Information Technology (17%) Flashcards

Question

A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments is known as:

Answer 1

**Data Mart** - focused on a particular market or purpose and contains only information specific to that objective. (TI's Finance Data Mart)

Answer 2

Both are TRUE

Answer 3

View Only Access

Answer 4

All of the above

Answer 5

* **Database** is composed of many = * **Files** are composed of many = * **Records** are composed of multiple = * **Fields** are composed of = * **Characters** are made of = * **Bytes (8 bits)** are composed of = * **Bits** = an individual 0 or 1

Answer 6

All software is created using programming languages. * High level general purpose = **C programming language** * Object oriented language used to design software = **C++** * Integrated development environments = **Java**, templates that automatically generate code. * Tagging language typically used for the internet = **HTLM** (Hypertext Markup Language) * Script languages that add funtionality to web pages = **PERL** or **Python** * Low level languages = **assembler** or **machine** (computer instructions)

Answer 7

* Data Definition Language (**DDL**) = allows the definition of tables and fields and relationships among tables. Uses meta-data. * Data Manipulation Language (**DML**) = allows the user to add new records, delete old records and udpate existing records. * Data Query Language (**DQL**) = allows user to extract information from the database: * Structured Query Language (**SQL**) = most relational databases use SQBL to extract data. (text approach) * Query-By-Example (QBE) = drag and drop fields (graphic approach)

Answer 8

A logical group of bytes. Identifies a characteristic or attribute of an entity. * Customer name * Customer address * Customer number

Answer 9

Group of related fields (or attributes). Describes a: * Specific invoice * particular customer * individual product

Answer 10

Collection of related records for multiple entities. * Invoice file * Customer file * Product file

Answer 11

**System** Software or **Application** Software * Systems Software - programs that run computer and support system management (operating system is most important, i.e. Windows, Mac OS X) * Application Software - end-user programs

Answer 12

"Middle-ware" Program that functions between the application software and the operating system. DBMS **manages the database**.

Answer 13

Control center of the computer system. 3 Principal Components: 1. Control Unit 2. Arithmetic Logic Unit (ALU) 3. Primary Storage (memory) 1. Random Access Memory (RAM) - **temporarily** stores data while it is in process. 2. Read Only Memory (ROM) - semi-permanent data store for instructions that are closely linked to hardware. **Hard to change**.

Answer 14

* Input - instruct the CPU and supply data to be processed. * keyboard, mouse, trackball * touch-screen technology * Point of sale (POS) scanners * Output - transfer data from processing unit to other formats * Printers * Plotters * Monitors * Flat-panel displays * Cathode Ray Tube (CRT) displays

Answer 15

1. Enter Transaction on **Source Document** 2. Record SD chronoligically in a **Journal** 3. Copy to ledger(s) = **Master Files** 4. **Prepare** reports

Answer 16

**_Batch_** * Groups new transactions by type and **processes periodically** in **sequential** order. * transaction and master files are sorted on a common key called **sequential access files**. **Disadvantages** of Batch - not real time, systems is out of date, delays error detection. **_Online Real Time Processing_** * Continuous and immediate processing * Simultaneous transaction entry and master file updating * Requires **random access storage devices** (i.e. magnetic disk) * Requires **networked computer system** **Disadvantages** of OLRT - higher costs

Answer 17

Point of Sale * **Scanners** capure data from **product bar codes** * Computer system is integrated with **electronic cash register** * POS systems or terminals **networked to central computer**

Answer 18

Master File

Answer 19

Computerized note that clerical errors increase in a manual environment.

Answer 20

Any device connected to the network is a node: * **Client** - a node, typically a microcomputer used by end-users. The client uses network resources but does NOT supply resources to the network. * **Server** - a node dedicated to provided resources to the rest of the network. Servers are **indirectly** used by end-users. * **Transmissions Media** - communication link between nodes and the network. Can be wired or wireless media.

Answer 21

Distributed - a solution that is neither too centralized, nor too decentralized

Answer 22

**Copper or Twisted Pair** * Used for phone connections * slowest, least secure and most subject to interference * least expensive **Coaxial Cable** * similar to cable used for television. faster, more secure and less subject to interference than twisted pair. **Fiber Optics** * Extremely fast and secure * based on light pulses instead of electrical impulses. * more expensive to purchase and install

Answer 23

* Microwave (Satellite) transmission - **WAN's primarily** * Wi-Fi (spread spectrum radio) - **both LAN's and WAN's** * Bluetooth - same signal as Wi-Fi but **consumes less power** * Digital cellular - transmits data via cell network - **WAN's primarily**

Answer 24

* Local Area Networks (**LAN**'s) = Smaller local area scope, i.e. schools in a school district. Uses **dedicated** (typically fiber optic) **lines** * Wide Area Networks (**WAN**'s) = National or International Scope, **does not use dedicated lines**. * Storage Area Networks (**SAN**'s) = variation of LAN's that connects storage devices to servers. * Personal Area Networks (**PAN**'s) = home network

Answer 25

A global **"network of networks."** The internet is a worldwide network that allows for virtually any computer system to link to it by way of an **electronic gateway**. * end-users are connected via ISP's (internet service providers) * a **markup** or **tagging** language specifies how data will be processed * Protocols (see card) * **Intranet** (closed network) and **Extranets** (connects suppliers/customers to a business)

Answer 26

* **TCP/IP** (Transmission Control Protocol / Internet Protocol) * these are the two core network protocols that underlie the internet. * **HTTP** (Hypertext Transfer Protocol) - a part of TCP/IP, the **foundation** protocol for data transmission on the internet. * **SMTP** (Simple Mail Transfer Protocol) and **IMAP** (Internet Message Access Protocol), both of these protocols are for email services and are part of TCP/IP.

Answer 27

information is grouped into "packets" for transmission. **TCP/IP** is a packet-switched network protocol. The **Internet** is the world's largest packet-switched network.

Answer 28

Intranet - available to only members of the organization and **not the general public**. Extranet - an **intranet** that is opened up to permitted associates (typically company suppliers, customers, business partners, etc.) For both, a user-name and password are required. These are not available to the general public.

Answer 29

* **XML** (Extensible Markup Language) - protocol for encoding documents for use on the internet. * **XBRL** (Extensible Business Reporting Language) - XML based protocol for encoding and tagging business information. XBRL is specifically designed to **exchange financial information** over the World Wide Web. * **HTML** (Hypertext Markup Language) - core language for **web pages**. * **FTP** - file transfer applications * **IM** - instant messaging applications

Answer 30

**Corrective controls**: i.e., controls designed to help correct and recover from previously detected problems.

Answer 31

system backup is good; data redundancy is bad

Answer 32

* A traditional term used to refer to a three-generation backup procedure: the "son" is the newest version of the file; the "father" is one generation back in time, the "grandfather" is two generations back in time; * Associated with batch processing in a magnetic tape environment where a new master file (the "son") was created when the old master file (the "father") was updated.

Answer 33

Common in **batch processing** systems, a checkpoint is a point in data processing where processing accuracy is verified; if a problem occurs, one returns to the previous checkpoint instead of returning to the beginning of transaction processing. This saves time and money.

Answer 34

Common to **online, real-time processing**; all transactions are written to a transaction log when they are processed; periodic "snapshots" are taken of the master file; when a problem is detected the recovery manager program, starts with the snapshot of the master file and reprocesses all transactions that have occurred since the snapshot was taken.

Answer 35

* Remote backup (online) - provided by outsourced service * RAID - redundant array of independent disks = multiple hard disks * Storage Area Networks (SANs) * Mirroring - maintaining an exact copy of a dataset * mirroring is expensive but a highly reliable approach

Answer 36

Fault-tolerant

Answer 37

Most large organizations use **logical access control** software to manage access control. Functions of such systems include managing user profiles, assigning identifications and authentication procedures, logging system and user activities, establishing tables to set access privileges to match users to system resources and applications, and, log and event reporting. Hence, many of the functions and procedures described in this lesson are managed through logical access control software.

Answer 38

Include devices that provide "one-time" passwords that must be input by the user and as well as "smart cards" that contain additional user identification information and must be read by an input device. i.e. TI's entrust app for iphones

Answer 39

Electronic device that separates or isolates a network segment from the main network while maintaining the connection between networks? * **Network** * Filters data packets based on header information (source and destination IP addresses and communication port) * **Network firewalls perform relatively low-level filtering capabilities** * **Application** * ****Inspects packet contents * Can perform **deep packet inspection** * **application firewalls have the ability to do much more sophisticated checks and provide much better control.** * **Personal**

Answer 40

* Climate Control * Environment threat detectors (smoke, fire, water, etc.) * Fire suppression systems * Backup power systems should be adequate

Answer 41

**Social engineering** - Methods used by attackers to fool employees into giving the attackers access to information resources. One form of social engineering concerns physical system access: * In **piggybacking** an unauthorized user slips into a restricted area with an authorized user, following the authorized user's entry.

Answer 42

**Halon**, because it is an environmental hazard.

Answer 43

**Two types:** (exam will use both terms) * **Single key encryption (symmetric)** * **Public/Private encryption (asymmetric)** - public key (maintained by the CA (Certificate Authority) is available to general public , the individual user maintains the private key. * If you want to send an encrypted message, you encrypt your message with the recipients public key. Only the intended user, the recipient, has the private key that is necessary to decrypt the information. * Both public/private can encrypt and decrypt, but you need one of each to encrypt and decrypt each time.

Answer 44

1. The **encryption algorithm** is the function or formula that encrypts and decrypts (by reversal) the data. 2. The **encryption key** is the parameter or input into the encryption algorithm that makes the encryption unique. The reader must have the key to decrypt the ciphertext. 3. **Key length** is a determinant of strength. Longer keys are harder to decrypt.

Answer 45

**Symmetric Encryption** * **Fast, simple, easy** and less secure than asymmetric encryption. * More often used in data stores (i.e., data at rest) since only one party then needs the single algorithm and key. * Also called single-key encryption, symmetric encryption uses a **single algorithm** to encrypt and decrypt. **Asymmetric Encryption** * **Safer but more complicated** than symmetric encryption. * More often used with **data-in-motion**. * Also called **public/private-key encryption**. * Uses two paired encryption algorithms to encrypt and decrypt. * If the public key is used to encrypt, the private key must be used to decrypt; conversely, if the private key is used to encrypt, the public key must be used to decrypt. * To acquire a public/private key pair, the user applies to a **certificate authority (CA)** **Quantum Encryption** * Quantum mechanics from physics is emerging as a technology that may revolutionize computing encryption. It uses the physical properties of light (photons) to generate seemingly **uncrackable codes**.

Answer 46

High certainty regarding the **identity of the trading partners** and the **reliability of the transaction data**. Electronic identification methodologies and secure transmission technology are designed to provide such an environment.

Answer 47

* **Digital Signatures** * An electronic means of identifying a person or entity. * Use public/private key pair technology to provide authentication of the sender and verification of the content of the message. * Vulnerable to **man-in-the-middle attacks** in which the sender's private and public key are faked. * **Digital Certificates (more secure than DS's)** * For transactions requiring a high degree of assurance, a digital certificate provides legally recognized electronic identification of the sender, and, verifies the integrity of the message content. * Based on a **public key infrastructure (PKI)**

Answer 48

Manages and issues digital certificates and public keys. The digital certificate certifies the ownership of a public key by the named subject (user) of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the certified public key.

Answer 49

* **Secure Sockets Layer (SSL)** uses a combination of encryption schemes based on a PKI; * **Secure Hypertext Transfer Protocol (S-HTTP)** directs messages to secure ports using SSL-like cryptography.

Answer 50

**SET** = developed by VISA and MasterCard. A protocol often used for consumer purchases made via the Internet. Uses multiple encryption schemes based on a PKI. **VPN** = A secure way to connect to a private local area network (LAN) from a remote location, usually through an Internet connection. **VPN creates an encrypted communication tunnel across the Internet for the purpose of allowing a remote user secure access to the network.**

Answer 51

**Unaltered in transmission.** A digital signature consists of a digest of the original message that is encrypted with the sender's private key. The use of the private key provides the sender's authentication, and the transmission of the encrypted digest (which is later decrypted and compared to a digest of the message received) permits the detection of any alterations during transmission. A digital signature uses public/private key encryption technology to provide a means of authenticating messages delivered in a networked environment.

Answer 52

**Both** the sender and receiver must have the private key before this encryption method will work. In order to decrypt a message encrypted via private key encryption (also known as single key encryption), **both the sender and the receiver must have access to the key**, as a single key is used both to encrypt (run the encryption algorithm "forward") and decrypt (run the encryption algorithm "backward"). This is a disadvantage because the transmission of the key is inherently insecure. Both the public and private keys can be used to encrypt and decrypt messages, **although the public key can only decrypt messages encrypted using the private key and vice versa.**

Answer 53

Application programmer writes the programs that we actually use, NOT the programs that run the system. AP's should never have access to any type of system software or operation of the sytem such as correcting data entry errors.

Answer 54

**Two types: (exam will use both terms)** **Single key encryption (symmetric)** * sender shares private key that must be used by recipient to decrypt the message. **Public/Private encryption (asymmetric)** * **Remember that neither method is stronger or weaker than the other. Public/Private is more secure in that it used two keys.** * **If you encrypt with a private key, remember that ANYONE can decrypt the message because the decrypt key is a public key.**

Answer 55

**Boundary Protection.** The primary purpose of boundary protection is to prevent the mixing of data on a magnetic memory disc and a core storage unit.

Answer 56

A value-added network is a system that routes data transactions between trading partners. A **VAN connects customers and suppliers.** **Advantages** * **Reduces communication and data protocol problems** since VANs can deal with differing protocols (eliminating need for trading partners to agree on them). * Partners do not have to establish the numerous point-to-point connections. * Reduces scheduling problems since receiver can request delivery of transactions when it wishes. * In some cases, VAN translates application to a standard format the partner does not have to reformat. * VAN can provide increased security. **Disadvantates** * Cost of VAN. * Dependence upon VAN’s systems and controls. * Possible loss of data confidentiality.

Answer 57

1. Desktop client 2. Application 3. Database

Answer 58

Maturity models evaluate the sophistication of IT processes rated from a maturity level of nonexistent (0) to optimized (5).

Answer 59

Responsible for providing a **continuous review function** by supervising and monitoring input, operations, and the distribution of output (i.e., **a continuous internal audit function**).

Answer 60

Which users have various privileges relating to a database. * **Data definition language (DDL)**—Used to define a database, including creating, altering, and deleting tables and establishing various constraints. * **Data manipulation language (DML)**—Commands used to maintain and query a database, including updating, inserting in, modifying, and querying (asking for data). * **Data control language (DCL)**—Commands used to control a database, including controlling which users have various privileges (e.g., who is able to read from and write to various portions of the database).

Answer 61

IT governance and management of enterprise IT (5 Principals below) do not get this confused with COSO (Internal Audit) 1. Meeting stakeholder needs 2. Covering the enterprise end-to-end 3. Applying a single integrated framework 4. Enabling a holistic approach 5. Separating governance from management

Answer 62

**Reciprocal agreement** - an agreement between two or more organizations (with compatible computer facilities) to aid each other with their data processing needs in the event of a disaster. This is sometimes referred to as a mutual aid pact.

Answer 63

1. **Cause-and-effect (fishbone or Ishikawa)** diagrams identify the potential causes of defects. Four categories of potential causes of failure are: human factors, methods and design factors, machine-related factors, and materials and components factors. Cause-and-effect diagrams are used to systematically list the different causes that can be attributed to a problem (or an effect). 2. **Pareto chart (or diagram)** is a bar graph that ranks causes of process variations by the degree of impact on quality. The Pareto chart is a specialized version of a histogram that ranks the categories in the chart from **most frequent to least frequent**. A related concept, the “Pareto Principle” states that 80% of the problems come from 20% of the causes. The Pareto Principle states that: “Not all of the causes of a particular phenomenon occur with the same frequency or with the same impact.”

Answer 64

Framework developed to make the internet more user-friendly for **accessing documents**. * Hypertext Transfer Protocol (**HTTP**) - the language of the internet * Document - a single file accessible through the internet * **Page** - display that results from connection to a particular document on the internet * Uniform Resource Locator (**URL**) - the address of a particular page on the internet * **Web browser** - program that allows a computer with software to access internet and translate documents for proper display. * **Server** - the computer that is sending pages for display on another computer * **Client** - the computer receiving the pages and seeing the display * **Upload** - sending information from a client to a server * **Download** - sending information from a server to a client

Answer 65

* A **Virus** is a program that requests a computer to perform an activity that is not authorized by the user. * A **Worm** is a program that **duplicates itself** over a network so as to **infect many computers with viruses**.

Answer 66

* **Source** Program - language written by the programmer (high-level languages resemble english while assembly languages resemble machine instructions) * **Object** program - language in the form the machine understands (on-off, or 1-0) * **Compiler** - a program that converts source programs into machine language.

Answer 67

1. **Planning:** define system, scop 2. **Analysis:** meet with users and ITS staff, needs assessments, gap analysis 3. **Design:** technical blueprint of new system 4. **Development - Build:** platform and software 5. **Testing:** code, system, integration and user acceptance 6. **Implementation: parallel** (run old and new), **plunge** (stop old and use new), **pilot** and **phased** 7. **Maintenance:** monitor and support, training, help desk, process and policies for authorizing changes.

Answer 68

* **Systems Analyst** - designs the IS using systems flowcharts and other tools and prepares specifications for application programmers. * **Application Programmer** - writes, tests and debugs programs that will be used by the system. The Programmer also develops instructions for operators to follow when using the programs. * **Database Administrator** - plans and administers the database to make certain only appropriate individuals have access to the information in it.

Answer 69

* **Data Entry Clerk** - converts data into a computer readable form. * **Computer Operator** - runs the program on the computer. * **Program and File Librarians** - responsible for custody of the computer programs, master files, transaction files and other records. * **Data Control** - responsible for reviewing and testing input procedures, monitoring processing and reviewing and distributing outputs.

Answer 70

* **Telecommunications:** maintains and enhances computer networks and network communications * **Systems Programmer or Technical Support:** updates and maintains the operating systems * **Security Administration:** responsible for security of hte system including control of access and user passwords

Answer 71

ALL OF THEM. All of the above practices are effective control measures. Periodic rotation and mandatory vacations provide other personnel with the ability to detect operator problems. Controlled access and segregation of duties allow for the separation of incompatible functions.

Answer 72

Helps ensure that a valid and correct account code has been entered; after the code is entered, this system looks up and displays additional information about the selected code. For example, the operator enters a customer code, and the system displays the customer's name and address. **Available only in online real-time systems.**

Answer 73

1. **Hierarchical**—The data elements at one level "own" the data elements at the next lower level (think of an organization chart in which one manager supervises several assistants, who in turn each supervise several lower level employees). 2. **Networked**—Each data element can have several owners and can own several other elements (think of a matrix-type structure in which various relationships can be supported). 3. **Relational**—A database with the logical structure of a group of related spreadsheets. Each row represents a record, which is an accumulation of all the fields related to the same identifier or key; each column represents a field common to all of the records. Relational databases have in many situations largely replaced the earlier developed hierarchical and networked databases. 4. **Object-oriented**—Information (attributes and methods) are included in structures called object classes. This is the newest database management system technology. 5. **Object-relational**—Includes both relational and object-oriented features. 6. **Distributed**—A single database that is spread physically across computers in multiple locations that are connected by a data communications link. (The structure of the database is most frequently relational, object-oriented, or object-relational.)

Answer 74

**Benefits** 1. Quick response and access to information 2. Cost efficiency 3. Reduced paperwork 4. Accuracy and reduced errors and error-correction costs 5. Better communications and customer service 6. Necessary to remain competitive **Exposures** 1. Total dependence upon computer system for operation 2. Possible loss of confidentiality of sensitive information 3. Increased opportunity for unauthorized transactions and fraud 4. Concentration of control among a few people involved in EDI 5. Reliance on third parties (trading partners, VAN) 6. Data processing, application and communications errors 7. Potential legal liability due to errors 8. Potential loss of audit trails and information needed by management due to limited retention policies 9. Reliance on trading partner's system

Answer 75

Takes advantage of a network communications protocol to tie up the server's communication ports so that legitimate users cannot gain access to the server. It also blocks access to anyone else = nobody can access the server, even the perpetrators!

Information Technology (17%) Flashcards

(102 cards)