New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
auditing assurance services
Information Systems Control And Audit 1st Edition Ron Weber - Solutions
What conditions must exist before a grandfather, father, son backup strategy can be used? Briefly discuss the advantages and disadvantages of the strategy.
The dual recording/mirroring backup strategy does not allow recovery of the database from all types of failure. Briefly describe the situations where recovery can not be accomplished.
Briefly explain the differences between logical dumping and physical dumping. What are the relative advantages and disadvantages of each method of dumping?
Why is dumping only a partial backup strategy?
Briefly describe the various types of logs that can be used for recovery purposes. Why might a combination of logging strategies be used for recovery purposes?
When logging input transactions, why is it necessary to distinguish between transactions that have been processed successfully and those that have been processed in error? If this distinction is not made, during the recovery process what actions must be taken?
Briefly explain the process of rolling back the database using beforeimages of the records in the database. Why is it necessary to take beforeimages of records in a list file that are moved because of a physical reorganization to the file?
Explain the problems of using afterimages to roll back the database. Why might a decision have been made not to log beforeimages, even though the problems of rolling back the database were recognized at the outset?
Briefly explain the residual dump backup and recovery strategy. Is it necessary to log both beforeimages and afterimages of records changed using a residual dump strategy?
Briefly explain the concept of a differential file. What advantages does a differential file have for backup and recovery purposes?
Briefly explain the shadow paging backup and recovery strategy. Give one advantage and one disadvantage of the shadow paging strategy.
Which of the following types of database access control will prevent personnel clerks from accessing the names of employees whose salaries exceed \(\$ 30,000\) unless they are seeking to perform some type of statistical function?a. Content-dependent access controlb. History-dependent access
Which of the following types of database access control is the most difficult to enforce?a. Name-dependent access controlb. Context-dependent access controlc. Content-dependent access controld. History-dependent access control
The purpose of horizontal propagation controls is to:a. Restrict user views of the database only to relations that are used in multiple application systemsb. Limit the number of users to whom a user can assign action privilegesc. Permit users to carry the action privileges they have been assigned
Which of the following statements about polyinstantiation as a means of implementing mandatory access controls in the database subsystem is true?a. Conditional statements are applied to a single tuple of a relation to determine what data the user can accessb. Different access controls mechanisms
If a minimal cardinality constraint applies to an entity in the entity-relationship model, it specifies:a. The minimum number of relationships that the entity can have with other entities in the databaseb. The smallest value that can be assigned to the primary key that uniquely identifies the
Which of the following statements best describes the meaning of a referential integrity constraint in the relational data model?a. The primary key of tuple in a relation must uniquely identify the tuple in the databaseb. Users cannot reference a tuple of a relation unless they have been assigned
Incorrect end-of-file protocols in an application update program tend to result in:a. Transaction file records not being processedb. Standing data being corruptedc. Programs getting into loopsd. The incorrect internal label being inserted into the header record on a file
An application program that updates monetary data items should maintain a suspense account to:a. Act as a repository for monetary transactions that mismatch the master fileb. Allow postings if a forward invoicing facility is provided for customersc. Signal when end-of-period processing can be
Which of the following data items is most likely to have its integrity protected by controls over standing data?a. A raw material issueb. A pay ratec. A customer's addressd. A quantity sold
Which of the following is not a condition for deadlock to arise?a. Additional requestb. Circular waitc. Lockoutd. Preemption
Which of the following properties of a transaction is not required for two phase locking to worka. Isolationb. Atomicityc. Consistencyd. Temporality
Which of the following statements about concurrency controls in a distributed database environment is true?a. Isolation of transactions is not required to effect two-phase lockingb. In a replicated database, two-phase schedulers may be stored with each version of the data itemc. In a partitioned
Which of the following statements about cryptographic controls in the database subsystem is false?a. If little or no sharing of data among users occurs, each user can protect their own data using a personal cryptographic keyb. Block encryption is more likely to be used to protect stored data than
Which of the following is least likely to be an objective of file handling controls?a. To prevent data items from being accidentally overwrittenb. To ensure the correct file has been loaded for a programc. To prevent inefficient access by programs to datad. To ensure data is retained for a certain
Which of the following objectives will require an explosion operation in terms of the accounting audit trail in the database subsystem?a. To determine whether a transaction entered by one user updated an account before a transaction entered by another userb. To determine whether a transaction
Which of the following objectives is least likely to be served by the operations audit trail in the database subsystem?a. To determine whether a new index needs to be established in the databaseb. To determine whether a more secure encryption key should be installed to protect the privacy of datac.
Which of the following is not a disadvantage of the grandfather, father, son backup and recovery strategy?a. Precludes update in placeb. Consumes substantial resources to effect global recoveryc. File is unavailable during recoveryd. Cannot be used where concurrent processes update the file
Dual protection/mirroring affords protection against:a. A procedural errorb. A system software errorc. An application program errord. A power loss
Relative to physical dumping, logical dumping:a. Is a faster backup strategyb. Is slower when localized recovery is neededc. Causes fewer problems with multilist file organizationsd. Is more appropriate when concurrent update of the database is permitted
Which of the following is not a purpose of logging?a. To obviate the need for a dumpb. To provide a record of transactions in the time sequence in which they occurredc. To reduce the downtime needed for resubmission of the transactionsd. To facilitate both rolling forward and rolling back the
Which logging strategy facilitates rollforward of the database?a. Logging input transactionsb. Logging before imagesc. Logging valid transactions onlyd. Logging afterimages
A purpose of separating successful input transactions from unsuccessful input transactions on a log is to:a. Avoid control total problems when the data must be reprocessed for recoveryb. Facilitate preserving the time series of the successful transactions onlyc. Avoid duplicate error messages that
Which of the following is not a problem when rollback is needed as a means of recovery and concurrent update processes have altered the damaged database?a. All processes that update the corrupted data items must be identified so they can be locked out when an error is discoveredb. It might be
Residual dumping involves logging records that have not been changed since the:a. Last residual dumpb. Second-last residual dumpc. Last full dumpd. Second-last full dump
If a roll forward operation takes place using a residual dump, recovery involves:a. Going back to but not including the second-last residual dumpb. Going back to and including the last residual dumpc. Going back to the last full dump because a residual dump does not facilitate roll forwardd. Going
Which of the following is a disadvantage of residual dumping?a. There is less flexibility in leveling system workloadsb. There is more duplicate backupc. It cannot take place as a background operationd. Recovery is more complex than with a physical dump
A differential file facilitates rollback because:a. Record changes and beforeimages can be assigned to a high-speed storage deviceb. The primary file constitutes beforeimage versions of the updated recordsc. The differential file constitutes before image versions of the updated recordsd. It is
Which of the following statements about shadow paging is true?a. When processing of a transaction commences, the current page table is deletedb. Rollback involves overwriting the shadow page table with the current page tablec. When a transaction updates the database, a new page is written to a new
What are the major functions of the processing subsystem? What are the major components of the processing subsystem?
What factors can cause a central processor to fail? What controls can be used to detect and correct errors that occur in the central processor?
How does the existence of a multiple-state machine enhance control within the central processing unit?
What is the purpose of timing controls within the central processing unit?
Briefly distinguish between a multicomputer architecture and a multiprocessor architecture. What is the primary purpose of using these types of architectures when machines are built?
What factors cause errors in a real memory cell? How are errors often detected?
Distinguish between the real memory protection mechanisms used in a multiuser contiguous storage-allocation system and a multiuser noncontiguous storage-allocation system.
How does a "tagged" architecture enhance control over real memory cells?
Briefly explain the nature of virtual memory. How does the addressing mechanism work in a virtual memory system?
Briefly distinguish between a ticket-oriented and a list-oriented approach to access control over a virtual memory block.
List the five goals that a secure operating system must achieve.
Briefly explain the nature of the following types of operating system penetration techniques:a. Browsingb. Piggybackingc. Trojan horse
Briefly explain the nature of:a. Covert storage channelsb. Covert timing channels
Briefly explain the nature of the following types of operating system integrity flaws:a. Incomplete parameter validationb. Implicit sharing of datac. Asynchronous validation
Briefly explain what is meant by a reference monitor. What is the relationship between a security kernel and a reference monitor?
Briefly explain the nature of trusted processes within a security kernel. Why do trusted processes need special attention during the audit of an operating system?
What approach should be followed to the analysis, design, and implementation of an operating system?
Outline the nature of the four rating divisions described in the U.S. National Computer Security Center's Trusted Computer System Evaluation Criteria.
Briefly explain the nature of the following types of application program validation checks in the processing subsystem:a. Overflow checkb. Range checkc. Reasonableness checkd. Sign checke. Crossfooting checkf. Control total check
What is the purpose of minimizing human intervention during application system processing?
What are hardware/software numerical hazards? In what types of application systems should auditors be concerned about hardware/software numerical hazards?
Why is it sometimes useful to employ redundant calculations in a program? In what types of programs would redundant calculations be most useful?
What data must be available in the accounting audit trail so auditors can uniquely identify the process that has been executed on an input data item and the functions performed by that process?
What is a triggered transaction? What implications do triggered transactions have for the accounting audit trail in the processing subsystem?
What component in the processing subsystem usually collects data for the operations audit trail? How is this component activated to collect particular kinds of data?
List the four categories of events that are recorded on the operations audit trail. Which category is likely to have the most entries? Briefly explain why.
What interest do auditors have in the way in which resource consumption data is used to bill users?
List two types of events that auditors might wish to monitor using the exit facilities in the operations audit trail logging facility. Briefly explain why these events are of interest to us as auditors.
Outline the control problems posed by the existence of an operations audit trail logging facility that allows user exits. Give two strategies for overcoming these control problems.
Briefly explain the nature of checkpoint/restart controls. What situations can arise where checkpoint/restart controls are needed?
From an audit perspective, what are the important requirements of a checkpoint/ restart facility? How can auditors determine the adequacy of checkpoint/restart facilities?
Which of the following faults in a central processing unit is most likely to be detected by a parity checka. Corruption of data in a register by electromagnetic interferenceb. Failure of a computational process in the arithmetic unit through component fatiguec. Fetch of an instruction that is not
A multiple-state machine is one that provides:a. Multiple types of computational and logic validity checks in a single stateb. A mechanism for executing different processes in different partitionsc. Different execution states as a basis for assessing the legitimacy of an instructiond. Different
Which of the following statements about multicomputer and multiprocessor architectures is true?a. Only one copy of the operating system exists in a multicomputer architectureb. Voting procedures are used only in a multiprocessor architecturec. Timing controls can only be used in a multicomputer
Real memory errors primarily are detected through:a. Valid character checksb. Read-after-write checksc. Boundary register checksd. Parity-based Hamming code checks
In which type of real memory access control system is a lock-and-key mechanism most likely to be used?a. Single-user, contiguous storage allocation systemb. Single-user, noncontiguous storage allocation systemc. Multiple-user, contiguous storage allocation systemd. Multiple-user, noncontiguous
Which of the following types of checks is not likely to be performed by a virtual memory addressing mechanism?a. The address translation table is examined to determine the real memory address for the block number of the virtual memory addressb. The real memory address that corresponds to the
Which of the following is not likely to be a goal of a reliable operating system?a. The operating system must protect the environment from user processesb. The operating system must protect user processes from each otherc. The operating system must be protected from itselfd. The operating system
Which of the following operating system penetration techniques takes advantage of the time during which a legitimate user is still connected to the system but is inactive?a. Between lines entryb. Piggybackingc. Trojan horsed. Spoofing
Which of the following is unlikely to be a technique used to implement a covert storage channel whereby one process can communicate sensitive information to another unauthorized process?a. Changing the name of a file in a world-readable directoryb. Changing the workload demands placed upon the
If an operating system uses a subset of the memory allocated to a user program for a work space, this integrity flaw is called:a. Violable limitsb. Asynchronous validationc. Implicit sharing of datad. Browsing
The difference between a security kernel and a reference monitor is that:a. A security kernel is a component implementation of a security policy, whereas a reference monitor is an abstract representation of a security policyb. A reference monitor is the component in a security kernel that handles
Which of the following statements about trusted processes is false?a. Only trusted personnel, such as security administrators, should be authorized to use themb. They are not bound by all the security rules implemented within the kernelc. They are used to tailor a security policy to the specific
Which of the following statements about Division \(\mathrm{C} 2\) certification according to the U.S. National Computer Center's Trusted Computer Evaluation Criteria is true?a. Mandatory access control at the group level must be supportedb. Discretionary access control at the individual level must
Match the following: I Field check II Record check III File check a III-C; II-D; I-B; II-A b I-C; II-B; III-A; III-D V c II-A; III-B; I-C; I-D d III-D; I-C; II-B; II-A A Control total B Sign test C Overflow check D Crossfooting check
In the processing subsystem, hardware/software numerical hazards are most likely to arise because of:a. Incorrect program design relating to subroutines called in a computationb. Transient memory errors in the registers of the arithmetic unit of the central processorc. Arithmetic idiosyncrasies of
Which of the following application program controls is most likely to mitigate expected losses associated with rounding errors in a calculation?a. Avoidance of closed routines when arithmetic instructions must be executedb. Minimization of human intervention in providing parameter valuesc. Calling
Which of the following events is most likely to be included in the accounting audit trail for the processing subsystem?a. Program start timeb. Attempted integrity violationc. A hardware malfunctiond. A triggered transaction
Which of the following would not be a report that typically could be produced by generalized software that is available to interrogate the operations audit trail in the processing subsystem?a. Hardware utilization reportb. Account implosion reportc. Program run time reportd. Report on programs
The logging software used to maintain the operations audit trail in the processing subsystem can cause control problems because:a. It can be used to modify or delete records accessed by an application system during production running of the systemb. It often is complex and error-pronec. It is
Checkpoint/restart facilities would not permit recovery from which of the following problems?a. Loading the wrong tape reel in a multireel fileb. A temporary hardware errorc. Loading the wrong version of the update programd. A power loss
You are an information systems auditor in a public accounting firm that has just taken over the audit of a medium-sized manufacturing company from another firm. The hardware/software platform used by the company is quite old. Two microcomputers are connected to a server via a local area network
Bull and Bear Ltd. is a new, aggressive, Boston-based, medium-sized brokerage firm. It specializes in offering high-quality, personalized service to clients who have a relatively high level of wealth. It is managed by a few individuals who are young, highly motivated, highly educated, and
Sunshine Credit Union is a small credit union based in San Diego. In the past financial year, it has moved from using a microcomputer-based package to using the services of a computer service bureau to carry out its data processing (outsourcing its data processing). The bureau provides a popular
Wombat Ltd. is a Sydney-based company that specializes in gathering and processing seismic data. It is employed by oil companies all over the world to undertake work in support of their exploration activities.You are an information systems auditor in the chartered accounting firm that undertakes
The information systems department in your organization has recently purchased a checkpoint/restart facility to support their batch processing operations. Although batch systems are only a small part of the applications portfolio in your organization, nevertheless there are several systems run
Briefly describe the three major types of exposure in the communication subsystem.
What is meant by noise on a communication line? What factors affect the amount of noise that exists on a line? What are the effects of noise?
Briefly distinguish between a passive threat and an active threat to the communication subsystem. Identify each of the following as active threats or passive threats:a. Traffic analysisb. Denial of message servicec. Release of message contentsd. Changed message ordere. Message insertion
From a control viewpoint, do bounded transmission media or unbounded transmission media pose more of a problem? Why?
What control advantages do private communication lines offer over public communication lines?
Showing 700 - 800
of 2689
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Last
Step by Step Answers
Get 50% OFF
Claim Now
