to other parties as it is important for applications development and maintenance.

Question 162




Which of the following is a backoor?



Unauthorized copying of software



The use of powerful software to access secure information while bypassing normal controls



A software program that allows an unauthorized user to gain access to the system by sidestepping the normal logon procedures.



An attacker identifies an IP address (usually through packet sniffing) and then attempts to use that address to gain access to the network

 You Answered Correctly! Correct! This is a back door.

Question 163



(IFTC-0070)

What is a major disadvantage to using a private key to encrypt data?



Both sender and receiver must have the private key before this encryption method will work.



The private key cannot be broken into fragments and distributed to the receiver.



The private key is used by the sender for encryption but not by the receiver for decryption.


70/83

11/4/2017



WileyCPAexcel-BEC

The private key is used by the receiver but not by the sender for encryption.

 You Answered Incorrectly. This answer is incorrect because it is not a disadvantage.


A value-added network (VAN) is a privately owned network that performs which of the following functions?



Route data transactions between trading partners.



Route data within a company’s multiple networks.



Provide additional accuracy for data transmissions.



Provide services to send marketing data to customers.

 You Answered Correctly! This answer is correct because a value-added network is a system that routes data transactions between trading partners.


When considering disaster recovery, what type of backup facility involves an agreement between two organizations to aid each other in the event of disaster?



Cold site.



Hot site.



Reciprocal agreement.



Rollback.

 You Answered Correctly! This answer is correct because a reciprocal agreement involves agreement between two or more organizations to help each other in the event of disaster to one’s processing.


71/83

11/4/2017

WileyCPAexcel-BEC


Which of the following is usually a benefit of using electronic funds transfer for international cash transactions?



Creation of multilingual disaster recovery plans.



Reduction in the frequency of data entry errors.



Off-site storage of foreign source documents.



Improvement in the audit trail for cash transactions.

 You Answered Correctly! This answer is correct because electronic funds transfer systems minimize the need for entry of information and, therefore, reduce the chance of entry errors.


Jones and Willy recently implemented an automated accounting system to replace their manual accounting system. While setting up the system, they find that:



They need to permanently run the manual and automated accounting systems as a control over processing.



The automated system requires controls related to people, software, and hardware.



Access controls are of less importance in the new system.



The company's external auditors are best qualified to set up the new system.

 You Answered Correctly! Correct! This is a true statement about automated systems.


Which of the following is a primary function of a database management system?



Report customization.


72/83

11/4/2017

WileyCPAexcel-BEC



Capability to create and modify the database.



Financial transactions input.



Database access authorizations

 You Answered Correctly! This answer is correct. One of the functions is to create and modify the database.

Question 169 (tb.acct.sys.cyc.intro.001_17)

Which of the following steps in the accounting cycle comes before posting entries to accounts?



Journalize closing entries.



Analyze transactions.



Prepare reports.



Prepare post-closing trial balance.

 You Answered Incorrectly. Incorrect. Journalize closing entries comes after posting entries to accounts.

Question 170



(tb.it.secur.princ.003_17)

The first steps in assessing privacy issues in an organization is to



Write notifications to stakeholders; inventory the accuracy of data.



Inventory data; determine relevant laws and regulations.



Draft opt-out provisions; obtain top management buy-in for these provisions



Secure existing data; determine disclosures allowed to third parties.

 You Answered Correctly! Correct! These are the first steps in assessing privacy in an organization. Understanding existing data and the laws that govern is the correct starting point.


73/83

11/4/2017

WileyCPAexcel-BEC


An overall description of a database, including the names of data elements, their characteristics, and their relationship to one another, would be defined by using a



Data definition language.



Data control language.



Data manipulation language.



Data command interpreter language.

 You Answered Correctly! This answer is correct. The data definition language defines the database structure and content, especially the schema and subschema descriptions, including the names of the data elements contained in the database and their relationship to each other.


Credit Card International developed a management reporting software package that enables members interactively to query a data warehouse and drill down into transaction and trend information via various network set-ups. What type of management reporting system has Credit Card International developed?



On-line analytical processing system.



On-line transaction-processing system.



On-line executive information system.



On-line information storage system.

 You Answered Correctly! On-line analytical processing systems (OLAPs) are an increasingly important multidimensional analytical tool. An OLAP is a modification and expansion of an on-line transaction processing system to provide the capabilities and functionalities identified in this question.


74/83

11/4/2017

WileyCPAexcel-BEC

(IFTC-0036)

An input clerk enters a person’s employee number. The computer responds with a message that reads “Employee number that you entered is NOT assigned to an active employee. Please reenter.” What technique is the computer using?



Optical character recognition (OCR).



Check digit.



Validity check.




 You Answered Correctly! This answer is correct because with a validity check the computer compares input reference data to tables or master files to make sure that valid codes are being used. In this example, the computer compared the input with a table containing the employee numbers of all active employees.


Which of the following structures refers to the collection of data for all vendors in a relational data base?



Record.



Field.



File.



Byte.

 You Answered Incorrectly. This answer is incorrect. A field is an element of a record.

Question 175 (tb.it.appctrl.lib.doc.001_17)


75/83

11/4/2017

WileyCPAexcel-BEC

Sad Reginald wrote software for the Valencia Clown Revue. One fine day, however, having grown tired of computers and software, he became a juggler, fire eater, and fainting goat farmer. After his departure, the Valencia Clown Revue was unable to maintain and upgrade the systems that Sad Reginald had written. The best control for preventing this failure would be



Automated accruals and deferrals.



User documentation.

 

Operator documentation. Program documentation.

 You Answered Correctly! Correct! Program documentation would allow Sad Reginald's successor to maintain the software.

Question 176



(IFTC-0006)

Which of the following constitutes a weakness in the internal control of a computer system?



One generation of backup files is stored in an off-premises location.



Machine operators distribute error messages to the control group.



Machine operators do not have access to the complete systems manual.



Machine operators are supervised by the programmer.

 You Answered Correctly! This answer is correct because machine operators should not be supervised by the programmer. Good internal control in a computer system requires that operators, programmers, and the library function be segregated.

Question 177




The best starting point for an organizational big data initiative is:



Data mining.


76/83

11/4/2017

WileyCPAexcel-BEC



A social media data assessment.



A governance structure.



Assessing controls

 You Answered Incorrectly. Incorrect. Data mining is not a good starting point. A governance structure is a good starting point.

Question 178




In a cyber-incident response plan, removal of the threat comes before



Decision and action regarding event announcement or secrecy.



Triage.

 

Severity classification. Event logging.

 You Answered Correctly! Correct! This comes after removal of the threat.

Question 179




A company's trading activities may of additional concern in relation to



HR.



Sales contracts.



The financing cycle.



The general ledger cycle.

 You Answered Incorrectly. Incorrect. Trading activities are usually unrelated to sales contracts.


77/83

11/4/2017

WileyCPAexcel-BEC

Question 180 (tb.it.policies.003_17)

IT policies are particularly valuable in _______ and _________ organizations.



Asset-intensive; centralized



Decentralized; geographically disbursed



Low-reliability; gaming



Cooperative; incipient

 You Answered Correctly! Correct! These attributes make IT policies particularly valuable, since personnel are disbursed across multiple locations. IT policies are particularly valuable with disbursed units.

Question 181



(IFTC-0013)

When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an error report. The error report should

probably be reviewed and

followed up by the



Supervisor of computer operations.



Systems analyst.



Control group.




 You Answered Incorrectly. This answer is incorrect because the systems analyst is responsible for designing the system, and accordingly should not have internal audit responsibility.


A digital signature is used primarily to determine that a message is



Unaltered in transmission.


78/83

11/4/2017

WileyCPAexcel-BEC



Not intercepted in route.



Received by the intended recipient.



Sent to the correct address.

 You Answered Correctly! This answer is correct because the digital signature assures the recipient that the message came from a certain individual and it was not modified.

Question 183



(IFTC-0003)

Which of the following employees normally would be assigned the operating responsibility for designing a computer installation, including flowcharts of data processing routines?






Data processing manager.



Systems analyst.



Internal auditor.

 You Answered Incorrectly. This answer is incorrect because computer programmers write detailed programs based upon the work of the systems analyst.


An assessment of the likelihood and severity of cyber risk impacts should be led by ____________ and should include ____________.



IT stakeholders; users



The board president; the board of directors



White hackers; cyber security experts



Senior management; individuals who know the organization's cyber risk profile


79/83

11/4/2017

WileyCPAexcel-BEC

 You Answered Correctly! Correct! This initiative should be led by senior management and should include cyber security experts who are familiar with the organization.

Question 185 (tb.it.sytms.data.strctr.001_17)

Lonesome Dove Cattle Ranch stores its accounting system data in multiple tables (i.e., matrices) that are linked by common key fields. This data structure is called



Flat files.



Matrix organization.



A database system.



An OLTP.

 You Answered Correctly! Correct! This is a database.


In which of the following locations should a copy of the accounting system data backup of year-end information be stored?

 

Secure off-site location.



Fireproof cabinet in the data network room.



Locked file cabinet in the accounting department.

Data backup server in the network room.

 You Answered Correctly! This answer is correct because it is desirable to store the data in a separate secure location to prevent loss from fire or natural disaster.


80/83

11/4/2017

WileyCPAexcel-BEC


An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director

likely preparing?



Data restoration plan.



Disaster recovery plan.



System security policy.



System hardware policy.

 You Answered Correctly! This answer is correct. This information would be useful in reconstructing a database in the event of a disaster.


Backup and recovery systems should be both _________ and ____________.



RAID ready; SAN accessible



Mirrored; remote



Off-line; on-line



Off-site; redundant

 You Answered Correctly! Correct! Backup systems should include an off-site company and should include redundancy.

Question 189




Winifred, an internal auditor, wants to access company data from the company's 10-K SEC filing. An efficient way to access these data would be to use the SEC's _______ system to access the ________ filing.


81/83

11/4/2017

WileyCPAexcel-BEC



Internet; pdf



EDGAR; XBRL



Intranet; paper



Exchange; Dropbox

 You Answered Correctly! Correct! Accessing the company's XBRL (i.e., eXtensible business reporting language) filing in the EDGAR system is the most efficient way to get these data.


The best control to avoid ordering unneeded goods is



A receiving report.

 

A vendor invoice.



Automated payment.

A purchase requisition.

 You Answered Correctly! Correct! A purchase requisition is a formal document that orders goods. It is the best offered control related to the risk of ordering unneeded goods.



likely to be an advantage of an automated accounting system?



A distinct, easily followed audit trail



Processing speed



Fewer idiosyncratic errors



Less likelihood of intrusion


82/83

11/4/2017

WileyCPAexcel-BEC

Correct! Audit trails tend to be more transparent in manual than in automated accounting systems.

Question 192 (tb.emerg.tech.big.data.001_17)

Walmart analyzes point-of-sale data to determine sales trends, develop marketing campaigns, and predict customer loyalty. Walmart is engaged in _____________ using __________.



Online marketing; social media data



Industrial espionage; internal data



Data mining; big data



Audit analytics; a database

 You Answered Correctly! Correct! This is an example of using data mining with big data.


83/83

IT 192 Quests

Recommend Documents