All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
business
auditing assurance services
Questions and Answers of
Auditing Assurance Services
Briefly describe the functions of the database subsystem.
Distinguish between the following discretionary access control policies that are exercised in the database subsystem:a. Name-dependent access controlb. Content-dependent access controlc.
How can views be used to enforce access controls in the database subsystem?
Briefly explain how mandatory access controls can be enforced in the database subsystem.
For each of the following constructs in the entity-relationship model, give one integrity constraint that might be exercised:a. Entityb. Relationshipc. Attribute
What is meant by referential integrity within (a) the relational data model, and (b) the object data model?
Why should application programs that update monetary data items in the database maintain a suspense account?
Why should application programs that use standing data print control totals to allow users to determine whether any changes have been made to standing data?
Briefly describe the data integrity problems that can be caused by concurrent update processes. Why might a read-only process want to exclude a concurrent update process?
How can lockout lead to deadlock? What problems can arise if preemption is used to break deadlock without rolling back the preempted processes?
Briefly describe the nature of two-phase locking. If two-phase locking is used to prevent a deadlock situation, what properties must the transactions have if two-phase locking is to be successful?
Briefly describe a strategy that can be used to implement concurrency controls in a distributed database subsystem when the database isa. Replicatedb. Partitioned
Why is block encryption more likely to be used than stream encryption in the database subsystem?
What problems arise when cryptography is used as a control in a shared database environment? How can these problems be overcome, at least to some extent, using a hierarchy of cryptographic keys?
Briefly describe the nature of file handling controls. What control objectives are accomplished using \(a(n)\) :a. Internal file labelb. Retention datec. File protection ringd. External file label
Distinguish between the implosion and the explosion purposes of an accounting audit trail for the database subsystem. Use an accounts payable system to illustrate your answer.
Briefly explain why a change to the database definition might present difficulties for a user who wants to access data contained in the accounting audit trail that extends over a long period of time.
How might a database administrator use the operations audit trail maintained for the database subsystem?
Distinguish between a rollforward and a rollback recovery operation. For each type of operation, give one example of a failure that would lead to the operation being undertaken.
What conditions must exist before a grandfather, father, son backup strategy can be used? Briefly discuss the advantages and disadvantages of the strategy.
The dual recording/mirroring backup strategy does not allow recovery of the database from all types of failure. Briefly describe the situations where recovery can not be accomplished.
Briefly explain the differences between logical dumping and physical dumping. What are the relative advantages and disadvantages of each method of dumping?
Why is dumping only a partial backup strategy?
Briefly describe the various types of logs that can be used for recovery purposes. Why might a combination of logging strategies be used for recovery purposes?
When logging input transactions, why is it necessary to distinguish between transactions that have been processed successfully and those that have been processed in error? If this distinction is not
Briefly explain the process of rolling back the database using beforeimages of the records in the database. Why is it necessary to take beforeimages of records in a list file that are moved because
Explain the problems of using afterimages to roll back the database. Why might a decision have been made not to log beforeimages, even though the problems of rolling back the database were recognized
Briefly explain the residual dump backup and recovery strategy. Is it necessary to log both beforeimages and afterimages of records changed using a residual dump strategy?
Briefly explain the concept of a differential file. What advantages does a differential file have for backup and recovery purposes?
Briefly explain the shadow paging backup and recovery strategy. Give one advantage and one disadvantage of the shadow paging strategy.
Which of the following types of database access control will prevent personnel clerks from accessing the names of employees whose salaries exceed \(\$ 30,000\) unless they are seeking to perform some
Which of the following types of database access control is the most difficult to enforce?a. Name-dependent access controlb. Context-dependent access controlc. Content-dependent access controld.
The purpose of horizontal propagation controls is to:a. Restrict user views of the database only to relations that are used in multiple application systemsb. Limit the number of users to whom a user
Which of the following statements about polyinstantiation as a means of implementing mandatory access controls in the database subsystem is true?a. Conditional statements are applied to a single
If a minimal cardinality constraint applies to an entity in the entity-relationship model, it specifies:a. The minimum number of relationships that the entity can have with other entities in the
Which of the following statements best describes the meaning of a referential integrity constraint in the relational data model?a. The primary key of tuple in a relation must uniquely identify the
Incorrect end-of-file protocols in an application update program tend to result in:a. Transaction file records not being processedb. Standing data being corruptedc. Programs getting into loopsd. The
An application program that updates monetary data items should maintain a suspense account to:a. Act as a repository for monetary transactions that mismatch the master fileb. Allow postings if a
Which of the following data items is most likely to have its integrity protected by controls over standing data?a. A raw material issueb. A pay ratec. A customer's addressd. A quantity sold
Which of the following is not a condition for deadlock to arise?a. Additional requestb. Circular waitc. Lockoutd. Preemption
Which of the following properties of a transaction is not required for two phase locking to worka. Isolationb. Atomicityc. Consistencyd. Temporality
Which of the following statements about concurrency controls in a distributed database environment is true?a. Isolation of transactions is not required to effect two-phase lockingb. In a replicated
Which of the following statements about cryptographic controls in the database subsystem is false?a. If little or no sharing of data among users occurs, each user can protect their own data using a
Which of the following is least likely to be an objective of file handling controls?a. To prevent data items from being accidentally overwrittenb. To ensure the correct file has been loaded for a
Which of the following objectives will require an explosion operation in terms of the accounting audit trail in the database subsystem?a. To determine whether a transaction entered by one user
Which of the following objectives is least likely to be served by the operations audit trail in the database subsystem?a. To determine whether a new index needs to be established in the databaseb. To
Which of the following is not a disadvantage of the grandfather, father, son backup and recovery strategy?a. Precludes update in placeb. Consumes substantial resources to effect global recoveryc.
Dual protection/mirroring affords protection against:a. A procedural errorb. A system software errorc. An application program errord. A power loss
Relative to physical dumping, logical dumping:a. Is a faster backup strategyb. Is slower when localized recovery is neededc. Causes fewer problems with multilist file organizationsd. Is more
Which of the following is not a purpose of logging?a. To obviate the need for a dumpb. To provide a record of transactions in the time sequence in which they occurredc. To reduce the downtime needed
Which logging strategy facilitates rollforward of the database?a. Logging input transactionsb. Logging before imagesc. Logging valid transactions onlyd. Logging afterimages
A purpose of separating successful input transactions from unsuccessful input transactions on a log is to:a. Avoid control total problems when the data must be reprocessed for recoveryb. Facilitate
Which of the following is not a problem when rollback is needed as a means of recovery and concurrent update processes have altered the damaged database?a. All processes that update the corrupted
Residual dumping involves logging records that have not been changed since the:a. Last residual dumpb. Second-last residual dumpc. Last full dumpd. Second-last full dump
If a roll forward operation takes place using a residual dump, recovery involves:a. Going back to but not including the second-last residual dumpb. Going back to and including the last residual
Which of the following is a disadvantage of residual dumping?a. There is less flexibility in leveling system workloadsb. There is more duplicate backupc. It cannot take place as a background
A differential file facilitates rollback because:a. Record changes and beforeimages can be assigned to a high-speed storage deviceb. The primary file constitutes beforeimage versions of the updated
Which of the following statements about shadow paging is true?a. When processing of a transaction commences, the current page table is deletedb. Rollback involves overwriting the shadow page table
What are the major functions of the processing subsystem? What are the major components of the processing subsystem?
What factors can cause a central processor to fail? What controls can be used to detect and correct errors that occur in the central processor?
How does the existence of a multiple-state machine enhance control within the central processing unit?
What is the purpose of timing controls within the central processing unit?
Briefly distinguish between a multicomputer architecture and a multiprocessor architecture. What is the primary purpose of using these types of architectures when machines are built?
What factors cause errors in a real memory cell? How are errors often detected?
Distinguish between the real memory protection mechanisms used in a multiuser contiguous storage-allocation system and a multiuser noncontiguous storage-allocation system.
How does a "tagged" architecture enhance control over real memory cells?
Briefly explain the nature of virtual memory. How does the addressing mechanism work in a virtual memory system?
Briefly distinguish between a ticket-oriented and a list-oriented approach to access control over a virtual memory block.
List the five goals that a secure operating system must achieve.
Briefly explain the nature of the following types of operating system penetration techniques:a. Browsingb. Piggybackingc. Trojan horse
Briefly explain the nature of:a. Covert storage channelsb. Covert timing channels
Briefly explain the nature of the following types of operating system integrity flaws:a. Incomplete parameter validationb. Implicit sharing of datac. Asynchronous validation
Briefly explain what is meant by a reference monitor. What is the relationship between a security kernel and a reference monitor?
Briefly explain the nature of trusted processes within a security kernel. Why do trusted processes need special attention during the audit of an operating system?
What approach should be followed to the analysis, design, and implementation of an operating system?
Outline the nature of the four rating divisions described in the U.S. National Computer Security Center's Trusted Computer System Evaluation Criteria.
Briefly explain the nature of the following types of application program validation checks in the processing subsystem:a. Overflow checkb. Range checkc. Reasonableness checkd. Sign checke.
What is the purpose of minimizing human intervention during application system processing?
What are hardware/software numerical hazards? In what types of application systems should auditors be concerned about hardware/software numerical hazards?
Why is it sometimes useful to employ redundant calculations in a program? In what types of programs would redundant calculations be most useful?
What data must be available in the accounting audit trail so auditors can uniquely identify the process that has been executed on an input data item and the functions performed by that process?
What is a triggered transaction? What implications do triggered transactions have for the accounting audit trail in the processing subsystem?
What component in the processing subsystem usually collects data for the operations audit trail? How is this component activated to collect particular kinds of data?
List the four categories of events that are recorded on the operations audit trail. Which category is likely to have the most entries? Briefly explain why.
What interest do auditors have in the way in which resource consumption data is used to bill users?
List two types of events that auditors might wish to monitor using the exit facilities in the operations audit trail logging facility. Briefly explain why these events are of interest to us as
Outline the control problems posed by the existence of an operations audit trail logging facility that allows user exits. Give two strategies for overcoming these control problems.
Briefly explain the nature of checkpoint/restart controls. What situations can arise where checkpoint/restart controls are needed?
From an audit perspective, what are the important requirements of a checkpoint/ restart facility? How can auditors determine the adequacy of checkpoint/restart facilities?
Which of the following faults in a central processing unit is most likely to be detected by a parity checka. Corruption of data in a register by electromagnetic interferenceb. Failure of a
A multiple-state machine is one that provides:a. Multiple types of computational and logic validity checks in a single stateb. A mechanism for executing different processes in different partitionsc.
Which of the following statements about multicomputer and multiprocessor architectures is true?a. Only one copy of the operating system exists in a multicomputer architectureb. Voting procedures are
Real memory errors primarily are detected through:a. Valid character checksb. Read-after-write checksc. Boundary register checksd. Parity-based Hamming code checks
In which type of real memory access control system is a lock-and-key mechanism most likely to be used?a. Single-user, contiguous storage allocation systemb. Single-user, noncontiguous storage
Which of the following types of checks is not likely to be performed by a virtual memory addressing mechanism?a. The address translation table is examined to determine the real memory address for the
Which of the following is not likely to be a goal of a reliable operating system?a. The operating system must protect the environment from user processesb. The operating system must protect user
Which of the following operating system penetration techniques takes advantage of the time during which a legitimate user is still connected to the system but is inactive?a. Between lines entryb.
Which of the following is unlikely to be a technique used to implement a covert storage channel whereby one process can communicate sensitive information to another unauthorized process?a. Changing
If an operating system uses a subset of the memory allocated to a user program for a work space, this integrity flaw is called:a. Violable limitsb. Asynchronous validationc. Implicit sharing of
The difference between a security kernel and a reference monitor is that:a. A security kernel is a component implementation of a security policy, whereas a reference monitor is an abstract
Showing 1 - 100
of 2008
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Last