Chapter 3—Security Part I: Auditing Operating Systems and provide evidence about who is responsible for creating

Networks subschemas.
TRUE/FALSE ANS: T
1. In a computerized environment, the audit trail log must be 22. The standard format for an e-mail address is DOMAIN
printed onto paper documents. NAME@USER NAME.
ANS: F ANS: F
2. Disguising message packets to look as if they came from another 23. The network paradox is that networks exist to provide user
user and to gain access to the host’s network is called spooling. access to shared resources while one of its most important
ANS: F objectives is to control access.
3. A formal log-on procedure is the operating system’s last line of ANS: T
defense against unauthorized access. 24. IP spoofing is a form of masquerading to gain unauthorized
ANS: F access to a Web server.
4. Computer viruses usually spread throughout the system before ANS: T
being detected. 25. The rules that make it possible for users of networks to
ANS: T communicate are called protocols.
5. A worm is software program that replicates itself in areas of idle ANS: T
memory until the system fails. 26. A factor that contributes to computer crime is the reluctance of
ANS: T many organizations to prosecute criminals for fear of negative
6. Viruses rarely attach themselves to executable files. publicity.
ANS: F ANS: T
7. Operating system controls are of interest to system professionals 27. Cookies are files created by user computers and stored on Web
but should not concern accountants and auditors. servers.
ANS: F ANS: F
8. The most frequent victims of program viruses are 28. Because of network protocols, users of networks built by
microcomputers. different manufacturers are able to communicate and share data.
ANS: T ANS: T
9. Operating system integrity is not of concern to accountants 29. The client-server model can only be applied to ring and star
because only hardware risks are involved. topologies.
ANS: F ANS: F
10. Audit trails in computerized systems are comprised of two types 30. Only two types of motivation drive DoS attacks: 1) to punish an
of audit logs: detailed logs of individual keystrokes and event- organization with which the perpetrator had a grievance; and 2)
oriented logs. to gain bragging rights for being able to do it.
ANS: T ANS: F
11. In a telecommunications environment, line errors can be 31. A distributed denial of service (DDoS) attack may take the form
detected by using an echo check. of a SYN flood but not a smurf attack.
ANS: T ANS: F
12. Firewalls are special materials used to insulate computer 32. The bus topology connects the nodes in parallel.
facilities ANS: T
ANS: F 33. A network topology is the physical arrangement of the
13. The message authentication code is calculated by the sender and components of the network.
the receiver of a data transmission. ANS: T
ANS: T 34. A digital signature is a digital copy of the sender’s actual
14. The request-response technique should detect if a data signature that cannot be forged.
communication transmission has been diverted. ANS: F
ANS: T 35. A bus topology is less costly to install than a ring topology.
15. Electronic data interchange translation software interfaces with ANS: T
the sending firm and the value added network. 36. A smurf attack involves three participants: a zombie, an
ANS: F intermediary, and the victim.
16. A value added network can detect and reject transactions by ANS: F
unauthorized trading partners. 37. In a hierarchical topology, network nodes communicate with
ANS: T each other via a central host computer.
17. Electronic data interchange customers may be given access to ANS: T
the vendor's data files. 38. Polling is one technique used to control data collisions.
ANS: T ANS: T
18. The audit trail for electronic data interchange transactions is 39. The more individuals that need to exchange encrypted data, the
stored on magnetic media. greater the chance that the key will become known to an
ANS: T intruder. To overcome this problem, private key encryption was
19. A firewall is a hardware partition designed to protect networks devised.
from power surges. ANS: F
ANS: F 40. The intermediary in a smurf attack is also a victim.
20. To preserve audit trails in a computerized environment, ANS: T
transaction logs are permanent records of transactions. 41. A ping is used to test the state of network congestion and
ANS: T determine whether a particular host computer is connected and
21. Examining programmer authority tables for information about available on the network.
who has access to Data Definition Language commands will ANS: T
 a) protecting the OS from users
42. HTML tags are customized to delimit attributes, the content of b) protesting users from each other
which can be read and processed by computer applications. c) protecting users from themselves
ANS: F d) protecting the environment from users
43. A ping is an Internet maintenance tool that is used to test the ANS: D
state of network congestion and determine whether a particular 9. Passwords are secret codes that users enter to gain access to
host computer is connected and available on the network. systems. Security can be compromised by all of the following
ANS: T except
MULTIPLE CHOICE
a) failure to change passwords on a regular basis
1. The operating system performs all of the following tasks except
b) using obscure passwords unknown to others
a) translates third-generation languages into machine
c) recording passwords in obvious places
language
d) selecting passwords that can be easily detected by computer
b) assigns memory to applications
criminals
c) authorizes user access ANS: B
d) schedules job processing 10. Audit trails cannot be used to
ANS: C
a) detect unauthorized access to systems
2. Which of the following is considered an unintentional threat to
b) facilitate reconstruction of events
the integrity of the operating system?
c) reduce the need for other forms of security
a) a hacker gaining access to the system because of a security
flaw d) promote personal accountability
ANS: C
b) a hardware flaw that causes the system to crash
11. Which control will not reduce the likelihood of data loss due to a
c) a virus that formats the hard drive
line error?
d) the systems programmer accessing individual user files
a) echo check
ANS: B
b) Encryption
3. A software program that replicates itself in areas of idle memory
until the system fails is called a c) vertical parity bit
a) Trojan horse d) horizontal parity bit
ANS: B
b) Worm
12. Which method will render useless data captured by unauthorized
c) logic bomb
receivers?
d) none of the above
a) echo check
ANS: B
b) parity bit
4. A software program that allows access to a system without
going through the normal logon procedures is called a c) public key encryption
a) logic bomb d) message sequencing
ANS: C
b) Trojan horse
13. Which method is most likely to detect unauthorized access to the
c) Worm
system?
d) back door
a) message transaction log
ANS: D
b) data encryption standard
5. All of the following will reduce the exposure to computer
viruses except c) vertical parity check
a) install antivirus software d) request-response technique
ANS: A
b) install factory-sealed application software
14. All of the following techniques are used to validate electronic
c) assign and control user passwords
data interchange transactions except
d) install public-domain software from reputable bulletin
a) value added networks can compare passwords to a valid
boards
customer file before message transmission
ANS: D
b) prior to converting the message, the translation software of
6. Hackers can disguise their message packets to look as if they
the receiving company can compare the password against a
came from an authorized user and gain access to the host’s
validation file in the firm's database
network using a technique called
c) the recipient's application software can validate the
a) spoofing.
password prior to processing
b) spooling.
d) the recipient's application software can validate the
c) dual-homed. password after the transaction has been processed
d) screening. ANS: D PTS: 1
ANS: A 15. In an electronic data interchange environment, customers
7. Which is not a biometric device? routinely access
a) Password a) the vendor's price list file
b) retina prints b) the vendor's accounts payable file
c) voice prints c) the vendor's open purchase order file
d) signature characteristics d) none of the above
ANS: A ANS: A
8. All of the following are objectives of operating system control 16. All of the following tests of controls will provide evidence that
except adequate computer virus control techniques are in place and
 functioning except
a) verifying that only authorized software is used on company 23. In an electronic data interchange environment, customers
computers routinely
b) reviewing system maintenance records a) access the vendor's accounts receivable file with read/write
c) confirming that antivirus software is in use authority
d) examining the password policy including a review of the b) access the vendor's price list file with read/write authority
authority table c) access the vendor's inventory file with read-only authority
ANS: B d) access the vendor's open purchase order file with read-only
17. Audit objectives for communications controls include all of the authority
following except ANS: C
a) detection and correction of message loss due to equipment 24. In an electronic data interchange environment, the audit trail
failure a) is a printout of all incoming and outgoing transactions
b) prevention and detection of illegal access to b) is an electronic log of all transactions received, translated,
communication channels and processed by the system
c) procedures that render intercepted messages useless c) is a computer resource authority table
d) all of the above d) consists of pointers and indexes within the database
ANS: D ANS: B
18. When auditors examine and test the call-back feature, they are 25. All of the following are designed to control exposures from
testing which audit objective? subversive threats
a) incompatible functions have been segregated a) except
b) application programs are protected from unauthorized b) Firewalls
access c) one-time passwords
c) physical security measures are adequate to protect the d) field interrogation
organization from natural disaster
e) data encryption
d) illegal access to the system is prevented and detected ANS: C
ANS: D
26. Many techniques exist to reduce the likelihood and effects of
19. In an electronic data interchange (EDI) environment, when the data communication hardware failure. One of these is
auditor compares the terms of the trading partner agreement
a) hardware access procedures
against the access privileges stated in the database authority
table, the auditor is testing which audit objective? b) antivirus software
a) all EDI transactions are authorized c) parity checks
b) unauthorized trading partners cannot gain access to d) data encryption
database records ANS: C
c) authorized trading partners have access only to approved 27. Which of the following deal with transaction legitimacy?
data a) transaction authorization and validation
d) a complete audit trail is maintained b) access controls
ANS: C c) EDI audit trail
20. Audit objectives in the electronic data interchange (EDI) d) all of the above
environment include all of the following except ANS: D
a) all EDI transactions are authorized 28. Firewalls are
b) unauthorized trading partners cannot gain access to a) special materials used to insulate computer facilities
database records b) a system that enforces access control between two networks
c) a complete audit trail of EDI transactions is maintained c) special software used to screen Internet access
d) backup procedures are in place and functioning properly d) none of the above
ANS: D ANS: B
21. In determining whether a system is adequately protected from 29. An integrated group of programs that supports the applications
attacks by computer viruses, all of the following policies are and facilitates their access to specified resources is called a (an)
relevant except
a) operating system.
a) the policy on the purchase of software only from reputable
b) database management system.
vendors
c) utility system
b) the policy that all software upgrades are checked for
viruses before they are implemented d) facility system.
c) the policy that current versions of antivirus software should e) object system.
be available to all users ANS: A
d) the policy that permits users to take files home to work on 30. Transmitting numerous SYN packets to a targeted receiver, but
them NOT responding to an ACK, is
ANS: D a) a smurf attack.
22. Which of the following is not a test of access controls? b) IP Spoofing.
a) biometric controls c) an ACK echo attack
b) encryption controls d) a ping attack.
c) backup controls e) none of the above
d) inference controls ANS: E
ANS: C
31. Which of the following is true? network users
a) Deep Packet Inspection uses a variety of analytical and d) a universal topology facilitates the transfer of data among
statistical techniques to evaluate the contents of message networks
packets. ANS: C
b) An Intrusion prevention system works in parallel with a 38. A virtual private network:
firewall at the perimeter of the network to act as a filer that a) is a password-controlled network for private users rather
removes malicious packets from the flow before they can than the general public.
affect servers and networks. b) is a private network within a public network.
c) A distributed denial of service attack is so named because it c) is an Internet facility that links user sites locally and around
is capable of attacking many victims simultaneously who the world.
are distributed across the internet.
d) defines the path to a facility or file on the web.
d) None of the above are true statements.
e) none of the above is true.
ANS: A
ANS: B
32. Advance encryption standard (AES) is
39. Which topology has a large central computer with direct
a) a 64 -bit private key encryption technique connections to a periphery of smaller computers? Also in this
b) a 128-bit private key encryption technique topology, the central computer manages and controls data
c) a 128-bit public key encryption technique communications among the network nodes.
d) a 256-bit public encryption technique that has become a a) star topology
U.S. government standard b) bus topology
ANS: B c) ring topology
33. What do you call a system of computers that connects the d) client/server topology
internal users of an organization that is distributed over a wide ANS: A
geographic area?
40. A ping signal is used to initiate
a) LAN
a) URL masquerading
b) decentralized network
b) digital signature forging
c) multidrop network
c) Internet protocol spoofing
d) Intranet
d) a smurf attack
ANS: D
e) none of the above is true
34. Network protocols fulfill all of the following objectives except
ANS: D
a) facilitate physical connection between network devices
41. In a star topology, when the central site fails
b) provide a basis for error checking and measuring network
a) individual workstations can communicate with each other
performance
b) individual workstations can function locally but cannot
c) promote compatibility among network devices
communicate with other workstations
d) result in inflexible standards
c) individual workstations cannot function locally and cannot
ANS: D
communicate with other workstations
35. To physically connect a workstation to a LAN requires a
d) the functions of the central site are taken over by a
a) file server designated workstation
b) network interface card ANS: B
c) Multiplexer 42. Which of the following statements is correct? The client-server
d) Bridge model
ANS: B a) is best suited to the token-ring topology because the
36. Packet switching random-access method used by this model detects data
a) combines the messages of multiple users into one packet collisions.
for transmission. At the receiving end, the packet is b) distributes both data and processing tasks to the server’s
disassembled into the individual messages and distributed node.
to the intended users. c) is most effective used with a bus topology.
b) is a method for partitioning a database into packets for easy d) is more efficient than the bus or ring topologies.
access where no identifiable primary user exists in the ANS: B
organization. 43. A star topology is appropriate
c) is used to establish temporary connections between a) for a wide area network with a mainframe for a central
network devices for the duration of a communication computer
session.
b) for centralized databases only
d) is a denial of service technique that disassembles various
c) for environments where network nodes routinely
incoming messages to targeted users into small packages
communicate with each other
and then reassembles them in random order to create a
useless garbled message. d) when the central database does not have to be concurrent
ANS: C with the nodes
ANS: A
37. One advantage of network technology is
44. In a ring topology
a) bridges and gateways connect one workstation with another
workstation a) the network consists of a central computer which manages
all communications between nodes
b) the network interface card permits different networks to
share data b) has a host computer connected to several levels of
subordinate computers
c) file servers permit software and data to be shared with other
 c) all nodes are of equal status; responsibility for managing
communications is distributed among the nodes
d) information processing units rarely communicate with each
other
ANS: C b) digital signature forging
45. A distributed denial of service (DDoS) attack
a) is more intensive that a Dos attack because it emanates
from single source
b) may take the form of either a SYN flood or smurf attack
c) is so named because it effects many victims
simultaneously, which are distributed across the internet
d) turns the target victim's computers into zombies that are
unable to access the Internet
e) none of the above is correct
ANS: B d) is the address of the protocol rules and standards that
46. Which of the following statements is correct? TCP/IP
a) is the basic protocol that permits communication between
Internet sites.
b) controls Web browsers that access the WWW.
c) is the file format used to produce Web pages.
d) is a low-level encryption scheme used to secure
transmissions in HTTP format.
ANS: A
47. FTP
a) is the document format used to produce Web pages.
b) controls Web browsers that access the Web.
c) is used to connect to Usenet groups on the Internet
d) is used to transfer text files, programs, spreadsheets, and
databases across the Internet.
e) is a low-level encryption scheme used to secure
transmissions in higher-level () format.
ANS: D d) is used to transfer text files, programs, spreadsheets, and
48. IP spoofing
a) combines the messages of multiple users into a “spoofing
packet” where the IP addresses are interchanged and the
messages are then distributes randomly among the targeted
users.
b) is a form of masquerading to gain unauthorized access to a
web server.
c) is used to establish temporary connections between
network devices with different IP addresses for the duration
of a communication session.
d) is a temporary phenomenon that disrupts transaction
processing. It will resolve itself when the primary computer
completes processing its transaction and releases the IP
address needed by other users.
ANS: B d) A deadlock is a temporary phenomenon that disrupts transaction
49. HTML
a) is the document format used to produce Web pages.
b) controls Web browsers that access the Web.
c) is used to connect to Usenet groups on the Internet.
d) is used to transfer text files, programs, spreadsheets, and
databases across the Internet.
e) is a low-level encryption scheme used to secure
transmissions in higher-level () format.
ANS: A
50. Which one of the following statements is correct?
a) Cookies always contain encrypted data.
b) Cookies are text files and never contain encrypted data.
c) Cookies contain the URLs of sites visited by the user.
d) Web browsers cannot function without cookies.
ANS: C
51. A message that is made to look as though it is coming from a
trusted source but is not is called
a) a denial of service attack
c) Internet protocol spoofing
d) URL masquerading
ANS: C
52. An IP Address:
a) defines the path to a facility or file on the web.
b) is the unique address that every computer node and host
attached to the Internet must have.
c) is represented by a 64-bit data packet.
governing the design of internet hardware and software.
e) none of the above is true
ANS: B
53. A digital signature is
a) the encrypted mathematical value of the message sender’s
name
b) derived from the digest of a document that has been
encrypted with the sender’s private key
c) the computed digest of the sender’s digital certificate
d) allows digital messages to be sent over analog telephone
lines
ANS: B
54. HTTP
a) is the document format used to produce Web pages.
b) controls Web browsers that access the Web.
c) is used to connect to Usenet groups on the Internet
databases across the Internet.
e) is a low-level encryption scheme used to secure
transmissions in higher-level () format.
ANS: B
55. Which of the following statements is correct?
a) Packet switching combines the messages of multiple users into a
“packet” for transmission. At the receiving end, the packet is
disassembled into the individual messages and distributed to the
intended users.
b) The decision to partition a database assumes that no identifiable
primary user exists in the organization.
c) Packet switching is used to establish temporary connections
between network devices for the duration of a communication
session.
processing. It will resolve itself when the primary computer
completes processing its transaction and releases the data needed
by other users.
ANS: C