Auditing in CIS Environment

Name: ____________________________________ August 29, 2015

Section: BSA41E1 Mid-Term Exam

True or False: (Write T if True and F if false)

F 1. Java is an example of operating system.
F Compilers 2. The language translator modules of the operating system are called debugger.
F First 3. A formal log-on procedure is the operating system.s last line of defense against
unauthorized access.
T 4. Information in the access token is used to approve all actions the user attempts during
the session.
F Password 5. Encrypted code is a secret code the user enters to gain access to systems and network
server.
F (username@ 6. The standard format for an e-mail address is domain name@username.
domainname
T 7. The message authentication code is calculated by the sender and the receiver of a data
transmission.
T 8. A worm is a software program that replicates itself in areas of idle memory until the
system fails.
9. The request-response technique should be detect if a data communication transmission
has been diverted.
_________ 10 To preserve audit trails in a computerized environment, transaction logs are permanent
. records of transactions.
11 A firewall is a hardware partition designed to protect networks from power surges.
.
_________ 12 Electronic data interchange translation software interfaces with the sending firm and the
. value added network.
13 A value added network can be detect and reject transactions by unauthourized trading
. partners.
14 Firewalls are special materials used to insulate computer facilities.
.
15 In a telecommunications environment, line errors can be detected by using an echo
. check.
16 Viruses rarely attach themselves to executable files.
.
_________ 17 Operating system controls are of interest to system professionals but should not concern
. accountants and auditors.
18 Computer viruses usually spread throughout the system before being detected.
.
19 In a computerized environment, the audit trail must be printed onto paper documents.
.
20 The most common method of password control is the one-time password.
.

Multiple Choice: (Write the letter only)

1. A program that attaches to another legitimate program but does not replicate itself is
called a
a. virus
b. worm
c. trojan horse
d. logic bomb
2. A DDos attack
a. is more intensive than a Dos attack because it emanates from single source.
b. may take the form of either a SYN flood or smurf attack.
c. is so named because it affects many victims simultaneously, which are distributed
 across the internet
d. turns the target victims computers into zombies that are unable to access the
internet.
e. none of the above is correct.
3. Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an
ACK, is form of
a. a DES message.
b. denial of service attack
c. request-response control
d. call-back device
4. A message that is contrieved to appear to be coming from a trusted or authorized source
is called
a. a denial of service attack
b. internet protocol spoofing
c. digital signature forging
d. URL masquerading
e. a SYN-ACK packet
5. A ping signal is used to initiate
a. URL masquerading
b. Internet protocol spoofing
c. a SYN-ACK packet
d. diigital signature forging
e. a smurf attack
6. Which of the following is not a data communications control objective?
a. maintaining the critical application list
b. correcting message loss due to equipment failure
c. preventing illegal access
d. rendering useless any data that a perpetrator successfully captures
7. An integrated group of programs that supports the applications and facilitates their
access to specified resources is called a(n)
a. operating system
b. facility system
c. database management system
d. utility system
e. object system
8. Sniffer software is
a. used by malicious web sites to sniff data from cookies stored on the users hard drive.
b. used by network administrators to analyze network traffic.
c. used by bus topology intranets to sniff for carriers before transmitting a message to
avoid data collisions.
d. an illegal program downloaded from the Web to sniff passwords from the encrypted
data of internet customers.
e. illegal software for decoding encrypted messages transmitted over a shared intranet
channel.
9. A users application may consist of several modules stored in seperate memory locations,
each with its own data. One module must not be allowed to destroy or corrupt another
module. This is an objective of
a. operating system controls.
b. computer center and security controls
c. data resource controls.
d. application controls.
1 A digital signature
0. a. is the encrypted mathematical value of the message senders name.
b. is derived from the digest of a document that has been encrypted with the senders
private key.
c. is derived from the digest of a document that has been encrypted with the senders
public key.
d. is the computed digest of the senders digiltal certificate.
e. allows digital messages to be sent over an analog telephone line.