TBChap012

Chapter 12 Monitoring and Auditing AIS

1.

Data mining is the process of searching for patterns in the data in a data warehouse and to analyze the patterns for decision making. True

2.

The data in a data warehouse are updated when transactions are processed. True

3.

False

False

Parallel simulation uses an independent program to simulate a part of an existing application program, and is designed to test the validity and to verify the accuracy of an existing appli cation program. True

False

4. Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding surrounding the handling of data in a company. True 5.

False

Computer-assisted Computer-assisted audit techniques (CAAT) are often used when auditing a company's IT infrastructure. True

False

12-1 Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

6.

Firewalls are security systems comprised of hardware and software that is built using routers, servers, and a variety of software. True

7.

False

The Generally Accepted Auditing Standards (GAAS) issued by PCAOB provide guidelines for conducting an IS/IT audit. True

8.

False

Virtual private network (VPN) is a private network, provided by a third party, for exchanging information through a high capacity connection. True

9.

False

A wireless network is comprised access points and stations. Access points logically connect stations to a firm's network. True

False

10. Integrated test facility (ITF) is an aut omated technique that enables test data to b e continually evaluated during the normal operation of a system. True

False

11. Accountants increasingly participate in designing internal controls and improving business and IT processes in a database environment. environment. True

False

12. A data warehouse is for daily operations and often includes data for the current fiscal year only. True

False

13. Parallel simulation attempts attempts to simulate the firm's key features or processes. True

False


14. Embedded audit module is a programmed audit module that is added to the system under review. True

False

15. A continuous audit is to perform audit-related activities on a continuous basis. True

False

16. Which of the following is not an approach used for the online analytical processing (OLAP).

A. Exception reports B. What-if simulations C. Consolidation D. Data mining 17. The purpose of a company's firewall is to:

A. Guard against spoofing B. Filtering packets C. Deny computer hackers access to sensitive data D. All of the above


18. Which of the statements regarding the data warehouse is incorrect?

A. It is a centralized collection of firm-wide data B. The purpose of a data warehouse is to provide a rich data set for management to identify patterns and to examine trends of business events C. Includes data for the current fiscal year only D. The data in a data warehouse is pulled from each of the operational databases periodically periodically 19. Which of the following statements about switches is correct?

A. Hub is smarter than Switch. B. Switches provide more security protections than hubs do for a company's internal network. C. Switch is widely used in WANs. D. A Switch contains multiple ports. 20. Which of the following describes a group of computers that connects the internal users of a company distributed over an office building?

A. Internet B. LAN C. Virtual private network (VPN) D. Decentralized network 21. Which of the following is not a management control for wireless networks?

A. Assigning roles and responsibilities of employees for access control B. Conducting risk assessment on a regular basis C. Conducting appropriate awareness training on wireless networks D. Creating policies and procedures


22. What is the man-in-the-middle threat for wireless LANs?

A. The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network B. The attacker passively monitors wireless networks for data, including authentication authentication credentials C. The attacker steals or makes unauthorized use of a service D. The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data. 23. Which of the following statements regarding the black-box approach for systems auditing is correct?

A. The auditors need to gain detailed knowledge of the systems' internal internal logic B. The black-box approach could be adequate when automated systems applications are complicated C. The auditors first calculating expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or o utput results. D. All of the above are correct 24. What is data mining?

A. A particular attribute of information. B. A common term for the representation of multidimensional multidimensional data. C. The process of analyzing data to extract of information that is not affected by the raw data alone. D. None of the above is correct.


25. What is the test data technique?

A. It uses a set of input data to validate system integrity. B. It requires auditors to prepare both valid and invalid data d ata to examine critical logics and controls of the system C. It is an automated technique that enables test data to be continually evaluated during the normal operation of a system D. A and B are correct E. None of the above is correct 26. Within a WAN, a router would perform which of the following functions?

A. Provide the communication within the network B. Select network pathways within a network for the flow of data packets. C. Amplify and rebroadcast signals in a network D. Forward data packets to their internal network destination destination 27. Which of the following strategies will a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

A. Continuous monitoring and analysis of transaction processing with an embedded audit module. B. Increased reliance on internal control activities that emphasize the segregation of duties. C. Verification of encrypted digital certificates used to monitor the authorization of transactions. D. Extensive testing of firewall boundaries that restrict the recording of outside network traffic. 28. Which of the following is the primary reason that many auditors hesitate to use embedded audit modules?

A. Embedded audit modules cannot be protected from computer viruses. B. Auditors are required to monitor embedded audit modules continuously to obtain valid results. C. Embedded audit modules can easily be modified through management tampering. D. Auditors are required to be involved in the system design of the application to be monitored.


29. The results of a generalized audit software simulation of the aging of accounts receivable revealed substantial differences in the aging contribution, even though grand totals reconciled. Which of the following should the IS auditor do first to resolve the discrepancy?

A. Recreate the test, using different software. B. List a sample of actual data to verify the accuracy of the test program. C. Ignore the discrepancy because the grand totals reconcile and instruct the controller to correct program. D. Create test transactions and run test data on both the production and si mulation program. 30. Common IT techniques that are needed to implement continuous auditing include

A. Data warehouse and data mining B. Transaction logging and query tools C. Computer-assisted audit techniques. D. All of the above. 31. Which statements are incorrect about virtual private network (VPN)?

A. It is a way to use the public telecommunication infrastructure infrastructure in providing secures access to an organization's network. B. It enables the employees to work remotely by accessing their firm's network securely using the Internet C. The packets sent through VPN are encrypted and with authentication technology. D. The expensive cost is one major disadvantage of VPN. 32. LAN is the abbreviation for

A. Large Area Network. B. Local Area Network. C. Longitudinal Analogue Network. D. Low Analytical Nets.


33. Which of the following is least likely to be considered a component of a computer network?

A. Application programs. B. Computers. C. Servers. D. Routers. 34. Which of the following statements regarding the purposes of an operating system is correct?

A. To ensure the integrity of a system B. To control the flow of multiprogramming and tasks of scheduling in the computer C. To allocate computer resources to users and applications D. All of the above are correct 35. Which of the following is not a benefit of using wireless technology?

A. Mobility B. Rapid deployment C. Flexibility and Scalability D. Security 36. Masquerading threat for wireless LANs is:

A. The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data B. The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it C. The attacker passively monitors wireless networks for data, including authentication authentication credentials D. The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network


37. Which of the following statements is not correct?

A. The IP address of a desktop d esktop computer often changes B. The MAC address of a desktop computer often changes C. The IP address of a Web server does not change D. Each hardware device must have a MAC address 38. Which of the following is not a use of CAATs in auditing?

A. Test of details of transactions and balances B. Analytical review procedures C. Fraud examination D. Produce terms and conditions of employment 39. Which of the following statements is wrong regarding continuous audit?

A. Continuous audit is to perform audit-related audit -related activities on a continuous basis B. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance C. Technology plays a key role in continuous audit in analyzing trends and patterns of transactions, identifying exceptions and anomalies, and testing controls D. Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis


40. Which of the following statements about firewalls is wrong?

A. A firewall is a security system comprised of hardware and software that is built using routers, servers, and a variety of software B. A firewall allows individuals on the corporate network to send and receive data packets from the Internet C. A firewall can filter through packets coming from outside networks to prevent unauthorized access D. A firewall connects different LANs, software-based intelligent devices, examines IP addresses


41. Identify each of the fo llowing statements with one of the five fundamental control objectives of operating systems. Control objectives: (a) Protect operations systems from users. (b) The operating system must protect users from each other. (c) The operating system must be protected from itself. (d) The operating system must be protected p rotected from its environment. (e) The operating op erating system must protect users from themselves.


42. Categorize the following scenarios as management, operational, or technical controls for wireless networks' security controls.

43. What are the two approaches of CAATs in auditing systems? What are the differences between them?


44. What are the differences between LANs and WANs? Have you ever used any LANs and WANS?

45. What are the general security objectives for both wired LANs and wireless LANs?

46. What are the benefits of conducting continuous audits (or monitoring)?


47. Discuss five significant barriers that are often encountered in implementing continuous auditing?

48. List common security threats for wireless LANs. Find a specific case in which the security of wireless LANs was threatened. Given the case you find, comment on how to prevent or mitigate the threats?


Chapter 12 Monitoring and Auditing AIS Answer Key

1.

Data mining is the process of searching for patterns in the data in a data warehouse and to analyze the patterns for decision making.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

2.

The data in a data warehouse are updated when transactions are processed.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

3.

Parallel simulation uses an independent program to simulate a part of an existing application program, and is designed to test the validity and to verify the accuracy of an existing application program.

AACSB: Reflective Thinking AICPA BB: Industr 12-15 Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: Origina Topic: Monitoring and auditing an AI

4.

Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding surrounding the handling of data d ata in a company.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Decision Making Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

5.

Computer-assisted audit techniques (CAAT) are often used when auditing a company's IT infrastructure.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Decision Making Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-02 Understand and apply computer-assisted audit techniques. Source: Origina Topic: Monitoring and auditing an AI

6.

Firewalls are security systems comprised of hardware and software that is built using routers, servers, and a variety of software.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog 12-16 Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

7.

The Generally Accepted Auditing Standards (GAAS) issued by PCAOB provide guidelines for conducting an IS/IT audit.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: Origina Topic: Monitoring and auditing an AI

8.

Virtual private network (VPN) is a private network, provided by a third party, for exchanging information through a high capacity connection.


9.

A wireless network is comprised access points and stations. Access points logically connect stations to a firm's network.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe 12-17 Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

10.

Integrated test facility (ITF) is an automated technique that enables test data to be continually evaluated during the normal operation of a system.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-03 Explain continuous auditing in AIS. Source: Origina Topic: Monitoring and auditing an AI

11.

Accountants increasingly participate in designing internal controls and improving business and IT processes in a database environment.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Decision Making Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

12.

A data warehouse is for daily operations and often includes data for the current fiscal year only.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas 12-18 Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

13.

Parallel simulation attempts to simulate the firm's key features or processes.


14.

Embedded audit module is a programmed audit module that is added to the system under review.


15.

A continuous audit is to perform audit-related activities on a continuous basis.



16.

Which of the following is not an approach used for the online analytical processing (OLAP).

A. Exception reports B. What-if simulations C. Consolidation C. Data mining AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

17.

The purpose of a company's firewall is to:

A. Guard against spoofing B. Filtering packets C. Deny computer hackers access access to sensitive sensitive data All of the the above AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


18.

Which of the statements regarding the data warehouse is incorrect?

A. It is a centralized collection collection of firm-wide data B. The purpose of a data data warehouse is is to provide a rich data set for management management to identify patterns and to examine trends of business events Includes data for the current current fiscal fiscal year only D. The data in a data warehouse warehouse is pulled from each of the operational operational databases periodically AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

19.

Which of the following statements about switches is correct?

A. Hub is smarter than Switch. Switch. Switches provide provide more security protections protections than hubs do for a company's company's internal network. C. Switch is widely used in WANs. D. A Switch contains multiple ports. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


20.

Which of the following describes a group of computers that connects the internal users of a company distributed over an office building?

A. Internet A. LAN C. Virtual private network (VPN) D. Decentralized network AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

21.

Which of the following is not a management control for wireless networks?

A. Assigning roles and responsibilities responsibilities of employees for access control B. Conducting risk assessment assessment on a regular basis basis Conducting appropriate awareness training on wireless wireless networks networks D. Creating policies and procedures procedures AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


22.

What is the man-in-the-middle threat for wireless LANs?

A. The attacker impersonates impersonates an authorized user user and gains certain unauthorized unauthorized privileges to the wireless network B. The attacker passively passively monitors wireless networks networks for data, including including authentication authentication credentials C. The attacker steals steals or makes unauthorized use use of a service The attacker actively intercepts intercepts communications communications between wireless clients clients and access points to obtain authentication credentials and data. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

23.

Which of the following statements regarding the black-b ox approach for systems auditing is correct?

A. The auditors need need to gain detailed detailed knowledge of the systems' systems' internal logic logic B. The black-box approach could be adequate when automated systems systems applications are are complicated The auditors first calculating calculating expected results results from the transactions transactions entered into the the system. Then, the auditors compare these calculations to the processing or output results. D. All of the above are correct AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: Origina Topic: Monitoring and auditing an AI


24.

What is data mining?

A. A particular attribute of information. information. B. A common term for the the representation representation of multidimensional multidimensional data. The process of analyzing data to extract of information information that is not affected affected by the raw data alone. D. None of the above is correct. correct. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

25.

What is the test data technique?

A. It uses a set set of input data to validate validate system integrity. integrity. B. It requires auditors auditors to prepare both valid and invalid invalid data to examine examine critical logics and controls of the system C. It is an automated technique technique that enables test data to be continually continually evaluated during during the normal operation of a system A and B are correct E. None of the above is is correct correct AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: Origina Topic: Monitoring and auditing an AI


26.

Within a WAN, a router would perform which of the following functions?

A. Provide the communication within the network Select network pathways within a network for the flow of data packets. packets. C. Amplify and rebroadcast signals signals in a network D. Forward data packets to their internal internal network destination destination AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

27.

Which of the following strategies will a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

Continuous monitoring monitoring and analysis of transaction transaction processing processing with an embedded audit module. B. Increased reliance reliance on internal internal control activities activities that emphasize emphasize the segregation segregation of duties. C. Verification of encrypted encrypted digital certificates certificates used to monitor monitor the authorization authorization of transactions. D. Extensive testing of firewall firewall boundaries that that restrict the recording recording of outside network traffic. traffic. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: CPA examination, adapte Topic: Monitoring and auditing an AI


28.

Which of the following is the primary reason that many auditors hesitate to use embedded audit modules?

A. Embedded audit modules modules cannot be protected protected from computer viruses. B. Auditors are required required to monitor embedded audit modules modules continuously continuously to obtain valid results. C. Embedded audit modules modules can easily be modified modified through management tampering. tampering. Auditors are required required to be involved in the system design design of the application to be monitored. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: CPA examination, adapte Topic: Monitoring and auditing an AI

29.

The results of a generalized audit software simulation of the aging of accounts receivable revealed substantial differences in the aging contribution, even though grand totals reconciled. Which of the following should the IS auditor do first to resolve the discrepancy?

A. Recreate the the test, using different different software. List a sample of actual data to verify verify the accuracy of the the test program. C. Ignore the discrepancy because because the grand totals reconcile reconcile and instruct the controller controller to correct program. D. Create test transactions transactions and run test data on both the the production and simulation program. program. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: CISA examination, adapte Topic: Monitoring and auditing an AI


30.

Common IT techniques that are needed to implement continuous auditing include include

A. Data warehouse warehouse and data mining B. Transaction logging and query query tools C. Computer-assisted audit techniques. All of the the above. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-03 Explain continuous auditing in AIS. Source: Origina Topic: Monitoring and auditing an AI

31.

Which statements are incorrect about virtual private network (VPN)?

A. It is a way to use the public telecommunication telecommunication infrastructure infrastructure in providing providing secures access to an organization's network. B. It enables the employees to work work remotely by accessing their firm's network network securely using using the Internet C. The packets sent sent through VPN are encrypted and with authentication technology. The expensive cost cost is one major disadvantage of VPN. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


32.

LAN is the abbreviation for

A. Large Area Network. Local Area Network. C. Longitudinal Analogue Network. D. Low Analytical Nets. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

33.

Which of the following is least likely to be considered a component of a computer network?

Application programs. B. Computers. B. C. Servers. C. D. Routers. D. AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


34.

Which of the following statements regarding the purposes of an operating system is correct?

A. To ensure the integrity integrity of a system system B. To control the flow of multiprogramming multiprogramming and tasks of scheduling in the the computer C. To allocate computer computer resources resources to users users and applications applications All of the above are correct AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

35.

Which of the following is not a benefit of using wireless technology?

A. Mobility A. B. Rapid deployment C. Flexibility and Scalability Security AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Remembe Difficulty: 1 Eas Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


36.

Masquerading threat for wireless LANs is:

A. The attacker actively intercepts intercepts communications communications between wireless wireless clients and access points to obtain authentication credentials and data B. The attacker alters a legitimate legitimate message sent sent via wireless networks networks by deleting, adding to, changing, or reordering it C. The attacker passively passively monitors wireless networks networks for data, including authentication authentication credentials The attacker impersonates impersonates an authorized user user and gains certain unauthorized unauthorized privileges privileges to the wireless network AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

37.

Which of the following statements is not correct?

A. The IP address of a desktop computer computer often changes changes The MAC address of a desktop computer often changes C. The IP address of a Web server does not change D. Each hardware device must must have a MAC address AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


38.

Which of the following is not a use of CAATs in auditing?

A. Test of details of transactions and balances B. Analytical review procedures C. Fraud examination Produce terms and conditions of employment AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-02 Understand and apply computer-assisted audit techniques. Source: Origina Topic: Monitoring and auditing an AI

39.

Which of the following statements is wrong regar ding continuous audit?

A. Continuous audit audit is to perform audit-related activities on a continuous basis B. Testing in continuous continuous audits often consists of continuous controls monitoring monitoring and continuous data assurance C. Technology plays a key key role in continuous audit in analyzing analyzing trends and and patterns of transactions, identifying identifying exceptions and anomalies, and testing controls Continuous audit is is frequently used to perform substantive substantive tests and is used for testing of controls through transactional-data analysis AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-02 Understand and apply computer-assisted audit techniques. Source: Origina Topic: Monitoring and auditing an AI


40.

Which of the following statements about firewalls is wrong?

A. A firewall is a security security system comprised of hardware and and software that is built using using routers, servers, and a variety of software B. A firewall allows allows individuals on the corporate network network to send and receive data packets packets from the Internet C. A firewall can filter through through packets coming from outside outside networks to prevent unauthorized unauthorized access A firewall connects different different LANs, software-based intelligent intelligent devices, examines IP addresses addresses AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


41.

Identify each of the following statements with one of the five fundamental control objectives of operating systems. Control objectives: (a) Protect operations systems from users. (b) The operating system must protect users from each other. (c) The operating system must be protected from itself. (d) The operating system must be protected from its environment. (e) The operating system must protect users from themselves.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Appl 12-33 Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Difficulty: 3 Har Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

42.

Categorize the following scenarios as management, operational, or technical controls for wireless networks' security controls.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Appl Difficulty: 3 Har Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


43.

What are the two approaches of CAATs in auditing sys tems? What are the differences between them?

The two approaches are auditing around the computer (the black-box approach) auditing through the computer (the white-box approach). Using the black-box approach, auditors do not need to gain detailed knowled ge of the systems' internal logic. The system will not be interrupted for auditing purposes. The approach applies when the automated systems applications are relatively simple. Using the white-box ap proach requires auditors to understand the internal logic of the system/application being tested. Auditors need to create test cases to verify specific logic and controls in a system. Auditing through the computer approach embraces a variety of techniques such as test data technique, parallel simulation. The white-box approach is used when the automated systems applications are complicated.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-02 Understand and apply computer-assisted audit techniques. Source: Origina Topic: Monitoring and auditing an AI

44.

What are the differences between LANs and WANs? Have you ever used any LANs and WANS?

1) LANs covers a small area while WANs covers a significantly larger area. 2) LANs speeds are also significantly faster than WANs. 3) LANs is more secure than WANs. 4) WANs are much more expensive to implement than LANs. The

is the most popular WAN. A local area network is often used in a computer lab on

campus. (Students' answers may vary.)

AACSB: Reflective Thinking AICPA BB: Industr 12-35 Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI

45.

What are the general security objectives for both wired LANs and wireless LANs?

1) Confidentiality: Ensure that communication cannot be read by unauthorized unauthorized parties. 2) Integrity: Detect any intentional or unintentional unintentional changes to the data during transmission. transmission. 3) Availability: Ensure that devices and individuals can access a network and its resources whenever needed. 4) Access Control: Restrict the rights of devices or individuals to access a network or resources within a network.



46.

What are the benefits of conducting continuous audits (or monitoring)?

Using continuous audit/monitoring, audit/monitoring, most firms can reduce errors and frauds; increase operational effectiveness; better comply with laws and regulations; and increase management confidence in control effectiveness and financial information. In addition, continuous auditing allows internal and external auditors to monitor transaction data in a timely manner; better understand critical control points, rules, and exceptions; perform control and risk assessments in real time or near real time; notify management of control deficiencies in a timely manner; and reduce efforts on routine testing while focus on more valuable investigation activities.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: Origina Topic: Monitoring and auditing an AI

47.

Discuss five significant barriers that are often encountered in implementing continuous auditing?

1) Access to all relevant data in a timely manner 2) Readiness of the internal audit group to develop and adopt ad opt continuous auditing 3) Accumulating and quantifying the risks and the exposures that have been identified 4) Defining the appropriate analytic that will effectively identify exceptions to controls 5) Developing a suitable scoring/weighting mechanism mechanism to prioritize exceptions

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Understan Difficulty: 2 Medium Learning Objective: 12-03 Explain continuous auditing in AIS. Source: Origina 12-37 Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Topic: Monitoring and auditing an AI

48.

List common security threats for wireless LANs. Find a specific case in which the security of wireless LANs was threatened. Given the case you find, comment on how to prevent or mitigate the threats?

1)

: The attacker passively monitors wireless networks for data, including

authentication credentials. 2)

: The attacker actively intercepts communications between wireless clients

and access points to obtain ob tain authentication credentials and data. 3)

: The attacker impersonates an authorized user and gains certain unauthorized

privileges to the wireless network. 4)

: The attacker alters a legitimate message sent via wireless networks by

deleting, adding to, changing, or reordering it. 5)

: The attacker passively monitors transmissions transmissions via wireless networks and

retransmits messages, messages, acting as if the attacker was a legitimate user. 6) 7)

: The attacker steals or makes una uthorized use of a service. : The attacker passively monitors transmissions via wireless networks to

identify communication patterns and participants. 8)

: The attacker sets up an unsecured wireless network near the enterprise

with an identical name and intercepts any messages sent by unsuspecting users that log onto it. Students' answers vary on the specific case and the approaches to mitigate the threats.

AACSB: Reflective Thinking AICPA BB: Industr AICPA FN: Leveraging Technolog Blooms: Appl Difficulty: 3 Har Learning Objective: 12-01 Understand the risks involved with computer hardware and software. Source: Origina Topic: Hardware and software risks in AI


TBChap012

Recommend Documents