Question 1 (1 point) Defining tolerance limits and credit checking within the ER
ID: 3768840 • Letter: Q
Question
Question 1 (1 point)
Defining tolerance limits and credit checking within the ERP system is representative of which of the following types of controls?
Question 1 options:
A)
automated
B)
programmed
C)
application
D)
all of the above
Question 2 (1 point)
An internal control for information security would include:
Question 2 options:
A)
surveillance in the data center
B)
data center back up and recovery
C)
multi-factor authentication to systems
D)
none of the above
Question 3 (1 point)
Which of the following is a program change control?
Question 3 options:
A)
Users should test system changes in production instance prior to going live.
B)
All program changes should take place in the testing environment prior to moving into the sandbox.
C)
The programmer making the program change should move the change into production.
D)
When programmers complete their work in development, they should place programs in testing area (quality assurance (QA).
Question 4 (1 point)
Which of the following is not a good program change control?
Question 4 options:
A)
Users should be notified of impacts to changes.
B)
An impact analysis should be performed on changes prior to moving to production.
C)
An IT manager or management in business area requesting change should approve the change prior to development.
D)
When a programmer completes his/her work in development, he/she should place changes into production.
Question 5 (1 point)
IT application controls focus on the following layers of 3-tier architecture?
Question 5 options:
A)
operating system and hardware
B)
database and presentation (GUI)
C)
application and database
D)
presentation (GUI) and application
Question 6 (1 point)
Which of the following satisfies a multi-factor user authentication for access to an information system?
Question 6 options:
A)
a smart card plus a badge
B)
biometrics plus voice recognition
C)
user ID plus finger print recognition
D)
user ID and PIN
Question 7 (1 point)
______ is/are examples of IT controls for computer operations.
Question 7 options:
A)
Surveillance in the data center
B)
Job scheduling controls
C)
Data backup and recovery controls
D)
All of the above
Question 8 (1 point)
Which of the following ERP instances should have the tighest controls?
Question 8 options:
A)
development
B)
test
C)
staging
D)
production
Question 9 (1 point)
A test for information security would include ______.
Question 9 options:
A)
authentication and authorization
B)
data backup and recovery
C)
surveillance in the data center
D)
all of the above
Question 10 (1 point)
A test for information security would include:
Question 10 options:
Testing that there are proper job scheduling controls and incident responses.
Checking that there are no unmanaged third party service level agreements.
Making sure that there is sufficient data back-up.
Checking that super user access is limited to only appropriate personnel.
Question 11 (1 point)
Deficiencies in information security create the potential for:
Question 11 options:
A)
Incorrect programming logic.
B)
The ability to override IT general controls.
C)
Improper job scheduling.
D)
The ability to make fictitious or fraudulent transactions.
Question 12 (1 point)
Which of the following can lead to deficiencies of data centers?
Question 12 options:
A)
Insufficient backup and recovery.
B)
Poor physical security over data center.
C)
Poor job scheduling procedures.
D)
All of the above
Question 13 (1 point)
When making changes to programs (such as to ERP software) programmers make changes in the __________________environment (instance).
Question 13 options:
A)
development
B)
production
C)
staging
D)
test
Question 14 (1 point)
A physical inventory count is an example of an internal control test.
Question 14 options:
True
False
Question 15 (1 point)
Which of the following professional certifications validates an individual's proficiency in information systems security, controls, and auditing?
Question 15 options:
A)
CISA
B)
CISSP
C)
CRISC
A)
automated
B)
programmed
C)
application
D)
all of the above
Explanation / Answer
1. A) Automated
2. c) multi-factor authentication to systems
3. D) When programmers complete their work in development, they should place programs in testing area (quality assurance (QA)
4. D) When a programmer completes his/her work in development, he/she should place changes into production.
5. A) presentation (GUI) and application
6. B) biometrics plus voice recognition
7. A) Surveillance in the data center
8. D) Production
9. A) Authentication and Authorization
10. Checking that super user access is limited to only appropriate personnel.
11. D) The ability to make fictitious or fraudulent transactions.
12. D) ALl of the above
13. A) Development
14. True
15. A) CISA