Study guide exam 2
ACC 444 Exam 2 Guide
Summary of Questions (approximate):
Topic # Multiple Choice Questions (2 pts each) Total
Points
Information Security 25 Computer Controls 12 Auditing Computer-Based Information Systems 13 Total # questions 50 100
Study Guide
While there could be questions from other topics discussed in class, the main emphasis will be on the following subject matter:
Information Security
Time-based model of security
Defense in depth
Types of preventive controls, especially authentication, authorization, remote access controls, encryption
Types of detective controls, especially log analysis, intrusion detection systems
Corrective Controls
Computer Controls
Source data controls
Data entry controls
Processing controls – real-time, batch, and online
Disaster recovery measures, especially backups, infrastructure replacement
Auditing Computer-Based Information Systems
Key audit procedures for security, program development/modification, source data and data entry, processing, and file library
Compensating controls for security, program development/modification, source data and data entry, processing, and file library
Concurrent audit techniques
Understanding the Computer Fraud Techniques from the first exam will also help.
Additional Preparation Tools:
Quiz in textbook – chapter end,
Online Textbook Quiz (http://wps.pearsoned.com/bp_romney_ais_13/244/62562/16015892.cw/index.html), select “Study Guide” for each relevant chapter to get to that chapter’s online quiz.
Homeworks, in-class exercises and additional problems discussed in class
ITGC Case
Sample Questions (Answer Key on the last page)
The time-based model of security can be expressed as a formula that involves three terms: P (the time it takes to break through existing controls), D (the time it takes to detect that an attack is occurring), and C ( the time it takes to respond to an attack). Which of the following formulas indicates that an organization’s security is
Summary of Questions (approximate):
Topic # Multiple Choice Questions (2 pts each) Total
Points
Information Security 25 Computer Controls 12 Auditing Computer-Based Information Systems 13 Total # questions 50 100
Study Guide
While there could be questions from other topics discussed in class, the main emphasis will be on the following subject matter:
Information Security
Time-based model of security
Defense in depth
Types of preventive controls, especially authentication, authorization, remote access controls, encryption
Types of detective controls, especially log analysis, intrusion detection systems
Corrective Controls
Computer Controls
Source data controls
Data entry controls
Processing controls – real-time, batch, and online
Disaster recovery measures, especially backups, infrastructure replacement
Auditing Computer-Based Information Systems
Key audit procedures for security, program development/modification, source data and data entry, processing, and file library
Compensating controls for security, program development/modification, source data and data entry, processing, and file library
Concurrent audit techniques
Understanding the Computer Fraud Techniques from the first exam will also help.
Additional Preparation Tools:
Quiz in textbook – chapter end,
Online Textbook Quiz (http://wps.pearsoned.com/bp_romney_ais_13/244/62562/16015892.cw/index.html), select “Study Guide” for each relevant chapter to get to that chapter’s online quiz.
Homeworks, in-class exercises and additional problems discussed in class
ITGC Case
Sample Questions (Answer Key on the last page)
The time-based model of security can be expressed as a formula that involves three terms: P (the time it takes to break through existing controls), D (the time it takes to detect that an attack is occurring), and C ( the time it takes to respond to an attack). Which of the following formulas indicates that an organization’s security is