New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
auditing assurance services
Information Systems Control And Audit 1st Edition Ron Weber - Solutions
How can modems improve the reliability of the communication subsystem?
Briefly describe three security functions performed by a port-protection device.
Briefly explain the difference between multiplexing and concentration techniques. How do they improve the reliability of the communication subsystem?
Briefly explain the difference between a loop check and redundancy as a means of detecting errors on a communication line. What are the relative advantages and disadvantages of each approach?
Briefly explain the difference between a parity check and a cyclic redundancy check,
Give an example of where forward error correcting codes might be chosen in preference to retransmission as a means of error correction.
What is the purpose of flow controls in the communication subsystem? Briefly explain the difference between the stop-and-wait flow control protocol and the sliding-window flow control protocol.
What is the purpose of link controls in the communication subsystem?
What is meant by the topology of a network? List three factors that should be considered when choosing a network topology.
From a control perspective, list the advantages and disadvantages of the following topologies: (a) ring, (b) mesh, and (c) star.
Briefly explain the function that channel access controls perform within the communication subsystem. What is the difference between polling methods and contention methods as a means of channel access control?
Briefly describe two problems that can arise with token passing techniques as a means of channel access control.
Why is encryption an important means of protecting the integrity of data passing over public communication lines? Is encryption also useful as a means of protecting data passing over private communication lines?
Distinguish between link encryption and end-to-end encryption. What are the relative strengths and limitations of link encryption versus end-to-end encryption?
Distinguish between block ciphers and stream ciphers. What are the relative strengths and limitations of block ciphers versus stream ciphers?
Explain the nature of a message authentication code (MAC). Why are message authentication codes often used in electronic funds transfer systems?
Expected losses from which types of threats'can be reduced by using message sequence numbers? Why must encryption controls be used in conjunction with message sequence numbers?
Briefly explain the nature of a request-response mechanism. Why is it unlikely that request-response mechanisms would be used extensively in commercial data communication systems?
Briefly explain the difference between a bridge, â router, and a gateway. Why are these devices useful from a control viewpoint?
What is a communication architecture? How is the concept of a communication architecture useful to us as auditors?
What is the purpose of the accounting audit trail in the communication subsystem? List four items that might be contained in the accounting audit trail in the communication subsystem.
How does the operations audit trail in the communication subsystem assist network supervisors in their decisions on how to reconfigure the network to improve efficiency? List three data items that network supervisors might retrieve from the operations audit trail.
Why is it difficult to provide backup for all components that might be used in a communication network?
Why is it especially important that operations personnel be well-trained with respect to backup and recovery procedures for a communication network?
Which of the following statements about transmission impairments is true?a. Delay distortion is the weakening of a signal as it traverses some transmission mediumb. Digital signals are subject to more attenuation distortion than analog signalsc. Amplifiers increase free-space emissions that can be
Which of the following conditions is most likely to lead to an increase in white noise?a. Faulty switching gearb. Atmospheric conditionsc. Poor contactsd. Temperature increases
Which of the following types of subversive attacks on a communication network is a passive attack?a. Message modificationb. Denial of message servicec. Traffic analysisd. Changed message order
Which of the following transmission media is most resistant to wiretapping?a. Optical fiberb. Satellite microwavec. Twisted-pair wired. Infrared
Which of the following transmission media is most resistant to interference?a. Radio frequencyb. Coaxial cablec. Terrestrial microwaved. Satellite microwave
As a control, line conditioning is likely to be least effective against which of the following threats?a. Noiseb. Wiretappingc. Attenuationd. Distortion
Which of the following usually is not a purpose of a modem?a. Reduce line errors caused by noiseb. Produce encrypted messagesc. Convert digital signals to analog signalsd. Increase the speed of data transmission
Which of the following is not a desirable control feature in a modem?a. Dynamic equalizationb. Automatic dial-up capabilitiesc. Multiple transmission speedsd. Attenuation amplification
Which of the following functions is unlikely to be performed by a portprotection device?a. Forward error correction of line errors that arise through noise and distortionb. Limiting calls to a host system only to authorized telephone numbersc. Maintenance of an audit trail of unsuccessful attempts
Packet switching is an example of a:a. Multiplexing techniqueb. Line conditioning techniquec. Concentration techniqued. Modulation technique
Which of the following is not a control benefit that arises as a result of using concentration techniques in a communication network?a. There is a reduction in the amount of data available to a wiretapperb. Messages can be routed over a different path if a link in the network failsc. More channel
Which of the following error detection controls has the most impact on the throughput of a communication line?a. Horizontal parity checkb. Cyclic redundancy codec. Vertical parity checkd. Loop check
Forward error correcting codes are most likely to be used to detect line errors with which of the following transmission media?a. Coaxial cableb. Infraredc. Optical fiberd. Satellite microwave
The primary purpose of flow controls is to:a. Detect and correct errors on a communication line caused by excessive traffic on the lineb. Regulate the rate at which a node in a communication network sends data to another nodec. Allow two nodes in a network that use different error detection and
In choosing a network topology, maximum reliability can be achieved using a:a. Star networkb. Ring networkc. Mesh networkd. Multidrop line network
Which of the following statements about bus topologies versus ring topologies is false?a. Encryption is a more important control in a bus topology compared with a ring topologyb. The taps used in a bus topology introduce attenuation and distortion to a signal, whereas the repeaters used in a ring
Which of the following statements about star topologies is false?a. A star topology is more reliable than a mesh topologyb. The hub is the most critical node in a star networkc. Servicing and maintenance of a star network is relatively easyd. Failure in an outlying node in a star network usually
Which of the following problems is unlikely to undermine the reliability of a token ring local area network?a. A node could fail to release the token after capturing it to read a messageb. Tokens could be broadcast over the communication line at the same time and a collision may occurc. The token
Which of the following is an advantage of using link encryption?a. Individual nodes in the network do not have to be protectedb. The exposure that results from compromise of an encryption key is restricted to a single user to whom the key appliesc. It protects messages against traffic analysisd.
End-to-end encryption provides only limited protection against a subversive attack that uses:a. Message insertionb. Spurious associationsc. Change of message orderd. Traffic analysis
A characteristic of a stream cipher is that it:a. Transforms variable-length blocks of cleartext to ciphertextb. Uses a constant fixed-length key to produce ciphertextc. Transforms cleartext on a bit-by-bit basis to ciphertextd. Produces ciphertext blocks that are independent of one another
When encryption is used in the communication subsystem, the primary purpose of an error propagation code is to protect against:a. Release of message contentsb. Spurious associationsc. Change of message orderd. Denial of message services
A message authentication code is used to protect against:a. Changes to the content of a messageb. Traffic analysisc. Release of message contentsd. Exposures that arise when PINs are transmitted in the clear
Which of the following controls does not protect against message sequence numbers being altered?a. Error propagation codesb. Cyclic redundancy check c.. Message authentication codesd. Stream ciphers
A request-response mechanism is most likely to be used in a:a. System where the receiver and sender are in constant communication with each other b Military data communication system where data transmission is spasmodic c. Commercial data communication system that transmits sensitive data d. Data
Which of the following is not a reason for establishing an internet?a. To improve the overall reliability of the networkb. To better exercise access controls over the various subnetworksc. To confine high-exposure messages to particular parts of the networkd. To minimize the high-risk protocol
In the context of the OSI communication architecture, in which of the following layers are encryption controls unlikely to be exercised?a. Presentationb. Data linkc. Physicald. Transport
Which of the following data items is most likely to appear in the operations audit trail and not the accounting audit trail for the communication subsystem?a. Time and date at which the message was dispatchedb. Unique identifier of the source nodec. Queue length at each network node traversed by
You are the external auditor for Centnet Pty. Ltd., a public electronic funds transfer network that operates switches in the capital cities of all states in Australia. Because Centnet has a large number of customers that transmit large volumes of data, it has been cost-effective to link the
Centnet Pty. Ltd. is a public electronic funds transfer network that operates switches in the capital cities of all states in Australia (see case 12-1). Because much of the data transmitted throughout the network is sensitive, the data must be encrypted to preserve its privacy and to prevent and
During 1984-85, the credit union industry in Australia considered various ways of improving the electronic funds transfer services that it offered to its members. Most credit unions already provided automatic teller machines (ATMs) for their members to use. The ATMs were connected only to the local
To provide more extensive services to their customers, financial institutions in some countries are becoming increasingly involved in using interchange network facilities. In an interchange network environment, one network agrees to receive data from and to pass on the data to another network. For
You are the partner-in-charge of information systems auditing for a large public accounting firm. One of your clients is a major insurance company that is a mature user of computer-based information systems. The company has its headquarters in Minneapolis, but it has offices scattered throughout
Which of the following actions is most likely to increase the number of errors made during data input to an application system:a. Direct entry of data captured during interaction between a clerk and a customer rather than source document-based data entryb. Prerecording of information about a
The factor most likely to affect the grade and weight of paper chosen for a source document is:a. The conditions under which the source document will be completedb. Whether the documents will be inserted in window envelopesc. Whether a dropout color is to be used on the source documentd. The amount
In the layout of a source document:a. To prevent users from being confused, keying instructions should not appear on the formb. Instructions should not be combined with questionsc. Fields should be sequenced from left to right and top to bottomd. Instructions should always be printed in a dropout
The primary factor affecting the design of a data-entry screen is:a. The amount of data to be collected on the screenb. The expertise and experience of the keyboard operatorc. How frequently the screen will be usedd. Whether or not the screen is to be based on a dedicated source document
If a screen is used for direct entry of input data, it should be organized to:a. Maximize the number of vertical alignment points to decrease screen complexityb. Mirror the way in which data is to be obtained during the data capture taskc. Place alphabetic information to the top of the screen and
Which of the following is not a design guideline for captions on a data-entry screen?a. Use uppercase type font for captions and lowercase type font for dataentry fieldsb. Fully spell out captions if direct data entry is to be usedc. Captions should always precede their associated data-entry
Which of the following is not a design guideline for data-entry field design on a screen?a. Tab automatically to the next field when the current field is full of datab. In the case of a repeating field, stack each instance of the field below the captionc. Identify at least the start of each field
Which of the following is not a design guideline for using color on a dataentry screen?a. Use colors sparinglyb. Use bright colors so differences are highlightedc. Use colors that are widely spaced along the visual spectrumd. Do not use red for error messages
Under what circumstances will a data-entry screen keyboard operator tolerate the slowest response time?a. The transition between one screen and the next screenb. The transition between one field and the next fieldc. When data entry for a transaction has been completedd. When keying is based on a
If the product number A5723 is coded as A2753, this is an example of a:a. Truncation errorb. Double transposition errorc. Random errord. Transcription error
A strategy for reducing coding errors is to:a. Have only numeric codesb. Group more characters in a chunk of informationc. If a mixed alphabetic-numeric code is used, group alphabetics together and numerics togetherd. Use frequently occurring character pairs like B8 and S5
The code AJB/156/7G is most likely to be an example of a(n):a. Hierarchical codeb. Block sequence codec. Alphabetic derivation coded. Serial code
Given the code 7215 , modulus 13 , and the weights \(2-1-2-1\), the check digit is:a. 1b. 10c. 0d. 3
Which of the following guidelines should not be used when designing a batch?a. Have only one type of document in the batchb. Have the batch small enough to facilitate locating errorsc. Have the batch large enough to constitute a reasonable size unit of workd. Minimize the amount of information that
A check for missing data/blanks is an example of a:a. Record checkb. Set membership checkc. Field checkd. Batch check
A check for a valid sign (numerics) is an example of:a. Record checkb. Batch checkc. Field checkd. Alphabetics/numerics check
The purpose of an input validation sequence check is to:a. Check that input files are loaded in the correct orderb. Check that multiple physical records for a single logical record follow the required orderc. Check that the transaction type is always the first item in a record in a batchd. Check
The purpose of a file retention date is to:a. Enable files with the same generation number to be distinguishedb. Indicate when the file should be recovered from production activitiesc. Prevent the file from being overwritten before the expiry of the retention dated. Prevent the file from being read
Novice users are most likely to make errors when they use a:a. Menu-driven languageb. Command languagec. Question-answer languaged. Forms-based language
To reduce errors, it is better to use a command language that has:a. Specification of arguments without having to use keywordsb. A small number of commands with a large number of argumentsc. A large number of commands with a small number of argumentsd. Few default values in the argument list
Which of the following is a strength of using a natural-language interface to an application system?a. It copes well with the ambiguity and redundancy inherent in natural languageb. The lexicon provides an easy means of coping with new words that different users might employc. Changes to the
Which of the following is a limitation in the use of direct manipulation interfaces to application systems?a. They are error-prone, even with experienced users, because they are not preciseb. It is sometimes difficult to choose an appropriate icon for objects to be manipulatedc. Users take some
During lexical validation of instruction input, which of the following "words" would be classified as a literal?a. A reserved wordb. A mathematical operatorc. A labeld. A numerical constant
Which of the following is not a function of the syntax analyzer during instruction input?a. Identifies the sequence of operations to be performedb. Classifies identifiers as either labels or variablesc. Identifies whether the string of words entered conforms to a grammatical ruled. Executes a
Which of the following would be identified as an error during semantic validation of instruction input?a. Use of a reserved word as a literalb. A missing parenthesis in a mathematical equationc. Addition of a numeric variable and an alphabetic stringd. Failure to delimit a numerical constant by a
Which of the following data items is likely to be most useful as part of the operations audit trail (rather than the accounting audit trail) for the input subsystem?a. The identity of the person who prepared a source documentb. The logical batch number of a direct-entry transactionc. The number of
Which of the following statements about existence controls in the input subsystem is most likely to be false?a. Existence controls for instruction input are more important than existence bontrols for data inputb. Backup copies of input files should be maintained at an off-site locationc. Source
Orchard Distributions Pte. Ltd. is a large, Singaporean-based distributor of clothing products to other companies throughout Southeast Asia. Orders are received from customers either by telephone, facsimile, or mail. In the case of telephone orders, order-entry operators key the order directly into
Chang \& Co. is a Malaysian civil engineering firm based in Kuala Lumpur. It performs construction work throughout Southeast Asia. The firm employs 1,000 people at various offices and construction sites. Many construction sites are small and remotely located.As the newly appointed internal auditor
You are the internal auditor for a large distributor participating in the design of a new order-filling system. The programmer responsible for the design of the input validation program asks your opinion on whether the tests he proposes to undertake with respect to customer orders are satisfactory.
Refer to case 10-1. Using the bill-payment-by-telephone system, customers enter the following data:a. customer numberb. account numberc. creditor numberd. amount to be paid to creditor in centse. date when amount is to be paid An automated teller requests each data item on a step-by-step basis.
Keep-on-Truckin Corporation (KOTC) is a manufacturer and distributor of shoes. It has established electronic data interchange (EDI) links with most of its customers.The sequence of electronic transactions that occurs when a customer submits an order to \(\mathrm{KOTC}\) is as follows:1 The customer
Canterbury Convenience Stores (CCS) is a newly formed organization in Christchurch, New Zealand. It comprises 10 moderately sized convenience stores that previously operated independently of each other. Each store has from three to six checkout lanes.The owners of the stores have decided to
You are an external auditor in a firm that undertakes the audit of Canadian Life and Mutual (CLM), a large, Montreal-based financial institution. CLM relies heavily on its computer-based information systems to maintain its competitive position within the marketplace.Currently you are undertaking
Ferntree Products Limited (FPL) is a large New Zealand-based manufacturer of diverse products with headquarters in Auckland. It uses information technology extensively to support all aspects of its operations. For example, it uses robotics throughout its manufacturing processes and distributed
Dayton Deliveries (DD) Plc. is a large Manchester-based distribution company with an extensive and diverse customer base scattered throughout England. DD is regarded as a market leader in the distribution industry. Senior management have stated publicly that DD maintains its competitive edge in an
You are an information systems auditor in the firm of external auditors for Black Snake Breweries (BSB) Ltd., a large Brisbane-based manufacturer and supplier of beer to Australia, New Zealand, Papua New Guinea, and several countries in Southeast Asia. BSB is considered to be one of the most
Hunger-Payne (HP) Inc. is a medium-sized Atlanta-based manufacturer and distributor of snack-foods. It has sought to establish a niche in the marketplace by developing products aimed at health-conscious consumers. Over the past few years, its sales have grown rapidly. Demand for its products by
Briefly describe the functions of the boundary subsystem. Give two components that perform basic activities in the boundary subsystem.
Why are boundary subsystem controls becoming more important? Do you expect this trend to continue? If so, why?
Define the following terms:a. Cryptologyb. Cryptographyc. Cryptanalysisd. Cryptogram
Briefly explain the difference between transposition ciphers, substitution ciphers, and product ciphers. Which type of cipher is used most often in modern cryptosystems? Why?
What is meant by the "work factor" associated with a cipher system? Explain the relationship between the work factor and the size of the cryptographic key.
Showing 800 - 900
of 2689
First
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Last
Step by Step Answers
Get 50% OFF
Claim Now
