1. (CISA exam, adapted) Authentication is the process by which the:
a. System verifies that the user is entitled to enter the transaction requested.
b. System verifies the identity of the user.
c. User identifies him- or herself to the system.
d. User indicates to the system that the transaction was processed correctly.

2. (CMA exam, adapted) Data processing activities may be classified in terms of three stages or processes: input, processing, and output. An activity that is not normally associated with the input stage is:
a. Batching.
b. Recording.
c. Verifying.
d. Reporting.

3. (CISA exam, adapted) To ensure confidentiality in an asymmetric-key encryption system, knowledge of which of the following keys is required to decrypt the receive message?
I. Private
II. Public
a. I
b. II
c. Both I and II
d. Neither I nor II

4. To authenticate the message sender in an asymmetric-key encryption system, which of
the following keys is required to decrypt the received message?
a. Sender’s private key
b. Sender’s public key
c. Receiver’s private key
d. Receiver’s public key

5. To ensure the data sent over the Internet are protected, which of the following keys is required to encrypt the data (before transmission) using an asymmetric-key encryption method?
a. Sender’s private key
b. Sender’s public key
c. Receiver’s private key
d. Receiver’s public key

6. Which of the following groups/laws was the earliest to encourage auditors to incorporate fraud examination into audit programs?
a. COSO
b. COBIT
c. PCAOB
d. SAS No. 99
e. Sarbanes-Oxley Act

7. Incentive to commit fraud usually will include all of the following, except:
a. Inadequate segregation of duties.
b. Financial pressure.
c. Personal habits and lifestyle.
d. Feelings of resentment.
e. Alcohol, drug, or gambling addiction.

8. (CPA exam, adapted) An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?
a. Internal control policy
b. System hardware policy
c. System security policy
d. Disaster recovery plan
e. Supply chain management policy

9. A message digest is the result of hashing. Which of the following statements about the hashing process is true?
a. It is reversible.
b. Comparing the hashing results can ensure confidentiality.
c. Hashing is the best approach to make sure that two files are identical.
d. None of the above is true.

10. Which one of the following vulnerabilities would create the most serious risk to a firm?
a. Using open source software (downloaded for free) on the firm’s network
b. Employees recording passwords in Excel files
c. Employees writing instant messages with friends during office hours
d. Unauthorized access to the firm’s network