Information Technology Flashcards Preview

BEC > Information Technology > Flashcards

Flashcards in Information Technology Deck (133):
1

What is a central processing unit (CPU)?

The main component of computer hardware -- includes (a) primary storage, (b) a control unit, and (c) an arithmetic/logic unit

2

What is the primary storage of a CPU?

The part which holds the program, data, and results during processing (and thus involves only temporary storage)

Divided between RAM (random-access memory) and ROM (read-only memory)

3

What is the control unit of a CPU?

The part which directs the computer's operations

4

What is the arithmetic/logic unit of a CPU?

The part with special capabilities to do arithmetic calculations and logical operations

5

As regards computers, what is a bus?

A communication system for transferring data inside a computer or between computers

6

What is magnetic tape?

Thin magnetic tape on which data can be imprinted as magnetized dots (e.g. magnetic strips on credit cards)

7

What is a redundant array of independent disks (RAID)?

A collection of disks that all have the same data written on it -- good for backup purposes, but often unnecessary

8

What is the difference between randomly accessible data and sequentially accessible data?

Randomly = records can be directly accessed

Sequentially = records can be accessed only by reading through previous info

9

How does software differ from hardware?

Hardware refers to the required physical devices, while software refers to the internal programming and data needed to run the technology

10

What are the five generations of programming languages?

(1) machine language -- simple binary
(2) assembly language -- includes short commands for repetitive tasks
(3) procedural language -- closer to human language; source code in procedural language can be translated into machine-readable object code
(4) fourth-generation language (4GL) -- many routine procedures are preprogrammed
(5) object-oriented programming (OOP) -- has a modular approach; focused on the objective rather than the procedure

(3)-(5) are machine-independent

11

What are some examples of procedural language?

(i) FORTRAN -- Formula Translation
(ii) COBOL -- Common Business-Oriented Language
(iii) BASIC -- Beginners All-Purpose Symbolic Instruction Code

12

What are some examples of object-oriented programming (OOP)?

(i) C++
(ii) Java

13

What is a graphical user interface (GUI)?

A display where users can interact with icons, scroll bars, etc. rather than just line-by-line commands

14

What is a patch?

An additional part added to a program, usually to update it and/or correct a problem

15

What is an operating system (OS)?

Software that coordinates various computer functions and applications/programs

Also provides a graphical user interface (GUI)

16

What are some examples of operating systems?

(1) Windows XP
(2) Unix
(3) Linux -- a modified version of Unix

17

What is a job control language (JCL)?

A language used by an OS to do its work

18

What are multiprocessing and multiprogramming?

Multiprocessing -- uses more than one CPU to run more than one program simultaneously

Multiprogramming -- a program processes until it needs an input or delivers an output, at which point the OS switches to another program instantly

19

What is virtual storage?

Occurs when an OS subdivides programs into "pages" and only uses the needed pages to execute the instructions it's trying to carry out -- thus lowers processing costs

20

What are application programs?

Programs designed to process a particular application

21

As regards application programs, what is a "pass" or a "run"?

A full round done by the program -- input, processing, and output

22

What are collaborative computing applications?

Any applications where multiple people have access and where the changes made by different people can be tracked to them

23

What are management information systems (MIS)?

Systems used in a company to provide management with the data it needs

24

What is enterprise resource planning (ERP)?

A software arrangement that addresses the enterprise’s needs (including financial reporting, inventory management, etc.), seeking to meet the organizational goals by tightly integrating all functions of an enterprise

25

What is a database management system (DBMS)?

Any set of programs which manages a database, whether by creating it, maintaining it, updating it, allowing access to it, etc.

26

What is a relational database model?

A model that seeks to relate common data (e.g. customer info) in one integrated database to meet the needs of different users accessing the data

27

What are utility programs and library programs?

(1) utility programs = programs which perform standard/routine functions, such as merging or sorting
(2) library programs = programs often utilized by other programs, being stored and then "called up" when needed (e.g. random number generation)

Can also be called utility routines or library routines

28

What is a network?

An arrangement where multiple computers and multiple users have access to common hardware, software, or data

29

What are an internet, an intranet, and an extranet?

(1) internet = a network of networks (with *the* internet being a public network of networks)
(2) intranet = a network closed off, usually just to employees
(3) extranet = an internet that is not entirely closed off, but password-protected

30

What are different kinds of networks?

(1) local area network (LAN) = an intranet within a relatively small physical area
(2) wide area network (WAN) = a network across a very large areas, e.g. a city or country
(3) value-added network (VAN) = a network which provides services beyond Internet capabilities (usually EDI-related)
(4) virtual private network (VPN) = a network where it appears that a remote user accesses a private network, even though it is through public lines

31

What is a concentrator?

An apparatus which concentrates several communication channels into one

32

What is a multiplexer?

An apparatus that, for communication purpsoes, converts multiple low-speed transmissions into one high-speed transmission and then back

33

What is a proxy server?

A server acting as an intermediary for requests from clients involving info from other servers

34

What is a router?

An apparatus that transfers packets of data outward using the most efficient route possible

35

What is a firewall?

Software separating segments with the aim of prohibiting anyone from gaining unwarranted access

36

What is a gateway?

Any software or hardware linking computer networks together

37

What is a web crawler?

A program that searches the internet to find files for the user

38

What is topology?

A network's physical arrangement

Different kinds are (i) bus, (ii) ring, (iii) tree, and (iv) star arrangements

39

As regards topology, what is a bus arrangement?

Resembles the arrangement of people on a bus: there is one central line (the "bus aisle") to which several computers are connected

Easy to add more computers with this arrangement, but communication can be cut off by a failed device in the middle

40

As regards topology, what is a ring arrangement?

Each computer is connected to one on each side, such that all effectively form a circle

Easy to add more computers with this arrangement, and a failed device does not cut off communication (failed devices on each side would), though communication can be slower

41

As regards topology, what is a tree arrangement?

A hierarchical arrangement where each device can have a number of other devices connected to it as branches

42

As regards topology, what is a star arrangement?

Each computer is connected to a central device

Generally the most expensive topology

43

What are data transmission protocols?

Sets of procedures/rules governing the transferal of data among devices

44

What is the difference between serial and parallel data transmission?

Serial = each bit (of a byte) are transmitted singularly

Parallel = all bits are transmitted simultaneously on parallel lines, one bit per line

Parallel is practicable only with short network distances

45

What is the difference between circuit switching and packet switching?

Switching mechanisms route bits to take different paths
-circuit switching sends a message in its entirety through oen path
-packet switching sends messages in packets, sometimes through separate paths

46

What is a common example of packet switching?

TCP/IP -- transmission control protocol/internal protocol

Provides protocols for internet packing switching

47

What is bandwidth?

The degree to which a channel can handle data transmission

Narrow bandwidth signifies a low rate of transmission; broad bandwidth a high rate

48

What is client-server architecture?

An arrangement where computers on a network are either clients or servers
-clients are workstations or PCs
-servers are powerful machines which can manage networks, disk drives, etc.

49

As regards client-server architecture, what is the difference between a file server and a database server?

File = the server primarily stores files and processes data; used as the only server in a two-tier client-server architecture arrangement

Database = the server primarily stores software for database management; does some processing

50

What is a three-tier (or more) client-server architecture?

Any arrangement where two or more servers are needed

The other ones can be print servers, web servers, application servers, fax servers, and so on

51

What are some different network languages?

(1) hypertext markup language (HTML) -- used for internet display
(2) hypertext transfer protocol (HTTP) -- protocols governing the coding, transferal, and viewing of data
(3) extensible markup language (XML) -- also used for internet display, but further identifies the nature of the info displayed (e.g. phone #s)
(4) extensible business reporting language (XBRL) -- required by the SEC, helpful for reading financial statements

52

What is an internet protocol (IP) number?

A specific number used to identify a particular computer within a network

53

What does URL stand for?

Uniform resource locator

54

What are different levels of data?

(1) bit -- binary digit, smallest unit of data
(2) byte -- group of bits
(3) character -- group of bytes
(4) field -- group of related characters (e.g. a name)
(5) record -- group of related fields (e.g. customer record with name, address, phone #)
(6) file -- group of related records

55

What is the difference between a master file and a transaction/detail file?

Master = data is generally permanent

Transaction/detail = data is more current and temporary, used for updating a master file

56

What are the steps involved in updating a master file?

(i) records from both the master file and the transaction file are read into the CPU
(ii) master file records are updated in the CPU
(iii) updated records are written onto an output reel to create a new updated master file

Thus at the end, there are three files: a master file, a transaction file, and an updated master file

57

What is parallel processing?

Running a new system-to-be-implemented at the same as the old system, comparing their results

This makes the conversion smoother (providing a stepping stone) and can avoid disaster if the new system crashes

Also called parallel operating

58

What is volume testing?

Testing the ability of a new system to handle various volumes of data

59

What are two different transaction processing models?

Batch processing and online processing

60

What is batch processing?

Accumulating transactions into groups that can then be processed all at once, as one batch, rather than each being processed individually as they arose

61

What is a disadvantage of batch processing?

Since transactions are not processed immediately, errors will not be detected as quickly

62

What is online processing?

Immediately processing transactions online as they occur

63

What is an OLRT system?

An online, real-time system -- it processes data quickly enough to interact with and receive responses for other data

E.g. for airline reservations, a customer's data can be inputted, and then the available flights are returned, and then the customer can select the flight

64

What is an integrated system?

A system where a transaction affects all the relevant files at once, rather than needing separate actions

E.g. a sale can update revenues, accounts receivable, and inventory at once

65

What are different ways to do external information processing?

(1) block time = renting the use of another entity's computer
(2) time-sharing = having equal access with other users to one system
(3) service bureau = an outside entity which provides data service at a cost

66

What are some general controls restricting IT department activity?

(1) Segregating functions of users and the IT department
(2) Barring IT people from making or authorizing transactions
(3) Segregating duties within the IT department

67

What are different IT functions that ought to be segregated?

(1) Control group
(2) Operators
(3) Programmers
(4) Analysts
(5) Librarians

68

What is the role of a control group in the IT department?

It oversees internal control

69

What is the role of operators in the IT department?

They convert data into a machine-readable form

70

What is the role of programmers in the IT department?

They write and debug programs

-Applications programmers = deal with application programs
-Systems programmers = deal with software that runs the hardware

71

What is the role of analysts in the IT department?

They design the overall system, mapping it out with a flowchart

72

What is the role of librarians in the IT department?

They track the access, use, and storage of programs or other files, including backups

73

What are different professionals needed to develop a business website well?

(i) accountant or auditor -- for understanding business processes and safety, e.g. fraud prevention
(ii) graphics designer
(iii) marketer
(iv) usability specialist
(v) webmaster -- main programmer
(vi) writer

74

What are control objectives for information technology (COBIT)?

Objectives developed to help fulfill Section 404 of SOX, which requires their oversight of the company’s internal controls

COBIT serves as a generally accepted standard for IT to provide security and control, with three main objectives:
(i) ensuring that data systems help fulfill the company’s goals
(ii) optimizing investments in IT
(iii) managing risks and opportunities related to IT

75

What is important to know about documentation for IT systems?

Control procedures for IT systems often do not leave documentary evidence behind

76

What is important to know regarding a change in IT system?

IT systems are more difficult to change than manual systems

77

What are some ways in which paper data is superior to electronic data?

(i) more difficult to alter
(ii) more credible in its source (direct mailing rather than through electronic system)
(iii) often includes approvals in the documentation
(iv) easier to use

78

What are some benefits to an IT system over a traditional/manual system?

-can perform large and complex calculations
-increases how timely, available, and accurate info is
-allows further analysis
-allows further monitoring
-can have stricter controls

79

What are some risks to an IT system?

-errors can be systematic
-unauthorized access can give the user great power
-data can be lost
-programs can be neglected/not updated

80

What are some examples of transaction processing systems?

(i) sales
(ii) purchasing
(iii) payroll
(iv) general ledger

81

What is data mining?

Taking large amounts of data and acquiring new info (specifically, patterns or trends) from it

Good for checking for fraud, e.g. checking employee addresses to vendor addresses, vendor records with P.O. box addresses, etc.

82

What is a fraud profile?

A set of data characteristics which would signify a higher chance of fraud, given the entity's internal controls

83

What is EDI?

Electronic Data Interchange

Business conducted electronically between customers and vendors

84

What is a connectionless environment?

A medium or environment where a customer is not in contact with a specific representative of the company

Websites are connectionless environments, since many people can simultaneously utilize them

85

What is one of the advantages of IT for public companies?

Updating and generating financial statements becomes much simpler, faster, and more accurate

Also can use data mining to find relevant financial info for management, rather than having them read the entire statements

86

What is an ad hoc financial report?

A special report created as the circumstances arise -- i.e. not one ordinarily generated by IT

87

What are hackers and crackers?

Hackers = people who intentionally intrude into IT systems to violate laws, obtain information, etc.
-sometimes this term refers to general tech enthusiasts, in which case "crackers" (criminal hackers) would refer to the malicious types

88

What are some tools of hackers?

(1) demon dialers = rapidly dial through phone numbers to find modems and then use usernames and passwords to break into the system
(2) port scanners = scan a network and its devices to find services that are available and unsecured
(3) scripts = search through machines to find accounts on the machine and whether password attempts to access the machine are limited
(4) sniffers = identify and report all usernames and passwords it can find
(5) Trojan horses = apparently good programs which operate unexpectedly (and usually harmfully) if a user permits the program
(6) viruses = self-replicating programs which affix themselves to other programs and cause harm

89

What are digital signatures?

They provide assurance that data hasn't been altered -- thus they can establish the legitimacy of a file, but not other things (like privacy)

90

What is encryption?

Coding data so it can't be read by those who aren't authorized to read it

Decryption = changing encrypted data to a readable format

91

As regards encryption, what is the key?

The entire set of operations done on data to encrypt, and done in reverse on encrypted data to decrypt it

Often includes both an original set of random variables + a set of algorithms acting on the data

92

What is symmetric encryption?

The same key (a "private key") is used for encryption and decryption

Not useful for parties who send a few messages to a large number of correspondents, since each message would require a separate private key

93

What is asymmetric encryption?

Uses a public key to encrypt data and a private key to decrypt it

Both the public key and the private key are particular to the recipient, and the private key is mathematically related to the public key though not deducible from it, so as long as public keys are truly publicly available, parties can transfer messages to others without needing to agree in advance on a shared private key

94

What are different kinds of IT controls?

(1) preventive
(2) detective
(3) compliance
(4) application
(5) general

95

What are some minimum requirements for a company in a disaster recovery situation?

(i) backup data
(ii) additional hardware off-site

96

What are two different kinds of off-site locations for disaster recovery situations?

(1) hot sites = mostly ready for continued operations
(2) cold sites = mostly unready for continued operations

There are also degrees of "warmth" between the two

97

What are some important elements of a disaster recovery plan?

(i) procedures for how parties will communicate with each other
(ii) testing the plan under different hypothetical scenarios
(3) temporary locations and procedures for continuing operations, e.g. working from home

98

What is important about IT documentation?

It provides all sorts of info concerning the system's purpose, input and output, users, controls, etc., which can be very useful to the auditor

99

What are the first three kinds of IT documentation?

(1) problem definition -- gaining a general understanding of the reason a system was implemented
(2) systems -- how to trace accounting info from input to output
(3) program -- a summary of how a program works: its flowchart, controls, instructions, special features, etc.

100

What are the last three kinds of IT documentation?

(4) operations -- provided by the computer operator on how to run/administer the system
(5) user -- how to use the system (e.g. required input and expected output)
(6) operator -- documentation for the jobs done on the computer by the operator

101

What are some general controls restricting IT department activity?

(1) segregating functions of users and the IT department
(2) barring IT people from making or authorizing transactions
(3) segregating duties within the IT department

102

What are some general controls related to systems development?

-users should be involved in the procedures for system design and the choice of software
-systems testing should involve both users and IT people
-there should be controls barring unauthorized changes
-mgmt should require documentation for choices made regarding the system

103

What is a parity bit?

A way to test hardware for malfunctions

Odd parity = characters are represented by some odd number of magnetized dots
Even parity = characters are represented by some even number

A parity bit tests for whether a character has the wrong number (e.g. due to dust)

104

What is an echo check?

Signal is sent to activate a device, which sends a signal back, and the computer "checks" this "echo"

105

What is a hardware check?

The computer checks the hardware equipment

106

What is boundary protection?

Separates files or programs when they are shared in a common place (e.g. in time-sharing)

107

What are two different kinds of internal file labels?

(1) header label = at beginning of file
-contains name, ID #, tape reel #
(2) trailer label = at end of file
-contains # of records in file, end-of-file code

108

What is an external label?

A label that is attached to some secondary storage device rather than inside the file, readable by humans rather than machines

109

What is a file protection ring?

A plastic ring placed around magnetic tape to avoid accidentally erasing information through physical writing or marking

110

What are different file protection plans?

(1) duplicate files
(2) disk reconstruction plan
(3) grandfather-father-son retention

111

What is a disk reconstruction plan?

Periodically saves a disk file, so that the file can be reconstructed at any given point in time

112

What is grandfather-father-son retention?

When a master file has a day's transactions processed against it, the new master file will be the father and the old one the grandfather. When the father master file has the next day's transactions processed against it, the new file will be the son.

The terms "grandfather," "father," and "son" are relative, referring to how far back in the chain older files are retained. For instance, when the son master file (mentioned above) has a new day's transactions processed against it, the new master file is effectively the son, the old son file is the father, the old father is the grandfather, and the old grandfather is erased. The important point is that two older files are retained for backup purposes at any given time -- the grandfather and father are the two backups for the son.

113

What are some important factors to consider concerning physical safeguards?

(1) temperature, humidity, dust, and other factors are not problematic/extreme
(2) the environment is prepared for physical disaster (e.g. basement flooding)
(3) other facilities are ready in case of disaster

114

What do microcomputers signify for internal controls?

A weakness in internal controls -- since they are usually not in isolated areas, and since they can more easily be modified (including at home)

115

What are different types of inputs which should have internal controls as safeguards?

(1) transaction entries
(2) file maintenance
(3) inquiries
(4) error corrections

116

What are control totals?

A type of internal control meant to double-check data inputted into the system

Can be financial totals (e.g. total $ in A/Rs), hash totals (e.g. sum of account #s), or record/document counts (# of transactions processed)

117

What are edit tests?

Checks performed by a computer to test data being inputted

118

What is a limit test?

An edit test to see whether a value is not greater than or lesser than certain amounts

Also called a reasonableness test

119

What is a character test?

An edit test to see whether an input has a proper size and composition (e.g. if an input ought to always have 7 numbers)

Also called a valid field test

120

What is a code test?

An edit test to ensure that a wrong number is not used (e.g. if a company has four stores, the entry should not be greater than 4)

Also called a valid number test

121

What is a sequence check?

An edit test that ensures data is inputted in the right order

122

What is a missing data test?

An edit test to see whether all fields contain data

123

What is a valid transaction test?

An edit test that sees whether an inputted transaction is the right kind for the file (e.g. for A/R, it might be that all inputted transactions are either debits or credits to A/R)

124

What is a valid combination of fields test?

An edit test that sees whether certain data, when combined, is reasonable (e.g. selling a large quantity of washers and dryers to a single customer -- this might show that the wrong quantity was entered)

125

What is a self-checking digit?

An edit test where a digit is added to some number (e.g. an order ID number) based off the number itself, and then checked for accuracy later

E.g. there might be a formula to add the sum of the 2nd and 5th digits of an order ID, so an order ID of 41853 would be changed to 418534, since 1+3=4. This can help ensure that other data is inputted correctly.

126

What is a valid sign test?

An edit test that checks whether a sign (i.e. positive or negative) is accurate for a record

127

What is an error log?

A record of transactions that aren't processed due to some error -- exists to ensure that transactions skipped over (due to error) will later be corrected

Also called an error listing

128

What are some application controls related to processing?

(1) Reconciling control totals with inputs
(2) Prevention of processing the wrong files
(3) Limit tests built into programs

129

What are some application controls related to output?

(1) Reconciling output totals with input totals
(2) Comparing scanned outputs to original documents
(3) Distributing outputs only to authorized users

130

What two segregation controls are important in small-business IT environments?

-between data entry and processing
-between IT and transaction authorization for users

131

What might an auditor do if a company does not document changes made to an IT program?

Obtain the original software from the manufacturer and see what changes have been made

132

What are distributed systems?

Systems with a main/central computer system and several remote computer sites

133

What are important factors to remember if a client utilizes an IT service center?

(1) transmission
(2) error correction
(3) audit trail
(4) master file changes
(5) output
(6) security