1.
Which of the following statments is true?
Correct Answer
B. Information security is primarily a management issue
Explanation
The correct answer is "information security is primarily a management issue." This statement is true because information security is not solely a technical concern, but also requires effective management and governance. It involves establishing policies, procedures, and controls to protect information assets and ensure compliance with regulations. Management plays a crucial role in setting the tone for security culture, allocating resources, and making strategic decisions to mitigate risks and protect sensitive information. Technical controls are important, but they are just one aspect of a comprehensive information security program that requires active management involvement.
2.
Firewalls are an example of
Correct Answer
A. Preventive controls
Explanation
Firewalls are an example of preventive controls because they are designed to prevent unauthorized access to a network or system. They act as a barrier between the internal network and external threats, monitoring and filtering incoming and outgoing network traffic based on predefined security rules. By enforcing access restrictions and blocking potentially harmful traffic, firewalls help to prevent security breaches and protect the network from attacks. They focus on proactively stopping threats before they can cause any damage or compromise the system's integrity.
3.
The control procedure designed to verify a user's identity is called
Correct Answer
B. Authentication
Explanation
Authentication is the correct answer because it refers to the control procedure designed to verify a user's identity. This process ensures that the user is who they claim to be before granting them access to a system or resource. It typically involves the use of credentials, such as passwords or biometric data, to validate the user's identity. Authorization, compatibility test, and intrusion detection are not directly related to verifying a user's identity, making them incorrect options.
4.
A weakness that an attacker can take advantage of to either disable or take control of a system is called a(n)
Correct Answer
C. Vulnerability
Explanation
A vulnerability refers to a weakness in a system that can be exploited by an attacker to either disable or gain control over the system. It is a flaw or a loophole in the system's design, implementation, or configuration that can be exploited to compromise its security. Attackers often search for vulnerabilities in systems to exploit them and gain unauthorized access or cause harm. Therefore, the correct answer is vulnerability.
5.
Which of the following techniques involves the creation and use of a pair of public and private keys?
Correct Answer
B. Asymmetric encryption
Explanation
Asymmetric encryption involves the creation and use of a pair of public and private keys. The public key is used to encrypt data, while the private key is used to decrypt it. This technique provides a secure way to transmit information, as the private key is kept secret and only the intended recipient with the corresponding private key can decrypt the encrypted data.
6.
Which of the following is a preventive control?
Correct Answer
C. Training
Explanation
Training is considered a preventive control because it aims to educate and provide knowledge to individuals in order to prevent potential risks and threats. By providing training on security practices, policies, and procedures, organizations can enhance the awareness and understanding of employees, making them more equipped to identify and mitigate risks. Training helps to establish a security-conscious culture within an organization, reducing the likelihood of security incidents and breaches.
7.
The approach to perimeter defense that involves examining only information in the packet header of each individual IP packet is referred to as
Correct Answer
B. Static packet filtering
Explanation
Static packet filtering is the correct answer because it involves examining only the information in the packet header of each individual IP packet. This approach does not inspect the actual contents of the packet, but rather makes decisions based on information such as source and destination IP addresses, port numbers, and protocol types. It is a basic form of packet filtering that does not take into account the state or context of the communication.
8.
In order to create a digital signature
Correct Answer
B. The sender encrypts a hash using the sender's private key
Explanation
The correct answer is "the sender encrypts a hash using the sender's private key." When creating a digital signature, the sender uses their private key to encrypt a hash of the message. This ensures the authenticity and integrity of the message, as the recipient can use the sender's public key to decrypt the signature and verify that it matches the hash of the message. By using the sender's private key, it guarantees that the signature can only be generated by the sender, providing a secure method of verifying the sender's identity.
9.
Which of the following in an authorization control?
Correct Answer
B. Compatibility test
Explanation
A compatibility test is an authorization control because it is used to determine whether a user or system meets the necessary requirements to access a certain resource or perform a specific action. By conducting compatibility tests, organizations can ensure that only authorized individuals or systems with the appropriate hardware, software, or configurations are granted access, thus enhancing security and preventing unauthorized access.
10.
Modifying default configurations to improve security is called
Correct Answer
C. Hardening
Explanation
Modifying default configurations to improve security is commonly referred to as "hardening." This process involves implementing various measures and configurations to make a system or network more resistant to potential security threats and attacks. Hardening typically includes actions such as disabling unnecessary services, applying security patches, configuring firewalls, and implementing strong access controls.
11.
Which of the following measures the potential amount of data that might be lost due to a system disaster?
Correct Answer
D. RPO
Explanation
RPO, or Recovery Point Objective, measures the potential amount of data that might be lost due to a system disaster. It represents the maximum tolerable amount of data loss in time, indicating the point in time to which data needs to be recovered in order to resume normal operations. RPO helps organizations determine the frequency of data backups and the level of redundancy required to minimize data loss in the event of a disaster.
12.
Which data entry application control would detect and prevent entry of alphabetic characters as the price of an item in the inventory master file?
Correct Answer
A. Field check
Explanation
A field check is a data entry application control that would detect and prevent the entry of alphabetic characters as the price of an item in the inventory master file. This control ensures that only valid numeric values are entered into the designated field, in this case, the price field. By implementing a field check, the system can validate the data being entered and reject any alphabetic characters, reducing the risk of data errors and inconsistencies in the inventory master file.
13.
Which of the following statments is true?
Correct Answer
B. Cookies are text files that only store information and cannot do anything
Explanation
The statement that "cookies are text files that only store information and cannot do anything" is true. Cookies are small text files that are stored on a user's computer by a website. They are used to store information about the user's browsing activity, preferences, and login credentials. However, cookies themselves cannot perform any actions or tasks on their own. They are passive files that are only used to store and retrieve information.
14.
Which of the following is designed to identify entry of a nonexistent customer account number?
Correct Answer
D. Validity check
Explanation
A validity check is designed to identify the entry of a nonexistent customer account number. It ensures that the entered data is valid and meets certain criteria or conditions. In this case, the validity check would verify if the customer account number exists in the system or database. If the entered account number is not valid or does not exist, the validity check would flag it as an error or invalid entry. This helps to prevent the creation or use of nonexistent customer account numbers, ensuring data accuracy and integrity.
15.
A batch total that is calculated by summing the part numbers sold in a batch of 50 sales invoices is called a
Correct Answer
B. Hash total
Explanation
A batch total that is calculated by summing the part numbers sold in a batch of 50 sales invoices is called a hash total. A hash total is a type of batch total that is used to verify the accuracy and completeness of data. It is calculated by adding together a specific field, in this case, the part numbers, from a set of records. The resulting hash total can then be compared to a previously calculated hash total to ensure that the data has not been altered or lost during processing.
16.
Which of the following is an example of an output control?
Correct Answer
B. Encryption
Explanation
Encryption is an example of an output control because it is a method used to protect sensitive information by converting it into a code that is unreadable to unauthorized individuals. By encrypting data, it ensures that only authorized users with the proper decryption key can access and understand the information. This control is typically applied to data that is being transmitted or stored to prevent unauthorized access or tampering.
17.
Which infrastructure replacement option involves puchasing or leasing a physical site, prewiring it for telephone and Internet access, and contracting with one or more vendors to have computers and other equipment delivered to the site within 12-24 hours?
Correct Answer
C. Cold site
Explanation
A cold site involves purchasing or leasing a physical site, prewiring it for telephone and Internet access, and contracting with vendors to have computers and equipment delivered within 12-24 hours. This option is a cost-effective way to have a backup location ready in case of a disaster or infrastructure failure, as it does not require constant mirroring or real-time data replication. Instead, it provides a basic infrastructure that can be quickly activated when needed.
18.
Which backup method is the fastest?
Correct Answer
B. Incremental daily backup
Explanation
The incremental daily backup method is the fastest because it only backs up the data that has changed since the last backup. This means that it requires less time and storage space compared to other methods. The full daily backup method backs up all data every day, while the differential daily backup method backs up all data that has changed since the last full backup. The complete daily backup method is not a recognized backup method, so it is not relevant to the question.
19.
A copy of the state of a database at a specific point in time during the middle of a normal business day is called a(n)?
Correct Answer
C. Checkpoint
Explanation
A checkpoint refers to a copy of the state of a database at a specific point in time during the middle of a normal business day. This allows for the database to be restored to that particular state if necessary. It serves as a reference point for recovery purposes and helps ensure data integrity and consistency.
20.
Which of the following statments is true?
Correct Answer
B. Use of a VPN protects the confidentiality of information while it is being transmitted over the Internet
Explanation
The use of a VPN (Virtual Private Network) is designed to protect the confidentiality of information while it is being transmitted over the Internet. A VPN creates a secure, encrypted connection between the user's device and the destination server, ensuring that the data cannot be intercepted or accessed by unauthorized individuals. This is particularly important when accessing sensitive information or conducting online transactions, as it prevents hackers or eavesdroppers from gaining access to the data. Therefore, the statement that the use of a VPN protects the confidentiality of information while it is being transmitted over the Internet is true.
21.
Which activity is part of the sales order entry process?
Correct Answer
C. Checking customer credit
Explanation
Checking customer credit is part of the sales order entry process because it involves verifying the creditworthiness of the customer before accepting their order. This step helps to ensure that the customer has the financial capability to pay for the products or services they are ordering. By checking customer credit, the company can minimize the risk of non-payment or bad debt and make informed decisions about accepting or rejecting orders.
22.
Which document often accompanies merchandise shipped to a customer?
Correct Answer
B. Packing slip
Explanation
A packing slip often accompanies merchandise shipped to a customer. It is a document that lists the items included in the shipment and provides details such as quantities, descriptions, and sometimes prices. The packing slip helps the customer verify that they have received all the items they ordered and can be used for inventory management purposes. It also serves as a reference for the customer in case they need to return or exchange any items.
23.
Which method is most likely used when a company offers customers discounts for prompt payment?
Correct Answer
A. Open-invoice method
Explanation
The open-invoice method is most likely used when a company offers customers discounts for prompt payment. This method involves sending invoices to customers for each individual transaction and allowing them to pay the invoice within a specified time frame. By offering discounts for prompt payment, the company incentivizes customers to pay their invoices quickly, which helps improve cash flow and reduces the risk of bad debts.
24.
Which of the following techniques is the most efficient way to process customer payments and update accounts receivable?
Correct Answer
C. FEDI
Explanation
FEDI, or Financial Electronic Data Interchange, is the most efficient way to process customer payments and update accounts receivable. FEDI allows for the seamless and automated transfer of financial data between businesses and their banking partners. This eliminates the need for manual data entry and reduces the potential for errors. With FEDI, payments can be processed quickly and accurately, improving cash flow and streamlining the accounts receivable process.
25.
Which of the following revenue cycle activities can potentially be eliminated by technology?
Correct Answer
C. Billing
Explanation
Technology can potentially eliminate the need for manual billing processes by automating the generation and delivery of invoices. This can include features such as electronic billing, online payment options, and automated reminders. By using technology, businesses can streamline the billing process, reduce errors, and improve efficiency.
26.
Which report would be most useful for estimating likely bad debts?
Correct Answer
A. Accounts receivable aging schedule
Explanation
The accounts receivable aging schedule would be the most useful report for estimating likely bad debts. This report provides a breakdown of the outstanding accounts receivable by age, showing how long each invoice has been outstanding. By analyzing this report, a company can identify which invoices are overdue and may potentially become bad debts. It helps in estimating the likelihood of customers defaulting on their payments and allows the company to take appropriate actions such as debt collection or write-offs.
27.
Which document is used to authorize the release of merchandise from inventory control(warehouse) to shipping?
Correct Answer
A. Picking ticket
Explanation
A picking ticket is a document that is used to authorize the release of merchandise from inventory control to shipping. It contains information such as the item name, quantity, and location in the warehouse. The picking ticket is given to the warehouse staff who then gather the items listed on the ticket and prepare them for shipment. Therefore, the picking ticket is the correct document used for authorizing the release of merchandise from inventory control to shipping.
28.
Which of the following provides a means to both improve the efficiency of processing customer payments and also enhance control over those payments?
Correct Answer
B. Lockboxes
Explanation
Lockboxes provide a means to both improve the efficiency of processing customer payments and enhance control over those payments. By using lockboxes, companies can centralize the collection of customer payments, which reduces the time and effort required to process payments. Additionally, lockboxes provide enhanced control by reducing the risk of theft or misplacement of payments. This is because lockboxes are secure containers that are only accessible by authorized personnel, ensuring that payments are handled and recorded accurately. Overall, lockboxes streamline the payment process and provide better control over customer payments.
29.
For good internal control, who should approve credit memos?
Correct Answer
A. Credit manager
Explanation
The credit manager should approve credit memos for good internal control. This is because the credit manager is responsible for overseeing the credit process, including evaluating creditworthiness, setting credit limits, and managing customer accounts. By having the credit manager approve credit memos, it ensures that there is proper oversight and review of any adjustments made to customer accounts, reducing the risk of errors or fraud. The credit manager's expertise in credit management makes them the most suitable person to make informed decisions regarding credit memos.
30.
For good internal control over customer remittance, the mailroom clerk should separate the checks from the remittance advices and send the customer payments to which department?
Correct Answer
C. Cashier
Explanation
The mailroom clerk should send the customer payments to the cashier department in order to maintain good internal control over customer remittance. This is because the cashier department is responsible for handling and processing payments received from customers. By separating the checks from the remittance advices and sending them to the cashier, the company can ensure that the payments are properly recorded, deposited, and accounted for. This segregation of duties helps prevent errors and fraud in the collection and handling of customer payments.
31.
Which of the following inventory control methods most likely to be used for a product like lumber (1X2s, 2X4s, etc.)
Correct Answer
C. MRP
Explanation
MRP (Material Requirements Planning) is most likely to be used for a product like lumber. MRP is a method used to plan and control the production and inventory of materials based on the demand for the end product. Lumber products like 1X2s and 2X4s are typically used in construction projects where the demand can vary greatly. By using MRP, companies can accurately calculate the materials needed based on the production schedule and customer demand, ensuring that they have the right amount of lumber in stock to meet customer orders without excessive inventory or stockouts.
32.
Which of the following matches is performed in evaluated receipt settlement(ERS)?
Correct Answer
B. The purchase order with the receiving report
Explanation
In evaluated receipt settlement (ERS), the matching process involves comparing the purchase order with the receiving report. This is done to ensure that the items ordered in the purchase order have been received as stated in the receiving report. By matching these two documents, any discrepancies or errors in the received items can be identified and resolved. The vendor invoice is not directly involved in the matching process in ERS.
33.
Which of the following is true?
Correct Answer
B. Setting up petty cash as an imprest fund violates segregation of duties
34.
Which document is used to establish a contract for the purchase of goods or services from a supplier?
Correct Answer
C. Purchase order
Explanation
A purchase order is a document used to establish a contract for the purchase of goods or services from a supplier. It contains the details of the items or services to be purchased, the quantity, price, and other terms and conditions. A purchase order is typically generated by the buyer and sent to the supplier, indicating the intent to purchase and providing a legal agreement between the two parties. The supplier can then use the purchase order to fulfill the order and invoice the buyer accordingly.
35.
Which method would provide the greatest efficiency improvements for the purchase of noninventory items such as miscellaneous office supplies?
Correct Answer
C. Procurement cards
Explanation
Procurement cards would provide the greatest efficiency improvements for the purchase of noninventory items such as miscellaneous office supplies. Procurement cards streamline the purchasing process by allowing employees to make purchases directly from suppliers, eliminating the need for purchase orders and invoice processing. This method reduces paperwork, saves time, and increases efficiency in the procurement process.
36.
Which of the following expenditure cycle activities can be eliminated through the use of IT or reengineering?
Correct Answer
B. Approving vendor invoices
Explanation
Approving vendor invoices can be eliminated through the use of IT or reengineering. With the implementation of automated invoice processing systems, invoices can be electronically received, reviewed, and approved, reducing the need for manual approval processes. This not only streamlines the overall expenditure cycle but also minimizes errors and delays associated with manual invoice approval. By leveraging technology, organizations can improve efficiency, accuracy, and timeliness in the approval of vendor invoices.
37.
What is the best control procedure to prevent paying the same invoice twice?
Correct Answer
D. Cancel all supporting documents when the check is signed
Explanation
Canceling all supporting documents when the check is signed is the best control procedure to prevent paying the same invoice twice. By canceling the supporting documents, it ensures that the invoice cannot be processed again for payment. This control procedure eliminates the possibility of duplicate payments by effectively voiding the supporting documents once the payment has been authorized and signed.
38.
For good internal control, who should sign checks?
Correct Answer
A. Cashier
Explanation
The cashier should sign checks for good internal control because they are responsible for handling cash and ensuring that payments are made accurately and in accordance with company policies and procedures. By having the cashier sign checks, it provides a level of accountability and oversight to prevent any fraudulent or unauthorized payments. This helps to safeguard the company's assets and maintain the integrity of the financial transactions.
39.
Which of the following procedures is designed to prevent the purchasing agent from receiving kickbacks?
Correct Answer
B. Requiring purchasing agents to disclose any financial investments in potential suppliers
Explanation
Requiring purchasing agents to disclose any financial investments in potential suppliers is designed to prevent the purchasing agent from receiving kickbacks. By mandating disclosure, it ensures transparency and accountability in the purchasing process. This measure helps to identify any potential conflicts of interest and prevents agents from favoring suppliers in which they have financial investments. It promotes fairness and integrity in procurement, reducing the risk of kickbacks and corruption.
40.
Which document is used to record adjustments to accounts payable based on the return of unacceptable inventory to the supplier?
Correct Answer
C. Debit memo
Explanation
A debit memo is used to record adjustments to accounts payable based on the return of unacceptable inventory to the supplier. When a company returns unacceptable inventory to the supplier, they need to adjust their accounts payable by reducing the amount owed. This adjustment is recorded using a debit memo, which decreases the accounts payable balance. The debit memo serves as a documentation of this adjustment and is sent to the supplier to inform them of the return and the corresponding decrease in the amount owed.
41.
Which of the following are the objects in Access?
Correct Answer
E. All of the above
Explanation
All of the listed options (tables, forms, queries, and reports) are objects in Access. In Access, tables are used to store data, forms are used to display and enter data, queries are used to retrieve and manipulate data, and reports are used to present data in a formatted manner. Therefore, all of these options are valid objects in Access.
42.
In Access, we use tables in a database for
Correct Answer
B. Data storage
Explanation
Tables in a database are used for data storage. This means that they are used to store and organize large amounts of data in a structured manner. Tables provide a way to store data in rows and columns, making it easier to retrieve and manipulate the data when needed. By using tables, users can efficiently store and manage their data in Access, making it a reliable tool for data storage purposes.
43.
In Access, we use forms in a database for
Correct Answer
A. Data entry
Explanation
Forms in Access are used for data entry, allowing users to input data into the database. Forms provide a user-friendly interface with organized fields and controls, making it easier to enter data accurately and efficiently. Forms can also include validation rules and data validation controls to ensure the accuracy and integrity of the entered data. Therefore, the correct answer is data entry.
44.
To convert a coceptual model with a maximum cardinality relationship of "many to many" into relationship database tables, you must
Correct Answer
C. Create a separate table with a concatenated primary key comprised of the primary keys from both entity tables
Explanation
To convert a conceptual model with a "many to many" relationship into relationship database tables, the correct approach is to create a separate table. This separate table should have a concatenated primary key that consists of the primary keys from both entity tables involved in the relationship. This allows for the representation of the relationship between the two entities in a structured and efficient manner. By creating this separate table, it becomes possible to accurately capture and store the data associated with the "many to many" relationship in the database.
45.
A control in which you can type a value or can click on a pull-down menu to display a list and then select an item from that list is called a
Correct Answer
B. Combo box
Explanation
A combo box is a control that allows the user to either type a value or select an item from a pull-down menu. It provides the flexibility of entering a custom value or choosing from a pre-defined list of options. This makes it a versatile control for data entry or selection in user interfaces. A text box, on the other hand, only allows the user to type a value and does not provide a list of options to choose from. A source box is not a recognized term in this context.
46.
A query that displays its own dialog box prompting the user for information for retrieving records is called a(n)
Correct Answer
B. Parameter query
Explanation
A parameter query is a type of query that prompts the user for information in order to retrieve specific records. It allows the user to input criteria or values that will be used to filter the results of the query. This type of query is useful when the user wants to dynamically control the data that is displayed based on their input. Unlike other types of queries such as select, crosstab, and action queries, a parameter query specifically involves user interaction for retrieving records.
47.
To ensure that users cannot enter data in certain fields, the Locked and Enabled properties should be set to
Correct Answer
A. Locked=yes, enabled=no
Explanation
To ensure that users cannot enter data in certain fields, the Locked property should be set to "yes" and the Enabled property should be set to "no". This combination will lock the fields, preventing users from entering any data, while also disabling the fields, so users cannot interact with them at all.
48.
When we convert an REA diagram (a conceptual model) into a relational database,
Correct Answer
C. We should implement a 1:N (one to many) relationship by posting the key of the many entity table into the one entity table
Explanation
When we convert an REA diagram into a relational database, we should implement a 1:N (one to many) relationship by posting the key of the many entity table into the one entity table. This means that for each instance of the one entity, there can be multiple instances of the many entity associated with it. By posting the key of the many entity table into the one entity table as a foreign key, we establish the relationship between the two entities in the database. This allows us to easily retrieve and manipulate the related data when querying the database.
49.
A company purchases unique (ie; one of a kind) inventory. The company purchases multiple items from its supplier as part of the same purchase to take advantage of lower shipping costs. The cardinality relationship (based on maximum cardinalities) between purchase and inventory is
Correct Answer
B. 1:N
Explanation
The cardinality relationship between purchase and inventory is 1:N because for each purchase made by the company, there can be multiple items of inventory associated with it. This is evident from the fact that the company purchases multiple items from its supplier as part of the same purchase. Therefore, there is a one-to-many relationship between a purchase and the inventory items associated with it.
50.
What is the purpose of the Nz (null to zero) function?
Correct Answer
A. The Nz function enables Access to treat null values as if they are zeroes for calculation purposes
Explanation
The purpose of the Nz function is to enable Access to treat null values as if they are zeroes for calculation purposes. This means that when performing calculations in Access, if a null value is encountered, it will be treated as zero instead. This can be useful in situations where null values could cause errors or unexpected results in calculations.