All Matches

Solution Library

Expert Answer

Textbooks

Search Textbook questions, tutors and Books

Oops, something went wrong!

Change your search query and then try again

Result Not Found

Books FREE
Tutors
Study Help
Ask a Question

Search
Sign In
Register

study help
business
auditing assurance services

Questions and Answers of Auditing Assurance Services

Which logging strategy facilitates rollforward of the database?a. Logging input transactionsb. Logging before imagesc. Logging valid transactions onlyd. Logging afterimages
A purpose of separating successful input transactions from unsuccessful input transactions on a log is to:a. Avoid control total problems when the data must be reprocessed for recoveryb. Facilitate
Which of the following is not a problem when rollback is needed as a means of recovery and concurrent update processes have altered the damaged database?a. All processes that update the corrupted
Residual dumping involves logging records that have not been changed since the:a. Last residual dumpb. Second-last residual dumpc. Last full dumpd. Second-last full dump
If a roll forward operation takes place using a residual dump, recovery involves:a. Going back to but not including the second-last residual dumpb. Going back to and including the last residual
Which of the following is a disadvantage of residual dumping?a. There is less flexibility in leveling system workloadsb. There is more duplicate backupc. It cannot take place as a background
A differential file facilitates rollback because:a. Record changes and beforeimages can be assigned to a high-speed storage deviceb. The primary file constitutes beforeimage versions of the updated
Which of the following statements about shadow paging is true?a. When processing of a transaction commences, the current page table is deletedb. Rollback involves overwriting the shadow page table
What are the major functions of the processing subsystem? What are the major components of the processing subsystem?
What factors can cause a central processor to fail? What controls can be used to detect and correct errors that occur in the central processor?
How does the existence of a multiple-state machine enhance control within the central processing unit?
What is the purpose of timing controls within the central processing unit?
Briefly distinguish between a multicomputer architecture and a multiprocessor architecture. What is the primary purpose of using these types of architectures when machines are built?
What factors cause errors in a real memory cell? How are errors often detected?
Distinguish between the real memory protection mechanisms used in a multiuser contiguous storage-allocation system and a multiuser noncontiguous storage-allocation system.
How does a "tagged" architecture enhance control over real memory cells?
Briefly explain the nature of virtual memory. How does the addressing mechanism work in a virtual memory system?
Briefly distinguish between a ticket-oriented and a list-oriented approach to access control over a virtual memory block.
List the five goals that a secure operating system must achieve.
Briefly explain the nature of the following types of operating system penetration techniques:a. Browsingb. Piggybackingc. Trojan horse
Briefly explain the nature of:a. Covert storage channelsb. Covert timing channels
Briefly explain the nature of the following types of operating system integrity flaws:a. Incomplete parameter validationb. Implicit sharing of datac. Asynchronous validation
Briefly explain what is meant by a reference monitor. What is the relationship between a security kernel and a reference monitor?
Briefly explain the nature of trusted processes within a security kernel. Why do trusted processes need special attention during the audit of an operating system?
What approach should be followed to the analysis, design, and implementation of an operating system?
Outline the nature of the four rating divisions described in the U.S. National Computer Security Center's Trusted Computer System Evaluation Criteria.
Briefly explain the nature of the following types of application program validation checks in the processing subsystem:a. Overflow checkb. Range checkc. Reasonableness checkd. Sign checke.
What is the purpose of minimizing human intervention during application system processing?
What are hardware/software numerical hazards? In what types of application systems should auditors be concerned about hardware/software numerical hazards?
Why is it sometimes useful to employ redundant calculations in a program? In what types of programs would redundant calculations be most useful?
What data must be available in the accounting audit trail so auditors can uniquely identify the process that has been executed on an input data item and the functions performed by that process?
What is a triggered transaction? What implications do triggered transactions have for the accounting audit trail in the processing subsystem?
What component in the processing subsystem usually collects data for the operations audit trail? How is this component activated to collect particular kinds of data?
List the four categories of events that are recorded on the operations audit trail. Which category is likely to have the most entries? Briefly explain why.
What interest do auditors have in the way in which resource consumption data is used to bill users?
List two types of events that auditors might wish to monitor using the exit facilities in the operations audit trail logging facility. Briefly explain why these events are of interest to us as
Outline the control problems posed by the existence of an operations audit trail logging facility that allows user exits. Give two strategies for overcoming these control problems.
Briefly explain the nature of checkpoint/restart controls. What situations can arise where checkpoint/restart controls are needed?
From an audit perspective, what are the important requirements of a checkpoint/ restart facility? How can auditors determine the adequacy of checkpoint/restart facilities?
Which of the following faults in a central processing unit is most likely to be detected by a parity checka. Corruption of data in a register by electromagnetic interferenceb. Failure of a
A multiple-state machine is one that provides:a. Multiple types of computational and logic validity checks in a single stateb. A mechanism for executing different processes in different partitionsc.
Which of the following statements about multicomputer and multiprocessor architectures is true?a. Only one copy of the operating system exists in a multicomputer architectureb. Voting procedures are
Real memory errors primarily are detected through:a. Valid character checksb. Read-after-write checksc. Boundary register checksd. Parity-based Hamming code checks
In which type of real memory access control system is a lock-and-key mechanism most likely to be used?a. Single-user, contiguous storage allocation systemb. Single-user, noncontiguous storage
Which of the following types of checks is not likely to be performed by a virtual memory addressing mechanism?a. The address translation table is examined to determine the real memory address for the
Which of the following is not likely to be a goal of a reliable operating system?a. The operating system must protect the environment from user processesb. The operating system must protect user
Which of the following operating system penetration techniques takes advantage of the time during which a legitimate user is still connected to the system but is inactive?a. Between lines entryb.
Which of the following is unlikely to be a technique used to implement a covert storage channel whereby one process can communicate sensitive information to another unauthorized process?a. Changing
If an operating system uses a subset of the memory allocated to a user program for a work space, this integrity flaw is called:a. Violable limitsb. Asynchronous validationc. Implicit sharing of
The difference between a security kernel and a reference monitor is that:a. A security kernel is a component implementation of a security policy, whereas a reference monitor is an abstract
Which of the following statements about trusted processes is false?a. Only trusted personnel, such as security administrators, should be authorized to use themb. They are not bound by all the
Which of the following statements about Division \(\mathrm{C} 2\) certification according to the U.S. National Computer Center's Trusted Computer Evaluation Criteria is true?a. Mandatory access
Match the following: I Field check II Record check III File check a III-C; II-D; I-B; II-A b I-C; II-B; III-A; III-D V c II-A; III-B; I-C; I-D d III-D; I-C; II-B; II-A A Control total B Sign test C
In the processing subsystem, hardware/software numerical hazards are most likely to arise because of:a. Incorrect program design relating to subroutines called in a computationb. Transient memory
Which of the following application program controls is most likely to mitigate expected losses associated with rounding errors in a calculation?a. Avoidance of closed routines when arithmetic
Which of the following events is most likely to be included in the accounting audit trail for the processing subsystem?a. Program start timeb. Attempted integrity violationc. A hardware malfunctiond.
Which of the following would not be a report that typically could be produced by generalized software that is available to interrogate the operations audit trail in the processing subsystem?a.
The logging software used to maintain the operations audit trail in the processing subsystem can cause control problems because:a. It can be used to modify or delete records accessed by an
Checkpoint/restart facilities would not permit recovery from which of the following problems?a. Loading the wrong tape reel in a multireel fileb. A temporary hardware errorc. Loading the wrong
You are an information systems auditor in a public accounting firm that has just taken over the audit of a medium-sized manufacturing company from another firm. The hardware/software platform used by
Bull and Bear Ltd. is a new, aggressive, Boston-based, medium-sized brokerage firm. It specializes in offering high-quality, personalized service to clients who have a relatively high level of
Sunshine Credit Union is a small credit union based in San Diego. In the past financial year, it has moved from using a microcomputer-based package to using the services of a computer service bureau
Wombat Ltd. is a Sydney-based company that specializes in gathering and processing seismic data. It is employed by oil companies all over the world to undertake work in support of their exploration
The information systems department in your organization has recently purchased a checkpoint/restart facility to support their batch processing operations. Although batch systems are only a small part
Briefly describe the three major types of exposure in the communication subsystem.
What is meant by noise on a communication line? What factors affect the amount of noise that exists on a line? What are the effects of noise?
Briefly distinguish between a passive threat and an active threat to the communication subsystem. Identify each of the following as active threats or passive threats:a. Traffic analysisb. Denial of
From a control viewpoint, do bounded transmission media or unbounded transmission media pose more of a problem? Why?
What control advantages do private communication lines offer over public communication lines?
How can modems improve the reliability of the communication subsystem?
Briefly describe three security functions performed by a port-protection device.
Briefly explain the difference between multiplexing and concentration techniques. How do they improve the reliability of the communication subsystem?
Briefly explain the difference between a loop check and redundancy as a means of detecting errors on a communication line. What are the relative advantages and disadvantages of each approach?
Briefly explain the difference between a parity check and a cyclic redundancy check,
Give an example of where forward error correcting codes might be chosen in preference to retransmission as a means of error correction.
What is the purpose of flow controls in the communication subsystem? Briefly explain the difference between the stop-and-wait flow control protocol and the sliding-window flow control protocol.
What is the purpose of link controls in the communication subsystem?
What is meant by the topology of a network? List three factors that should be considered when choosing a network topology.
From a control perspective, list the advantages and disadvantages of the following topologies: (a) ring, (b) mesh, and (c) star.
Briefly explain the function that channel access controls perform within the communication subsystem. What is the difference between polling methods and contention methods as a means of channel
Briefly describe two problems that can arise with token passing techniques as a means of channel access control.
Why is encryption an important means of protecting the integrity of data passing over public communication lines? Is encryption also useful as a means of protecting data passing over private
Distinguish between link encryption and end-to-end encryption. What are the relative strengths and limitations of link encryption versus end-to-end encryption?
Distinguish between block ciphers and stream ciphers. What are the relative strengths and limitations of block ciphers versus stream ciphers?
Explain the nature of a message authentication code (MAC). Why are message authentication codes often used in electronic funds transfer systems?
Expected losses from which types of threats'can be reduced by using message sequence numbers? Why must encryption controls be used in conjunction with message sequence numbers?
Briefly explain the nature of a request-response mechanism. Why is it unlikely that request-response mechanisms would be used extensively in commercial data communication systems?
Briefly explain the difference between a bridge, â router, and a gateway. Why are these devices useful from a control viewpoint?
What is a communication architecture? How is the concept of a communication architecture useful to us as auditors?
What is the purpose of the accounting audit trail in the communication subsystem? List four items that might be contained in the accounting audit trail in the communication subsystem.
How does the operations audit trail in the communication subsystem assist network supervisors in their decisions on how to reconfigure the network to improve efficiency? List three data items that
Why is it difficult to provide backup for all components that might be used in a communication network?
Why is it especially important that operations personnel be well-trained with respect to backup and recovery procedures for a communication network?
Which of the following statements about transmission impairments is true?a. Delay distortion is the weakening of a signal as it traverses some transmission mediumb. Digital signals are subject to
Which of the following conditions is most likely to lead to an increase in white noise?a. Faulty switching gearb. Atmospheric conditionsc. Poor contactsd. Temperature increases
Which of the following types of subversive attacks on a communication network is a passive attack?a. Message modificationb. Denial of message servicec. Traffic analysisd. Changed message order
Which of the following transmission media is most resistant to wiretapping?a. Optical fiberb. Satellite microwavec. Twisted-pair wired. Infrared
Which of the following transmission media is most resistant to interference?a. Radio frequencyb. Coaxial cablec. Terrestrial microwaved. Satellite microwave
As a control, line conditioning is likely to be least effective against which of the following threats?a. Noiseb. Wiretappingc. Attenuationd. Distortion
Which of the following usually is not a purpose of a modem?a. Reduce line errors caused by noiseb. Produce encrypted messagesc. Convert digital signals to analog signalsd. Increase the speed of data

Showing 600 - 700 of 2558

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Last

Get In Touch

About Us
Contact Us
Career
Jobs
FAQ
Campus Ambassador

Company Info

Security
Copyrights
Privacy Policy
Terms & Condition
SolutionInn Fee
Scholarship

Services

Sitemap
Fun
Definitions
Become Tutor
Study Help Categories
Recent Questions
Expert Questions

Copyright © 2024 SolutionInn All Rights Reserved.

Get the SolutionInn - Study Help App