CIA-III Dumps
CIA-III Braindumps CIA-III Real Questions CIA-III Practice Test
CIA-III Actual Questions
The Certified Internal Auditor Part 3
https://killexams.com/pass4sure/exam-detail/CIA-III
Which of the following is an important senior management responsibility with regard to information systems security?
Assessing exposures.
Assigning access privileges.
Identifying ownership of data.
Training employees in security matters.
Senior management is responsible for risk assessment, including identification of risks and
consideration of their significance, the likelihood of their occurrence, and how they should be managed. Senior management is also responsible for establishing organizational policies regarding computer security and implementing a compliance structure. Thus, senior management should assess the risks to the integrity, confidentiality, and availability of information systems data and resources.
Management's enthusiasm for computer security seems to vary with changes in the environment, particularly the occurrence of other computer disasters. Which of the following concepts should be addressed when making a comprehensive recommendation regarding the costs and benefits of computer security?
Potential loss if security is not implemented Probability of occurrences
Cost and effectiveness of the implementation and operation of computer security
I only.
I and II only.
III only.
B. I, Il, and Ill.
Potential loss is the amount of dollar damages associated with a security problem or loss of assets. Potential loss times the probability of occurrence is an estimate expected value) of the exposure associated with lack of security. It represents a potential benefit associated with the implementation of security measures. To perform a cost-benefit analysis, the costs should be considered. Thus, all three items need to be addressed.
Of the following, the greatest advantage of a database server) architecture is
Data redundancy can be reduced.
Conversion to a database system is inexpensive and can be accomplished quickly.
Multiple occurrences of data items are useful for consistency checking.
Backup and recovery procedures are minimized.
Data organized in files and used by the organization's various applications programs are
collectively known as a database. In a database system, storage structures are created that render the applications programs independent of the physical or logical arrangement of the data. Each data item has a standard definition, name, and format, and related items are linked by a system of pointers. The programs therefore need only to
specify data items by name, not by location. A database management system handles retrieval and storage. Because separate files for different applications programs are unnecessary, data redundancy can be substantially reduced.
In an inventory system on a database management system DBMS), one stored record
contains part number, part name, part color, and part weight. These individual items are called
Fields.
Stored files.
Bytes.
Occurrences.
A record is a collection of related data items fields). A field data item) is a group of
characters representing one unit of information.
An inventory clerk, using a computer terminal, views the following on screen part number, part description, quantity on hand, quantity on order, order quantity, and reorder point for a particular inventory item. Collectively, these data make up a
Field.
File.
Database.
Record.
A record is a collection of related data items fields). A field data item) is a group of
characters representing one unit of information. The part number, part description, etc., are represented by fields.
Which of the following is the elementary unit of data storage used to represent individual
attributes of an entity?
Database.
Data field.
File.
Record.
A data item or field) is a group of characters. It is used to represent individual attributes of
an entity, such as an employee's address. A field is an item in a record.
A file-oriented approach to data storage requires a primary record key for each file. Which of the following is a primary record key?
The vendor number in an accounts payable master file.
The vendor number in a closed purchase order transaction file.
The vendor number in an open purchase order master file_
All of the answers are correct.
The primary record key uniquely identifies each record in a file. Because there is only one
record for each vendor in an accounts payable master file. the vendor number would be the appropriate key.
A business is designing its storage for accounts receivable information. What data file
concepts should be used to provide the ability to answer customer inquiries as they are received?
Sequential storage and chains.
Sequential storage and indexes.
Record keys, indexes, and pointers.
Inverted file structure indexes, and internal labels.
A record key is an attribute that uniquely identifies or distinguishes each record from the
others. An index is a table listing storage locations for attributes, often including those other than the unique record key attribute. A pointer is a data item that indicates the physical address of the next logically related record.
Auditors making database queries often need to combine several tables to get the information they want. One approach to combining tables is known as
Extraction.
Joining.
Sorting.
Summarization.
In data management terminology, joining is the combining of data files based on a
common data element. For example, if rows in a table containing information about specified parts have been selected, the result can be joined with a table that contains information about suppliers. The join operation may combine the two tables using the supplier number assuming both tables contained this element) to provide information about the suppliers of particular parts.
Users making database queries often need to combine several tables to get the information
they want. One approach to combining tables is
Joining.
Merging.
Projecting.
Pointing.
Joining is the combining of two or more relational tables based on a common data
element. For example, if a supplier table contains information about suppliers and a parts table contains information about parts, the two tables can be joined using the supplier number assuming both tables contain this attribute) to give information about the supplier of particular parts.
All of the following are methods for distributing a relational database across multiple
servers except
Snapshot making a copy of the database for distribution).
Replication creating and maintaining replica copies at multiple locations)_
Normalization separating the database into logical tables for easier user processing).
Fragmentation separating the database into parts and distributing where they are needed).
A distributed database is stored in two or more physical sites. The two basic methods of
distributing a database are partitioning and replication_ However. normalization is a process of database design, not distribution. Normalization is the term for determining how groups of data items in a relational structure are arranged in records in a database. This process relies on "normal forms," that is. conceptual definitions of data records and specified design rules_ Normalization is intended to prevent inconsistent updating of data items. It is a process of breaking down a complex data structure by creating smaller, more efficient relations, thereby minimizing or eliminating the repeating groups in each relation.
In a database system, locking of data helps preserve data integrity by permitting
transactions to have control of all the data needed to complete the transactions. However, implementing a locking procedure could lead to
Inconsistent processing.
Rollback failures.
Unrecoverable transactions.
Deadly embraces retrieval contention).
In a distributed processing system, the data and resources a transaction may update or use
should be held in their current status until the transaction is complete. A deadly embrace occurs when two transactions need the same resource at the same time. If the system does not have a method to cope with the problem efficiently, response time worsens or the system eventually fails. The system should have an algorithm for undoing the effects of one transaction and releasing the resources it controls so that the other transaction can run to completion.
One advantage of a database management system DBMS) is
That each organizational unit takes responsibility and control for its own data.
The cost of the data processing department decreases as users are now responsible for
establishing their own data handling techniques.
A decreased vulnerability as the database management system has numerous security
controls to prevent disasters.
The independence of the data from the application programs. which allows the
programs to be developed for the user's specific needs without concern for data capture problems.
A fundamental characteristic of databases is that applications are independent of the
database structure; when writing programs or designing applications to use the database. only the name of the desired item is necessary. Programs can be developed for the user's specific needs without concern for data capture problems. Reference can be made to the items using the data manipulation language, after which the DBMS takes care of locating and retrieving the desired items. The physical or logical structure of the database can be completely altered without having to change any of the programs using the data items, only the schema requires alteration.
Which of the following is a false statement about a database management system application environment?
Data are used concurrently by multiple users.
Data are shared by passing files between programs or systems.
The physical structure of the data is independent of user needs.
Data definition is independent of any one program.
In this kind of system, applications use the same database There is no need to pass files
between applications.
Which of the following should not be the responsibility of a database administrator?
Design the content and organization of the database.
Develop applications to access the database.
Protect the database and its software.
Monitor and improve the efficiency of the database.
The database administrator DBA) is the person who has overall responsibility for developing and maintaining the database. One primary responsibility is for designing the content of the database. Another responsibility of the DBA is to protect and control the database. A third responsibility is to monitor and improve the efficiency of the database. The responsibility of developing applications to access the database belongs to systems analysts and programmers.
The responsibilities of a data administrator DA) include monitoring
The database industry.
The performance of the database.
Database security.
Backup of the system.
The DA handles administrative issues that arise regarding the database. The DA acts as an
advocate by suggesting new applications and standards. One of the DA's responsibilities is to monitor the database industry for new developments. In contrast, the database administrator DBA) deals with the technical aspects of the database
To trace data through several applies qti on programs, an auditor needs to know what programs use the data, which files contain the data, and which print-td reports display the data. If data exist only in a database system, the auditor could probably find all of this information in a
Data dictionary.
Database schema.
Data encryptor.
Decision table.
The data dictionary is a file possibly manual but usually computerized) in which the
records relate to specified data items. It contains definitions of data items, the list of programs used to process them, and the reports in which data are found. Only certain persons or entities are permitted to retrieve data or to modify data items. Accordingly. these access limitations are also found in the data dictionary.
Image processing systems have the potential to reduce the volume of paper
circulated throughout an organization. To reduce the likelihood of users relying on the wrong images, management should ensure that appropriate controls exist to maintain the
Legibility of image data.
Accessibility of image data.
Integrity of index data.
Initial sequence of index data.
Data integrity is a protectibility objective. If index data for image processing systems are
corrupted, users will likely be relying on the wrong images.
What language interface would a database administrator use to establish the structure of
database tables?
Data definition language.
Data control language.
Data manipulation language.
Data query language.
The schema is a description of the overall logical structure of the database using data- definition language DDL), which is the connection between the logical and physical structure of the database. DDL is used to define, or determine, the database.
Query facilities for a database system would most likely include all of the following except
Graphical output capability.
Data dictionary access.
A data validity checker.
A query-by-example interface.
The least likely feature of a query tool would be a data validity checker because the
database system has already enforced any validity constraints at the time the data were inserted in the database. Any further data validity checking would be a function of a user application program rather than a query.
Which of the following would be the most appropriate starting point for a compliance evaluation of software licensing requirements for an organization with more than 15,000 computer workstations?
Determine if software installation is controlled centrally or distributed throughout the organization.
Determine what software packages have been installed on the organization' s
computers and the number of each package installed.
Determine how many copies of each software package have been purchased by the
organization.
Determine what mechanisms have been installed for monitoring software usage.
The logical starting point is to determine the point(s) of control. Evidence of license
compliance can then be assessed. For example, to shorten the installation time for revised software in a network, an organization may implement electronic software distribution ESD), which is the computer-to-- computer installation of software on workstations. Instead of weeks, software distribution can be accomplished in hours or days and can be controlled centrally. Another advantage of ESD is that it permits tracking or metering of PC program licenses.
Use of unlicensed software in an organization
Increases the risk of introducing viruses into the organization
Is not a serious exposure if only low-cost software is involved
Can be detected by software checking routines that run from a network server
I only.
I and II only.
I, II, and Ill.
I and Ill only.
Antivirus measures should include strict adherence to software acquisition policies. Unlicensed software is less likely to have come from reputable vendors and to have been carefully tested.Special software is available to test software in use to determine whether it has been authorized.
The Internet consists of a series of networks that include
Gateways to allow personal computers to connect to mainframe computers.
Bridges to direct messages through the optimum data path_
Repeaters to physically connect separate local area networks LANs).
Routers to strengthen data signals between distant computers.
The Internet facilitates information transfer between computers. Gateways are hardware or
software products that allow translation between two different protocol families. For example, a gateway can be used to exchange messages between different email systems.
Which of the following is true concerning HTML?
The acronym stands for HyperText Material Listing.
The language is among the most difficult to learn
The language is independent of hardware and software.
HTML is the only language that can be used for Internet documents.
HTML is the most popular language for authoring Web pages. It is hardware and software
independent, which means that it can be read by several different applications and on many different kinds of computer operating systems. HTML uses tags to mark information for proper display on Web pages.
Which of the following is a false statement about XBRL?
XBRL is freely licensed.
XBRL facilitates the automatic exchange of information
XBRL is used primarily in the U.S.
XBRL is designed to work with a variety of software applications.
XBRL stands for eXtensible Business Reporting Language. It is being developed for
business and accounting applications. It is an XML-based application used to create, exchange, and analyze financial reporting information and is being developed for worldwide use.
6$03/( 48(67,216
7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV
.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP
$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP
([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP
3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV
*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV
8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV
7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\
'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU
.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG