corrupted data.
Question 1
In regard to data base backup the auditor’s objective is to verify that the database controls are adequate to facilitate the recovery of lost, destroyed or corrupted data.
True
False
Question 2
A user’s application may consist of several modules stored in separate memory locations, each with its own data. One module must not be allowed to destroy or corrupt another module. This is an objective of
operating system controls.
data resource controls.
computer center and security controls.
application controls.
Question 3
Audit trails can be used to support system security by:
Detecting unauthorized access to the system.
Facilitating the reconstruction of events.
Promoting personal accountability.
All of the above.
Question 4
A program whose sole purpose is to capture IDs and passwords from unsuspected users is called:
virus.
worm.
Trojan horse.
logic bomb.
Question 5
Reviewing database authority tables is a(n)
access control.
organizational structure control.
data resource control.
operating resource control.
Question 6
In regard to controlling access privileges which of the following is false?
The systems administrator or the owner of the resource (system) normally assigns the access privilege.
User access privileges are assigned to indivuduals or to entire user workgroups.
User access privileges determine what files can be accessed and what can be done to those files.
Because of the nature of computerized systems, management need not be concerned with assigning access privileges that are incompatible with assigned duties.
Question 7
In reference to Electronic Data Interchanges (EDI) which of the following is false?
Both the customer and the supplier must establish that the transaction being processed is to (or from) a valid trading partner and is authorized.
EDI trading partners must permit a degree of access to private files that would be forbidden in the traditional environment.
The EDI process makes use of periodic human intervention to insure adequate internal control.
Screening.
Question 8
Which of the following techniques is not normally considered a way to reduce malicious and destructive computer programs.
Purchase software only from reputable vendors.
Have an organization wide policy prohibiting the use of unauthorized software.
Prevent illegal access through a password system.
Examine all vendor software upgrades and public domain software for viruses before installing.
