All Matches

Solution Library

Expert Answer

Textbooks

Search Textbook questions, tutors and Books

Oops, something went wrong!

Change your search query and then try again

Result Not Found

Books FREE
Tutors
Study Help
Hire a Tutor
AI Study Help New

Search
Sign In
Register

study help
business
auditing assurance services

Questions and Answers of Auditing Assurance Services

Briefly explain the difference between a strong-algorithm cryptosystem and a long-key cryptosystem. Why did the U.S. National Bureau of Standards choose a strong-algorithm cryptosystem for the data
Briefly explain the nature of public-key cryptography.
What functions must be carried out in cryptographic key management? Why is the evaluation of key management probably the most important aspect of evaluating an information system function's use of
How does the architecture of a cryptographic facility affect the method used to install cryptographic keys?
What is meant by an access control? Why are access controls needed in most computer systems? Can you think of any computer systems that might purposely decrease the level of access control they
What functions should an access control mechanism perform? Give two components in a computer system in which auditors are likely to find an access control mechanism. Describe the types of resources
Distinguish between identification and authentication. Is there a relationship between the two? In setting up an authentication scheme, what would be the major factor(s) influencing you to choose
Explain why authentication should be a two-way process: the access control mechanism authenticating itself and users authenticating themselves.
What are the three classes of authentication information? Give an example of each.
In the context of boundary-subsystem controls, what is a Trojan-horse threat?
Why is it important that object resources be identified uniquely in a computer system and that the identity of each object resource cannot be forged?
Which object resoutce typically has the most complex action privileges applying to its use? Briefly explain why this is the case.
Briefly explain the difference between conditional and unconditional action privileges. Give two examples of fields in an accounts receivable file where conditional action privileges might be
What is the difference between a discretionary access control policy and a mandatory access control policy? In commercial information systems environments, which type of access control policy is most
Briefly explain the nature of the simple security property and the confinement property associated with access controls under a mandatory access control policy.
What is the difference between a closed access control environment and an open access control environment?
Briefly explain the difference between a "ticket-oriented approach" and a "list-oriented" approach to access authorization. Outline the relative advantages and disadvantages of each approach.
What is meant by a "protection domain"? Why are small protection domains desirable? What performance requirement does the implementation of small protection domains place on an access control
Briefly explain the difference between derived PINs, random PINs, and customer-selected PINs. What are the relative advantages and disadvantages of each type of PIN?
How does the method of PIN issuance and delivery differ depending on the method used to generate PINs?
Briefly explain the nature of each of the following methods for eliciting PINs from customers:a. Mail solicitationb. Telephone solicitationc. PIN entry via a secure terminald. PIN entry at the
Briefly explain the difference between local PIN validation and interchange PIN validation. Why is a PIN checkdigit useful when interchange PIN validation must be used?
Why is it important that a unique cipher be generated each time a PIN is transmitted over a communications line? How might this objective be accomplished?
When an encrypted PIN must be stored for reference purposes, why must it be stored as a function of the account number to which it applies? Briefly discuss the relative advantages of using reversible
What is a digital signature? Why are digital signatures needed in data communication systems? How are digital signatures used to send signed, secret messages?
Why are arbitrated digital signature schemes sometimes needed?
In terms of the access coritrol mechanism used in an electronic funds transfer system, what function does a plastic debit or credit card fulfil? Why should cards be issued only after a formal
Why must basic inventory control procedures be used over the stock of plastic cards? If cards are produced by an outside vendor, what can auditors do to obtain some assurance about the reliability of
Why should plastic cards and PIN mailers never be mailed at the same time to a customer? What is the purpose of using premailers prior to mailing a PIN or a card? What actions should be taken by the
Why is customer education such a critical control in the use of plastic cards in an electronic funds transfer system?
Give four data items that might be recorded in the accounting audit trail and two items that might be recorded in the operations audit trail for the boundary subsystem. Briefly explain why these data
Why are existence controls in the boundary subsystem often somewhat simpler than existence controls in other subsystems?
Which of the following is not a function of controls in the boundary subsystem?a. To restrict the actions taken by users of computer resources to a set of authorized actionsb. To validate the
The person who designs a cryptosystem is called a:a. Cryptographerb. Cryptanalystc. Cryptologistd. Cryptogenist
The type of cipher having the highest work factor is the:a. Substitution cipherb. Transposition cipherc. Product cipherd. Transcription cipher
Which of the following is not a desirable property of a cipher system?a. Simplicityb. Small keyc. Low error propagationd. Low work factor
The DES is an example of a:a. Short-key cipher systemb. Weak-algorithm cipher systemc. Long-key cipher systemd. Non-parity cipher system
A public-key cryptosystem uses:a. Two public keysb. A private key and a public keyc. Two private keys and a public keyd. Two public keys and a private key
The class of authentication information to which a password belongs is:a. Possessed objectsb. Personal informationc. Remembered informationd. Dialog information
Trojan-horse threats arise in the boundary subsystem when:a. Users do not change their passwords frequentlyb. It is difficult to guarantee the authenticity of object resources requested by usersc. A
The most complex action privileges relate to:a. Hardware resourcesb. Commodity resourcesc. Software resourcesd. Data resources
Which of the following statements about a mandatory access control policy is true?a. It is less likely to be used in a business-systems environment than a discretionary access control policyb. Users
If an access control mechanism is implemented in an open environment, it allows users to access a resource:a. Unless authorization information specifies users cannot access the resourceb. Only if
Which of the following statements applies to a capability-based approach to authorization?a. The mechanism associates with each resource a list of users who can access the resource together with the
Relative to the ticket-oriented approach to authorization, the primary advantage of the list-oriented approach to authorization is that:a. It allows efficient administration of capabilitiesb. It is
To be able to implement the principle of least privilege effectively, it is necessary to have:a. A ticket-oriented approach to authorizationb. Small protection domainsc. A list-oriented approach to
The primary advantage of a derived PIN is:a. It is easy to rememberb. It does not have to be stored so preserving privacy is easierc. Lost or forgotten PINs can be replaced without having to change
Which of the following methods of obtaining customer-selected PINs does not require the cryptographic generation of a reference number to initially associate the PIN with the customer's account
Which of the following methods of validating PINs seems to result in the fewest control problems?a. Allow only a small number of PIN entry attempts, close the account after the limit has been
If interchange PIN validation is used in an EFTS, a fundamental principle is:a. The PIN should always be validated by the card acquiring institutionb. The acquiring institution should encrypt the
Which of the following controls applies to PIN transmission?a. The cipher generated must be unique for each transmission of the PINb. The PIN must always be encrypted under the issuer's keyc.
When a PIN must be stored for reference purposes, it must be stored in:a. Cleartext form in case the PIN has to be reissued at some stage because the customer has forgotten their PINb. Ciphertext
To send a signed message to a receiver when a public-key cryptosystem is used, the sender encrypts the message under the:a. Sender's private keyb. Receiver's public keyc. Sender's public keyd.
An arbitrator is used in a digital signature system to prevent:a. The receiver disavowing that they received the messageb. The sender disavowing the message by making their private key public and
Which of the following situations is likely to lead to the most serious exposures in a digital signature system?a. Compromise of a receiver's private keyb. Compromise of a sender's private keyc.
Which of the following actions should not be undertaken when plastic debit/credit cards are issued?a. Mail the cards in an envelope that does not identify the name of the issuing institutionb. Make
The "best" control that can be exercised over card use by the customer is:a. High customer penalties if careless use leads to a fraud using the cardb. Education of the customer as to the importance
Which of the following events is not recorded on a public audit trail in a digital signature system?a. Registration of public keysb. Registration of signaturesc. Notification of key compromisesd.
You are the manager of the internal audit of a savings and loan association that has decided to install a bill payment by telephone system for its customers. The system will allow customers to
Global Airways is a major airline company based in Los Angeles. It has a computer system dedicated to reservations and ticketing operations. More than 1,000 terminals scattered throughout the United
First International Bankco of Illinois is a large Chicago-based bank. As the manager of internal audit, you are called one day to a meeting with the controller. He is concerned about the operation of
The following situation happened to a friend of mine.One weekend she was leaving to go to a beach resort with her husband. Because she was short of money, she asked her husband to stop at an
Monash Manufacturing Limited (MML) is a large, Melbourne-based manufacturer and retailer of pipes and pipe fittings. For some time it has had electronic-data-interchange (EDI) links with all its
From an audit perspective, why are controls over the input subsystem critical?
Briefly distinguish between direct entry of input data and medium-based entry of input data. Why must auditors understand the different types of methods used to input data into an application system?
What impact can the following source document design decisions have on the level of data integrity achieved in an application system?a. Choice of the medium to be usedb. Choice of the layout to be
From a control perspective, briefly explain the importance of each of the following source document design guidelines for layout and style:a. Arrange fields for ease of use during data captureb.
What is the primary factor affecting the design of data-entry screens? Explain why this factor is important. How, for example, does it affect the organization of a screen?
Briefly explain the design guidelines that apply to captions in terms of:a. Structure and sizeb. Type font and display intensityc. Formatd. Alignmente. Justificationf. Spacing
What techniques can be used to indicate the size of a field on a data-entry screen?
From a data integrity perspective, why is it desirable to have a data-entry operator always tab to a new field on a data-entry screen rather than having the cursor automatically skip to a new field
Briefly explain the advantages of using color in the design of data-entry screens. What design guidelines apply to:a. The number of colors that should be usedb. The spacing of colors on the visual
Distinguish between the response time and the display rate for a data-entry screen. How does the use of a dedicated source document in data-entry screen design affect the display rate and response
If data-entry screen design is based upon a dedicated source document, how useful is a Help facility likely to be?
What attributes of a data code affect the likelihood of a recording error being made by a user of the code? Briefly outline some strategies to reduce error rates that occur with data codes.
Distinguish between the following types of data coding errors:a. Truncation and transcriptionb. Transposition and double transposition
List the four types of data codes-serial, block sequence, hierarchical, and association-in increasing order of:a. Mnemonic valueb. Compactnessc. Flexibility for expansion
What is a check digit? Calculate the check digit for the number 82942 using the weights \(1-2-1-2-1\) and modulus 10 . Show, also, that the check digit you have calculated is correct.
Briefly describe three solutions to the problem of having a check digit result that is greater than one digit-that is, a check digit that is greater than 9 . Point out any disadvantages to the
Briefly discuss the distinction between a physical batch and a logical batch. Are there any differences between the controls that can be exercised over physical and logical batches?
Briefly explain the difference between the following types of batch control totals:a. Document countb. Hash totalc. Financial total
List four types of information typically placed on a batch cover sheet. Briefly explain the purpose of each piece of information you list for the overall control of the batch.
Without giving examples, briefly explain the nature of the following types of data input validation checks:a. Field checksb. Record checksc. Batch checksd. File checks
Distinguish between a range check and a reasonableness check. Why is a reasonableness check not a field-level check?
Why is the check for a valid sign on a numeric field not a field-level check?
Why is correcting errors based on cross-screen validation of input data sometimes difficult?
How might the timing of reporting input errors differ between a direct-entry screen and a screen based on a dedicated source document?
Give three design guidelines for reporting of data input errors.
Are novice users of an application system more likely to make errors entering instructions via a menu-driven language or a question-answer dialog? Briefly explain your answer.
Why does it seem better to use a command language with a small number of commands and a large number of arguments? How can errors in the specification of arguments then be reduced?
What is the major limitation of using a forms-based language as a means of entering instructions to an application system?
Briefly explain the limitations of natural-language interfaces to an application system with respect to:a. Ambiguity of commandsb. Establishing the lexiconc. Ambiguity in responsesd. Changes to the
What is meant by a direct manipulation interface? What is the major advantage of using a direct manipulation interface as a means of providing instruction input to an application system?
Briefly explain the nature of lexical validation of instruction input. How does the lexical analyzer handle:a. Identifiersb. Terminalsc. Literals
Briefly explain the nature of semantic validation during instruction input. What factors govern the quality of semantic validation during instruction input?
Give five items that might be captured on the accounting audit trail in relation to data input in the input subsystem.
Why is the operations audit trail for the input subsystem an important resource in improving the effectiveness and efficiency of an application system?
Existence controls for instruction input are often less critical than existence controls for data input. Briefly explain.
What is the primary role of quality assurance management as it operates within the information systems function?
Give three reasons why the QA function has emerged in organizations.

Showing 900 - 1000 of 2689

First
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Last

Services

Sitemap
Fun
Definitions
Become Tutor
Study Help Categories
Recent Questions
Expert Questions

Company Info

Security
Copyrights
Privacy Policy
Terms & Conditions
SolutionInn Fee
Scholarship

Get In Touch

About Us
Contact Us
Career
Jobs
FAQ
Campus Ambassador

Secure Payment

Download Our App

© 2024 SolutionInn. All Rights Reserved