Test Bank for Accounting Information Systems, 12Ed By Marshall B. Romney

Test Bank for Accounting Information Systems, 12Ed By Marshall B. Romney

Accounting Information Systems, 12e (Romney/Steinbart)
Chapter 8 Information Systems Controls for System ReliabilityPart 1: Information Security

1) The Trust Services Framework reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as
A) availability.
B) security.
C) maintainability.
D) integrity.

Page Ref: 221

2) Which of the following is not a useful control procedure to control access to system outputs?
A) Allowing visitors to move through the building without supervision
B) Coding reports to reflect their importance
C) Requiring employees to log out of applications when leaving their desk
D) Restricting access to rooms with printers

Page Ref: 229

3) According to the Trust Services Framework, the reliability principle of integrity is achieved when the system produces data that
A) is available for operation and use at times set forth by agreement.
B) is protected against unauthorized physical and logical access.
C) can be maintained as required without affecting system availability, security, and integrity.
D) is complete, accurate, and valid.

Page Ref: 221

4) Which of the following is not one of the three fundamental information security concepts?
A) Information security is a technology issue based on prevention.
B) Security is a management issue, not a technology issue.
C) The idea of defense-in-depth employs multiple layers of controls.
D) The time-based model of security focuses on the relationship between preventive, detective and corrective controls.

Page Ref: 222-224

5) Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliability, as discussed in the Trust Services Framework?
A) Developing and documenting policies
B) Effectively communicating policies to all outsiders
C) Designing and employing appropriate control procedures to implement policies
D) Monitoring the system and taking corrective action to maintain compliance with policies

Page Ref: 223

6) If the time an attacker takes to break through the organization’s preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is
A) effective.
B) ineffective.
C) overdone.
D) undermanaged.

7) Verifying the identity of the person or device attempting to access the system is
A) authentication.
B) authorization.
C) identification.
D) threat monitoring.

Page Ref: 226

8) Restricting access of users to specific portions of the system as well as specific tasks, is
A) authentication.
B) authorization.
C) identification.
D) threat monitoring.

9) Which of the following is an example of a preventive control?
A) Encryption
B) Log analysis
C) Intrusion detection
D) Emergency response teams

10) Which of the following is an example of a detective control?
A) Physical access controls
B) Encryption
C) Log analysis
D) Emergency response teams

Page Ref: 237