Question 1: The transaction cycle that includes the events of hiring employees and paying them is known as the

• revenue cycle.
• expenditure cycle.
• human resources cycle.
• financing cycle.

Question 2: Data must be converted into information to be considered useful and meaningful for decision-making. There are six characteristics that make information both useful and meaningful. If information is free from error or bias and accurately represents the events or activities of the organization, it is representative of the characteristic of

• relevancy.
• timeliness.
• understandability.
• reliability.

Question 3: The primary objective of accounting is to

• implement strong internal controls.
• provide useful information to decision makers.
• prepare financial statements.
• ensure the profitability of an organization

Question 4: The business owners obtain financing from outside investors, which results in an inflow of cash into the company. This transaction is considered to be part of which cycle?

• the revenue cycle
• the payroll cycle
• the production cycle
• the financing cycle

Question 5: Information that is free from error or bias and accurately represents the events or activities of the organization is

• relevant.
• reliable.
• verifiable.
• timely

Question 6: Hector Sanchez works in the accounting department of a multinational manufacturing company. His job includes updating accounts receivable based on sales orders and remittance advices. His responsibilities are part of the company's

• revenue cycle.
• expenditure cycle.
• financing cycle.
• production cycle

Question 7: An audit trail

• provides the means to check the accuracy and validity of ledger postings.
• begins with the general journal.
• is automatically created in every computer-based information system.
• is a summary of recorded transactions

Question 8: What usually initiates data input into a system?

• The transaction system automatically checks each hour to see if any new data is available for input and processing.
• The performance of some business activity generally serves as the trigger for data input.
• A general ledger program is queried to produce a trial balance at the end of an accounting period.
• Data is only input when a source document is submitted to the accounting department

Question 9: The general ledger account that corresponds to a subsidiary ledger account is known as a

• dependent account.
• attribute account.
• entity account.
• control account.

Question 10: The efficiency of recording numerous business transactions can be best improved by the use of

• prenumbered source documents.
• specialized journals.
• posting references.
• subsidiary ledgers

Question 11: Chas Mulligan has been hired by Yardley Security as an assistant to the internal auditor. He has been asked to document the existing accounting information system, and focus on the activities and flow of data between activities. He decides to begin with a summary description of the sources and uses of data in the organization and how they are processed by the system. The documentation tool that he should employ for this purpose is a

• data flow diagram.
• document flowchart.
• system flowchart.
• program flowchart.

Question 12: In general, a data destination will be shown by

• an arrow pointing away.
• an arrow pointing in.
• arrows pointing both ways.
• no arrows, only two horizontal lines.

Question 13: A data flow diagram

• is a graphical description of the source and destination of data that shows how data flow within an organization.
• is a graphical description of the flow of documents and information between departments or areas of responsibility.
• is a graphical description of the relationship among the input, processing, and output in an information system.
• is a graphical description of the sequence of logical operations that a computer performs as it executes a program

Question 14: A flowchart that depicts the relationships among the input, processing, and output of an AIS is

• an internal control flowchart.
• a document flowchart.
• a system flowchart.
• a program flowchart.

Question 15: Chuck and Jill Scruggs travel in their motor home six months of the year and buy unique artifacts. Within hours after the Scruggs make a purchase, they have photographed it, written a description of it, and posted it for sale on eBay with a reservation price. Anything that does not sell within a week is shipped back to Austin, Texas, for display in The House of Curiosities, a retail business that the Scruggs operate during the balance of the year. Which symbol should be used to represent the transfer of data to eBay in a context diagram of this process?

A) rectangle
B) circle
C) arrow up and right
D) parallel horizontal lines

Question 16: The ________ handles the link between the way data are physically stored and each user's logical view of that data.

• data warehouse
• data dictionary
• database management (DBMS) software
• schema

Question 17: The logical structure of a database is described by the

• data dictionary.
• schema.
• database management system.
• internal level.

Question 18: The database requirement that foreign keys must be null or have a value corresponding to the value of a primary key in another table is formally called the

• entity integrity rule.
• referential integrity rule.
• rule of keys.
• foreign key rule

Question 19: A set of individual user views of the database is called the

• conceptual-level schema.
• internal-level schema.
• external-level schema.
• meta-schema.

Question 20: Inability to add new data to a database without violating the basic integrity of the database is referred to as the

• update anomaly.
• insert anomaly.
• integrity anomaly.
• delete anomaly.

Question 21: The US Justice Department defines computer fraud as

• any crime in which a computer is used.
• an illegal act in which knowledge of computer technology is essential.
• any act in which cash is stolen using a computer.
• an illegal act in which a computer is an integral part of the crime

Question 22: Which of the following is the greatest risk to information systems and causes the greatest dollar losses?

• human errors and omissions
• physical threats such as natural disasters
• dishonest employees
• fraud and embezzlement

Question 23: The most efficient way to conceal asset misappropriation is to

• write-off a customer receivable as bad debt.
• alter monthly bank statements before reconciliation.
• alter monthly physical inventory counts to reconcile to perpetual inventory records.
• record phony payments to vendors.

Question 24: Most fraud perpetrators are insiders because

• insiders are more dishonest than outsiders.
• insiders know more about the system and its weaknesses than outsiders.
• outsiders are more likely to get caught than insiders.
• insiders have more need for money than outsiders

Question 25: The simplest and most common way to commit a computer fraud is to

• alter computer input.
• alter computer output.
• modify the processing.
• corrupt the database

Question 26: Telefarm Industries is a telemarketing firm that operates in the Midwest. The turnover rate among employees is quite high. Recently, the information technology manager discovered that an unknown employee had used a Bluetooth-enabled mobile phone to access the firm's database and copy a list of customers from the past three years that included credit card information. Telefarm was a victim of

• Bluesnarfing.
• splogging.
• vishing.
• typosquatting.

Question 27: Illegally obtaining and using confidential information about a person for economic gain is known as

• eavesdropping.
• identity theft.
• packet sniffing.
• piggybacking.

Question 28: A fraud technique that slices off tiny amounts from many projects is called the ________ technique.

• Trojan horse
• round down
• salami
• trap door

Question 29: Computer fraud perpetrators that modify programs during systems development, allowing access into the system that bypasses normal system controls are using

• a Trojan horse.
• a trap door.
• the salami technique.
• superzapping.

Question 30: Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises?

• dumpster diving
• by use of a Trojan horse
• using a telescope to peer at paper reports
• electronic eavesdropping on computer monitors

Question 31: What is one reason why AIS threats are increasing?

• LANs and client/server systems are easier to control than centralized, mainframe systems.
• Many companies do not realize that data security is crucial to their survival.
• Computer control problems are often overestimated and overly emphasized by management.
• Many companies believe that protecting information is a strategic requirement.

Question 32: The SEC and FASB are best described as external influences that directly affect an organization's

• hiring practices.
• philosophy and operating style.
• internal environment.
• methods of assigning authority

Question 33: According to the ERM, these objectives help ensure the accuracy, completeness and reliability of internal and external company reports.

• Compliance objectives
• Operations objectives
• Reporting objectives
• Strategic objectives

Question 34: According to the ERM, these deal with the effectiveness and efficiency of company operations, such as performance and profitability goals.

• Compliance objectives
• Operations objectives
• Reporting objectives
• Strategic objectives

Question 35: When undertaking risk assessment, the expected loss is calculated like this.

• Impact times expected loss
• Impact times likelihood
• Inherent risk times likelihood
• Residual risk times likelihood

Question 36: Compatibility tests utilize a(n) ________, which is a list of authorized users, programs, and data files the users are authorized to access or manipulate.

• validity test
• biometric matrix
• logical control matrix
• access control matrix

Question 37: In 2007, a major U.S. financial institution hired a security firm to attempt to compromise its computer network. A week later, the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found. This is an example of a

• preventive control.
• detective control.
• corrective control.
• standard control

Question 38: The process that allows a firewall to be more effective by examining the data in the body of an IP packet, instead of just the header, is known as

• deep packet inspection.
• stateful packet filtering.
• static packet filtering.
• an intrusion prevention system

Question 39: This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.

• Access control list
• Internet protocol
• Packet switching protocol
• Transmission control protocol

Question 40: A special purpose hardware device or software running on a general purpose computer, which filters information that is allowed to enter and leave the organization's information system, is known as a(n)

• demilitarized zone.
• intrusion detection system.
• intrusion prevention system.
• firewall.

Question 41: Jeff Davis took a call from a client. "Jeff, I need to interact online and real time with our affiliate in India, and I want to make sure that our communications aren't intercepted. What do you suggest?" Jeff responded "The best solution will be to implement

• a virtual private network."
• a private cloud environment."
• an asymmetric encryption system with digital signatures."
• multifactor authentication

Question 42: On March 3, 2008, a laptop computer belonging to Folding Squid Technology was stolen from the trunk of Jiao Jan's car while he was attending a conference in Cleveland, Ohio. After reporting the theft, Jiao considered the implications of the theft for the company's network security and concluded there was nothing to worry about because

• the computer was protected by a password.
• the computer was insured against theft.
• it was unlikely that the thief would know how to access the company data stored on the computer.
• the data stored on the computer was encrypted

Question 43: One way to circumvent the counterfeiting of public keys is by using

• a digital certificate.
• digital authority.
• encryption.
• cryptography

Question 44: An electronic document that certifies the identity of the owner of a particular public key.

• Asymmetric encryption
• Digital certificate
• Digital signature
• Public key

Question 45: Which of the following descriptions is not associated with symmetric encryption?

• A shared secret key
• Faster encryption
• Lack of authentication
• Separate keys for each communication party

Question 46: This tests a numerical amount to ensure that it does not exceed a predetermined value.

• Completeness check
• Limit check
• Range check
• Sign check

Question 47: User reviews are an example of a(n)

• data entry control.
• data transmission control.
• output control.
• processing control

Question 48: A copy of a database, master file, or software that will be retained indefinitely as a historical record is known as a(n)

• archive.
• cloud computing.
• differential backup.
• incremental backup

Question 49: This determines the correctness of the logical relationship between two data items.

• Range check
• Reasonableness test
• Sign check
• Size check

Question 50: When I enter a correct customer number, the data entry screen displays the customer name and address. This is an example of

• prompting.
• preformatting.
• closed-loop verification.
• error checking.

Question 51. Refer to the chart above. At what point, measured in terms of the net cost of information, does information overload begin?

0
5
10
12

Question 52: Which of the following statements below shows the contrast between data and information?

Data is the output of an AIS.
Information is the primary output of an AIS.
Data is more useful in decision-making than information.
Data and information are the same

Question 53: The primary objective of accounting is to

implement strong internal controls.
provide useful information to decision makers.
prepare financial statements.
ensure the profitability of an organization