Group 2 CIS Homework 401-A (8 Members-80 questions) Cabiao, Orlene Castillo, Mark Lester Elano, Jeremias Evangelista, Kevin

Christopher Ferrer, Ailene Pontiveros, Jenelyn Sanchez, Cherry Rose Serrano, Ariel 1. Which statement is correct regarding personal computer systems? a. Personal computers or PCs are economical yet powerful self-contained general purpose computers consisting typically of a central processing unit (CPU), memory, monitor, disk drives, printer cables and modems. b. Programs and data are stored only on non-removable storage media. c. Personal computers cannot be used to process accounting transactions and produce reports that are essential to the preparation of financial statements. d. Generally, CIS environments in which personal computers are used are the same with other CIS environments.

2.

A personal computer can be used in various configurations, including a. A stand-alone workstation operated by a single user or a number of users at different times. b. A workstation which is part of a local area network of personal computers. c. A workstation connected to a server. d. All of the above.

3. Which statement is incorrect regarding personal computer configurations? a. The stand-alone workstation can be operated by a single user or a number of users at different times accessing the same or different programs. b. A stand-alone workstation may be referred to as a distributed system. c. A local area network is an arrangement where two or more personal computers are linked together through the use of special software and communication lines. d. Personal computers can be linked to servers and used as part of such systems, for example, as an intelligent on-line workstation or as part of a distributed accounting system. 4. Which of the following is the least likely characteristic of personal computers? a. They are small enough to be transportable. b. They are relatively expensive. c. They can be placed in operation quickly.

d. The operating system software is less comprehensive than that found in larger computer environments. 5. Which of the following is an inherent characteristic of software package? a. They are typically used without modifications of the programs. b. The programs are tailored-made according to the specific needs of the user. c. They are developed by software manufacturer according to particular users specifications. d. It takes a longer time of implementation.

6. It is a computer program (a block of executable code) that attaches itself to a legitimate program or data file and uses its as a transport mechanism to reproduce itself without the knowledge of the user. a. Virus b. Utility program c. System management program d. Encryption

7. Which statement is incorrect regarding internal control in personal computer environment? a. Generally, the CIS environment in which personal computers are used is less structured than a centrally-controlled CIS environment. b. Controls over the system development process and operations may not be viewed by the developer, the user or management as being as important or costeffective. c. In almost all commercially available operating systems, the built-in security provided has gradually increased over the years. d. In a typical personal computer environment, the distinction between general CIS controls and CIS application controls is easily ascertained. 8. Personal computers are susceptible to theft, physical damage, unauthorized access or misuse of equipment. Which of the following is least likely a physical security to restrict access to personal computers when not in use? a. Using door locks or other security protection during non-business hours. b. Fastening the personal computer to a table using security cables. c. Locking the personal computer in a protective cabinet or shell. d. Using anti-virus software programs. 9. Which of the following least likely protects critical and sensitive information from unauthorized access in a personal computer environment? a. Using secret file names and hiding the files. b. Keeping of back up copies offsite. c. Employing passwords. d. Segregating data into files organized under separate file directories.

10. The auditor may often assume that control risk is high in personal computer systems since , it may not be practicable or cost-effective for management to implement sufficient controls to reduce the risks of undetected errors to a minimum level. This least likely entail a. More physical examination and confirmation of assets. b. More analytical procedures than tests of details. c. Larger sample sizes. d. Greater use of computer-assisted audit techniques, where appropriate. 11. A critical region a. is a piece of code which only one process executes at a time b. is a region prone to deadlock c. is a piece of code which only a finite number of processes execute d. is found only in Windows NT operation system answer a 12. The mechanism that bring a page into memory only when it is needed is called _____________ a. Segmentation b. Fragmentation c. Demand Paging d. Page Replacement answer c 13. The problem of thrashing is effected scientifically by ________. a) Program structure b) Program size c) Primary storage size d) None of the above answer a 14. FIFO scheduling is ________. a. Preemptive Scheduling b. Non Preemptive Scheduling c. Deadline Scheduling d. Fair share scheduling answer b 15. Switching the CPU to another Process requires to save state of the old process and loading new process state is called as __________. a. Process Blocking b. Context Switch c. Time Sharing d. None of the above answer b 16. Which directory implementation is used in most Operating System? a. Single level directory structure b. Two level directory structure c. Tree directory structure d. Acyclic directory structure answer c 17. The Bankers algorithm is used a. to prevent deadlock in operating systems b. to detect deadlock in operating systems c. to rectify a deadlocked state

d. none of the above answer a 18. A thread a. is a lightweight process where the context switching is low b. is a lightweight process where the context swithching is high c. is used to speed up paging d. none of the above answer a 19. ______ is a high level abstraction over Semaphore. a. Shared memory b. Message passing c. Monitor d. Mutual exclusion answer c 20. A tree structured file directory system a. allows easy storage and retrieval of file names b. is a much debated unnecessary feature c. is not essential when we have millions of files d. none of the above answer a 21. There are security components in a secure operating system, which one is the exception? A a. Access Procedure c. Access Control b. Access Privileges d. Access Token 22. In The Operating System Controls Areas of Examination which one has the objective of prevention of introduction and spreading of destructive programs? C a. Access Privileges c. Virus Control b. Password Control d. Audit Trail Control 23. A secret code the user enters to gain access to systems, applications, data files, or network servers. C a. Key c. Password b. Pass code d. Log-in Details 24. 4. Network Topologies are configurations of: B I.Hardware II. Software III. Communications Line IV. Network Control a. I and II only b. I, II, and III only c. I, II and IV only d. I, II, III, and IV 25. There are 5 basic network topologies which one is not? D a. Ring Topology b. Bus Topology c. Star Topology d. Box Topology

26. When two or more signals are transmitted simultaneously it results in ____, where it destroys both messages. C a. a. Data integration c. Data collision b. b. Data fragmentation d. Data destruction 27. All are internet risks which one is not? D a. Equipment Failure b. IP Spoofing c. Denial Of Service Attack d. Internet Malfunctions 28. Is the conversion of data into secret code for storage in databases and transmission over networks. A a. Encryption b. Decryption c. Encoding d. Decoding 29. Echo Check : receiver returns messages to sender; _____ : Incorporates extra bit during creation or transmission. B a. Bit Check b. Parity Check c. Integration Check d. Control Check 30. It is a PC systems risk in which size and portability of the PC in use is in question. A a. Risk of theft b. Risk of Maneuverability c. Risk of Misplacement d. Risk Of acquisition 31. Sniffer software is a. used by malicious Web sites to sniff data from cookies stored on the users hard drive. b. used by network administrators to analyze network traffic. c. used by bus topology intranets to sniff for carriers before transmitting a message to avoid data collisions. d. an illegal program downloaded from the Web to sniff passwords from the encrypted data of Internet customers. e. illegal software for decoding encrypted messages transmitted over a shared intranet channel. 32. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a(n) a. operating system. b. database management system. c. utility system. d. facility system. e. object system. 33. A users application may consist of several modules stored in separate memory locations, each with its own data. One module must not be allowed to destroy or corrupt another module. This is an objective of a. operating system controls. b. data resource controls. c. computer center and security controls.

d. application controls. 34. A program that attaches to another legitimate program but does NOT replicate itself is called a a. virus. b. worm. c. Trojan horse. d. logic bomb. 35. Which of the following is NOT a data communications control objective? a. maintaining the critical application list b. correcting message loss due to equipment failure c. rendering useless any data that a perpetrator d. successfully captures 36. Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the hosts network using a technique called a. spoofing. b. IP spooling. c. dual-homed. d. screening. 37. Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, is form of a. a DES message. b. request-response control. c. denial of service attack. d. call-back device. 38. A message that is contrived to appear to be coming from a trusted or authorized source is called a. a denial of service attack. b. digital signature forging. c. Internet protocol spoofing. d. URL masquerading. e. a SYN-ACK packet. 39. A DDos attack a. is more intensive than a Dos attack because it emanates from single source. b. may take the form of either a SYN flood or smurf attack. c. is so named because it affects many victims simultaneously, which are distributed across the Internet. d. turns the target victims computers into zombies that are unable to access the Internet. e. none of the above is correct. 40. A ping signal is used to initiate a. URL masquerading. b. digital signature forging. c. Internet protocol spoofing. d. a smurf attack e. a SYN-ACK packet. 41. Which of the following is not a significant problem observed in a flat-file environment? a. data storage b. data updating c. data conversion d. currency of information 42. Access to the data resource is controlled by

a. data librarian b. database technician c. database management system d. database administrator 43. The following are key elements of the database environment except a. database administrator b. conceptual database c. users d. database management system 44. All of the following are typical features of a DBMS except a. program maintenance b. back up and recovery c. database usage reporting d. database access 45. It is a programming language used to define the database to the DBMS. a. data manipulation language b. data definition language c. query language d. database operation language 46. It is responsible for managing the database resources. a. data librarian b. data operator c. database administrator d. data dictionary 47. This is the lowest level of database that is composed of magnetic spots on metallic coated disks. a. physical database b. data dictionary c. database administrator d. database manager 48. The following are basic record associations except a. one-to-one b. one-to-all c. one-to-many d. many-to-many 49. It is a database representation of an individual resource, event, or agent about which we choose to collect data. a. data attribute b. entity c. record type d. database 50. It is the technique used to locate records and to navigate through the database. a. data retrieval b. data locator c. access method d. data organization 51. It is the computers control program? a. Database b. Program ANSWER: C c. Operating system d. System and Networks

52. The computer operating system must protect itself from all of this except? a. Administrator c. Each other b. Users d. Environment ANSWER: A 53. It is the operating systems first line of defence against unauthorized access? a. Access token c. Access Control list b. Log-on Procedure d. Discretionary access privileges ANSWER: B 54. A secret code that user enters to gain access to system, applications, data or network? a. Code c. Username b. Pin code d. Password ANSWER: D 55. It is a form of masquerading to gain unauthorized access to a web server? a. IP spoofing c. SYN flood attack b. Dos attack d. Virus ANSWER: A 56. It is a system that enforces access control between two networks? a. Screening c. LAN b. Firewall d. WAN ANSWER: B 57. It is the conversion of data into a secret code for storage in database and transmission over networks? a. Algorithm c. Encryption b. Caesar cipher d. Firewall ANSWER: C 58. Electronic authentication that cannot be forged. a. Digital envelope c. Digital certificate b. Digital authentication d. Digital signature ANSWER: D 59. It involves transmitting a special around the network from node to node in a specific sequence. a. Token Passing c. Polling b. Carrier sensing d. Sniffing ANSWER: A 60. Which of the following is not a system risk and controls a. Operating system weakness c. Decentralized access b. Weak in access control d. Risk of theft ANSWER: C 61. In a computer system, the parts of the operating system program and language translator program are stored in the a. Read only memory (ROM).* b. Random access memory (RAM). c. Magnetic tape drive. d. Magnetic disk drive. 62. A CIS where two or more personal computers are linked together through the use of special software and communication lines and allows the sharing of application software, data files, and computer peripherals such as printers and optical scanners is a/an a. Local area network (LAN).*

b. On-line system. c. Batch processing system. d. Wide area network (WAN). 63. A file server in a local area network (LAN) is a. A workstation that is dedicated to a single user on the LAN. b. A computer that stores programs and data files for users of the LAN.* c. The cabling that physically interconnects the nodes of the LAN. d. A device that connects the LAN to other networks. 64. Which of the following is considered to be a server in a local area network (LAN)? a. The cabling that physically interconnects the nodes of the LAN. b. A device that stores program and data files for users of the LAN.* c. A device that connects the LAN to other networks. d. A workstation that is dedicated to a single user on the LAN. 65. Which of the following is likely to be a benefit of electronic data interchange (EDI)? a. Increased transmission speed of actual documents. b. Improved business relationships with trading partners.* c. Decreased liability related to protection of proprietary business data. d. Decreased requirements for backup and contingency planning. 66. The emergence of electronic data interchange (EDI) as standard operating practice increases the risk of a. Unauthorized third-party access to systems.* b. Systematic programming errors. c. Inadequate knowledge bases. d. Unsuccessful system use. 67. Before sending or receiving EDI messages, a company should a. Execute a trading partner agreement with each of its customers and suppliers.* b. Reduce inventory levels in anticipation of receiving shipments. c. Demand that all its suppliers implement EDI capabilities. d. Evaluate the effectiveness of its use of EDI transmissions. 68. An internet firewall is designed to provide adequate protection against which of the following? a. A computer virus. b. Unauthenticated logins from outside users.* c. Insider leaking of confidential information. d. A Trojan horse application. 69. The firewall system that limits access to a computer network by routing users to replicated Web pages is a. A packet filtering system. b. Kerberos. c. A proxy server.* d. An authentication systems. 70. A Local area network (LAN) is best describes as a(n)

a. Computer system that connects computers of all sizes, workstations, terminals, and other devices within a limited proximity.* b. System to allow computer users to meet and share ideas and information. c. Electronic library containing millions of items of data that can be reviewed, retrieved, and analysed. d. Method to offer specialized software, hardware, and data handling techniques that improve effectiveness and reduce costs. 71. Why operating system should be audited? a. Because it is a complex program and hackers can easily cracked the corporations system. b. Because it is common to all users. c. Because it will affect the financial statements of the entity. 72. What do you call the two language translator of the operating system? a. Translators and encoder b. Decoder and compiler c. Compilers and interpreters 73. Statement 1: The operating system must protect itself from users. User applications must not be able to gain control of, or damage in any way, the operating system, thus causing it to cease running or destroy data. Statement 2: The operating system must protect users from themselves. A users application may consist of several modules stored in separate memory locations, each with its own data. One module must not be allowed to prevent or protect another module. a. Statement 1 and 2 is true b. Statement 1 is true but statement 2 is false c. Both statement is true d. Both statement is false 74. The central system administrator usually determines who is granted access to specific resources and maintains the access control list. In distributed systems, however, end users may: a. Control resources or own resources b. Give their own access to another users c. Gain control to computer operations 75. What are the Operating System Controls and Audit Tests a. Access controls, password changes, firewall control and audit trail control b. Access privileges, password control, virus control, and audit trail control c. Access controls, password control, anti-virus protection and firewall control 76. What do you mean by a strong password? a. A personal data such as birth date, childs name, favorite author, etc. b. Combination of long consecutive letter and numbers c. Random combination of letters and numbers that are hard to remember 77. Statement 1: A password is a secret code the users enter to gain access to systems, applications, data files or network servers.

Statement 2: if the user cannot provide the correct password, the operating system should show a clue or a question related to the password. a. Statement 1 and 2 is true b. Statement 1 is true but statement 2 is false c. Both statement is true d. Both statement is false 78. Statement 1: The most common method of password control is the reusable password. Statement 2: The quality of the security that a reusable password provides depends on the quality of the password itself. a. Statement 1 and 2 is true b. Statement 1 is true but statement 2 is false c. Both statement is true d. Both statement is false 79. Which statement is false? a. Keystroke monitoring involves recording both the users keystrokes and the systems responses. b. Keystroke monitoring is the computer equivalent of a telephone wiretap. c. Keystroke monitoring summarizes key activities related to system resources. 80. What is the primary objective of real-time detection? a. To protect the system from viruses at the current time b. To prevent the system from more serious system errors c. to protect the system from outsiders attempting to breach system controls.