When auditors examine and test the call-back feature, they are testing which audit objective?

Chapter 16IT Controls Part II: Security and Access 

TRUE/FALSE 

1. In a computerized environment, the audit trail log must be printed onto paper 

documents. ANS: F PTS: 1 

2. Disguising message packets to look as if they came from another user and to gain 

access to the hosts network is called spooling. ANS: F PTS: 1 

3. A formal log-on procedure is the operating systems last line of defense against 

unauthorized access. ANS: F PTS: 1 

4. Computer viruses usually spread throughout the system before being detected. ANS: 

T PTS: 1 

5. A worm is software program that replicates itself in areas of idle memory until the 

system fails. ANS: T PTS: 1 

6. Viruses rarely attach themselves to executable files. ANS: F PTS: 1 

7. Subschemas are used to authorize user access privileges to specific data elements. 

ANS: F PTS: 1 

8. A recovery module suspends all data processing while the system reconciles its 

journal files against the database. ANS: F PTS: 1 

9. The database management system controls access to program files. ANS: F PTS: 1 

10. Operating system controls are of interest to system professionals but should not 

concern accountants and auditors. ANS: F PTS: 1 

11. The most frequent victims of program viruses are microcomputers. ANS: T PTS: 1 

12. Access controls protect databases against destruction, loss or misuse through 

unauthorized access. ANS: T PTS: 1 

13. Operating system integrity is not of concern to accountants because only hardware 

risks are involved. ANS: F PTS: 1 

• Chapter 16IT Controls Part II: Security and Access

  TRUE/FALSE

  1. In a computerized environment, the audit trail log must be printed onto paper

  documents. ANS: F PTS: 1

  2. Disguising message packets to look as if they came from another user and to gain

  access to the hosts network is called spooling. ANS: F PTS: 1

  3. A formal log-on procedure is the operating systems last line of defense against

  unauthorized access. ANS: F PTS: 1

  4. Computer viruses usually spread throughout the system before being detected. ANS:

  T PTS: 1

  5. A worm is software program that replicates itself in areas of idle memory until the

  system fails. ANS: T PTS: 1

  6. Viruses rarely attach themselves to executable files. ANS: F PTS: 1

  7. Subschemas are used to authorize user access privileges to specific data elements.

  ANS: F PTS: 1

  8. A recovery module suspends all data processing while the system reconciles its

  journal files against the database. ANS: F PTS: 1

  9. The database management system controls access to program files. ANS: F PTS: 1

  10. Operating system controls are of interest to system professionals but should not

  concern accountants and auditors. ANS: F PTS: 1

  11. The most frequent victims of program viruses are microcomputers. ANS: T PTS: 1

  12. Access controls protect databases against destruction, loss or misuse through

  unauthorized access. ANS: T PTS: 1

  13. Operating system integrity is not of concern to accountants because only hardware

  risks are involved. ANS: F PTS: 1

• 14. Audit trails in computerized systems are comprised of two types of audit logs:

  detailed logs of individual keystrokes and event-oriented logs. ANS: T PTS: 1

  15. In a telecommunications environment, line errors can be detected by using an echo

  check. ANS: T PTS: 1

  16. Firewalls are special materials used to insulate computer facilities ANS: F PTS: 1

  17. The message authentication code is calculated by the sender and the receiver of a

  data transmission. ANS: T PTS: 1

  18. The request-response technique should detect if a data communication

  transmission has been diverted. ANS: T PTS: 1

  19. Electronic data interchange translation software interfaces with the sending firm and

  the value added network. ANS: F PTS: 1

  20. A value added network can detect and reject transactions by unauthorized trading

  partners. ANS: T PTS: 1

  21. Electronic data interchange customers may be given access to the vendor's data

  files. ANS: T PTS: 1

  22. The audit trail for electronic data interchange transactions is stored on magnetic

  media. ANS: T PTS: 1

  23. A firewall is a hardware partition designed to protect networks from power surges.

  ANS: F PTS: 1

  24. To preserve audit trails in a computerized environment, transaction logs are

  permanent records of transactions. ANS: T PTS: 1

  25. Examining programmer authority tables for information about who has access to

  Data Definition Language commands will provide evidence about who is responsible for

  creating subschemas. ANS: T PTS: 1

  MULTIPLE CHOICE

  1. The operating system performs all of the following tasks except

• a. translates third-generation languages into machine language

  b. assigns memory to applications

  c. authorizes user access

  d. schedules job processing

  ANS: C PTS: 1

  2. Which of the following is considered an unintentional threat to the integrity of the

  operating system?

  a. a hacker gaining access to the system because of a security flaw

  b. a hardware flaw that causes the system to crash

  c. a virus that formats the hard drive

  d. the systems programmer accessing individual user files

  ANS: B PTS: 1

  3. A software program that replicates itself in areas of idle memory until the system fails

  is called a

  a. Trojan horse

  b. worm

  c. logic bomb

  d. none of the above

  ANS: B PTS: 1

  4. A software program that allows access to a system without going through the normal

  logon procedures is called a

  a. logic bomb

  b. Trojan horse

  c. worm

  d. back door

  ANS: D PTS: 1

  5. All of the following will reduce the exposure to computer viruses except

  a. install antivirus software

  b. install factory-sealed application software

  c. assign and control user passwords

  d. install public-domain software from reputable bulletin boards

  ANS: D PTS: 1

  6. Which backup technique is most appropriate for sequential batch systems?

  a. grandparent-parent-child approach

  b. staggered backup approach

• c. direct backup

  d. remote site, intermittent backup

  ANS: A PTS: 1

  7. When creating and controlling backups for a sequential batch system,

  a. the number of backup versions retained depends on the amount of data in the file

  b. off-site backups are not required

  c. backup files can never be used for scratch files

  d. the more significant the data, the greater the number of backup versions

  ANS: D PTS: 1

  8. Hackers can disguise their message packets to look as if they came from an

  authorized user and gain access to the hosts network using a technique called

  a. spoofing.

  b. spooling.

  c. dual-homed.

  d. screening.

  ANS: A PTS: 1

  9. In a direct access file system

  a. backups are created using the grandfather-father-son approach

  b. processing a transaction file against a maser file creates a backup file

  c. files are backed up immediately before an update run

  d. if the master file is destroyed, it cannot be reconstructed

  ANS: C PTS: 1

  10. Which of the following is not an access control in a database system?

  a. antivirus software

  b. database authorization table

  c. passwords

  d. voice prints

  ANS: A PTS: 1

  11. Which is not a biometric device?

  a. password

  b. retina prints

  c. voice prints

  d. signature characteristics

  ANS: A PTS: 1

• 12. Which of the following is not a basic database backup and recovery feature?

  a. checkpoint

  b. backup database

  c. transaction log

  d. database authority table

  ANS: D PTS: 1

  13. All of the following are objectives of operating system control except

  a. protecting the OS from users

  b. protesting users from each other

  c. protecting users from themselves

  d. protecting the environment from users

  ANS: D PTS: 1

  14. Passwords are secret codes that users enter to gain access to systems. Security

  can be compromised by all of the following except

  a. failure to change passwords on a regular basis

  b. using obscure passwords unknown to others

  c. recording passwords in obvious places

  d. selecting passwords that can be easily detected by computer criminals

  ANS: B PTS: 1

  15. Audit trails cannot be used to

  a. detect unauthorized access to systems

  b. facilitate reconstruction of events

  c. reduce the need for other forms of security

  d. promote personal accountability

  ANS: C PTS: 1

  16. Which control will not reduce the likelihood of data loss due to a line error?

  a. echo check

  b. encryption

  c. vertical parity bit

  d. horizontal parity bit

  ANS: B PTS: 1

  17. Which method will render useless data captured by unauthorized receivers?

  a. echo check

  b. parity bit

  c. public key encryption

  d. message sequencing

• ANS: C PTS: 1

  18. Which method is most likely to detect unauthorized access to the system?

  a. message transaction log

  b. data encryption standard

  c. vertical parity check

  d. request-response technique

  ANS: A PTS: 1

  19. All of the following techniques are used to validate electronic data interchange

  transactions except

  a. value added networks can compare passwords to a valid customer file before

  message transmission

  b. prior to converting the message, the translation software of the receiving company

  can compare the password against a validation file in the firm's database

  c. the recipient's application software can validate the password prior to processing

  d. the recipient's application software can validate the password after the transaction

  has been processed

  ANS: D PTS: 1

  20. In an electronic data interchange environment, customers routinely access

  a. the vendor's price list file

  b. the vendor's accounts payable file

  c. the vendor's open purchase order file

  d. none of the above

  ANS: A PTS: 1

  21. All of the following tests of controls will provide evidence that adequate computer

  virus control techniques are in place and functioning except

  a. verifying that only authorized software is used on company computers

  b. reviewing system maintenance records

  c. confirming that antivirus software is in use

  d. examining the password policy including a review of the authority table

  ANS: B PTS: 1

  22. Audit objectives for the database management system include all of the following

  except

  a. verifying that the security group monitors and reports on fault tolerance violations

  b. confirming that backup procedures are adequate

  c. ensuring that authorized users access only those files they need to perform their

• duties

  d. verifying that unauthorized users cannot access data files

  ANS: A PTS: 1

  23. All of the following tests of controls will provide evidence that access to the data files

  is limited except

  a. inspecting biometric controls

  b. reconciling program version numbers

  c. comparing job descriptions with access privileges stored in the authority table

  d. attempting to retrieve unauthorized data via inference queries

  ANS: B PTS: 1

  24. Audit objectives for communications controls include all of the following except

  a. detection and correction of message loss due to equipment failure

  b. prevention and detection of illegal access to communication channels

  c. procedures that render intercepted messages useless

  d. all of the above

  ANS: D PTS: 1

  25. When auditors examine and test the call-back feature, they are testing which audit

  objective?

  a. incompatible functions have been segregated

  b. application programs are protected from unauthorized access

  c. physical security measures are adequate to protect the organization from natural

  disaster

  d. illegal access to the system is prevented and detected

  ANS: D PTS: 1

  26. In an electronic data interchange (EDI) environment, when the auditor compares the

  terms of the trading partner agreement against the access privileges stated in the

  database authority table, the auditor is testing which audit objective?

  a. all EDI transactions are authorized

  b. unauthorized trading partners cannot gain access to database records

  c. authorized trading partners have access only to approved data

  d. a complete audit trail is maintained

  ANS: C PTS: 1

  27. Audit objectives in the electronic data interchange (EDI) environment include all of

  the following except

  a. all EDI transactions are authorized

• b. unauthorized trading partners cannot gain access to database records

  c. a complete audit trail of EDI transactions is maintained

  d. backup procedures are in place and functioning properly

  ANS: D PTS: 1

  28. In determining whether a system is adequately protected from attacks by computer

  viruses, all of the following policies are relevant except

  a. the policy on the purchase of software only from reputable vendors

  b. the policy that all software upgrades are checked for viruses before they are

  implemented

  c. the policy that current versions of antivirus software should be available to all users

  d. the policy that permits users to take files home to work on them

  ANS: D PTS: 1

  29. Which of the following is not a test of access controls?

  a. biometric controls

  b. encryption controls

  c. backup controls

  d. inference controls

  ANS: C PTS: 1

  30. In an electronic data interchange environment, customers routinely

  a. access the vendor's accounts receivable file with read/write authority

  b. access the vendor's price list file with read/write authority

  c. access the vendor's inventory file with read-only authority

  d. access the vendor's open purchase order file with read-only authority

  ANS: C PTS: 1

  31. In an electronic data interchange environment, the audit trail

  a. is a printout of all incoming and outgoing transactions

  b. is an electronic log of all transactions received, translated, and processed by the

  system

  c. is a computer resource authority table

  d. consists of pointers and indexes within the database

  ANS: B PTS: 1 2011

  32. All of the following are designed to control exposures from subversive threats except

  a. firewalls

  b. one-time passwords

  c. field interrogation

• d. data encryption

  ANS: C PTS: 1

  33. Many techniques exist to reduce the likelihood and effects of data communication

  hardware failure. One of these is

  a. hardware access procedures

  b. antivirus software

  c. parity checks

  d. data encryption

  ANS: C PTS: 1

  34. Which of the following deal with transaction legitimacy?

  a. transaction authorization and validation

  b. access controls

  c. EDI audit trail

  d. all of the above

  ANS: D PTS: 1

  35. Firewalls are

  a. special materials used to insulate computer facilities

  b. a system that enforces access control between two networks

  c. special software used to screen Internet access

  d. none of the above

  ANS: B PTS: 1

  36. The database attributes that individual users have permission to access are defined

  in

  a. operating system.

  b. user manual.

  c. database schema.

  d. user view.

  e. application listing.

  ANS: D PTS: 1

  37. An integrated group of programs that supports the applications and facilitates their

  access to specified resources is called a (an)

  a. operating system.

  b. database management system.

  c. utility system

  d. facility system.

• e. object system.

  ANS: A PTS: 1

  38. Transmitting numerous SYN packets to a targeted receiver, but NOT responding to

  an ACK, is

  a. a smurf attack.

  b. IP Spoofing.

  c. an ACK echo attack

  d. a ping attack.

  e. none of the above

  ANS: E PTS: 1

  39. Which of the following is true?

  a. Deep Packet Inspection uses a variety of analytical and statistical techniques to

  evaluate the contents of message packets.

  b. An Intrusion prevention system works in parallel with a firewall at the perimeter of the

  network to act as a filer that removes malicious packets from the flow before they can

  affect servers and networks.

  c. A distributed denial of service attack is so named because it is capable of attacking

  many victims simultaneously who are distributed across the internet.

  d. None of the above are true statements.

  ANS: A PTS: 1

  40. Advance encryption standard (AES) is

  a. a 64 -bit private key encryption technique

  b. a 128-bit private key encryption technique

  c. a 128-bit public key encryption technique

  d. a 256-bit public encryption technique that has become a U.S. government standard

  ANS: B PTS: 1

Page 2

• Information Technology, Engineering Faculty

  UNIM

  ListBox & ComboBox

  Academic Year: 2014-2015

  UNIM

  (3rd Week)

  Forms & More Controls (Part 3)

• List Boxes & Combo Boxes

  Types of list boxes and combo boxes

  1. Simple list boxes

  2. Simple combo boxes

  3. Drop-down combo boxes

  4. Drop-down lists

  List boxes and combo boxes have many common properties a

  nd operate similarly

  Combo box control has a DropDownStyle property to determin

  e if list box has a text box for user entry and whether list will dro

  p down

• Scroll bars are added automatically if the box is too small to

  display all items in list

  Combo box displays Text property in control

  List Boxes & Combo Boxes (2)

• The Items Collection

  List of items in a list box or combo box is a collection

  Collections are objects with properties and methods

  Items collection used to add items, remove items, ref

  er to items, count the items, and clear the list

  Refer to items in collection by an index which starts a

  t zero

  Refer to first item in the Items collection as Items[0]

• Filling a List

  Click on ellipses button next to Items property to open String C

  ollection Editor

  Use String Collection Editor to add items to list

  To add items during execution, use the Items.Add or Items.Inse

  rt method

• Using the Items.Add Method

  General Form

  Object.Items.Add(ItemValue);

  New item added to end of the list

  Set the controls Sorted property to true to place item alphabetical

  ly in list

  Must use the Add method to add value user types in text box of co

  mbo box to the list

  Example:

  coffeeComboBox.Items.Add(coffeeComboBox.Text);

• Using the Items.Insert Method

  Choose location for a new item in the list by specifying the ind

  ex position

  General Form

  Object.Items.Insert(IndexPosition, ItemValue); Index is zero based

  Do not set the list controls Sorted property to true if using the Insert method

  Example:

  schoolsListBox.Items.Insert(0,Harvard);

• The SelectedIndex Property

  SelectedIndex property contains index number of item the us

  er selects (highlights)

  If no list item is selected, SelectedIndex is set to negative 1 (-1)

  Example:

  coffeeTypesListBox.SelectedIndex = 3; //Select fourth item in list

• The Items.Count Property

  Count property of Items collection contains number of items in

  the list

  Items.Count is always one more than the highest possible Sele

  ctedIndex

  Example:

  intTotalItems = itemsListBox.Items.Count;

• Referencing the Items Collection

  Specify an element by including an index

  General Form Object.Items(IndexPosition)

  Highest index is Items.Count 1

  Combine Items property and SelectedIndex property to refer to

  currently selected element

  Example:

  strSelectedFlavor = FlavorListBox.Items(FlavorListBox.SelectedIndex)

  Retrieve selected list item with Text property of control

  Example:

  selectedMajorLabel.Text = majorsComboBox.Text;

• Removing an Item from a List

  Specify the index or text of item to remove it from a list

  Use Items.RemoveAt method to remove by index

  General Form

  Object.Items.RemoveAt(IndexPosition)

  Use Items.Remove method to remove by text

  General Form

  Object.Items.Remove(TextString)

• 7- 12

  Clearing a List

  Use Items.Clear method to empty a combo box or list box

  General Form

  Object.Items.Clear()

  Example:

  schoolsListBox.Items.Clear()

• 7- 13

  Clearing a List

  Use Items.Clear method to empty a combo box or list box

  General Form

  Object.Items.Clear()

  Example:

  schoolsListBox.Items.Clear()

• Exercise

• Finish!

Page 3

Embed Size (px) 344 x 292429 x 357514 x 422599 x 487

DESCRIPTION

VB.Net, MaskedTextBox, Image List & Button, UNIM-Mojokerto

Text of 4th Week - Forms and More Controls (Part 4)

• Information Technology, Engineering Faculty

  UNIM

  MaskedTextBox & Picture Button

  Academic Year: 2014-2015

  UNIM

  (4th Week)

  Forms & More Controls (Part 4)

• MaskedTextBox (1)

  Definition

  Control provides restricted data input as well as formatte

  d data output.

  Fixed in length with a defined format, such as Social Secu

  rity Numbers, phone numbers, zip codes; generally anythi

  ng with a fixed number of digits and/or letters.

• MaskedTextBox (2)

• MaskedTextBox (3)

  Can be found

• MaskedTextBox (4)

  Mask Property

• MaskedTextBox (5)

  Simple Program

• MaskedTextBox (6)

  Code

  Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

  TryDim a As Stringa = MaskedTextBox1.TextMessageBox.Show("IP Anda " & a, "Report")

  Catch ex As ExceptionMessageBox.Show(ex.Message)

  End Try

  End Sub

• Button & ImageList (7)

  Overview

  How to add picture in button?

• Button & ImageList (8)

  Definition

  ImageList is component stores a list of images.

• Button & ImageList (9)

  Common Property

  ImageAlign

  ImageIndex/Image Key Button

  ImageList

  ImageSize (ImageList)

• Task

  Design program sesederhana mungkin (user/ orang awam ti

  dak merasa kesulitan)

  Input

  Tanggl Reg.

  NIM

  Nama

  Prodi

  Bayar

  Output

  Sesuai inputan berupa Textbox Multiline

• Finish!

Page 4