MULTIPLE CHOICE

1. The operating system performs all of the following tasks except

a. translates third-generation languages into machine language
b. assigns memory to applications
c. authorizes user access
d. schedules job processing

2. Which of the following is considered an unintentional threat to the integrity of the operating system?
a. a hacker gaining access to the system because of a security flaw
b. a hardware flaw that causes the system to crash
c. a virus that formats the hard drive
d. the systems programmer accessing individual user files

3. A software program that replicates itself in areas of idle memory until the system fails is called a
a. Trojan horse
b. Worm
c. logic bomb
d. none of the above

4. A software program that allows access to a system without going through the normal logon procedures is
called a
a. logic bomb
b. Trojan horse
c. Worm
d. back door

5. All of the following will reduce the exposure to computer viruses except
a. install antivirus software
b. install factory-sealed application software
c. assign and control user passwords
d. install public-domain software from reputable bulletin boards

6. Public key encryption

a. uses one key for encoding messages and another for decoding them
b. is an enhancement to Data Encryption Standard (DES)
c. is electronic authentication that cannot be forged
d. All of the above.

7. A Trojan horse
a. burrows into a computer’s memory and replicates itself into areas of idle memory
b. is a destructive program triggered by some predetermined event
c. allows unauthorized access to a system without going through normal log on procedures
d. captures IDs and passwords from unsuspecting users
 8. Hackers can disguise their message packets to look as if they came from an authorized user and gain
access to the host’s network using a technique called
a. spoofing.
b. spooling.
c. dual-homed.
d. screening.

9. The checkpoint feature

a. makes a periodic backup of the entire database
b. uses logs and backup files to restart the system after failure
c. suspends all data processing wile the system reconciles the transaction log against the
database
d. provides an audit trail of all processed transactions

10. Which of the following is not an access control in a database system?

a. antivirus software
b. database authorization table
c. passwords
d. voice prints

11. Which is not a biometric device?

a. password
b. retina prints
c. voice prints
d. signature characteristics

12. Which of the following is not a basic database backup and recovery feature?
a. checkpoint
b. backup database
c. transaction log
d. database authority table

13. All of the following are objectives of operating system control except
a. protecting the OS from users
b. protesting users from each other
c. protecting users from themselves
d. protecting the environment from users

14. Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all
of the following except
a. failure to change passwords on a regular basis
b. using obscure passwords unknown to others
c. recording passwords in obvious places
d. selecting passwords that can be easily detected by computer criminals

15. Audit trails cannot be used to

a. detect unauthorized access to systems
b. facilitate reconstruction of events
c. reduce the need for other forms of security
d. promote personal accountability
 16. Which control will not reduce the likelihood of data loss due to a line error?
a. echo check
b. encryption
c. vertical parity bit
d. horizontal parity bit

17.Which method will render useless data captured by unauthorized receivers?

a. echo check
b. parity bit
c. public key encryption
d. message sequencing

18. Which method is most likely to detect unauthorized access to the system?
a. message transaction log
b. data encryption standard
c. vertical parity check
d. request-response technique

19. All of the following techniques are used to validate electronic data interchange transactions except
a. value added networks can compare passwords to a valid customer file before message
transmission
b. prior to converting the message, the translation software of the receiving company can
compare the password against a validation file in the firm's database
c. the recipient's application software can validate the password prior to processing
d. the recipient's application software can validate the password after the transaction has been
processed

20. In an electronic data interchange environment, customers routinely access

a. the vendor's price list file
b. the vendor's accounts payable file
c. the vendor's open purchase order file
d. none of the above

21. All of the following tests of controls will provide evidence that adequate computer virus control
techniques are in place and functioning except
a. verifying that only authorized software is used on company computers
b. reviewing system maintenance records
c. confirming that antivirus software is in use
d. examining the password policy including a review of the authority table

22. Audit objectives for the database management system include all of the following except
a. verifying that the security group monitors and reports on fault tolerance violations
b. confirming that backup procedures are adequate
c. ensuring that authorized users access only those files they need to perform their duties
d. verifying that unauthorized users cannot access data files

23. All of the following tests of controls will provide evidence that access to the data files is limited except
a. inspecting biometric controls
b. reconciling program version numbers
 c. comparing job descriptions with access privileges stored in the authority table
d. attempting to retrieve unauthorized data via inference queries

24. Audit objectives for communications controls include all of the following except
a. detection and correction of message loss due to equipment failure
b. prevention and detection of illegal access to communication channels
c. procedures that render intercepted messages useless
d. all of the above

25. When auditors examine and test the call-back feature, they are testing which audit objective?
a. incompatible functions have been segregated
b. application programs are protected from unauthorized access
c. physical security measures are adequate to protect the organization from natural disaster
d. illegal access to the system is prevented and detected