Information Technology

Question 1

what is the data repository that stores unstructured data?

Answer 1

data lake.

Question 2

what is Encryption?

Answer 2

Encryption is transforming data, called plaintext, into unreadable gibberish, called ciphertext. Both a key and an algorithm are used to encrypt and decrypt text. To encrypt a document, the data is divided into blocks the same length as the key. The length of a key is made of a string of binary digits. The longer the key, the less likely someone can break the encryption code.

Question 3

Internally encrypted passwords

Answer 3

nternally encrypted passwords are a form of access control designed to prevent unauthorized access by use of a utility program to identify passwords.

Question 4

Machine learning (ML)

Answer 4

Machine learning (ML) is a current application of artificial intelligence based around the idea that we should be able to give machines access to data and let them learn for themselves. The algorithms that have driven successful machine learning depend on an approach called deep learning, which uses neural networks.

Question 5

five core information assurance principles

Answer 5

Security
Availability
Processing integrity
Confidentiality
Privacy

Question 6

Cryptographic device

Answer 6

Cryptographic devices protect data in transmission over communication lines.

Question 7

The “who” in data governance includes:

Answer 7

The “who” in data governance includes the data governance committee, the chief data officer (CDO), data stewards, and data owners as well as employees that create data while performing their job (not all of the employees).

Question 8

fail-soft protection

Answer 8

The capability to continue processing at all sites except a nonfunctioning one

Question 9

Executive support system

Answer 9

An executive information system provides executives with information to make strategic plans, control the company, monitor business conditions, and identify business problems and opportunities.

Question 10

Public-switched networks

Answer 10

Public-switched networks are open to the general public and offer the lowest level of security.

Question 11

attribute of a relational database

Answer 11

In a relational database:
a- primary key uniquely identifies a specific row in a table.
b- Other non-key attributes in each table store important information about that entity.
c- A foreign key is an attribute in one table and a primary key in another.

Question 12

Electronic vaulting

Answer 12

Electronic vaulting is the process of electronically transmitting and storing backups of programs and data at a remote data storage facility.

Question 13

Electronic data interchange, or EDI

Answer 13

EDI, is the use of computerized communication to exchange business data electronically in order to process transactions. Encryption is transforming data into unreadable gibberish to be sent electronically. This data is then decrypted and read at its destination.Software applications that encrypt data are more vulnerable to security risks than a hardware device performing the same function.

Question 14

An integrated test facility

Answer 14

An integrated test facility allows an auditor to introduce test data (simulated files) into an actual processing run to test the processing of that data. This provides evidence about operating effectiveness of the software.

Question 15

private key encryption

Answer 15

A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.

Question 16

cybersecurity VS cyber resilience

Answer 16

The main aim of cybersecurity is to protect information technology and systems, whereas cyber resilience focuses more on business delivery to keep business goals intact rather than the IT systems.

Question 17

data lake

Answer 17

data lake is a large data repository that stores unstructured data

Question 18

data repository,

Answer 18

also known as data library or data archive, can be defined as a place that holds data, makes data available for use, and organizes data in a logical manner to be mined for data reporting, sharing, and analysis.

Question 19

Value-added network

Answer 19

is a private network that adds value to the data communications process by handling the difficult task of interfacing with the multiple types of hardware and software used by different companies.

Question 20

Electronic data interchange, or EDI

Answer 20

Is the use of computerized communication to exchange business data electronically in order to process transactions. Encryption is transforming data into unreadable gibberish to be sent electronically. This data is then decrypted and read at its destination.

Question 21

Range checking

Answer 21

involves checking a number in a transaction (such as the date) to determine whether that number falls within a specified range. For example, when March transactions were being processed, the date of each transaction would be checked and any transaction date falling outside the range March 1 through March 31 would not be processed.

Question 22

Electronic vaulting

Answer 22

is the process of electronically transmitting and storing backups of programs and data at a remote data storage facility.

Question 23

integrated test facility

Answer 23

An integrated test facility allows an auditor to introduce test data (simulated files) into an actual processing run to test the processing of that data. This provides evidence about operating effectiveness of the software.

Question 24

What is the primary purpose of a disaster recovery? plan

Answer 24

The primary purpose of a disaster recovery plan is to specify the steps required to efficiently and effectively restore/resume data processing operations when there is a disaster.

Question 25

decision table

Answer 25

A decision table is a chart used to guide people to make correct and consistent decisions. Decision tables may be especially useful when many alternative inputs and/or results are possible.

Question 26

neural network

Answer 26

A neural network is a computer system designed to recognize images and classify them according to the elements they contain, which works on a system of probability—based on data fed to it, it is able to make statements, decisions, or predictions with a degree of certainty. The addition of a feedback loop enables “learning”; by sensing or being told whether its decisions are right or wrong, the computer system modifies the approach it takes in the future.

Question 27

record count

Answer 27

A record count is the total number of input documents for a process or the number of records processed in a run. these records are reconciled to the number of output records. The total number of invoices processed is an example of a record count.

Question 28

security software

Answer 28

the primary functions of security software is to Authenticates user identification and control access to computer rsources like data files, Program laibraries and software.

Question 29

Edit Checks

Answer 29

Edit checks are a type of input (application or procedural) control. These checks are run by the computer (from programmed edit routines) to check the validity, accuracy, and reasonableness of the data which has been input from source documents.

Question 30

Data mining

Answer 30

Data mining technology helps examine large amounts of data to discover patterns. This data analytics technique can be deployed to discover potential fraud by identifying anomalies and extracting other useful information within a data warehouse. Since millions of transactions need to be scanned, this would be the most efficient technique for examining potential fraudulent charges within the dataset. Data mining software enables companies to pinpoint what is relevant, use that information to assess likely outcomes, and then accelerate the pace of making informed decisions.

Question 31

Direct changeover “ Big Bang”

Answer 31

Conversion by direct changeover (also known as “big bang” conversion) means that, on a specified date, users stop using the old system and the new system is put into use.

Question 32

The five classifications of controls used to make systems more secure?

Answer 32

1- segregation of duties
2- physical access controls
3- logical access controls,
4- personal computers and client/server network protection
5-internet and telecommunications controls.

Question 33

Data Extraction

Answer 33

Data extraction is the process of gathering and retrieving data captured within unstructured sources, such as email, social media, images, and barcodes.

Question 34

Unstructured data

Answer 34

Unstructured data is qualitative data stored in its native form and processed only when required. Examples are pictures, email text, audio and video files, social media sites, blogs, survey responses, and online reviews.

Question 35

Semi-Structured Data

Answer 35

emi-structured data is qualitative data loosely organized by categories. For example, an email application can search categories such as Inbox, Sent, and Drafts. However, the email content is unstructured data.

Question 36

Structured data

Answer 36

Structured data is data organized neatly in a tabular format with clearly defined relationships between different rows and columns. It is stored in a relational database. Examples are spreadsheets (e.g., Microsoft Excel), point-of-sales data, and credit card numbers.

Question 37

Database protection mechanisms

Answer 37

1- data dictionary to make sure that data is defined and used consistently
2- procedures for assessing and updating the database
3- concurrent update controls to prevent multiple-user issues.

Question 38

Hardening a host devise means…

Answer 38

Hardening is the process of modifying the configuration of hosts and application software and deleting, or turning off, unused and unnecessary programs that represent potential security threats.

Question 39

Histograms

Answer 39

summarize continuous data and display a large amount of data as well as the frequency of data values. This is done by showing the number of data points that fall within a specified range of values called “bins.” These bins are consecutive, non-overlapping intervals of a variable. The adjacent bins do not have any gaps; the rectangles of a histogram touch each other to indicate that the original value is continuous.

Question 40

system and organization controls (SOC®) 1

Answer 40

A SOC® 1 report is based on Statement on Standards for Attestation Engagements and generated by auditors for other auditors. Use of these reports is restricted to the management of the service organization, user entities, and user auditors.

Question 41

SOC® 2 and SOC® 3

Answer 41

SOC® 2 and SOC® 3 are reports on the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

Question 42

classifications of controls

Answer 42

1- segregation of duties
2- physical access controls
3- Logical access controls
4- Personal computers and client/server network protection
5- internet and telecommunications controls

Question 43

Examples of input validation or edit controls?

Answer 43

• Preprinted forms,
• check digits,
• control totals.,
• batch and proof totals,
• hash totals,
• record counts
• limit or reasonable tests

Question 44

example of a user control activity?

Answer 44

• Checks of computer output against source documents, control totals, or other input
• Reviewing computer logs
• Policies and procedures that document authorized users and recipients of data

Question 45

What are the risks associated with supply chain management internationally?

Answer 45

• failure of member firms to meet obligations
• cultural and communication challenges among member firms in different nations
• failure of member firms to timely share information.