Книга будет полезна и ит-менеджерам фирм производителей программного обеспечения, и ит-менеджерам коммерческих банков (потребителей), руководителям коммерческих банков,
Вид материала | Книга |
- Программа по дисциплине документарные операции российских коммерческих банков, 103.16kb.
- Тематика курсовых работ по курсу «Финансовый менеджмент коммерческих банков», 31.08kb.
- Курсовая работа на тему: Трастовые операции коммерческих банков по дисциплине: Банковское, 747.1kb.
- Коммерческий банк основной элемент банковской системы, 519.51kb.
- С 1 января 2007 года по 1 января 2010 года: доходы юридических лиц, полученные в виде, 24.34kb.
- Д. А. «Рекламные стратегии коммерческих банков в посткризисный период» (2012) Содержание, 309.19kb.
- Организация рефинансирования коммерческих банков и пути его развития сотникова Д.,, 83.19kb.
- Тема Роль и место банков в накоплении и мобилизации ссудного капитала 2 > Происхождение, 1574.81kb.
- Анализ ресурсов и активов коммерческих банков Украины и Крыма. Система банковских учреждений, 238.83kb.
- Пост-релиз Конференция coins-2010 подтвердила интерес к рынку монет в России, 84.96kb.
Приложение 7. Пример экзаменационных вопросов для ИТ-аудиторов
1. A database administrator is responsible for:
A. maintaining the access security of data residing on the computers.
В. implementing database definition controls.
С. granting access rights to users.
D. defining system's data structure.
2. Which of the following would NOT be associated with well-written and concise job descriptions?
A. They are an important means of discouraging fraudulent acts.
В. They are often used as tools for use in performance evaluation.
С. They provide little indication of the degree of separation of duties.
D. They assist in defining the relationship between various job functions.
3. The input/output control function is responsible for:
A. pulling and returning all tape files.
В. entering and key verifying data.
С. logging batches and reconciling hash totals.
D. executing both production and test jobs.
4. Which of the following tools for controlling input/output of data are used to verify output results and control totals by matching them against the input data and control totals?
A. Batch header forms
В. Batch balancing
С. Data conversion error corrections
D. Access controls over print spools
5. In Wide Area Networks (WANs):
A. data flow can be half duplex or full duplex.
В. communication lines must be dedicated.
С. circuit structure can be operated only over a fixed distance.
D. the selection of communication lines will affect reliability.
6. A feature of a digital signature that ensures that the claimed sender cannot later deny generating and sending the message is:
A. data integrity.
В. authentication.
С. non-repudiation.
D. replay protection.
7. Which of the following factors is LEAST likely to allow a perpetrator to discover a valid password?
A. The number of characters in the password
В. The power of the computer used to break the password code
С. The number of incorrect access attempts allowed before disconnect
D. The content of the character set from which the password is composed
8. Passwords should be:
A. assigned by the security administrator.
В. changed every 30 days at the discretion of the user.
С. reused often to ensure the user does not forget the password.
D. displayed on the screen so that the user can ensure that it has been properly entered.
9. Which of the following is a technique that could illegally capture network user passwords?
A. Encryption
В. Sniffing
С. Spoofing
D. Data destruction
10. Which of the following is NOT an employee security responsibility?
A. Keeping Logon-IDs and passwords secret
В. Helping other employees create passwords
С. Reading and understanding the security policy
D. Questioning unfamiliar people who enter a secured area
11. Which of the following would warranty a quick continuity of operations when the recovery time window is short?
A. A duplicated back-up in an alternate site
В. Duplicated data in a remote site
С. Transfer of data the moment a contingency occurs
D. A manual contingency procedure
12. Which of the following BEST describes the difference between a disaster recovery plan and a business continuity plan?
A. The disaster recovery plan works for natural disasters whereas the business continuity plan works for non-planned operating incidents such as technical failures.
В. The disaster recovery plan works for business process recovery and information systems whereas the business continuity plan works only for information systems.
С. The disaster recovery plan defines all needed actions to restore to normal operation after an un-planned incident whereas the business continuity plan only deals with critical operations needed to continue working after an un-planned incident.
D. The disaster recovery plan is the awareness process for employees whereas the business continuity plan contains the procedures themselves to recover the operation.
13. The use of fourth generation languages (4GLs) should be weighed carefully against using traditional languages because 4GLs:
A. can lack lower level detail commands necessary to perform data intensive operations.
В. cannot be implemented on both the mainframe processors and microcomputers.
С. generally contain complex language subsets which must be used by skilled users.
D. cannot access database records and produce complex Online outputs.
14. Which of the following tools would NOT be used in program debugging during system development?
A. Compiler
В. Memory dump
С. Output analyzer
D. Logic path monitor
15. Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality?
A. Function point analysis
В. Critical path methodology
С. Rapid application development
D. Program evaluation review technique
16. Which of the following statements pertaining to program evaluation review technique (PERT) is FALSE?
A. The initial step in designing a PERT network is to define project activities and their relative sequence.
В. An analyst may prepare many diagrams before the PERT network is complete.
С. PERT assumes a perfect knowledge of the times of individual activities.
D. PERT assumes that activities can be started and stopped independently.
17. A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is:
A. independent review of the transaction listing.
В. programmed edit check to prevent entry of invalid data.
С. programmed reasonableness checks with 20% data entry range.
D. visual verification of data entered by the processing department.
18. Application controls ensure that when inaccurate data is entered into the system, the data is:
A. accepted and processed.
В. accepted and not processed.
С. not accepted and not processed.
D. not accepted and processed.
19. Which of the following BEST describes the purpose or character of an audit charter?
A. An audit charter should be dynamic and change often to coincide with the changing nature of technology and the audit profession.
В. An audit charter should clearly state audit's objectives for the delegation of authority for the maintenance and review of internal controls.
С. An audit charter should document the audit procedures designed to achieve the planned audit objectives.
D. An audit charter should outline the overall authority, scope and responsibilities of the audit function.
20. A manufacturing company has implemented a new client/ server system enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following controls would BEST ensure that the orders are accurately entered and the corresponding products produced?
A. Verifying production to customer orders
В. Logging all customer orders in the ERP system
С. Using hash totals in the order transmitting process
D. Approving (production supervisor) orders prior to production
1. A database administrator is responsible for:
The correct answer is:
B. implementing database definition controls.
Explanation:
Implementing database definition controls is one of the critical functions of the database administrator. Maintaining access security of data and granting access rights to users as defined by management is the responsibility of the security administrator. Defining system's data structure in the responsibility of the systems analyst.
Area: Content Area 1
2. Which of the following would NOT be associated with well-written and concise job descriptions?
The correct answer is:
C. They provide little indication of the degree of separation of duties.
Explanation:
Well written and concise job descriptions should provide an indication of the degree of separation of duties within the organization and, in fact, may assist in identifying possible conflicting duties. All other answers are aspects of well-written job descriptions.
Area: Content Area 1
3. The input/output control function is responsible for: The correct answer is:
C. logging batches and reconciling hash totals.
Explanation:
The logging of batches provides input control while the reconciling of hash totals provides output controls.
Area: Content Area 2
4. Which of the following tools for controlling input/output of data are used to verify output results and control totals by matching them against the input data and control totals?
The correct answer is:
B. Batch balancing
Explanation:
Batch balancing is used to verify output results and control totals by matching them against the input data and control totals. This can be performed by the computer program where the control totals were input into the computer with the batch input. Batch header forms control data preparation; data conversion error corrections correct errors that occur due to duplication of transactions and inaccurate data entry; and access controls over print spools prevent reports from being accidentally deleted form print spools or directed to a different printer.
Area: Content Area 2
5. In Wide Area Networks (WANs): The correct answer is:
D. the selection of communication lines will affect reliability.
Explanation:
The selection of communication lines, modems, software, etc. will have a great effect on network reliability. Data flow can be half duplex, full duplex or simplex; communication lines can be dedicated or switched; and the circuit structure can be operated over virtually any distance.
Area: Content Area 2
6. A feature of a digital signature that ensures that the claimed sender cannot later deny generating and sending the message is:
The correct answer is: C. non-repudiation.
Explanation:
All of the above are features of a digital signature. Non-repudiation ensures that the claimed sender cannot later deny generating and sending the message. Data integrity refers to changes in the plaintext message that would result in the recipient failing to compute the same message hash. Authentication ensures that the message has been sent by the claimed sender since only the claimed sender has the key. Replay protection is a method that a recipient can use to check that the message was not intercepted and replayed.
Area: Content Area 3
7. Which of the following factors is LEAST likely to allow a perpetrator to discover a valid password?
The correct answer is:
B. The power of the computer used to break the password code
Explanation:
А, С and D all contribute to the complexity and difficulty of guessing a password.
Area: Content Area 3
8. Passwords should be: The correct answer is:
A. assigned by the security administrator.
Explanation:
Initial password assignment should be done discretely by the security administrator. Passwords should be changed often (e.g. every 30 days).
However, changing is not voluntary and should be forced by the system. Systems should not permit previous passwords(s) to be used again after they are changed. Old passwords may have been compromised and would thus permit unauthorized access. Passwords should not be displayed in any form.
Area: Content Area 3
9. Which of the following is a technique that could illegally capture network user passwords?
The correct answer is: B. Sniffing
Explanation:
Sniffing is an attack that can be illegally used to capture sensitive pieces of information (password), passing through the network. Encryption is a method of scrambling information to prevent unauthorized individuals from understanding the transmission. Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication. Data destruction is erasing information or removing it from their original location.
Area: Content Area 3
10. Which of the following is NOT an employee security responsibility?
The correct answer is:
B. Helping other employees create passwords
Explanation:
Helping other employees create their passwords may materially affect the integrity of the password. That is, the employee giving the advice may later be able to guess the password and gain access to the system. All the other options are employee security responsibilities.
Area: Content Area 3
11. Which of the following would warranty a quick continuity of operations when the recovery time window is short?
The correct answer is:
D. A manual contingency procedure
Explanation:
A quick continuity of operations could be accomplished when manual procedures for a contingency exist. Choices A, B and С are options for recovery.
Area: Content Area 4
12. Which of the following BEST describes the difference between a disaster recovery plan and a business continuity plan?
The correct answer is:
C. The disaster recovery plan defines all needed actions to restore to normal operation after an un-planned incident whereas the business continuity plan only deals with critical operations needed to continue working after an un-planned incident.
Explanation:
The difference pertains to the scope of each plan. A disaster recovery plan recovers all operations, whereas a business continuity plan retrieves business continuity (minimum requirements to provide services to the customers or clients). Choices А, В and D are incorrect because the type of plan (recovery or continuity) is independent from the sort of disaster or process and it includes both awareness campaigns and procedures.
Area: Content Area 4
13. The use of fourth generation languages (4GLs) should be weighed carefully against using traditional languages because 4GLs:
The correct answer is:
A. can lack lower level detail commands necessary to perform data intensive operations.
Explanation:
All of the answers are advantages of using 4GLs except that they can lack lower level detail commands necessary to perform data intensive operations. These operations are usually required when developing major applications.
Area: Content Area 5
14. Which of the following tools would NOT be used in program debugging during system development?
The correct answer is: A. Compiler
Explanation:
Debugging tools are programs that assist a programmer to fine-tune or debug the program under development. Compilers have some potential to provide feedback to a programmer but are not considered debugging tools. Debugging tools fall into three main categories; logic path monitors, memory dumps, and output analyzers.
Area: Content Area 5
15. Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality?
The correct answer is:
C. Rapid application development
Explanation:
Rapid application development is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality. PERT and critical path methodology are both planning and control techniques, while function point analysis is used for estimating the complexity of developing business applications.
Area: Content Area 5
16. Which of the following statements pertaining to program evaluation review technique (PERT) is FALSE?
The correct answer is:
C. PERT assumes a perfect knowledge of the times of individual activities.
Explanation:
PERT assumes an imperfect knowledge of the times of individual activities and therefore incorporates a level of uncertainty in the estimation of such times. All other answers are true of PERT.
Area: Content Area 6
17. A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is:
The correct answer is:
A. independent review of the transaction listing.
Explanation:
Tax tables represent sensitive data that will be used in numerous calculations and should be independently visually verified by a senior person before they are used in processing. Choices В and С are programmed controls that are useful for preventing "gross" errors. That is, errors such as an added zero or alpha instead of a numeric. A tax table must be exactly accurate, not just readable. Choice D will allow the data entry person to check input accuracy, but it is not sufficient.
Area: Content Area 6
18. Application controls ensure that when inaccurate data is entered into the system, the data is:
The correct answer is:
C. not accepted and not processed. Explanation:
Application controls ensure that only complete, accurate and valid data are entered and updated in a system. Area: Content Area 6
19. Which of the following BEST describes the purpose or character of an audit charter?
The correct answer is:
D. An audit charter should outline the overall authority, scope and responsibilities of the audit function.
Explanation:
An audit charter should clearly state management's objectives for, and delegation of authority to IS Audit. This charter should not change much over time and should be approved at the highest level of management. The audit charter is not so detailed as to include specific audit objectives.
Area: Process Area 7
20. A manufacturing company has implemented a new client/ server system enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following controls would BEST ensure that the orders are accurately entered and the corresponding products produced?
The correct answer is:
A. Verifying production to customer orders
Explanation:
Verification will ensure that production orders match customer orders. Logging can be used to detect inaccuracies, but does not in itself guarantee accurate processing. Hash totals will ensure accurate order transmission, but not accurate processing centrally. Production supervisory approval is a time consuming manual process that does not guarantee proper control.
Area: Process Area 7