AIS exam 2 review (updated)
questions and verified answers
While straightening the store at the end of the day, a shoe store employee finds and keeps an
expensive pair of sunglasses left by a customer. - ANS ✔✔Which of the following is not an
example of one of the basic types of fraud?
A) A salesperson approves a large sales discount on an order from a company owned partially
by the salesperson's sister.
B) While straightening the store at the end of the day, a shoe store employee finds and keeps an
expensive pair of sunglasses left by a customer.
C) A purchasing agent places a large order at higher-than-normal unit prices with a vendor that
gave the agent tickets to several football games.
D) An executive devised and implemented a plan to accelerate revenue recognition on a long-
term contract, which will allow the company to forestall filing for bankruptcy. The executive
does not own any stock, stock options or grants, and will not receive a bonus or perk because of
the overstated revenue.
allowing computer operators full access to the computer room - ANS ✔✔Which of the following
is least likely to result in computer fraud?
A) releasing data to unauthorized users
B) storing backup tapes in a location where they can be quickly accessed
C) allowing computer operators full access to the computer room
D) allowing computer users to test software upgrades
awareness training - ANS ✔✔Which of the following preventive controls are necessary to
provide adequate security for social engineering threats?
,A) host and application hardening B) encryption
C) awareness training D) controlling remote access
close relationship with the current audit engagement partner and manager - ANS ✔✔4 Which
of the following is not a management characteristic that increases pressure to commit
fraudulent financial reporting?
A) close relationship with the current audit engagement partner and manager
B) pay for performance incentives based on short-term performance measures
C) high management and employee turnover
D) highly optimistic earnings projections
detective control - ANS ✔✔In 2007, a major U.S. financial institution hired a security firm to
attempt to compromise its computer network. A week later, the firm reported that it had
successfully entered the system without apparent detection and presented an analysis of the
vulnerabilities that had been found. This is an example of a
authentication control - ANS ✔✔Noseybook is a social networking site that boasts over a million
registered users and a quarterly membership growth rate in the double digits. As a
consequence, the size of the information technology department has been growing very rapidly,
with many new hires. Each employee is provided with a name badge with a photo and
embedded computer chip that is used to gain entry to the facility. This is an example of a(n)
Collection - ANS ✔✔If an organization asks you to disclose your social security number, but
decides to use it for a different purpose than the one stated in the organization's privacy
policies, the organization has likely violated which of the Generally Accepted Privacy Principles?
A) Collection
B) Access
, C) Security
D) Quality
Log Analysis - ANS ✔✔________ is/are an example of a detective control.
A) Physical access controls
B) Encryption
C) Emergency response teams
D) Log analysis
A. Eliminating fraud: cannot eliminate all fraud - ANS ✔✔All of the following are basic purposes
of internal control except
A. Eliminating fraud
B. Ensuring reliable financial statements
C. Promoting Operating Efficiency
D. Safeguarding assets
Sarbanes-Oxley Act requires management to assess a company's internal control annually. - ANS
✔✔Which of the following legally requires management to assess a company's internal control
annually?
Foreign Corrupt Practices Act
Brown's risk taxonomy
COSO Internal control framework
Sarbanes-Oxley Act
questions and verified answers
While straightening the store at the end of the day, a shoe store employee finds and keeps an
expensive pair of sunglasses left by a customer. - ANS ✔✔Which of the following is not an
example of one of the basic types of fraud?
A) A salesperson approves a large sales discount on an order from a company owned partially
by the salesperson's sister.
B) While straightening the store at the end of the day, a shoe store employee finds and keeps an
expensive pair of sunglasses left by a customer.
C) A purchasing agent places a large order at higher-than-normal unit prices with a vendor that
gave the agent tickets to several football games.
D) An executive devised and implemented a plan to accelerate revenue recognition on a long-
term contract, which will allow the company to forestall filing for bankruptcy. The executive
does not own any stock, stock options or grants, and will not receive a bonus or perk because of
the overstated revenue.
allowing computer operators full access to the computer room - ANS ✔✔Which of the following
is least likely to result in computer fraud?
A) releasing data to unauthorized users
B) storing backup tapes in a location where they can be quickly accessed
C) allowing computer operators full access to the computer room
D) allowing computer users to test software upgrades
awareness training - ANS ✔✔Which of the following preventive controls are necessary to
provide adequate security for social engineering threats?
,A) host and application hardening B) encryption
C) awareness training D) controlling remote access
close relationship with the current audit engagement partner and manager - ANS ✔✔4 Which
of the following is not a management characteristic that increases pressure to commit
fraudulent financial reporting?
A) close relationship with the current audit engagement partner and manager
B) pay for performance incentives based on short-term performance measures
C) high management and employee turnover
D) highly optimistic earnings projections
detective control - ANS ✔✔In 2007, a major U.S. financial institution hired a security firm to
attempt to compromise its computer network. A week later, the firm reported that it had
successfully entered the system without apparent detection and presented an analysis of the
vulnerabilities that had been found. This is an example of a
authentication control - ANS ✔✔Noseybook is a social networking site that boasts over a million
registered users and a quarterly membership growth rate in the double digits. As a
consequence, the size of the information technology department has been growing very rapidly,
with many new hires. Each employee is provided with a name badge with a photo and
embedded computer chip that is used to gain entry to the facility. This is an example of a(n)
Collection - ANS ✔✔If an organization asks you to disclose your social security number, but
decides to use it for a different purpose than the one stated in the organization's privacy
policies, the organization has likely violated which of the Generally Accepted Privacy Principles?
A) Collection
B) Access
, C) Security
D) Quality
Log Analysis - ANS ✔✔________ is/are an example of a detective control.
A) Physical access controls
B) Encryption
C) Emergency response teams
D) Log analysis
A. Eliminating fraud: cannot eliminate all fraud - ANS ✔✔All of the following are basic purposes
of internal control except
A. Eliminating fraud
B. Ensuring reliable financial statements
C. Promoting Operating Efficiency
D. Safeguarding assets
Sarbanes-Oxley Act requires management to assess a company's internal control annually. - ANS
✔✔Which of the following legally requires management to assess a company's internal control
annually?
Foreign Corrupt Practices Act
Brown's risk taxonomy
COSO Internal control framework
Sarbanes-Oxley Act
