Accounting Information Systems Study Set 26

Business

Quiz 10 :
Data Analytics in Accounting: Tools and Practice

Quiz 10 :
Data Analytics in Accounting: Tools and Practice

Showing 1 - 20 of 23
Next Quiz
arrow
Phishing is a type of social engineering. Give two examples of phishing.
Free
Essay
Answer:

Answer:

Phishing: It is a cyber fraud in which intruder uses the duplicity of websites for getting sensitive and private information of the user that can be used for identity theft. In phishing users are sent misleading mails so that private information like credit card details, password, bank account or social security numbers can be taken from them.
Social engineering is a technique used by hackers which depends largely on individual interaction. In this technique people are being tricked with the aim of breaking their normal security system. Phishing is a type of social engineering because in phishing also a confidence trick is performed by pretending as a trustworthy organization and sending mail or creating fake website with the aim of gathering sensitive and personal information or for accessing system.
Most of the phishing frauds done by making a duplicate site for any bank, so that intruder gets account number and PIN of an innocent bank customer. Some examples of phishing are, an intruder can create a duplicate web page of any bank's site for getting PIN and account holder's account number; an attacker can use the duplicate link for any social website for getting personal information of the user.
Another way of phishing is it can be done from services, sites and companies with which the person is not having any account and thus asking for personal information.
 

arrow
(CISA exam, adapted) Authentication is the process by which the a. System verifies that the user is entitled to enter the transaction requested B) System verifies the identity of the user C) User identifies him- or herself to the system D) User indicates to the system that the transaction was processed correctly
Free
Multiple Choice
Answer:

Answer:

Authentication
It refers to a process that helps in determining the identity of any user or any device that uses or connects to a computer system. It prevents repudiation in conducting online business. Authentication can be achieved by using asymmetric-key encryption.
Consideration of all the options for the option which would explain the process of authorization:
a.
Authentication helps in preventing the access of any unauthorized or unknown person to the important information of an organization or of an individual person and it does not verifies the users to enter into a transaction.
Hence, Option a is incorrect.
c.
In the process of Authentication, the user is identified to the system by the process. It's not the process in which the user himself identifies his own identity to the system, but authentication does it.
Hence, Option c is also incorrect.
d.
In a process of authentication, the identity of the user is verified by the system. The process of authentication does not involve any indications from the users to the customers about the processing of transactions.
Hence, Option d is also incorrect.
b.
As stated above, authentication is the process that helps the computer system in determining the identity of the user or any other device that access the computer system. This helps in preventing the access of any unauthorized or unknown person to the important information of an organization or of an individual person.
Hence, Option b is the correct option.

arrow
Compare and contrast symmetric-key and asymmetric-key encryption methods in conducting e-business. Why do companies prefer one method over the other? If a company chooses to use both methods, what might be the reasons? How can the company truly use both methods for e-business?
Free
Essay
Answer:

Answer:

Symmetric key encryption
It refers to those algorithms which are fast and are suitable to encrypt large data files and large messages. However symmetric key is somewhere problematic as the receiver and the sender use the same key to encrypt and decrypt, which creates security problem if, the sender and receiver are not present in same location.
Asymmetric key encryption
It refers to the system that helps the user to ensure certain type of confidentiality of the information that is used or shared by him. Asymmetric key encryption uses private and public keys to encrypt or decrypt any kind of data but, it is not useful for encrypting large data files and its process is slow. The two keys are used by the user under this encryption are:
1. Public Key
2. Private Key
E-business or electronic business refers to those term which can be used to define any business which is held by sharing information across the internet. E-business is trading in services and products using computer networks and internet.
The encryption method is used to secure the data in e-business. Seeing both the symmetric and a symmetric encryption together it can be said that asymmetric key is very slow in processes, whereas, symmetric encryption is much faster. Meanwhile asymmetric encryption allows two key each per individual but symmetric encryption allows the separate key for each pair of users.
Authentication of users can be easily done by using the asymmetric encryption. Both the methods can be used for encrypt and descript the information in conducting E-commerce.
A company prefers one method over the other as per its requirement. A company determines its requirement and then decides which encryption is to be used. However companies prefer using both the encryption methods together to enjoy the benefits of both the methods and reduce the chances of fraud and loss of confidential data.

arrow
If social engineering is a common reason that confidential information was revealed, what needs to be done to prevent this from occurring?
Essay
Answer:
arrow
(CMA exam, adapted) Data processing activities may be classified in terms of three stages or processes: input, processing, and output. An activity that is not normally associated with the input stage is a. Batching B) Recording C) Verifying D) Reporting
Multiple Choice
Answer:
arrow
Many internal auditors and IT professionals believe wireless networks and mobile devices pose high risks in a firm's network system. Collect information to examine whether this concern is valid. If so, identify the risks and the general controls to help reduce these risks.
Essay
Answer:
arrow
Payment Card Industry Data Security Standards (PCI-DSS) and the Health Insurance Portability and Accountability Act (HIPPA) are examples of the laws related to information security. Discuss the major requirements of these legislations.
Essay
Answer:
arrow
(CISA exam, adapted) To ensure confidentiality in an asymmetric-key encryption system, knowledge of which of the following keys is required to decrypt the receive message? I. Private II) Public
Multiple Choice
Answer:
arrow
Under PKI, Certification Authority (CA) plays a critical role in the success of maintaining information security. Search over the Internet to find a few public firms who are CAs. Compare these firms, and provide suggestions on how to choose a CA as part of information security management.
Essay
Answer:
arrow
Give an example of employee fraud, and identify reasons it may occur.
Essay
Answer:
arrow
To authenticate the message sender in an asymmetric-key encryption system, which of the following keys is required to decrypt the receive message? a. Sender's private key B) Sender's public key C) Receiver's private key D) Receiver's public key
Multiple Choice
Answer:
arrow
What are the differences between authentication and authorization?
Essay
Answer:
arrow
To ensure the data sent over the Internet are protected, which of the following keys is requiredto encrypt the data (before transmission) using an asymmetric-key encryption method? a. Sender's private key B) Sender's public key C) Receiver's private key D) Receiver's public key
Multiple Choice
Answer:
arrow
Explain how to use the asymmetric-key encryption method to maintain confidentiality in transmitting a business document electronically.
Essay
Answer:
arrow
Which of the following groups/laws was the earliest to encourage auditors to incorporate fraud examination into audit programs? a. COSO B) COBIT C) PCAOB D) SAS No. 99 E) Sarbanes-Oxley Act
Multiple Choice
Answer:
arrow
What is hashing? Does it serve the same purpose as encryption? Why?
Essay
Answer:
arrow
Motive to commit fraud usually will include all of the following, except: a. Inadequate segregation of duties B) Financial pressure C) Personal habits and lifestyle D) Feelings of resentment E) Alcohol, drug, or gambling addiction
Multiple Choice
Answer:
arrow
How can data integrity be ensured when conducting e-business? Why is it critical toe-business?
Essay
Answer:
arrow
(CPA exam, adapted) An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing? a. Internal control policy B) System hardware policy C) System security policy D) Disaster recovery plan E) Supply chain management policy
Multiple Choice
Answer:
arrow
Both COBIT and ISO 27000 series are security frameworks. Are there significant differences between the two frameworks?
Essay
Answer:
Showing 1 - 20 of 23
Next Quiz