Internal Auditing and Systems Controls Paper 13

Answer (C) is correct. The described condition is a symptom of a virus. Many viruses will spread and cause additional damage. Use of an appropriate antivirus program may identify and even eliminate a viral infection. Ways to minimize computer virus risk in a networked system include restricted access, regularly updated passwords, periodic testing of systems with virus detection software, and the use of anti-virus software on all shareware prior to introducing it into the network.

Answer (D) is correct. Viruses are a form of computer sabotage. They are programs hidden within other programs that have the capacity to duplicate themselves and infect other systems. Sharing of storage media or participation in computer networks creates exposure to viruses. Viruses may result in actions ranging from harmless pranks to erasure of files and programs. A back door is a shortcut created in an operating system that permits a programmer simple access to the system.

Answer (A) is correct Viruses are harmful programs that disrupt memory and processing functions and may destroy data. They spread from network to network, from infected diskettes, or from infected machines. Hence, connecting all networked personal computers through a host computer to outside networks increases the exposure of all of a company’s computers to viruses.

Answer (D) is correct. Passwords, user account numbers, and other information may be stolen using techniques such as Trojan horses, IP spoofing, and packet sniffers.

Answer (A) is correct. A denial-of-service (DS) attack is an attempt to overload a system (e.g., a network or web server) with false messages so that it cannot function (a system crash). A distributed DS attack comes from multiple sources, for example, the machines of innocent parties infected by Trojan horses. When activated, these programs send messages to the target and leave the connection open. A DS may establish as many network connections as possible to exclude other users, overload primary memory, or corrupt file systems.

Answer (B) is correct. A network IDS works by using sensors to examine packets traveling on the network. Each sensor monitors only the segment of the network to which it is attached. A packet is examined if it matches a signature. String signatures (certain strings of text) are potential signs of attack. Port signatures alert the IDS that a point subject to frequent intrusion attempts may be under attack. A header signature is a suspicious combination in a packet header.

Answer (B) is correct. Systems flowcharts are overall graphic analyses of the flow of data and the processing steps in an information system. Accordingly, they can be used to represent segregation of duties and the transfer of data between different segments in the organization.

Answer (D) is correct. A disaster recovery plan may include a contract with an external contingency facility vendor. Depending on the organization’s needs, the contingency facility may be a hot site or a cold site. A hot site is an arrangement with a vendor for a fully operational facility that is configured to the user’s specific needs and that will be available within 24 hours. A hot site may also be fixed or portable and is recommended for an organization that cannot afford for its computer system to be down for even one day.

Answer (B) is correct. A system flowchart is a graphic analysis of a data processing application, usually prepared by a systems analyst. The system flowchart is general and stresses flows of data, not computer program logic. A program flowchart is a graphic representation of the detailed steps and logic of an individual computer program.

Answer (D) is correct. A hot site is a service bureau that is immediately available for purposes of disaster recovery. Failover is a backup operational mode used to make systems more fault-tolerant. The functions of a system component (such as a processor, server, network, or database) are assumed by secondary system components when the primary component becomes unavailable through either failure or scheduled down time. Failover is typically an integral part of mission-critical systems that must be constantly available. It involves automatically offloading tasks to a standby system component so that the procedure is as seamless as possible to the end user. Disaster prevention is also an important aspect of most disaster recovery plans. However, data conversion operators are not part of a disaster recovery plan. They perform the tasks of data preparation and transmission, for example, conversion of source data to magnetic disk or tape and entry of transactions from remote terminals.