(b) The requirement is to identify an effective audit approach in an EDI environment in which documentation of transactions will be retained for only a short period of time. Answer (b) is correct because performing tests throughout the year will allow the auditor to examine transaction documentation before the transactions are destroyed. Answer (a) is incorrect because if documentation relating to the transactions is not maintained, it will be impossible to perform such cutoff tests. Answer (d) is incorrect because such a situation need not lead to a 100% count of inventory at or near year-end. Answer (d) is incorrect because an increase in the assessed level of control risk rather than a decrease is more likely.
(d) The requirement is to identify the encryption feature that can be used to authenticate the originator of a document and to ensure that the message is intact and has not been tampered with. Answer (d) is correct because digital signatures are used in electronic commerce to authenticate the originator and to ensure that the message has not been tampered with. Answers (a), (b), and (c) are all incorrect because they do not directly deal with such authentication.
(a) The requirement is to identify the process used in building an electronic data interchange (EDI) system to determine that elements in the entity’s computer system correspond to the standard data elements. Answer (a) is correct because mapping, or “data mapping,” is the processes of selecting the appropriate data fields from the various application databases and passing them to the EDI translation software. Answer (b) is incorrect because translation involves the actual modification of the data into a standard format that is used by the EDI system. Answer (c) is incorrect because encryption is a technique for protecting information within a computer system in which an algorithm transforms that data to render it unintelligible; the process can be reversed to regenerate the original data for further processing. Answer (d) is incorrect because decoding is the process of making data intelligible. See the Auditing Procedure Study Audit Implications of EDI for more information on electronic data interchange.
(a) The requirement is to identify the password that would be most difficult to crack. A password is a secret series of characters that enables a user to access a file, computer, or program; ideally, the password should be something nobody could guess. Answer (a) is correct because OrCA!FlSi does not seem like a password that one would guess or even recall if seen briefly. Answers (b), (c), and (d) are all incorrect because they represent passwords that would be easier to identify.
(a) The requirement is to determine which reply represents a password security problem. A password is a secret series of characters that enables a user to access a file, computer, or program; ideally the password should be something that nobody could guess. Answer (a) is correct because individuals have a tendency to not change passwords, and over time, others may be able to identify them. Answer (b) is incorrect because using different passwords for different accounts on several systems represents a control (assuming the user can remember them). Answer (c) is incorrect because copying of passwords to a secure location (e.g., a wallet) does not ordinarily represent a security problem. Answer (d) is incorrect because passwords should be kept secret and not listed in an online dictionary.
(c) The requirement is to distinguish between the Web 2.0 applications. Answer (c) is correct because RSS feeds (and Atom feeds) are XML applications that are designed specifically for sharing and syndication of web content. The acronym RSS refers to Really Simple Syndication. (Atom feeds are similar to RSS feeds). Answer (a) is incorrect because a wiki is a collaboratively- developed information sharing website. Answer (b) is incorrect because a blog is a moderator-led electronic discussion. Answer (d) is incorrect because Twitter is similar to a blog but restricts input to 140 characters per entry.
(b) The requirement is to identify the item that is not a COBIT 5 principle. Answer (b) is correct because business processes is not one of the 5 principles of COBIT 5. The 5 principles include: (1) Meeting stakeholder needs, (2) Covering the enterprise end-to-end, (3) Applying a single integrated framework, (4) Enabling a holistic approach, and (5) Separating governance from management.
(c) The requirement is to identify the organization that developed the COBIT framework. Answer (c) is correct because the COBIT framework was created by The Information Systems Audit and Control Association.
(b) The requirement is to identify the most likely procedure to be included in a computer disaster recovery plan. Answer (b) is correct because duplicate copies of critical files will allow an entity to reconstruct the data whose original files have been lost or damaged. Answer (a) is incorrect because an auxiliary power supply will provide uninterrupted electricity to avoid the need for a recovery since it may reduce the likelihood of such a disaster. Answer (c) is incorrect because simply maintaining passwords will not allow the entity to reconstruct data after a disaster has occurred. Answer (d) is incorrect because while cryptography will enhance the security of files from unintended uses, it is not a primary method to recover from a computer disaster.
(d) The requirement is to identify the type of backup site a company would most likely consider when there is concern about a power outage and desires for a fully configured and ready to operate system. Answer (d) is correct because a hot site is a site that is already configured to meet a user’s requirements. Answer (a) is incorrect because a cold site is a facility that provides everything necessary to quickly install computer equipment but doesn’t have the computers installed. Answers (b) and (c) are incorrect because they represent terms not frequently used in such circumstances.
Total Questions: | |
Correct Answers: | |
Wrong Answers: | |
Percentage: |
|