Which of the following is a key difference between Bitcoin and Ethereum Quizlet

Big Data is often described by the four V's, or

-Volume, Velocity, Veracity and Variety
-Volume, Velocity, Volatility and Veracity
-Volume, Volatility, Variability, and Variety
-Volume, Volatility, Veracity, and Variability

Volume, Velocity, Veracity and Variety

According to estimates considered in the chapter, up to what percentage of a data analyst's time is spent cleaning (or scrubbing) the data to be ready for analysis?

90%

The acronym, ETL, in the process of readying data for use in data analysis refers to what three words?

-Extrapolate, Transform and Lift
-Extrapolate, Transpose and Load
-Extract, Transform and Load
-Extract, Transform and Lift

Extract, Transform and Load

Which term is used to describe the science of examining raw data, removing excess noise from the dataset, and organizing the data with the purpose of drawing conclusions for decision making?

Data Analytics

The AICPA developed standards called ADS for the formatting of data files and fields typically needed to support an external audit in a given financial business process area. What does the acronym ADS stand for?

Audit Data Standards

Which type of analytics addresses "Why did it happen"?

Diagnostic

The A in the AMPS model stands for which of the following?

Ask the Question

Which type of analytics would be associated with finding the sales amount needed to break even?

Prescriptive

Which type of analytics would be associated with forecasting future sales amounts for a company?

Predictive

Which type of analytics would be associated with summarizing what happened in the past?

-Descriptive
-Prescriptive
-Diagnostic
-Predictive

Descriptive

Which type of question does prescriptive analysis address?

What should we do based on what we expect will happen?

Which type of question does descriptive analysis address?

What happened?

What type of analysis addresses questions of "Why did it happen"?

Diagnostic analysis

Which of the following is the best description of a data visualization?

-Data visualizations require an analytics mindset.
-Each data analytics software product includes its own data visualization tool.
-Data visualizations are graphical representations that present information to decision makers.
-Data visualization tools include Excel, Tableau, Power BI.

Data visualizations are graphical representations that present information to decision makers.

Which of the following is not an important consideration when developing and presenting a visualization?

-Choosing the right visualization tool.
-Choosing the right chart for the information.
-Keeping the user/decision maker in mind.
-Directing user to the most important information.

Choosing the right visualization tool.

Which of the following is not a common problem with visualizations?

-Comparison of performance metrics.
-Too many lines.
-All slices of similar size.
-Too much detail and lack of clear relationships.
-Bins too large to show detail.

Comparison of performance metrics.

Which of the following is not a common step in preparing data and developing visualizations?

-Get data.
-Set relationships among tables.
-Select attributes for visualizations.
-Select the visualization tool.

Select the visualization tool.

To convert raw data to a table in Excel, you select any cell within the data and then do which of the following?

-Select Insert > Tables > Table
-Select Data > Outline > Group
-Select View > Get External Data > From Access
-Select Insert > Tables > Pivot Table

Select Insert > Tables > Table

Which of the following is a way to use a table for basic data analytics?

-Add a Total Row to the bottom of the table.
-Use column filters to view summary information.
-Chart information is the total rows.
-All of these.

All of these.

Which of the following best describes the purpose of the slicer for pivot tables?

-It sorts the pivot table.
-It produces grand totals for the data in the pivot table.
-It filters the output of the pivot table.
-None of these.

It filters the output of the pivot table.

After creating tables in Excel, which of the following would you do to create table relationships?

-Click Insert > Tables > Recommended Pivot Tables.
-Click Data > Data Tools > Relationships.
-Click Table Design > Tools > Summarize with Pivot Table.
-Click Formulas > Function Library > Relationships.
-None of these.

Click Data > Data Tools > Relationships.

To link tables in Excel, you do which of the following?

-Pick the table with the foreign key first.
-Pick the related lookup table with the primary key second.
-Link the column with the foreign key to the column with the primary key.
-You would do all of these.

You would do all of these.

To change formatting (such as changing a general number to currency) for the field dragged to the Σ Values area, you would do which of the following?

-Click on the field name and select Value Field Settings from the popup menu.
-Go back to the original table and set the format for the field.
-You can't change formatting at this point, so do nothing.
-None of these.

Click on the field name and select Value Field Settings from the popup menu.

After starting Tableau, which of the following is the first step in your data analysis?

-Connect to the data.
-Set relationships between worksheets.
-Drag Dimensions to Shelves.
-Create calculated fields.
-None of these.

Connect to the data.

Once you connect to the data source in Tableau, what is the next step (assuming the data source includes multiple tables)?

-Drag the desired tables to the canvas.
-Set the primary and foreign keys in each table.
-Go to your first worksheet to create a visualization.
-None of these.

Drag the desired tables to the canvas.

Tableau supports which of the following joins between tables?

-Inner join (blue only highlights the overlapping part of the circles).
-Left join (blue highlights the left circle).
-Right join (blue highlights the right circle).
-Full outer join (blue highlights both circles).
-All of these.

All of these.

Which of the following best describes the Show Me tool in Tableau?

-Allows easy selection of the relevant visualization options.
-Helps users select the best formatting for their visualization.
-Provides context-sensitive help.
-None of these.

Allows easy selection of the relevant visualization options.

Which of the following best describes the purpose of Data View in Power BI?

-Allows editing, formatting, and calculating new fields.
-Allows setting or editing relationships among tables.
-Allows creating or editing visualizations.
-None of these.

Allows editing, formatting, and calculating new fields.

Which of the following best describes a data visualization?

-Part of the information value chain
-A tool for preparing the data
-A tool for recording data transactions
-A graphical representation that presents information to decision makers
-None of the choices are correct.

A graphical representation that presents information to decision makers

Which of the following is not a basic activity for data visualization?

-Documenting the business processes that generate data
-Understanding the data
-Selecting the data visualization tool
-Developing the visualization
-None of the choices are correct.

Documenting the business processes that generate data

Which of the following is an important consideration in designing a data visualization?

-Choosing the right chart
-Using explanatory titlesload
-Using color or size to draw attention to key insights
-Defining chart elements clearly
-All of the choices are correct.

All of the choices are correct.

Which of the following charts is used to show trend over time?

-Symbol maps
-Treemaps
-Line charts
-Pie charts
-Scatter plots

Line charts

Which of the following is not part of common steps in using a data analysis tool?

-Get data
-Set relationships among tables
-Select the attributes for the visualization
-Deliver the visualization to the decision maker
-None of the choices are correct.

Deliver the visualization to the decision maker

Which of the following best describes the purpose of the Show Me feature in Tableau?

-Guides the user through an analysis of data relationships.
-Helps the user change the format of the selected data.
-Helps the user change the color of worksheet visualization components.
-Helps the user select the best chart to display the selected measures and dimensions.
-None of the choices are correct.

Helps the user select the best chart to display the selected measures and dimensions.

Which of these is not a Power BI view?

-Report view
-Data view
-Relationships view
-Visualization view
-None of the choices are correct.

Visualization view

How many copies of the ledger are in a blockchain network with 4 participating nodes?

Four

What is the major difference between the proof of authority (PoA) consensus algorithm and proof of work (PoW) consensus algorithm?

-For PoA, validator identities are known.
-For PoW, smaller number of validators is required.
-For PoW, only a select group of participants in the network is creating blocks.
-For PoA, all participants must compete to gain the consensus as the validator.

For PoA, validator identities are known.

What type of blockchain does not restrict participation in the network?

public

What is the blockchain analogous to?

-messaging
-text file
-ledger
-code executable

ledger

Mining does not exist in

-Bitcoin
-Ethereum
-Hyperledger
-None of these choices is correct.

Hyperledger

Which statement is false?

-Each block of Bitcoin takes about 10 minutes to be added to the blockchain
-Ethereum uses smart contract
-Corda is an open source blockchain
-Hyperledger is developed for the banking industry

Hyperledger is developed for the banking industry

Which of the following technologies are used in blockchain?

-hashing
-cryptography
-smart contracts for business rules
-All of these choices are correct.

All of these choices are correct.

Which of the following is the best description of artificial intelligence?

-Sophia the robot developed by Hanson Robotics.
-A broad field in data analytics.
-Intelligence exhibited by machines rather than humans.
-The use of technology to support decision making.

Intelligence exhibited by machines rather than humans.

Which of the following fields is one of the foundations of the artificial intelligence field?

-Philosophy.
-Neuroscience.
-Cybernetics.
-Psychology.
-All of these choices are correct.

All of these choices are correct.

Which of the following describes the difference between artificial intelligence, machine learning, and deep learning?

-Machine learning is a subset of AI.
-Deep learning is a subset of machine learning.
-AI encompasses machine learning and deep learning.
-All of these choices are correct.

All of these choices are correct.

Which of the following best describes machine learning?

-Machine learning is a technique by which a software model is trained using data.
-Machine learning involves a computer's ability to learn from specific instructions.
-Machine learning uses complex, multi-layer neural networks.
-None of these choices is correct.

Machine learning is a technique by which a software model is trained using data.

Which of the following is not one of the five basic questions that machine learning applications answer?

-What data should I use?
-What should I do next?
-How are these alike?
-Is it different?

What data should I use?

If the AI application predicts three classifications, how may rows would be in the confusion matrix to summarize results?

Only 1.
Two or more.
Exactly 2.
Exactly 3.

Exactly 3.

Which of the following best describes supervised learning?

-The computer discovers patterns in the data.
-The model discerns how elements of the dataset are alike.
-The output is a known set of values to predict from the input.
-None of these choices is correct.

The output is a known set of values to predict from the input.

Which of the following is not a metric used to assess the performance of a model?

-Precision.
-Reliability.
-Accuracy.
-Recall.
-None of these choices is correct.

Reliability.

Which of the following statements is true?

-Because blockchain transactions are stored in chronological order, you may trace a block from an earlier transaction block to the most recent block in the blockchain.
-Both permissioned and public blockchains need miners to determine which transaction block should be added next.
-Ethereum is a private blockchain.
-Smart contract was introduced in Ethereum.

Smart contract was introduced in Ethereum.

In the Ethereum network:

-mining of Ether occurs at a constant rate.
-transaction fees are higher than Bitcoin.
-miner uses SHA256 to determine if a block is a valid block.
-because a smart contract describes business rules and is also flexible for different industries, it can be modified to fit the business after a block is inserted to the Ethereum network.

mining of Ether occurs at a constant rate.

Which of the following statement is false?

-A distributed ledger contains many copies of the same ledger.
-A distributed ledger stores the same set of transaction records.
-Because a distributed ledger exists in a blockchain network, a computer consisting of all transaction records may crash and cause the syncing issue in the blockchain network.
-A transaction record cannot be added to the blockchain unless there is network consensus.

Because a distributed ledger exists in a blockchain network, a computer consisting of all transaction records may crash and cause the syncing issue in the blockchain network.

Which of the following statements is false?

-Private blockchain requires permissions to join the network.
-Bitcoin uses smart contract to specify the business rules.
-In Ethereum, a new block is added every 12 to 15 seconds.
-Blockchain transactions are immutable.

Bitcoin uses smart contract to specify the business rules.

When we refer to smart contract in blockchain, we mean:

-a digital copy of paper contract such as a Word file.
-a piece of software code that can be executed or triggered by business activities.
-a contract that can be edited at any time for business rules.
-a digital contract that can be distributed all to the participants with all terms defined.

a piece of software code that can be executed or triggered by business activities.

Which of the following is created mainly for cryptocurrency application?

-Ethereum
-Bitcoin
-Corda
-Hyperledger

Bitcoin

What information does a block in the Bitcoin network not contain?

-The sender
-The receiver
-The quantity of bitcoins to transfer
-The sender and the receiver
-None, a block contains all of this information.

None, a block contains all of this information.

What is a requirement of the proof of authority algorithm?

-A few members have known identities.
-A portion of the miner's blocks will be locked until it is validated.
-Large quantities of compute power are required to solve a complex mathematical problem.
-None of these are a requirement of the proof of authority algorithm.

A few members have known identities.

Which of the following best describes the difference between artificial intelligence and machine learning?

-Machine learning is a subset of AI.
-Machine learning only applies to deep learning algorithms.
-AI and machine learning are the same thing.
-Machine learning requires less data than AI.
-None of these choices are correct.

Machine learning is a subset of AI.

Which of the following best describes machine learning?

-Machine learning is driven by programming instructions.
-Machine learning is a different branch of computer science from AI.
-Machine learning is a technique where a software model is trained using data.
-Machine learning is the ability of a machine to think on its own.
-None of these choices are correct.

Machine learning is a technique where a software model is trained using data.

Based on SOX, which of the following sections is about internal controls?

404
906
401
302

404

T/F: SOX requires companies to use COSO or COSO ERM as the framework in evaluating internal controls

False

Controls that are designed to prevent, detect, or correct errors in transactions as they are processed through a specific subsystem are referred to as:

-general controls.
-application controls.
-physical controls.
-Two of the choices are correct.
-None of the choices are correct.

application controls.

Which of the following is not a component in the COSO 2013 internal control framework?

-Effective operations
-Risk assessment
-Control environment
-Control activities
-Monitoring

Effective operations

Prenumbering of source documents helps to verify that:

-no inventory has been misplaced.
-multiple types of source documents have a unique identifier.
-documents have been used in order.
-all transactions have been recorded because the numerical sequence serves as a control.

all transactions have been recorded because the numerical sequence serves as a control.

A field check is a(n)

-output control.
-corrective control.
-preventive control.
-general control.
-detective control.

preventive control.

Which is not an example of a batch total?

-Hash total
-Financial total
-Exception total
-Record count

Exception total

T/F: Backup is a preventive control.

False

The computer sums the first four digits of a customer number to calculate the value of the fifth digit and then compares that calculation to the number typed during data entry. This is an example of a:

check digit verification.
field check.
parity check.
batch total.

check digit verification.

Which of the following statements is correct?

-Regarding IT control and governance, the COBIT framework is most commonly adopted by companies in the United States.
-ISO 27000 series are best practices for IT service management.
-ITIL is the best internal control framework for the high-tech industry.
-SOX requires all public companies to use the COSO ERM framework to meet the requirements of section 404.

Regarding IT control and governance, the COBIT framework is most commonly adopted by companies in the United States.

Based on SOX, which of the following sections is about corporate responsibility for financial reports?

-302
-201
-101
-404

302

Based on COSO 2013, which of the following statements is not correct?

-Internal control is a process consisting of ongoing tasks and activities.
-Employees at any level of an organization play a role in internal control.
-The responsibility of monitoring the effectiveness of internal controls belongs to the internal audit group.
-Internal controls can provide reasonable assurance only.

The responsibility of monitoring the effectiveness of internal controls belongs to the internal audit group.

Which of the following is not one of the five essential components in the COSO 2013 framework?

-Control assessment
-Monitoring activities
-Control activities
-Control environment

Control assessment

Access control to ensure only authorized personnel have access to a firm's network is a:

-input control.
-output control.
-general control.
-process control.

general control.

The ISO 27000 series are a framework for:

-IT governance.
-data management.
-IT general controls.
-information security management.

information security management.

Segregation of duty is a:

-corrective control.
-preventive control.
-detective control.
-personnel general control.

preventive control.

The responsibility of enterprise risk management belongs to?

-Internal auditors
-Management
-External auditors
-Controller

Management

Most input controls are designed to assess one field only, which of the following input controls will need to examine a record to determine the control is effective or not?

-Completeness check.
-Size check.
-Validity check.
-Range check.

Completeness check.

Which of the following is a correct statement about COBIT 2019 framework?

-It is designed for information and technology governance and management.
-It is a framework for IT audit conducted by public accounting firms.
-It is a framework for enterprise risk management.
-It focuses on providing guidance for information security.

It is designed for information and technology governance and management.

Which of the following is a correct statement about COSO ERM 2017 framework?

-It focuses on evaluating effectiveness of internal controls.
-It enhances alignment among strategy-setting, decision-making, and performance through enterprise risk management.
-It is a framework developed by the IT audit profession.
-It stresses the importance of having one department responsible for risk management.

It enhances alignment among strategy-setting, decision-making, and performance through enterprise risk management.

Avoiding, accepting, reducing and sharing are components of _____ in Enterprise Risk Management?

-Risk response
-Risk assessment
-Control activities
-Communication and monitoring

Risk response

Avoiding, accepting, reducing and sharing are four options regarding risk response.

T/F: Batch Processing is the aggregation of several business events over a set period of time with eventual processing of the related data (periodic processing).

True

Typical batch processing is comprised of four characteristic steps, with a delay between each step. The sequence of each step is that a business event occurs, data is recorded in the system, the master files are updated, and a report or other output is generated.

T/F: A major reason of internal controls implemented for an information system is to provide perfect assurance that the goals of each business process are achieved.

False

Internal control for an information system is aimed to provide reasonable assurance that the goals of each process are achieved.

Which edit check compares entered data to a predetermined acceptable upper and lower limit?

-Range check
-Valid check
-Field check
-Sequence check

Range check

Range checks test a numerical amount to ensure that it is within a predetermined range.

Bill is responsible for custody of the finished goods in the warehouse. If his company wishes to maintain strong internal control, which of the following responsibilities are incompatible with his primary job?

-He is responsible for the company's fix asset control ledger.
-He is responsible for receiving of goods into the warehouse.
-He is responsible for the accounting records for all the receipts and shipments of goods from the warehouse.
-He is responsible for issuing goods for shipment.

He is responsible for the accounting records for all the receipts and shipments of goods from the warehouse.

Segregation of duties is an important internal control. It requires the segregation of asset custody and record keeping. Since Bill is responsible for the finished goods custody, he should not be also responsible for keeping accounting records of the finished goods at the same time.

Which of the following is considered a control environment factor by the COSO definition of internal control?

-Control objectives
-Integrity and ethical values
-Reasonable assurance
-Risk assessment

Integrity and ethical values

The internal control environment provides the discipline and structure for all other components of enterprise risk management. Internal environment factors include a firm's risk management philosophy and risk appetite, integrity and ethical values, organizational structure, board of directors and the audit committee, human resource policies and practices, assignment of authority and responsibility, commitment to competence, and development of personnel.

Which duties should be completed by different people to achieve strong separation of duties?

-Journalizing and posting
-Receivables and payables
-Authorization, custody and recordkeeping
-Document numbering and document completion

Authorization, custody and recordkeeping

Separation of duties requires segregation of authorization, custody and recordkeeping.

Which is least likely to be provided by an application control?

-Accuracy
-Completeness
-Reliability
-Authorization

Reliability

Reliability is a general property of the information system taken as a whole whereas application deal with specific processing of subsets of data to support specific business functions.

Which of the following is not a component of COSO ERM?

-Event identification
-External environment
-Internal control evaluation
-External environment and Internal control evaluation

External environment and Internal control evaluation

Internal environment, objective setting, event Identification, risk assessment, risk response, control activities, information and communication, and monitoring activities are the eight components in the COSO ERM framework.

Under COSO ERM framework, which of the following objectives involves parties external to the organization?

-Strategic objectives
-Compliance objectives
-Operation objectives
-Reporting objectives

Reporting objectives

The ERM framework takes a risk-based, rather than a control-based approach to achieving the firm's objectives in four categories: Strategic, compliance, operation and reporting. The reporting objective is about the reliability of internal and external reporting. Hence, it may involve external parties.

The information system of Carlsbad Bottle Inc. is deemed to be 90 percent reliable. A major threat in the procurement process has been discovered, with an exposure of $300,000. Two control procedures are identified to mitigate the threat. Implementation of control A would cost $18,000 and reduce the risk to 4 percent. Implementation of control B would cost $10,000 and reduce the risk to 6 percent. Implementation of both controls would cost $26,000 and reduce the risk to 2.5 percent. Given the information presented, and considering an economic analysis of costs and benefits only, which control procedure(s) should Carlsbad Bottle choose to implement?

Control B

Expected benefit of an internal control = Impact × Decreased Likelihood
Control A: 300,000 × (10% − 4%) = 18,000 = 18,000
Control B: 300,000 × (10% − 6%) = 12,000 > 10,000
Control A&B: 300,000 × (10% − 2.5%) = 22,500 < 26,000
Carlsbad should implement control B.

Threat: Posting the amount of a sale to a customer account that does not exist

Type of Input Control: ___

Authorization (for sales transactions) or the use of a validity check on the customer number

Threat: A customer entering too many characters into the five-digit zip code while making an online purchase, causing the server to crash

Type of Input Control: ___

Size Check

Threat: An intern's pay rate was entered as $150 per hour, not $15 per hour

Type of Input Control: ___

Reasonableness Check

Threat: Approving a customer order without the customer's address so the order was not shipped on time

Type of Input Control: ___

Completeness Check

Threat: Entering the contract number of a critical contract as 13688 instead of 16388, which is a serious mistake for the company

Type of Input Control: ___

Check digit verification

(CISA exam, adapted) Authentication is the process by which the:

-system verifies that the user is entitled to enter the transaction requested.
-user indicates to the system that the transaction was processed correctly.
-system verifies the identity of the user.
-user identifies him- or herself to the system.

system verifies the identity of the user.

(CMA exam, adapted) Data processing activities may be classified in terms of three stages or processes: input, processing, and output. An activity that is not normally associated with the input stage is:

-recording.
-reporting.
-batching.
-verifying.

reporting

(CISA exam, adapted) To ensure confidentiality in an asymmetric-key encryption system, knowledge of which of the following keys is required to decrypt the receive message?

I. Private
II. Public

I. Private

To authenticate the message sender in an asymmetric-key encryption system, which of the following keys is required to decrypt the received message?

-Sender's public key
-Receiver's private key
-Receiver's public key
-Sender's private key

Sender's public key

To ensure the data sent over the Internet are protected, which of the following keys is required to encrypt the data (before transmission) using an asymmetric-key encryption method?

-Receiver's private key
-Sender's public key
-Receiver's public key
-Sender's private key

Receiver's public key

Which of the following groups/laws was the earliest to encourage auditors to incorporate fraud examination into audit programs?

-COBIT
-COSO
-SAS No. 99
-Sarbanes-Oxley Act
-PCAOB

SAS No. 99

Incentive to commit fraud usually will include all of the following, except:

-alcohol, drug, or gambling addiction.
-financial pressure.
-feelings of resentment.
-inadequate segregation of duties.
-personal habits and lifestyle.

inadequate segregation of duties.

(CPA exam, adapted) An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?

-System hardware policy
-Supply chain management policy
-Disaster recovery plan
-Internal control policy
-System security policy

Disaster recovery plan

A message digest is the result of hashing. Which of the following statements about the hashing process is true?

-It is reversible.
-Comparing the hashing results can ensure confidentiality.
-Hashing is the best approach to make sure that two files are identical.
-None of the choices are true.

Hashing is the best approach to make sure that two files are identical.

Which one of the following vulnerabilities would create the most serious risk to a firm?

-Unauthorized access to the firm's network
-Employees writing instant messages with friends during office hours
-Employees recording passwords in Excel files
-Using open source software (downloaded for free) on the firm's network

Unauthorized access to the firm's network

Which of the following statements is correct?

-Multifactor authentication is less secure than requiring a user always entering a password to access a network.
-SOC 1 reports provide the evaluations on a broader set of controls implemented by the service provider.
-A spam will send a network packet that appears to come from a source other than its actual source.
-Fault tolerance uses redundant units to provide a system with the ability to continue functioning when part of the system fails.

Fault tolerance uses redundant units to provide a system with the ability to continue functioning when part of the system fails.

Which of the following can be considered as a good alternative to back up data and applications?

-Disaster recovery planning
-Cloud computing
-Business continuity management
-Continuous monitoring

Cloud computing

A digital certificate:

-indicates that the subscriber identified has sole control and access to the private key.
-is a trusted entity to certify and revoke Certificate Authorities (CA).
-is used to certify public-key and private-key pairs.
-ensures that the symmetric-key encryption method functions well.

indicates that the subscriber identified has sole control and access to the private key.

The symmetric-key encryption method:

-is not appropriate for encrypting large data sets.
-uses the same key for both senders and receivers for encryption and decryption.
-is slow.
-solves problems in key distribution and key management.

uses the same key for both senders and receivers for encryption and decryption.

The fraud triangle indicates which of the following condition(s) exist for a fraud to be perpetrated?

-rationalization.
-pressure.
-legal environment.
-rationalization and pressure.
-rationalization, pressure and legal environment.

rationalization and pressure.

To prevent repudiation in conducting e-business, companies must be able to authenticate their trading partners. Which of the following encryption methods can be used for authentication purpose?

-Symmetric-key encryption method
-Asymmetric-key encryption method
-Both symmetric-key and asymmetric-key encryption methods are good for authentication.

Asymmetric-key encryption method

Regarding GDPR, which of the following statements is/are correct?

-It is a regulation enforced by EU.
-It is to protect EU citizens' personal data.
-It is not relevant to the companies in the U.S.
-It is a regulation enforced by EU and it is to protect EU citizens' personal data.
-It is a regulation enforced by EU, it is to protect EU citizens' personal data and it is not relevant to the companies in the U.S.

It is a regulation enforced by EU and it is to protect EU citizens' personal data.

Which organization created the Reporting on an Entity's Cybersecurity Risk Management Program and Controls: Attestation Guide in 2017?

-SEC
-AICPA
-US Congress
-Department of Homeland Security

AICPA

Business continuity management is a

-preventive control.
-detective control.
-corrective control.
-Two of the choices are correct.

corrective control.

Encryption is a

-preventive control.
-detective control.
-corrective control.
-Two of the choices are correct.

preventive control.

What is fault tolerance?

-A policy allowing employees to make mistakes
-Using redundant units to continue functioning when a system is failing
-An application that can detect mistakes and correct mistakes automatically
-Two of the choices are correct.

Using redundant units to continue functioning when a system is failing

Comparing encryption with hashing, which one of the following is correct?

-Hashing process is reversible.
-Encryption is used to ensure data integrity.
-Hashing results are large data.
-Encryption results are called cyphertext.

Encryption results are called cyphertext.

Disaster recovery plan is a

-preventive control.
-detective control.
-corrective control.
-Two of the choices are correct.

corrective control.

Select a correct statement describing encryption or hashing process.

-Encryption process is reversible.
-Hashing results are called message digests.
-Hashing process is used to obtain a digital signature.
-Encryption process is to maintain confidentiality.
-All of the choices are correct.

All of the choices are correct.

Select a correct statement regarding encryption methods.

-Most companies prefer using asymmetric-key encryption method for data transmission.
-Symmetric-key encryption method is used to authenticate trading partners.
-Only asymmetric-key encryption method can ensure confidentiality.
-Asymmetric-key encryption method is used to create digital signatures.

Asymmetric-key encryption method is used to create digital signatures.

Encryption Method for:
Good for large data sets

Symmetric-key encryption

Encryption Method for:
Slow in processing

Asymmetric-key encryption

Encryption Method for:
Convenient for key distribution and key management

Asymmetric-key encryption

Encryption Method for:
Each user has a public key and a private key

Asymmetric-key encryption

Encryption Method for:
Good for authentication

Asymmetric-key encryption

Activities required to keep a firm running during a period of displacement or interruption of normal operations

Business continuity management

A process that identifies significant events that may threaten a firms operations and outline the procedures to ensure that the firm with resume operations if such event occur

Disaster recover planning

A service model in which a third-party service provider offers computing resources, including hardware and software applications, to cloud users over the internet, and the service provider charges on a per-user basis

Cloud computing

A clearly defined and documented plan that covers key personnel, resources including IT infrastructure and applications, and actions required to be carried out in order to continue or resume the systems for critical business functions

Disaster recovery planning

Using redundant units to provide a system with the ability to continue functioning when part of the system fails

Fault tolerance

A device using battery power to enable a system to operate long enough to back up critical data and shut down properly during the loss of power

Uninterruptible power supply

Identify and Prioritize Vulnerabilites

Vulnerability assessment

Design a risk response plan, monitor vulnerabilities, establish policy and requirements

Vulnerability management

A local area network (LAN) is best described as a(n):

-electronic library containing millions of items of data that can be reviewed, retrieved, and analyzed.
-computer system that connects computers of all sizes, workstations, terminals, and other devices within a limited proximity.
-method to offer specialized software, hardware, and data-handling techniques that improve effectiveness and reduce costs.
-system that allows computer users to meet and share ideas and information.

computer system that connects computers of all sizes, workstations, terminals, and other devices within a limited proximity.

Which of the following network components is set up to serve as a security measure that prevents unauthorized traffic between different segments of the network?

-Firewall
-Router
-Switch
-Virtual local area networks (VLANs)

Firewall

Unauthorized alteration of records in a database system would impair which of the following components of the CIA (related to security)?

-Authorization
-Confidentiality
-Integrity
-Availability

Integrity

Which of the following is not a task performed by an operating system?

-Translate high-level languages to machine-level language
-Support applications and facilitate their access to specified resources
-Provide controlled access to data and process data
-Manage job scheduling and multiprogramming

-Translate high-level languages to machine-level language

Managers at a consumer products company purchased personal computer software from only recognized vendors and prohibited employees from installing nonauthorized software on their personal computers by enforcing a new end-user computing policy. To minimize the likelihood of computer viruses infecting any of its systems, the company should also:

-test all new software on a stand-alone personal computer.
-recompile infected programs from source code backups.
-restore infected systems with authorized versions.
-institute program change control procedures.

test all new software on a stand-alone personal computer.

Unauthorized alteration of records in a database system can be prevented by employing:

-database access controls.
-computer matching.
-regular review of audit trails.
-key verification.

database access controls.

An organization is planning to replace its wired networks with wireless networks. Which of the following approaches provides the most secure wireless network?

-Disable the network interface card (NIC).
-Implement wired equivalent privacy (WEP) protocol.
-Allow access to only authorized media access control (MAC) addresses.
-Implement wi-fi protected access (WPA2).

Implement wi-fi protected access (WPA2).

The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the best audit technique to use in this situation?

-Integrated test facility
-Generalized audit software
-Test data
-Embedded audit module

Generalized audit software

Which of following statements about CAATs is not correct?

-The integrated test facility is a programmed module or segment that is inserted into an application program to monitor and collect data based on daily transactions.

-The test data technique uses a set of hypothetical transactions to examine the programmed checks and program logic in programs.

-Parallel simulation attempts to simulate or reproduce the firm's actual processing results.

-The embedded audit module may require the auditor to have a good working knowledge of computer programming and a solid understanding of IT risks that may exist in a system.

The integrated test facility is a programmed module or segment that is inserted into an application program to monitor and collect data based on daily transactions.

Which of the following audit techniques should an IS auditor use to detect duplicate invoice records within an invoice master file?

-Embedded audit module
-Test data
-Generalized audit software
-Integrated test facility

Generalized audit software

A group of computers, printers, and other devices connected to the same network and covering a limited geographic range is called a:

-VPN.
-VAN.
-LAN.
-WAN.

LAN.

The most common security threats for wireless LANs include:

-man-in-the-middle.
-system malfunction.
-social engineering.
-virus.

man-in-the-middle.

The test data technique uses:

-a computer program to reprocess the firm's actual data for a past period to generate simulated results.
-an automated technique that enables test data to be continually evaluated during the normal operation of a system.
-a set of input data to validate system integrity.
-a programmed audit module that is added to the system under review.

a set of input data to validate system integrity.

Which of the following is not one of the main purposes for a WAN?

-Provide remote access to employees and/or customers
-Link two or more geographically dispersed sites within a company
-Provide corporate access to the Internet
-Securely connect a network to distant offices in a building by sending encrypted packets

Securely connect a network to distant offices in a building by sending encrypted packets

An operational database:

-covers the data of current and previous fiscal years.
-contains data that are uploaded from a data warehouse.
-contains data that are volatile.
-is updated before transactions are processed.

contains data that are volatile.

What is the main purpose of using VPN today?

-Secure the data transmission between e-business trading partners.
-Examine the Internet traffic and to prevent from DoS attacks.
-Maintain a secured data transmission or communication for remote access.
-None of these choices are correct.

Maintain a secured data transmission or communication for remote access.

Select the correct statement(s) regarding network devices.

-Firewalls are used to screen and secure data transmitted among internal networks.
-Routers use IP addresses for data transmission over the Internet.
-Hubs are used for transmitting packets over internal networks.
-Firewalls are used to screen and secure data transmitted among internal networks and routers use IP addresses for data transmission over the Internet.
-Routers use IP addresses for data transmission over the Internet and hubs are used for transmitting packets over internal networks.

Routers use IP addresses for data transmission over the Internet and hubs are used for transmitting packets over internal networks.

Select a correct statement regarding routers.

-Routers are used for data transmission over internal networks.
-Routers use MAC addresses to pass the packets over the Internet.
-Routers and hubs using the same approach in transmitting packets.
-None of these choices are correct.

None of these choices are correct.

Select a correct statement regarding database systems.

-Data mining are often used to analyze data in the data warehouse.
-A data warehouse is the operational database.
-A company's ERP system is often the same as the data warehouse.
-Two of the choices are correct.

Data mining are often used to analyze data in the data warehouse.

Which of the following is not a generalized audit software (GAS)?

-ACL
-SAP
-IDEA

SAP

This computer network covers a broad area (e.g., includes any network whose communications link cross metropolitan, regional, or national boundaries over a long distance)

WAN

The internet is a good example of this type of network

WAN

This type of network often uses Layer 2 devices like switches and Layer 1 devices like hubs

LAN

The purpose of this type of network is mainly for remote access

VPN

This type of network comprises of two fundamental architectural components: stations and access points

Wireless LAN

This type of network has a large geographical range generally spreading across boundaries and ofter needs leased telecommunication lines

WAN

Which of the following is not an approach used for online analytical processing (OLAP).

-Exception reports
-What-if simulations
-Consolidation
-Data mining

Data mining

The purpose of a company's firewall is to:

-Guard against spoofing.
-Filter packets.
-Deny computer hackers access to sensitive data.
-All the answers are correct.

All the answers are correct.

Which of the statements regarding a data warehouse is incorrect?

-It is a centralized collection of firm-wide data
-The purpose of a data warehouse is to provide a rich data set for management to identify patterns and to examine trends of business events
-Includes data for the current fiscal year only
-The data in a data warehouse is pulled from each of the operational databases periodically

Includes data for the current fiscal year only

Which of the following statements about switches is correct?

-A hub is smarter than Switch.
-Switches provide more security protections than hubs do for a company's internal network.
-Switches are widely used in WANs.
-A Switch contains multiple ports.

Switches provide more security protections than hubs do for a company's internal network.

Which of the following describes a group of computers that connects the internal users of a company distributed over an office building?

-Internet
-LAN
-Virtual private network (VPN)
-Decentralized network

LAN

Which of the following is not a management control for wireless networks?

-Assigning roles and responsibilities of employees for access control
-Conducting risk assessment on a regular basis
-Conducting appropriate awareness training on wireless networks
-Creating policies and procedures

Conducting appropriate awareness training on wireless networks

What is the man-in-the-middle threat for wireless LANs?

-The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network
-The attacker passively monitors wireless networks for data, including authentication credentials
-The attacker steals or makes unauthorized use of a service
-The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.

The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.

Which of the following statements regarding the black-box approach for systems auditing is correct?

-The auditors need to gain detailed knowledge of the systems' internal logic.
-The black-box approach could be adequate when automated systems applications are complicated.
-The auditors first calculate expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results.
-All of these answers are correct.

The auditors first calculate expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results.

What is data mining?

-A particular attribute of information.
-A common term for the representation of multidimensional data.
-The process of analyzing data to extract information that is not affected by the raw data alone.
-None of the answer is correct.

The process of analyzing data to extract information that is not affected by the raw data alone.

What is the test data technique?

-It uses a set of input data to validate system integrity.
-It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system.
-It is an automated technique that enables test data to be continually evaluated during the normal operation of a system.
-"It uses a set of input data to validate system integrity" and "It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system" are correct.
-None of the answer is correct.

"It uses a set of input data to validate system integrity" and "It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system" are correct.

Within a WAN, a router would perform the following functions except?

-Provide the communication within the network
-Select network pathways within a network for the flow of data packets
-Amplify and rebroadcast signals within a network
-Forward data packets to their network destination

Amplify and rebroadcast signals within a network

Which of the following strategies will a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

-Continuous monitoring and analysis of transaction processing with an embedded audit module.
-Increased reliance on internal control activities that emphasize the segregation of duties.
-Verification of encrypted digital certificates used to monitor the authorization of transactions.
-Extensive testing of firewall boundaries that restrict the recording of outside network traffic.

Continuous monitoring and analysis of transaction processing with an embedded audit module.

Which of the following is the primary reason that many auditors hesitate to use embedded audit modules?

-Embedded audit modules cannot be protected from computer viruses.
-Auditors are required to monitor embedded audit modules continuously to obtain valid results.
-Embedded audit modules can easily be modified through management tampering.
-Auditors are required to be involved in the system design of the application to be monitored.

Auditors are required to be involved in the system design of the application to be monitored.

The results of a generalized audit software simulation of the aging of accounts receivable revealed substantial differences in the aging contribution, even though grand totals reconciled. Which of the following should the IS auditor do first to resolve the discrepancy?

-Recreate the test, using different software.
-List a sample of actual data to verify the accuracy of the test program.
-Ignore the discrepancy because the grand totals reconcile and instruct the controller to correct the program.
-Create test transactions and run test data on both the production and simulation program.

List a sample of actual data to verify the accuracy of the test program.

Common IT techniques that are needed to implement continuous auditing include:

-Data warehouse and data mining.
-Transaction logging and query tools.
-Computer-assisted audit techniques.
-All the answers are correct.

All the answers are correct.

Which statements are incorrect about virtual private network (VPN)?

-It is a way to use the public telecommunication infrastructure in providing secure access to an organization's network.
-It enables the employees to work remotely by accessing their firm's network securely using the Internet
-The packets sent through VPN are encrypted and with authentication technology.
-The expensive cost is one major disadvantage of VPN.

The expensive cost is one major disadvantage of VPN.

Which of the following is least likely to be considered a component of a computer network?

-Application programs.
-Computers.
-Servers.
-Routers.

Application programs.

Which of the following statements regarding the purposes of an operating system is correct?

-To ensure the integrity of a system
-To control the flow of multiprogramming and tasks of scheduling in the computer
-To allocate computer resources to users and applications
-All the answers are correct.

All the answers are correct.

Which of the following is not a benefit of using wireless technology?

-Mobility
-Rapid deployment
-Flexibility and Scalability
-Security

Security

The masquerading threat for wireless LANs is:

-The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.
-The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it.
-The attacker passively monitors wireless networks for data, including authentication credentials.
-The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network.

The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network.

Which of the following statements is not correct?

-The IP address of a desktop computer often changes.
-The MAC address of a desktop computer often changes.
-The IP address of a Web server does not change.
-Each hardware device must have a MAC address.

The MAC address of a desktop computer often changes.

Which of the following is not a use of CAATs in auditing?

-Test of details of transactions and balances
-Analytical review procedures
-Fraud examination
-Produce terms and conditions of employment

Produce terms and conditions of employment

Which of the following statements is wrong regarding continuous audit?

-Continuous audit is used to perform audit-related activities on a continuous basis.
-Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance.
-Technology plays a key role in continuous audit in analyzing trends and patterns of transactions, identifying exceptions and anomalies, and testing controls.
-Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis.

Continuous audit is frequently used to perform substantive tests and is used for testing of controls through transactional-data analysis.

Which of the following statements about firewalls is wrong?

-A firewall is a security system comprised of hardware and software that is built using routers, servers, and a variety of software
-A firewall allows individuals on the corporate network to send and receive data packets from the Internet
-A firewall can filter through packets coming from outside networks to prevent unauthorized access
-A firewall connects different LANs, software-based intelligent devices, and examines IP addresses

A firewall connects different LANs, software-based intelligent devices, and examines IP addresses

One control objective for an operating system is that it must be protected from itself. Which of the following statements best explains this concept?

-The operating system should be able to gracefully terminate activities, and later recover to its previous state.
-No operating system module should be allowed to corrupt or destroy another operating system module.
-User applications must not be allowed to gain control of or damage the operating system.
-The operating system must be able to prevent unauthorized users from accessing, corrupting, or destroying other users' data.

No operating system module should be allowed to corrupt or destroy another operating system module.

IT governance over operating systems includes establishing proper policies and procedures. These policies and procedures over operating systems should cover all of the following except:

-Which computing hardware to use.
-Who can access the operating system.
-Which actions users can take.
-Which resources users can use.

Which computing hardware to use.

Accounting professionals should understand database systems for all of the following reasons except:

-Accountants have a strong understanding of risks, controls and business processes.
-Accountants increasingly participate in creating internal control systems.
-Accountants typically manage organizations' operational databases.
-Accountants frequently help improve business and IT processes.

Accountants typically manage organizations' operational databases.

Which of the following best describes a data warehouse?

-Users typically post operational transactions directly to the data warehouse.
-Data warehouses contain real-time data.
-A data warehouse typically hold no more than one year's worth of data.
-A data warehouse contains nonvolatile data.

A data warehouse contains nonvolatile data.

Which of the following tools is typically used in data mining?

-COBIT.
-OLAP.
-REA.
-DBA.

OLAP.

Which of the following uses best describes the use of a VPN?

-Connect computers, printers, and file servers in an office building.
-Lease dedicated communication lines to guarantee connection performance between remote office locations.
-Allow employees traveling for business to connect to home office computing resources.
-Allocates computing resources among multiple processors and operating systems.

Allow employees traveling for business to connect to home office computing resources.

Which of the following is not one of the benefits of using a wireless network?

-Flexibility and scalability.
-Mobility.
-Greater security.
-Rapid deployment.

Greater security.

Which of the following is not one of the categories of security controls for wireless networks?

-Operational controls.
-Application controls.
-Management controls.
-Technical controls.

Application controls.

Which of the following is not one of the reasons auditors should consider the use of CAATs?

-ISACA standards require IS auditors to obtain sufficient, reliable, and relevant evidence, and should perform appropriate analysis of this evidence.
-GAAP stipulates that audits should be performed using tools and techniques appropriate to the evidence being reviewed.
-The IIA professional practices state that auditor must consider the use of technology-based auditing tools when conducting audits.
-GAAS requires auditors to gather sufficient and appropriate evidence in the course of audit field work.

GAAP stipulates that audits should be performed using tools and techniques appropriate to the evidence being reviewed.

CAATs are commonly used in all of the following situations except:

-Transaction testing.
-Network penetration testing.
-Encryption testing.
-Operating system vulnerability assessments.

Encryption testing.

Which of the following is not considered one of the primary CAAT approaches?

-The black-box approach.
-Encryption testing.
-Auditing through the computer.
-The white-box approach.

Encryption testing

Which of the following approaches and/or tools are not typically used as part of a CAAT approach to auditing?

-Integrated testing facility (ITF).
-Generalized audit software (GAS).
-Audit calculation engine (ACE).
-Embedded audit module (EAM).

Audit calculation engine (ACE).

Which of the following is not considered an advantage of using a continuous auditing approach?

-Transactions can be tested and analyzed closer in time to when they actually occur.
-Better compliance with laws and regulations.
-It can reduce the effort required for routine testing.
-It can be costly and time consuming to set up continuous auditing processes.

It can be costly and time consuming to set up continuous auditing processes.

Which of the following best describes continuous auditing?

-Audit-related activities are performed throughout the period under review.
-The full audit team remains on the client site for the entire fiscal year.
-The database extracts every 10th transaction and flags it for audit review.
-Auditors can generate greater fees by increasing the amount of manual testing performed for the client.

Audit-related activities are performed throughout the period under review.

ACL and IDEA are two prominent examples of which of the following?

-ITF.
-GAS.
-EAM.
-DBMS.

GAS.

Which of the following is a key difference between bitcoin and ethereum?

How often is a block added to ethereum quizlet?

Which of the following is a key advantage of using blockchain to record transactions?

Which of the following is the function of blockchain technology?