Смекни!
smekni.com

Задачи и внедрение Бизнес-стратегия Стратегия в области ит основные тенденции развития ит (стр. 82 из 98)

│ 60 │S-MAIL (Почта ЦБ) │ ПП │Руб. плат.,│ЦБ России │ЦБ России │PC 486 │

│ │ │ │бухг. │ │ │ │

├──────┼─────────────────────┼────────┼────────────────┼────────────┼──────────────┼───────────────┤

│ 61 │Lotus Notes 4.6.1│ ПП │Централизованно │Головной │Головной банк │PC PENTIUM │

│ │(Корпоративная почта)│ │ │банк │ │ │

├──────┼─────────────────────┼────────┼────────────────┼────────────┼──────────────┼───────────────┤

│ 62 │MS Exchange 5.0 │ ПП │Централизованно │Релком │IN-HOUSE │PC PENTIUM │

├──────┼─────────────────────┼────────┼────────────────┼────────────┼──────────────┼───────────────┤

│ │Программы доступа в│ │ │ │ │ │

│ │Интернет │ │ │ │ │ │

├──────┼─────────────────────┼────────┼────────────────┼────────────┼──────────────┼───────────────┤

│ 63 │MS Proxy 2.0 │ ПП │Централизованно │Майкрософт │Майкрософт │PC PENTIUM │

└──────┴─────────────────────┴────────┴────────────────┴────────────┴──────────────┴───────────────┘


Условные сокращения:

ОС - операционная система;

ПП - прикладная программа;

СП - сервисная программа;

ИР - инструмент разработчика.

Приложение 7. Пример экзаменационных вопросов для ИТ-аудиторов

1. A database administrator is responsible for:

A. maintaining the access security of data residing on the computers.

В. implementing database definition controls.

С. granting access rights to users.

D. defining system's data structure.

2. Which of the following would NOT be associated with well-written and concise job descriptions?

A. They are an important means of discouraging fraudulent acts.

В. They are often used as tools for use in performance evaluation.

С. They provide little indication of the degree of separation of duties.

D. They assist in defining the relationship between various job functions.

3. The input/output control function is responsible for:

A. pulling and returning all tape files.

В. entering and key verifying data.

С. logging batches and reconciling hash totals.

D. executing both production and test jobs.

4. Which of the following tools for controlling input/output of data are used to verify output results and control totals by matching them against the input data and control totals?

A. Batch header forms

В. Batch balancing

С. Data conversion error corrections

D. Access controls over print spools

5. In Wide Area Networks (WANs):

A. data flow can be half duplex or full duplex.

В. communication lines must be dedicated.

С. circuit structure can be operated only over a fixed distance.

D. the selection of communication lines will affect reliability.

6. A feature of a digital signature that ensures that the claimed sender cannot later deny generating and sending the message is:

A. data integrity.

В. authentication.

С. non-repudiation.

D. replay protection.

7. Which of the following factors is LEAST likely to allow a perpetrator to discover a valid password?

A. The number of characters in the password

В. The power of the computer used to break the password code

С. The number of incorrect access attempts allowed before disconnect

D. The content of the character set from which the password is composed

8. Passwords should be:

A. assigned by the security administrator.

В. changed every 30 days at the discretion of the user.

С. reused often to ensure the user does not forget the password.

D. displayed on the screen so that the user can ensure that it has been properly entered.

9. Which of the following is a technique that could illegally capture network user passwords?

A. Encryption

В. Sniffing

С. Spoofing

D. Data destruction

10. Which of the following is NOT an employee security responsibility?

A. Keeping Logon-IDs and passwords secret

В. Helping other employees create passwords

С. Reading and understanding the security policy

D. Questioning unfamiliar people who enter a secured area

11. Which of the following would warranty a quick continuity of operations when the recovery time window is short?

A. A duplicated back-up in an alternate site

В. Duplicated data in a remote site

С. Transfer of data the moment a contingency occurs

D. A manual contingency procedure

12. Which of the following BEST describes the difference between a disaster recovery plan and a business continuity plan?

A. The disaster recovery plan works for natural disasters whereas the business continuity plan works for non-planned operating incidents such as technical failures.

В. The disaster recovery plan works for business process recovery and information systems whereas the business continuity plan works only for information systems.

С. The disaster recovery plan defines all needed actions to restore to normal operation after an un-planned incident whereas the business continuity plan only deals with critical operations needed to continue working after an un-planned incident.

D. The disaster recovery plan is the awareness process for employees whereas the business continuity plan contains the procedures themselves to recover the operation.

13. The use of fourth generation languages (4GLs) should be weighed carefully against using traditional languages because 4GLs:

A. can lack lower level detail commands necessary to perform data intensive operations.

В. cannot be implemented on both the mainframe processors and microcomputers.

С. generally contain complex language subsets which must be used by skilled users.

D. cannot access database records and produce complex Online outputs.

14. Which of the following tools would NOT be used in program debugging during system development?

A. Compiler

В. Memory dump

С. Output analyzer

D. Logic path monitor

15. Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality?

A. Function point analysis

В. Critical path methodology

С. Rapid application development

D. Program evaluation review technique

16. Which of the following statements pertaining to program evaluation review technique (PERT) is FALSE?

A. The initial step in designing a PERT network is to define project activities and their relative sequence.

В. An analyst may prepare many diagrams before the PERT network is complete.

С. PERT assumes a perfect knowledge of the times of individual activities.

D. PERT assumes that activities can be started and stopped independently.

17. A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is:

A. independent review of the transaction listing.

В. programmed edit check to prevent entry of invalid data.

С. programmed reasonableness checks with 20% data entry range.

D. visual verification of data entered by the processing department.

18. Application controls ensure that when inaccurate data is entered into the system, the data is:

A. accepted and processed.

В. accepted and not processed.

С. not accepted and not processed.

D. not accepted and processed.

19. Which of the following BEST describes the purpose or character of an audit charter?

A. An audit charter should be dynamic and change often to coincide with the changing nature of technology and the audit profession.

В. An audit charter should clearly state audit's objectives for the delegation of authority for the maintenance and review of internal controls.

С. An audit charter should document the audit procedures designed to achieve the planned audit objectives.

D. An audit charter should outline the overall authority, scope and responsibilities of the audit function.

20. A manufacturing company has implemented a new client/ server system enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following controls would BEST ensure that the orders are accurately entered and the corresponding products produced?

A. Verifying production to customer orders

В. Logging all customer orders in the ERP system

С. Using hash totals in the order transmitting process

D. Approving (production supervisor) orders prior to production

1. A database administrator is responsible for:

The correct answer is:

B. implementing database definition controls.

Explanation:

Implementing database definition controls is one of the critical functions of the database administrator. Maintaining access security of data and granting access rights to users as defined by management is the responsibility of the security administrator. Defining system's data structure in the responsibility of the systems analyst.

Area: Content Area 1

2. Which of the following would NOT be associated with well-written and concise job descriptions?

The correct answer is:

C. They provide little indication of the degree of separation of duties.

Explanation:

Well written and concise job descriptions should provide an indication of the degree of separation of duties within the organization and, in fact, may assist in identifying possible conflicting duties. All other answers are aspects of well-written job descriptions.

Area: Content Area 1

3. The input/output control function is responsible for: The correct answer is:

C. logging batches and reconciling hash totals.

Explanation:

The logging of batches provides input control while the reconciling of hash totals provides output controls.

Area: Content Area 2

4. Which of the following tools for controlling input/output of data are used to verify output results and control totals by matching them against the input data and control totals?

The correct answer is:

B. Batch balancing

Explanation:

Batch balancing is used to verify output results and control totals by matching them against the input data and control totals. This can be performed by the computer program where the control totals were input into the computer with the batch input. Batch header forms control data preparation; data conversion error corrections correct errors that occur due to duplication of transactions and inaccurate data entry; and access controls over print spools prevent reports from being accidentally deleted form print spools or directed to a different printer.

Area: Content Area 2

5. In Wide Area Networks (WANs): The correct answer is:

D. the selection of communication lines will affect reliability.

Explanation:

The selection of communication lines, modems, software, etc. will have a great effect on network reliability. Data flow can be half duplex, full duplex or simplex; communication lines can be dedicated or switched; and the circuit structure can be operated over virtually any distance.

Area: Content Area 2

6. A feature of a digital signature that ensures that the claimed sender cannot later deny generating and sending the message is:

The correct answer is: C. non-repudiation.

Explanation:

All of the above are features of a digital signature. Non-repudiation ensures that the claimed sender cannot later deny generating and sending the message. Data integrity refers to changes in the plaintext message that would result in the recipient failing to compute the same message hash. Authentication ensures that the message has been sent by the claimed sender since only the claimed sender has the key. Replay protection is a method that a recipient can use to check that the message was not intercepted and replayed.

Area: Content Area 3

7. Which of the following factors is LEAST likely to allow a perpetrator to discover a valid password?

The correct answer is:

B. The power of the computer used to break the password code

Explanation:

А, С and D all contribute to the complexity and difficulty of guessing a password.

Area: Content Area 3

8. Passwords should be: The correct answer is:

A. assigned by the security administrator.

Explanation:

Initial password assignment should be done discretely by the security administrator. Passwords should be changed often (e.g. every 30 days).

However, changing is not voluntary and should be forced by the system. Systems should not permit previous passwords(s) to be used again after they are changed. Old passwords may have been compromised and would thus permit unauthorized access. Passwords should not be displayed in any form.

Area: Content Area 3

9. Which of the following is a technique that could illegally capture network user passwords?

The correct answer is: B. Sniffing

Explanation:

Sniffing is an attack that can be illegally used to capture sensitive pieces of information (password), passing through the network. Encryption is a method of scrambling information to prevent unauthorized individuals from understanding the transmission. Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication. Data destruction is erasing information or removing it from their original location.

Area: Content Area 3

10. Which of the following is NOT an employee security responsibility?

The correct answer is:

B. Helping other employees create passwords

Explanation: