



















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
FAC1502 SUMMARY STUDY NOTES 2026 COMPREHENSIVE EXAM STUDY GUIDE WITH FULL TOPIC BREAKDOWNS
Typology: Exams
1 / 27
This page cannot be seen from the preview
Don't miss anything!




















◉ Select the correct concepts regarding encryption. Once a plaintext is encoded into a cypher-text, it cannot be returned to its original plaintext form. Encryption provides confidentiality and privacy for data transmission and storage. Encryption is a preventive control. Answer: Encryption provides confidentiality and privacy for data transmission and storage. Encryption is a preventive control. ◉ Information security is a critical concern to the chief information officer (CIO) and maybe also to the internal auditors. In general, practicing certified public accountants (CPAs) do not need to know much about information security management.. Answer: False (ranked as the top one technology issue for CPAs) ◉ Given the popularity of the internet, mobile devices, and the complexity of computer technologies, business information and IT assets are exposed to risks and attacks from ___ parties such as hackers and ___ parties such as disgruntled employees. Answer: external; internal
◉ Select the correct definition(s) of examples of security risks and attacks. Spyware is secretly installed into an information system to gather information on individuals or organizations without their knowledge. Trojan horse is a collection of software robots that overruns computers to act automatically in response to the bot-herder's control inputs. Spoofing is sending a network message that appears to come from a source other than its actual source. Botnet is self-replicating program that runs and spreads by modifying other programs or files.. Answer: Spyware is secretly installed into an information system to gather information on individuals or organizations without their knowledge. Spoofing is sending a network message that appears to come from a source other than its actual source. ◉ Given the popularity of the internet, mobile devices, and the complexity of computer technologies, important business information and IT assets are exposed to risks and attacks from external parties such as hackers, foreigners, competitors, etc. Today's employees are well trained and always support the firm to prevent the attacks.. Answer: False; exposed to risks and attacks from external and internal parties
It is a result of an encryption process such as using asymmetric-key encryption. It is a result of a hashing process such as using the SHA- 256 algorithm. It is an encrypted message.. Answer: It is a result of a hashing process such as using the SHA-256 algorithm. ◉ The reason why a digital signature can be used to ensure data integrity is because of the hashing process is not reversible.. Answer: true ◉ Firms use two encryption methods, ___ encryption and ___ encryption, in data transmission and electronic communication in e- business. Answer: asymmetric-key (two-key); symmetric-key (one- key) ◉ Select the correct definition of a digital signature. A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's private key. A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's hashing key. A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's public key.. Answer: A digital signature is a message digest (MD) of a document
(or data file) that is encrypted using the document creator's private key. ◉ Authentication is a process that establishes the origin of information or determines the ___ of a user, process, or device. It is critical in e-business because it can prevent ___ while conducting transactions online.. Answer: identity; repudiation ◉ When using asymmetric-key encryption method in e-business, a ___ authority (CA) is a trusted entity that issues and revokes digital certificates. A digital certificate indicates the subscriber identified in the certificate with sole control and access to the private key, and binds the name of a subscriber to a public key. Answer: certificate ◉ Why do we need to use digital signatures in conducting e- business? Ensure privacy in data transmission Obtain data integrity It is the only way to ensure the receiver's identity Maintain confidentiality. Answer: Obtain data integrity ◉ To create a digital signature, the document creator must use his or her own private key to encrypt the ___ ___ (MD), to the digital signature also authenticates the document creator. Answer: message digest
Frauds are perpetrated by parties to secure personal or business advantage. Frauds are perpetrated by organizations to avoid payment or loss of service. A legal act characterized by deceit, concealment, or violation of trust.. Answer: Frauds are perpetrated by parties to obtain money, property, or services. Frauds are perpetrated by parties to secure personal or business advantage. Frauds are perpetrated by organizations to avoid payment or loss of services. ◉ According to the fraud triangle, three conditions exist for a fraud to be perpetrated: incentive or pressure, ___, and rationalization. Answer: opportunity ◉ The theft, misuse, or misappropriation of computer hardware is a common computer fraud. The illegal copying of computer ___ is another commonly observed computer fraud. Answer: software ◉ Who is responsible to prevent and catch fraud? The management Treasurer Controller
IT professionals. Answer: the managment ◉ List the computer fraud risk assessments in sequence.. Answer: Identifying relevant IT fraud risk factors. Identifying and prioritizing potential IT fraud schemes. Mapping existing controls to potential fraud schemes and identifying gaps. Testing operating effectiveness of fraud prevention and detection controls. Assessing the likelihood and impact of a control failure and/or a fraud incident. ◉ Because research indicates that more than half of the malicious incidents in IT security are caused by insider abuse and misuse, firms should implement a sound system of internal controls to prevent and detect frauds perpetrated by insiders. Which of the following conditions often exist for fraud to be perpetrated? The perpetrator is pressured with a reason to commit fraud. The perpetrator does not have a college degree. The perpetrator is IT savvy. The perpetrator has an attitude to rationalize the fraud. There is an opportunity for fraud to be perpetrated.. Answer: The perpetrator is pressured with a reason to commit fraud. The perpetrator has an attitude to rationalize the fraud.
Misuse of computer hardware Altering computer-readable records and files. Answer: Altering the logic of computer software Misuse of computer hardware Altering computer-readable records and files ◉ What are the main purposes of AICPA cybersecurity risk management framework? Describe a company's risk and its risk appetite on cybersecurity. Evaluate a company's cybersecurity controls. Describe a company's cybersecurity risk management system. Evaluate a company's enterprise risk management policies.. Answer: Evaluate a company's cybersecurity controls. Describe a company's cybersecurity risk management system. ◉ Vulnerability management and risk management have the same objective: to reduce the probability of the occurrence of detrimental events. What are the differences between them? Risk management is often a more complex and strategic process using a bottom-up, asset-based approach is planning. Vulnerability management is often a tactical and short-term effort using a top-down approach in evaluating the IT risks. Vulnerability management is top-down and often uses an IT risk- based approach in the process.
Risk management is often a more complex and strategic process that should be a long-term process.. Answer: Risk management is often a more complex and strategic process that should be a long-term process. ◉ Define vulnerability. (select all that apply) Characteristics of IT resources that can be exploited by a threat to cause harm to a firm. External attacks authorized by management and designed by technology experts to crash a company's system. Weaknesses or exposures in IT processes that may lead to a business risk, compliance risk, or security risk.. Answer: Characteristics of IT resources that can be exploited by a threat to cause harm to a firm. Weaknesses or exposures in IT processes that may lead to a business risk, compliance risk, or security risk. ◉ Risk management= Vulnerability management=. Answer: a complex and strategic process using an IT asset-based approach ◉ (type of vulnerability) No regular review of a policy that identifies how IT equipments are protected against environmental threats. Answer: Vulnerabilities within a physical IT environment
◉ A computer technician uses his unrestricted access to customers' systems to plant a virus on their networks that brings the customers' systems to a halt. Answer: lack of access control to all customers' systems ◉ A foreign currency trader covers up losses of millions over a 5- year period by making unauthorized changes to the source code. Answer: lack of code reviews; improper change management ◉ Identification. Answer: vulnerability assessment ◉ Remediation. Answer: vulnerability management ◉ Firms continue to monitor system availability. Fault ___ uses redundant units to provide a system with the ability to continue functioning when part of the system fails. Many firms implement a redundant array of independent drives (RAID) so that if one disk drive fails, important data can still be accessed from another disk. Answer: tolerance ◉ Virtualization and ___ computing are considered good alternatives to back up data and applications. Answer: cloud ◉ The main components of vulnerability assessment include vulnerability identification and risk assessment. The main
components of vulnerability management include vulnerability ___ and maintenance. Answer: remediation ◉ Both disaster recovery planning (DRP) and business continuity management (BCM) are the most critical ___ controls, and DRP is a key component of BCM. Detective Preventive Corrective. Answer: corrective ◉ Select the best answer in describing virtualization and cloud computing. A virtual machine containing system applications and data backups is often resides in the cloud off-site or at various locations. Cloud computing uses redundant servers at an on-site location of the company such as its warehouse. Cloud computing are considered as a bad alternative to backup data because companies should never trust any cloud computing service providers.. Answer: a virtual machine containing system applications and data backups is often resides in the cloud off-site or at various locations ◉ Disaster ___ planning (DRP) is a process that identifies significant events that may threaten a firm's operations and outlines the
Most cloud computing service providers charge on a per-user basis. Most companies have no issue in using cloud computing and may consider storing critical and sensitive data in the cloud. A third-party service provider offers computing resources including hardware and software applications to users over the internet cloud.. Answer: A cloud user company often shares the computing resources with other user companies, and a cloud provider is responsible for managing the resources. Most cloud computing service providers charge on a per-user bases. A third-party service provider offers computing resources including hardware and software applications to users over the internet cloud ◉ The data in a data ___ are pulled periodically from each of the operational databases (ranging from a couple of times a day to once a year) and often maintained for 5 to 10 years. Answer: warehouse ◉ Data warehouse. Answer: a centralized collection of firm-wide data for a relatively long period of time; data are nonvolatile ◉ Operational database. Answer: used for daily operations and usually includes data for the current fiscal year only; data are volatile ◉ The operating system performs the tasks that enable a computer to operate. It is comprised of system utilities and programs that:
Ensure the integrity of the system. Allocate computer resources to users and applications. It is the main function in managing a database. Control the flow of multiprogramming.. Answer: ensure the integrity of the system. allocate computer resources to users and applications. control the flow of multiprogramming. ◉ The operating system (OS) must achieve fundamental control objectives to consistently and reliably perform its functions. Which of the following are the control objectives of the OS? The OS must be protected from itself. The OS must protect itself from users. The OS must protect users from each other. The OS must be user friendly for end users. The OS must protect users from themselves.. Answer: the OS must be protected from itself the OS must protect itself from users the OS must protect users from each other the OS must protect users from themselves ◉ In today's electronic world, most accounting records are stored in a ___. Answer: database
◉ A local area network is a group of computers, printers, and other devices connected to the same network and covers a large geographic range such as a city, a county, or a state.. Answer: false; covers a limited geographic range such as home, small office, or a campus building ◉ The operating system performs the tasks that enable a computer to operate. It is comprised of system utilities and programs that: it is the main function in managing a database. control the flow of multiprogramming. allocate computer resources to users and applications. ensure the integrity of the system.. Answer: control the flow of multiprogramming allocate computer resources to users and applications ensure the integrity of the system ◉ hubs. Answer: broadcasting data packets ◉ switches. Answer: direct data packets bases on media access controls and addresses ◉ Online analytical processing (OLAP) is a tool for ___ ___. The typical approaches in OLAP include time series analysis, exception reports, what-if simulations, etc.. Answer: data mining
◉ A ___ ___ ___ (LAN) is a group of computers, printers, and other devices connected to the same network and covers a limited geographic range such as a home, small office, or a campus building. Answer: local area network ◉ A ___ ___ network (WAN) links different sites together; transmits information across geographically dispersed networks; and covers a broad geographic area such as a city, region, nation, or an international link. Answer: wide area ◉ LANs. Answer: mainly use hubs and switches ◉ WANs. Answer: mainly use routers and firewalls ◉ A ___ ___ ___ (VPN) securely connects a firm's WANs by sending/receiving encrypted packets via virtual connections over the public internet to distant offices, salespeople, and business partners. Answer: virtual private network ◉ LAN. Answer: switches ◉ VPN. Answer: access points