Free Essay

It Auditing Ch 3 Powerpoint

In: Computers and Technology

Submitted By cursedthin
Words 7824
Pages 32
Chapter 3—Security Part I: Auditing Operating Systems and Networks

TRUE/FALSE

1. In a computerized environment, the audit trail log must be printed onto paper documents.

ANS: F PTS: 1

2. Disguising message packets to look as if they came from another user and to gain access to the host’s network is called spooling.

ANS: F PTS: 1

3. A formal log-on procedure is the operating system’s last line of defense against unauthorized access.

ANS: F PTS: 1

4. Computer viruses usually spread throughout the system before being detected.

ANS: T PTS: 1

5. A worm is software program that replicates itself in areas of idle memory until the system fails.

ANS: T PTS: 1

6. Viruses rarely attach themselves to executable files.

ANS: F PTS: 1

10. Operating system controls are of interest to system professionals but should not concern accountants and auditors.

ANS: F PTS: 1

11. The most frequent victims of program viruses are microcomputers.

ANS: T PTS: 1

13. Operating system integrity is not of concern to accountants because only hardware risks are involved.

ANS: F PTS: 1

14. Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual keystrokes and event-oriented logs.

ANS: T PTS: 1

15. In a telecommunications environment, line errors can be detected by using an echo check.

ANS: T PTS: 1

16. Firewalls are special materials used to insulate computer facilities

ANS: F PTS: 1

17. The message authentication code is calculated by the sender and the receiver of a data transmission.

ANS: T PTS: 1

18. The request-response technique should detect if a data communication transmission has been diverted.

ANS: T PTS: 1

19. Electronic data interchange translation software interfaces with the sending firm and the value added network.

ANS: F PTS: 1

20. A value added network can detect and reject transactions by unauthorized trading partners.

ANS: T PTS: 1

21. Electronic data interchange customers may be given access to the vendor's data files.

ANS: T PTS: 1

22. The audit trail for electronic data interchange transactions is stored on magnetic media.

ANS: T PTS: 1

23. A firewall is a hardware partition designed to protect networks from power surges.

ANS: F PTS: 1

24. To preserve audit trails in a computerized environment, transaction logs are permanent records of transactions.

ANS: T PTS: 1

25. Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating subschemas.

ANS: T PTS: 1

26. The standard format for an e-mail address is DOMAIN NAME@USER NAME.

ANS: F PTS: 1

27. The network paradox is that networks exist to provide user access to shared resources while one of its most important objectives is to control access.

ANS: T PTS: 1

28. IP spoofing is a form of masquerading to gain unauthorized access to a Web server.

ANS: T PTS: 1

29. The rules that make it possible for users of networks to communicate are called protocols.

ANS: T PTS: 1

30. A factor that contributes to computer crime is the reluctance of many organizations to prosecute criminals for fear of negative publicity.

ANS: T PTS: 1

31. Cookies are files created by user computers and stored on Web servers.

ANS: F PTS: 1

32. Because of network protocols, users of networks built by different manufacturers are able to communicate and share data.

ANS: T PTS: 1

33. The client-server model can only be applied to ring and star topologies.

ANS: F PTS: 1

34. Only two types of motivation drive DoS attacks: 1) to punish an organization with which the perpetrator had a grievance; and 2) to gain bragging rights for being able to do it.

ANS: F PTS: 1

35. A distributed denial of service (DDoS) attack may take the form of a SYN flood but not a smurf attack.

ANS: F PTS: 1

36. The bus topology connects the nodes in parallel.

ANS: T PTS: 1

37. A network topology is the physical arrangement of the components of the network.

ANS: T PTS: 1 38. A digital signature is a digital copy of the sender’s actual signature that cannot be forged.

ANS: F PTS: 1

39. A bus topology is less costly to install than a ring topology.

ANS: T PTS: 1

40. A smurf attack involves three participants: a zombie, an intermediary, and the victim.

ANS: F PTS: 1

41. In a hierarchical topology, network nodes communicate with each other via a central host computer.

ANS: T PTS: 1

42. Polling is one technique used to control data collisions.

ANS: T PTS: 1

43. The more individuals that need to exchange encrypted data, the greater the chance that the key will become known to an intruder. To overcome this problem, private key encryption was devised.

ANS: F PTS: 1

44. The intermediary in a smurf attack is also a victim.
ANS: T PTS: 1

45. A ping is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network.

ANS: T PTS: 1

46. HTML tags are customized to delimit attributes, the content of which can be read and processed by computer applications.

ANS: F PTS: 1

47. A ping is an Internet maintenance tool that is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network.

ANS: T PTS: 1

MULTIPLE CHOICE

1. The operating system performs all of the following tasks except
a.|translates third-generation languages into machine language|
b.|assigns memory to applications|
c.|authorizes user access|
d.|schedules job processing|

ANS: C PTS: 1

2. Which of the following is considered an unintentional threat to the integrity of the operating system?
a.|a hacker gaining access to the system because of a security flaw|
b.|a hardware flaw that causes the system to crash|
c.|a virus that formats the hard drive|
d.|the systems programmer accessing individual user files|

ANS: B PTS: 1

3. A software program that replicates itself in areas of idle memory until the system fails is called a
a.|Trojan horse|
b.|worm|
c.|logic bomb|
d.|none of the above|

ANS: B PTS: 1

4. A software program that allows access to a system without going through the normal logon procedures is called a
a.|logic bomb|
b.|Trojan horse|
c.|worm|
d.|back door|

ANS: D PTS: 1

5. All of the following will reduce the exposure to computer viruses except
a.|install antivirus software|
b.|install factory-sealed application software|
c.|assign and control user passwords|
d.|install public-domain software from reputable bulletin boards|

ANS: D PTS: 1

6. Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host’s network using a technique called
a.|spoofing.|
b.|spooling.|
c.|dual-homed.|
d.|screening.|

ANS: A PTS: 1

7. Which is not a biometric device?
a.|password|
b.|retina prints|
c.|voice prints|
d.|signature characteristics|

ANS: A PTS: 1

8. All of the following are objectives of operating system control except
a.|protecting the OS from users|
b.|protesting users from each other|
c.|protecting users from themselves|
d.|protecting the environment from users|

ANS: D PTS: 1

9. Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all of the following except
a.|failure to change passwords on a regular basis|
b.|using obscure passwords unknown to others|
c.|recording passwords in obvious places|
d.|selecting passwords that can be easily detected by computer criminals|

ANS: B PTS: 1

10. Audit trails cannot be used to
a.|detect unauthorized access to systems|
b.|facilitate reconstruction of events|
c.|reduce the need for other forms of security|
d.|promote personal accountability|

ANS: C PTS: 1

11. Which control will not reduce the likelihood of data loss due to a line error?
a.|echo check|
b.|encryption|
c.|vertical parity bit|
d.|horizontal parity bit|

ANS: B PTS: 1

12. Which method will render useless data captured by unauthorized receivers?
a.|echo check|
b.|parity bit|
c.|public key encryption|
d.|message sequencing|

ANS: C PTS: 1

13. Which method is most likely to detect unauthorized access to the system?
a.|message transaction log|
b.|data encryption standard|
c.|vertical parity check|
d.|request-response technique|

ANS: A PTS: 1

14. All of the following techniques are used to validate electronic data interchange transactions except
a.|value added networks can compare passwords to a valid customer file before message transmission|
b.|prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database|
c.|the recipient's application software can validate the password prior to processing|
d.|the recipient's application software can validate the password after the transaction has been processed|

ANS: D PTS: 1

15. In an electronic data interchange environment, customers routinely access
a.|the vendor's price list file|
b.|the vendor's accounts payable file|
c.|the vendor's open purchase order file|
d.|none of the above|

ANS: A PTS: 1

16. All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except
a.|verifying that only authorized software is used on company computers|
b.|reviewing system maintenance records|
c.|confirming that antivirus software is in use|
d.|examining the password policy including a review of the authority table|

ANS: B PTS: 1

17. Audit objectives for communications controls include all of the following except
a.|detection and correction of message loss due to equipment failure|
b.|prevention and detection of illegal access to communication channels|
c.|procedures that render intercepted messages useless|
d.|all of the above|

ANS: D PTS: 1

18. When auditors examine and test the call-back feature, they are testing which audit objective?
a.|incompatible functions have been segregated|
b.|application programs are protected from unauthorized access|
c.|physical security measures are adequate to protect the organization from natural disaster|
d.|illegal access to the system is prevented and detected|

ANS: D PTS: 1

19. In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective?
a.|all EDI transactions are authorized|
b.|unauthorized trading partners cannot gain access to database records|
c.|authorized trading partners have access only to approved data|
d.|a complete audit trail is maintained|

ANS: C PTS: 1

20. Audit objectives in the electronic data interchange (EDI) environment include all of the following except
a.|all EDI transactions are authorized|
b.|unauthorized trading partners cannot gain access to database records|
c.|a complete audit trail of EDI transactions is maintained|
d.|backup procedures are in place and functioning properly|

ANS: D PTS: 1

21. In determining whether a system is adequately protected from attacks by computer viruses, all of the following policies are relevant except
a.|the policy on the purchase of software only from reputable vendors|
b.|the policy that all software upgrades are checked for viruses before they are implemented|
c.|the policy that current versions of antivirus software should be available to all users|
d.|the policy that permits users to take files home to work on them|

ANS: D PTS: 1

22. Which of the following is not a test of access controls?
a.|biometric controls|
b.|encryption controls|
c.|backup controls|
d.|inference controls|

ANS: C PTS: 1

23. In an electronic data interchange environment, customers routinely
a.|access the vendor's accounts receivable file with read/write authority|
b.|access the vendor's price list file with read/write authority|
c.|access the vendor's inventory file with read-only authority|
d.|access the vendor's open purchase order file with read-only authority|

ANS: C PTS: 1

24. In an electronic data interchange environment, the audit trail
a.|is a printout of all incoming and outgoing transactions|
b.|is an electronic log of all transactions received, translated, and processed by the system|
c.|is a computer resource authority table|
d.|consists of pointers and indexes within the database|

ANS: B PTS: 1

25. All of the following are designed to control exposures from subversive threats except
a.|firewalls|
b.|one-time passwords|
c.|field interrogation|
d.|data encryption|

ANS: C PTS: 1

26. Many techniques exist to reduce the likelihood and effects of data communication hardware failure. One of these is
a.|hardware access procedures|
b.|antivirus software|
c.|parity checks|
d.|data encryption|

ANS: C PTS: 1

27. Which of the following deal with transaction legitimacy?
a.|transaction authorization and validation|
b.|access controls|
c.|EDI audit trail|
d.|all of the above|

ANS: D PTS: 1

28. Firewalls are
a.|special materials used to insulate computer facilities|
b.|a system that enforces access control between two networks|
c.|special software used to screen Internet access|
d.|none of the above|

ANS: B PTS: 1

29. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an)
a.|operating system.|
b.|database management system.|
c.|utility system|
d.|facility system.|
e.|object system.|

ANS: A PTS: 1

30. Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, is
a.|a smurf attack.|
b.|IP Spoofing.|
c.|an ACK echo attack|
d.|a ping attack.|
e.|none of the above|

ANS: E PTS: 1

31. Which of the following is true?
a.|Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate the contents of message packets. |
b.|An Intrusion prevention system works in parallel with a firewall at the perimeter of the network to act as a filer that removes malicious packets from the flow before they can affect servers and networks. |
c.|A distributed denial of service attack is so named because it is capable of attacking many victims simultaneously who are distributed across the internet.|
d.|None of the above are true statements.|

ANS: A PTS: 1 32. Advance encryption standard (AES) is
a.|a 64 -bit private key encryption technique |
b.|a 128-bit private key encryption technique |
c.|a 128-bit public key encryption technique |
d.|a 256-bit public encryption technique that has become a U.S. government standard |

ANS: B PTS: 1

33. What do you call a system of computers that connects the internal users of an organization that is distributed over a wide geographic area?
a.|LAN|
b.|decentralized network|
c.|multidrop network|
d.|Intranet|

ANS: D PTS: 1

34. Network protocols fulfill all of the following objectives except
a.|facilitate physical connection between network devices|
b.|provide a basis for error checking and measuring network performance|
c.|promote compatibility among network devices|
d.|result in inflexible standards|

ANS: D PTS: 1

35. To physically connect a workstation to a LAN requires a
a.|file server|
b.|network interface card|
c.|multiplexer|
d.|bridge|

ANS: B PTS: 1

36. Packet switching
a.|combines the messages of multiple users into one packet for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users.|
b.|is a method for partitioning a database into packets for easy access where no identifiable primary user exists in the organization.|
c.|is used to establish temporary connections between network devices for the duration of a communication session.|
d.|is a denial of service technique that disassembles various incoming messages to targeted users into small packages and then reassembles them in random order to create a useless garbled message. |

ANS: C PTS: 1

37. One advantage of network technology is
a.|bridges and gateways connect one workstation with another workstation|
b.|the network interface card permits different networks to share data|
c.|file servers permit software and data to be shared with other network users|
d.|a universal topology facilitates the transfer of data among networks|

ANS: C PTS: 1

38. A virtual private network:
a.| is a password-controlled network for private users rather than the general public.|
b.| is a private network within a public network.|
c.| is an Internet facility that links user sites locally and around the world.|
d.| defines the path to a facility or file on the web.|
e.| none of the above is true.|

ANS: B PTS: 1

39. Which topology has a large central computer with direct connections to a periphery of smaller computers? Also in this topology, the central computer manages and controls data communications among the network nodes.
a.|star topology|
b.|bus topology|
c.|ring topology|
d.|client/server topology|

ANS: A PTS: 1

40. A ping signal is used to initiate
a.| URL masquerading|
b.| digital signature forging|
c.| Internet protocol spoofing|
d.| a smurf attack|
e.| none of the above is true|

ANS: D PTS: 1

41. In a star topology, when the central site fails
a.|individual workstations can communicate with each other|
b.|individual workstations can function locally but cannot communicate with other workstations|
c.|individual workstations cannot function locally and cannot communicate with other workstations|
d.|the functions of the central site are taken over by a designated workstation|

ANS: B PTS: 1

42. Which of the following statements is correct? The client-server model
a.|is best suited to the token-ring topology because the random-access method used by this model detects data collisions.|
b.|distributes both data and processing tasks to the server’s node.|
c.|is most effective used with a bus topology.|
d.|is more efficient than the bus or ring topologies.|

ANS: B PTS: 1

43. A star topology is appropriate
a.|for a wide area network with a mainframe for a central computer|
b.|for centralized databases only|
c.|for environments where network nodes routinely communicate with each other|
d.|when the central database does not have to be concurrent with the nodes|

ANS: A PTS: 1

44. In a ring topology
a.|the network consists of a central computer which manages all communications between nodes|
b.|has a host computer connected to several levels of subordinate computers|
c.|all nodes are of equal status; responsibility for managing communications is distributed among the nodes|
d.|information processing units rarely communicate with each other|

ANS: C PTS: 1

45. A distributed denial of service (DDoS) attack
a.|is more intensive that a Dos attack because it emanates from single source|
b.|may take the form of either a SYN flood or smurf attack|
c.|is so named because it effects many victims simultaneously, which are distributed across the internet|
d.|turns the target victim's computers into zombies that are unable to access the Internet |
e.|none of the above is correct|

ANS: B PTS: 1

46. Which of the following statements is correct? TCP/IP
a.|is the basic protocol that permits communication between Internet sites.|
b.|controls Web browsers that access the WWW.|
c.|is the file format used to produce Web pages.|
d.|is a low-level encryption scheme used to secure transmissions in HTTP format.|

ANS: A PTS: 1

47. FTP
a.|is the document format used to produce Web pages.|
b.|controls Web browsers that access the Web.|
c.|is used to connect to Usenet groups on the Internet|
d.|is used to transfer text files, programs, spreadsheets, and databases across the Internet.|
e.|is a low-level encryption scheme used to secure transmissions in higher-level () format.|

ANS: D PTS: 1

48. IP spoofing
a.|combines the messages of multiple users into a “spoofing packet” where the IP addresses are interchanged and the messages are then distributes randomly among the targeted users.|
b.|is a form of masquerading to gain unauthorized access to a web server.|
c.|is used to establish temporary connections between network devices with different IP addresses for the duration of a communication session.|
d.|is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the IP address needed by other users.|

ANS: B PTS: 1

49. HTML
a.|is the document format used to produce Web pages.|
b.|controls Web browsers that access the Web.|
c.|is used to connect to Usenet groups on the Internet.|
d.|is used to transfer text files, programs, spreadsheets, and databases across the Internet.|
e.|is a low-level encryption scheme used to secure transmissions in higher-level () format.|

ANS: A PTS: 1

50. Which one of the following statements is correct?
a.|Cookies always contain encrypted data.|
b.|Cookies are text files and never contain encrypted data.|
c.|Cookies contain the URLs of sites visited by the user.|
d.|Web browsers cannot function without cookies.|

ANS: C PTS: 1

51. A message that is made to look as though it is coming from a trusted source but is not is called
a.|a denial of service attack|
b.|digital signature forging|
c.|Internet protocol spoofing|
d.|URL masquerading|

ANS: C PTS: 1

52. An IP Address:
a.|defines the path to a facility or file on the web.|
b.|is the unique address that every computer node and host attached to the Internet must have.|
c.|is represented by a 64-bit data packet.|
d.|is the address of the protocol rules and standards that governing the design of internet hardware and software.|
e.|none of the above is true.|

ANS: B PTS: 1 53. A digital signature is
a.|the encrypted mathematical value of the message sender’s name|
b.|derived from the digest of a document that has been encrypted with the sender’s private key|
c.|the computed digest of the sender’s digital certificate|
d.|allows digital messages to be sent over analog telephone lines|

ANS: B PTS: 1

54. HTTP
a.|is the document format used to produce Web pages.|
b.|controls Web browsers that access the Web.|
c.|is used to connect to Usenet groups on the Internet|
d.|is used to transfer text files, programs, spreadsheets, and databases across the Internet.|
e.|is a low-level encryption scheme used to secure transmissions in higher-level () format.|

ANS: B PTS: 1

55. Which of the following statements is correct?
a.|Packet switching combines the messages of multiple users into a “packet” for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users.|
b.|The decision to partition a database assumes that no identifiable primary user exists in the organization.|
c.|Packet switching is used to establish temporary connections between network devices for the duration of a communication session.|
d.|A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users.|

ANS: C PTS: 1

SHORT ANSWER

1. Briefly define an operating system.

ANS:
An integrated group of programs that supports the applications and facilitates their access to specified resources.

PTS: 1

2. What is a virus?

ANS:
A virus is a program that attaches itself to another legitimate program in order to penetrate the operating system.

PTS: 1

3. Describe one benefit of using a call-back device.

ANS:
Access to the system is achieved when the call-back device makes contact with an authorized user. This reduces the chance of an intruder gaining access to the system from an unauthorized remote location.

PTS: 1

4. Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages.

ANS:
In the Private Encryption Standard approach, both the sender and the receiver use the same key to encode and decode the message. In the Public Key Encryption approach all senders receive a copy of the key used to send messages; the receiver is the only one with access to the key to decode the message.

PTS: 1

5. List three methods of controlling unauthorized access to telecommunication messages.

ANS: call-back devices, data encryption, message sequence numbering, message authentication codes, message transaction logs, and request-response technique

PTS: 1

6. Describe two ways that passwords are used to authorize and validate messages in the electronic data interchange environment.

ANS: value-added networks use passwords to detect unauthorized transactions before they are transmitted to recipients; the recipient of the message can validate the password prior to translating the message; the recipient of the message can validate the password prior to processing the transaction

PTS: 1

7. Explain how transactions are audited in an electronic data interchange environment.

ANS:
Firms using electronic data interchange maintain an electronic log of each transaction as it moves from receipt to translation to communication of the message. This transaction log restores the audit trail that was lost because no source documents exist. Verification of the entries in the log is part of the audit process.

PTS: 1

8. What are some typical problems with passwords?

ANS: users failing to remember passwords; failure to change passwords frequently; displaying passwords where others can see them; using simple, easy-to-guess passwords

PTS: 1

9. Discuss the key features of the one-time password technique:

ANS:
The one-time password was designed to overcome the problems associated with reusable passwords.
The user’s password changes continuously.
This technology employs a credit card-sized smart card that contains a microprocessor programmed with an algorithm that generates, and electronically displays, a new and unique password every 60 seconds.
The card works in conjunction with special authentication software located on a mainframe or network server computer. Each user’s card is synchronized to the authentication software, so that at any point in time both the smart card and the network software are generating the same password for the same user.

PTS: 1

10. Describe two tests of controls that would provide evidence that the database management system is protected against unauthorized access attempts.

ANS: compare job descriptions with authority tables; verify that database administration employees have exclusive responsibility for creating authority tables and designing user subschemas; evaluate biometric and inference controls

PTS: 1

11. What is event monitoring?

ANS:
Event monitoring summarizes key activities related to system resources. Event logs typically record the IDs of all users accessing the system; the time and duration of a user’s session; programs that were executed during a session; and the files, databases, printers, and other resources accessed.

PTS: 1

12. What are the auditor's concerns in testing EDI controls?

ANS:
When testing EDI controls, the auditor's primary concerns are related to ascertaining that EDI transactions are authorized, validated, and in compliance with organization policy, that no unauthorized organizations gain access to records, that authorized trading partners have access only to approved data, and that adequate controls are in place to maintain a complete audit trail.

PTS: 1

13. What is a user-defined procedure?

ANS:
A user-defined procedure allows the user to create a personal security program or routine to provide more positive user identification than a password can. For example, in addition to a password, the security procedure asks a series of personal questions (such as the user’s mother’s maiden name), which only the legitimate user is likely to know.

PTS: 1

14. What are biometric devices?

ANS:
Biometric devices measure various personal characteristics such as fingerprints, voiceprints, retina prints, or signature characteristics. These user characteristics are digitized and stored permanently in a database security file or on an identification card that the user carries. When an individual attempts to access the database, a special scanning device captures his or her biometric characteristics, which it compares with the profile data stored internally or on the ID card. If the data do not match, access is denied.

PTS: 1

15. What can be done to defeat a DDoS Attack?

ANS:
Intrusion Prevention Systems (IPS) that employ deep packet inspection (DPI) are a countermeasure to DDoS attacks.

PTS: 1

16. What is deep packet inspection?

ANS:
DPI is a technique that searches individual network packets for protocol non-compliance and can identify and classify malicious packets based on a database of known attack signatures.

PTS: 1

17. Explain how smurf attacks can be controlled.

ANS:
The targeted organization can program their firewall to ignore all communication from the attacking site, once the attackers IP address is determined.

PTS: 1

18. Explain how SYN Flood attacks can be controlled.

ANS:
Two things can be done:
First, Internet hosts can program their firewalls to block outbound message packets that contain invalid internal IP addresses.
Second, security software can scan for half-open connections that have not been followed by an ACK packet. The clogged ports can then be restored to allow legitimate connections to use them.

PTS: 1

19. What problem is common to all private key encryption techniques?

ANS:
The more individuals who need to know the private key, the greater the probability of it falling into the wrong hands. If a perpetrator discovers the key, he or she can intercept and decipher coded messages.

PTS: 1

20. Discuss the private key encryption technique and its shortcomings.

ANS:
To encode a message, the sender provides the encryption algorithm with the key, which produces the ciphertext message. This is transmitted to the receiver’s location, where it is decoded using the same key to produce a cleartext message. Because the same key is used for coding and decoding, control over the key becomes an important security issue. The more individuals that need to exchange encrypted data, the greater the chance that the key will become known to an intruder who could intercept a message and read it, change it, delay it, or destroy it.

PTS: 1

21. Discuss the public key encryption technique.

ANS:
This approach uses two different keys: one for encoding messages and the other for decoding them. The recipient has a private key used for decoding that is kept secret. The encoding key is public and published for everyone to use. Receivers never need to share private keys with senders, which reduces the likelihood that they fall into the hands of an intruder. One of the most trusted public key encryption methods is Rivest-Shamir-Adleman (RSA). This method is, however, computationally intensive and much slower than private key encryption.

PTS: 1

22. What is a digital signature?

ANS:
A digital signature is an electronic authentication technique that ensures the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied. The digital signature is derived from a mathematically computed digest of the document that has been encrypted with the sender’s private key.

PTS: 1

23. What is a digital certificate?

ANS:
A digital certificate is like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender. Trusted third parties known as certification authorities (CA s) (for example, Veri-Sign, Inc.) issue digital certificates, also called digital IDs. The digital certificate is actually the sender’s public key that the CA has digitally signed. The digital certificate is transmitted with the encrypted message to authenticate the sender.

PTS: 1

24. What is a seal of assurance?

ANS:
In response to consumer demand for evidence that a web-based business is trustworthy, a number of trusted third-party organizations are offering seals of assurance that businesses can display on their website home pages. To legitimately bear the seal, the company must show that it complies with certain business practices, capabilities, and controls. Examples of seal are: Better Business Bureau (BBB), TRUSTe, Veri-Sign, Inc., International Computer Security Association (ICSA), AICPA/CICA WebTrust, and AICPA/CICA SysTrust.

PTS: 1

25. Describe a denial of service (DoS) attack and identify three common forms.

ANS:
A denial of service attacks (DoS) is an assault on a web server to prevent it from servicing its legitimate users. While such attacks can be aimed at any type of website, they are particularly devastating to business entities that are prevented from receiving and processing business transactions from their customers. Three common types of DoS attacks are: SYN flood, smurf, and distributed denial of service (DDoS).

PTS: 1

ESSAY

1. What are the three security objectives of audit trails? Explain.

ANS:
Audit trails support system security objectives in three ways. By detecting unauthorized access to the system, the audit trail protects the system from outsiders trying to breach system controls. By monitoring system performance, changes in the system may be detected. The audit trail can also contribute to reconstructing events such as system failures, security breaches, and processing errors. In addition, the ability to monitor user activity can support increased personal accountability.

PTS: 1

2. What is an operating system? What does it do? What are operating system control objectives?

ANS:
An operating system is a computer’s control program. It controls user sharing of applications and resources such as processors, memory, databases, and peripherals such as printers. Common PC operating systems include Windows 2000, Windows NT, and Linux.

An operating system carries out three primary functions: translating high level languages into machine language using modules called compilers and interpreters; allocating computer resources to users, workgroups, and applications; and managing job scheduling and multiprogramming.

Operating systems have five basic control objectives:
1. to protect itself from users,
2. to protect users from each other,
3. to protect users from themselves,
4. to protect it from itself, and
5. to protect itself from its environment.

PTS: 1

3. Discuss three sources of exposure (threats) to the operating system.

ANS:
1. Privileged personnel who abuse their authority. Systems administrators and systems programmers require unlimited access to the operating system to perform maintenance and to recover from system failures. Such individuals may use this authority to access users’ programs and data files.
2. Individuals both internal and external to the organization who browse the operating system to identify and exploit security flaws.
3. Individuals who intentionally (or accidentally) insert computer viruses or other forms of destructive programs into the operating system.

PTS: 1

4. Discuss three techniques for breaching operating system controls.

ANS:
Browsing involves searching through areas of main memory for password information.
Masquerading is a technique where a user is made to believe that he/she has accessed the operating system and therefore enters passwords, etc., that can later be used for unauthorized access.
A virus is a program that attaches itself to legitimate software to penetrate the operating system. Most are destructive.
A worm is software that replicates itself in memory.
A logic bomb is a destructive program triggered by some "logical" condition–a matching date, e.g., Michelangelo's birthday.

PTS: 1

5. A formal log-on procedure is the operating system’s first line of defense. Explain how this works.

ANS:
When the user logs on, he or she is presented with a dialog box requesting the user’s ID and password. The system compares the ID and password to a database of valid users. If the system finds a match, then the log-on attempt is authenticated. If, however, the password or ID is entered incorrectly, the log-on attempt fails and a message is returned to the user. The message should not reveal whether the password or the ID caused the failure. The system should allow the user to reenter the log-on information. After a specified number of attempts (usually no more than five), the system should lock out the user from the system.

PTS: 1

6. Explain the concept of discretionary access privileges.

ANS:
In centralized systems, a system administrator usually determines who is granted access to specific resources and maintains the access control list. In distributed systems, however, resources may be controlled (owned) by end users. Resource owners in this setting may be granted discretionary access privileges, which allow them to grant access privileges to other users. For example, the controller, who is the owner of the general ledger, may grant read-only privileges to a manager in the budgeting department. The accounts payable manager, however, may be granted both read and write permissions to the ledger. Any attempt by the budgeting manager to add, delete, or change the general ledger will be denied. The use of discretionary access control needs to be closely supervised to prevent security breaches because of its liberal use.

PTS: 1

7. Contrast a LAN and a WAN. Typically, who owns and maintains a WAN?

ANS:
A LAN is a local area network covering a limited geographic area (a room, a building, several buildings within a restricted geographic distance). Information processing units connected to a LAN are usually microcomputer-based workstations. Typically, LANs are privately owned and controlled.

When networks exceed the geographic limitations of the LAN, they are called WANs. Because of the distances involved and the high cost of telecommunication infrastructure, WANs are often commercial networks (at least in part) that the organization leases. The nodes of a WAN may include microcomputer workstations, minicomputers, mainframes, and LANs. The WAN may be used to link geographically dispersed segments of a single organization or connect multiple organizations in a trading partner arrangement.

PTS: 1

8. Explain how the one-time password approach works.

ANS:
Under this approach, the user’s password changes continuously. To access the operating system, the user must provide both a secret reusable personal identification number (PIN) and the current one-time only password for that point in time. One technology employs a credit-card-sized device (smart card) that contains a microprocessor programmed with an algorithm that generates, and visually displays, a new and unique password every 60 seconds. The card works in conjunction with special authentication software located on a mainframe host or network server computer. At any point in time both the smart card and the network software are generating the same password for the same user. To access the network, the user enters the PIN followed by the current password displayed on the card. The password can be used one time only.

PTS: 1

9. Network communication poses some special types of risk for a business. What are the two broad areas of concern? Explain.

ANS:
Two general types of risk exist when networks communicate with each other–risks from subversive threats and risks from equipment failure.
Subversive threats include interception of information transmitted between sender and receiver, computer hackers gaining unauthorized access to the organization’s network, and denial-of-service attacks from remote locations on the Internet. Methods for controlling these risks include firewalls, encryption, digital signatures, digital certificates, message transaction logs, and call-back devices.
Equipment failure can be the result of line errors. The problems can be minimized with the help of echo checks, parity checks, and good backup control.

PTS: 1

10. What is EDI? How does its use affect the audit trail?

ANS:
Electronic data interchange is an arrangement which links the computer systems of two trading partners to expedite sales/purchases. The buying company’s purchasing system creates and transmits a purchase order electronically in an agreed format, either directly or through a value-added network. The selling company receives the information, and it is converted electronically into a sales order.

The absence of paper documents in an EDI transaction disrupts the traditional audit trail. This can be compensated for through the use of transaction logs which can be reconciled.

PTS: 1

11. Describe three ways in which IPS can be used to protect against DDoS Attacks?

ANS:
1) IPS cam work inline with a firewall at the perimeter of the network to act as a filer that removes malicious packets from the flow before they can affect servers and networks.
2) IPS may be used behind the firewall to protect specific network segments and servers.
3) IPS can be employed to protect an organization from becoming part of a botnet by inspecting outbound packets and blocking malicious traffic before it reaches the Internet.

PTS: 1

12. Describe the basic differences between the star, ring, and bus topologies.

ANS:
The star topology is a configuration of IPUs with a large central computer (the host) at the hub (or center) that has connections to a number of smaller computers. Communication between nodes is managed from the host.

The ring topology connects many computers of equal status. There is no host. Management of communication is distributed among the nodes.

In the bus topology, all nodes are connected to a common cable, the bus. Communication and file transfer are controlled centrally by one or more server.

PTS: 1

13. What security questions must be considered with regard to Internet commerce?

ANS:
Security questions that must be answered to safeguard Internet commerce relate to: private or confidential financial data stored on a host or server that could be accessed by unauthorized individuals, interception of private information sent between sites, such as credit card numbers, and the risk of destruction of data and programs by virus attacks and other malice.

PTS: 1

14. Define and contrast digital certificate and digital signature.

ANS:
A digital certificate is like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender. These are issued by certification authorities.

A digital signature is an electronic authentication technique that ensures that the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied.

PTS: 1

15. Explain the function of the two parts of the TCP/IP protocol.

ANS:
The two parts of the TCP/IP protocol are the transfer control protocol (TCP) and the Internet protocol (IP). This controls how individual packets of data are formatted, transmitted, and received. The TCP supports the transport function of the OSI (Open System Interface) model that has been adopted by the International Standards Organization for the communication community. This ensures that the full message is received. The IP component provides the routing mechanism. It contains a network address and is used to route messages to their destinations.

PTS: 1

16. What are network protocols? What functions do they perform?

ANS:
Network protocols are the rules and standards governing the design of hardware and software that permit users of networks manufactured by different vendors to communicate and share data. Protocols perform a number of different functions.
a. They facilitate the physical connection between network devices.
b. They synchronize the transfer of data between physical devices.
c. They provide a basis for error checking and measuring network performance.
d. They promote compatibility among network devices.
e. They promote network designs that are flexible, expandable, and cost-effective.

PTS: 1 17. Explain a SYN Flood attack.
ANS:
Normally user establishes a connection on the Internet via a three-way handshake. The connecting server sends an initiation code called a SYN (SYNchronize) packet to the receiving server. The receiving server then acknowledges the request by returning a SYNchronize-AC Knowledge (SYN-AC K) packet. Finally, the initiating host machine responds with an ACK packet code. The SYN flood attack is accomplished by not sending the final acknowledgment to the server’s SYNACK response, which causes the server to keep signaling for acknowledgement until the server times out.

The individual or organization perpetrating the SYN flood attack transmits hundreds of SYN packets to the targeted receiver, but never responds with an ACK to complete the connection. As a result, the ports of the receiver’s server are clogged with incomplete communication requests that prevent legitimate transactions from being received and processed. Organizations under attack may, thus, be prevented from receiving Internet messages for days at a time.
PTS: 1

18. Explain a Smurf Attack.
ANS:
A smurf attack involves three parties: the perpetrator, the intermediary, and the victim. It is accomplished by exploiting an internet maintenance tool called a ping, which is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network.

The perpetrator of a smurf attack uses a program to create a ping message packet that contains the forged IP address of the victim’s computer (IP spoofing) rather than that of the actual source computer. The ping message is then sent to the intermediary, which is actually an entire sub network of computers. By sending the ping to the network’s IP broadcast address, the perpetrator ensures that each node on the intermediary network receives the echo request automatically. Consequently, each intermediary node sends echo responses to the ping message, which are returned to the victim’s IP address not the source computer’s. The resulting flood of echoes can overwhelm the victim’s computer and cause network congestion that makes it unusable for legitimate traffic.

PTS: 1

19. Explain a Distributed Denial of Service Attack.
ANS:
A distributed denial of service (DDoS) attack may take the form of a SYN flood or smurf attack. The distinguishing feature of the DDoS is the sheer scope of the event. The perpetrator of a DDoS attack may employ a virtual army of so-called zombie or bot (robot) computers to launch the attack. Since vast numbers of unsuspecting intermediaries are needed, the attack often involves one or more Internet Relay Chat (IRC) networks as a source of zombies. The perpetrator accesses the IRC and uploads a malicious program such as a Trojan horse, which contains DDoS attack script. This program is subsequently downloaded to the PCs of the many thousands of people who visit the IRC site. The attack program runs in the background on the new zombie computers, which are now under the control of the perpetrator. Via the zombie control program the perpetrator can direct the DDoS to specific victims and turn on or off the attack at will.

PTS: 1

20. Discuss the changing motivation behind a Denial of Service Attack

ANS:
The motivation behind DoS attacks may originally have been to punish an organization with which the perpetrator had a grievance or simply to gain bragging rights for being able to do it. Today, DoS attacks are also perpetrated for financial gain. Financial institutions, which are particularly dependent on Internet access, have been prime targets. Organized criminals threatening a devastating attack have extorted several institutions, including the Royal Bank of Scotland. The typical scenario is for the perpetrator to launch a short DDoS attack (a day or so) to demonstrate what life would be like if the organization were isolated from the Internet. After the attack, the CEO of the organization receives a phone call demanding that a sum of money be deposited in an off-shore account, or the attack will resume. Compared to the potential loss in customer confidence, damaged reputation, and lost revenues, the ransom may appear to be a small price to pay.

PTS: 1…...

Similar Documents

Premium Essay

Marketing Ch 3

...68 3 LEARNING OBJECTIVES After reading this chapter you should be able to: LO1 Scanning the Marketing Environment WEB 2.0 IS ALL ABOUT YOU! The Web is changing at an extraordinary pace and each new change provides more customization and convenience for you. If you use Myspace. com, Del.icio.us, Secondlife, or any one of hundreds of new products on the Web you are already part of the new world of the Web! Not long ago the Web simply provided a modern channel for traditional businesses. Music led the way with file-sharing services such as Napster and eventually online stores such as iTunes. The entire entertainment industry followed by offering books, movies, television, radio, and photography on the Web. The digital revolution allowed all of these businesses to benefit from the technical aspects of the Web. Now the term Web 2.0 is used to describe the changes in the World Wide Web that reflect the growing interest in collaboration, open sharing of information, and customer control. Many products and services such as podcasts, weblogs, videologs, social networking, bookmarking, wikis, folksonomy, and RSS feeds are already available, and many more are in development. As the focus moves from providing a new channel for existing businesses to empowering individual consumers with customized products, suddenly the Web is all about you! You can create your own video and post it on YouTube, sell your photos on iStockphoto, build a social networking site on Ning, and......

Words: 12727 - Pages: 51

Free Essay

Tax Ch. 3

...Chapter 3 Outline 300 Introduction – pg. 87 Tax accounting – the official reporting of income and expenses so a taxpayer’s taxable income for a particular period can be determined - The rules for determining when a business must recognize income and when it may deduct expense are referred to as the taxpayers method of accounting 301 Tax Accounting Distinguished from Financial Accounting - two sets of books because two different governing bodies Financial accounting – intended to provide useful information about a business so that management, owners, potential investors, creditors and other interested parties can make well informed investment, credit and other decisions - must prepare according to GAAP - accrual method – events reported in the accounting period in which they are earned or incurred rather than when its paid or received Tax accounting records – focuses on items of income and expense that are important for determining taxable income For external (financial) reporting – GAAP allows a business to choose among various acceptable accounting methods - management interested in making business look successful and thriving Tax accounting – goal is to pay least amount of taxes as legally possible Accounting Periods – pg. 89 - tax year – period of time taxpayers use to calculate taxable income o may or may not be the same as the annual accounting period used for financial reporting purposes o no constitutional requirement that income be......

Words: 2218 - Pages: 9

Premium Essay

Ch 1-3

...Sarasota Campus March, 2013 Dissertation Committee Approval: ------------------------------------------------- Dissertation Chair: Dr. Janice Powell Ed.D Date ------------------------------------------------- Committee Member: Dr. Denise Davis-Cotton Ed.D Date ------------------------------------------------- Program Chair: Dr. George Spagnola Ed.D Date TABLE OF CONTENTS TABLE OF TABLES ii TABLE OF FIGURES vii TABLE OF APPENDICES ix CHAPTER ONE: THE PROBLEM AND ITS COMPONENTS 1 Introduction 1 Problem Background 1 Purpose of the Study 1 Problem Statement 2 Research Questions 2 Limitations and Delimitations 3 Definitions of Terms 4 Significance of the Study 8 Overview of Study 8 CHAPTER TWO: REVIEW OF THE LITERATURE 9 Introduction 10 Introduction to the i-Generation 12 Technology’s Role in School Reform 14 Technology and Student Achievement 19 Teaching Reading Through the use of Technology 23 Pearson’s Digital Learning Platform SuccessMaker 25 Summary 30 CHAPTER THREE: METHODOLOGY 31 Introduction 31 Research Design 32 Target Population 33 Instrumentation 33 Assumptions 34 Procedures 34 Data Processing and Analysis 36 Summary 37 REFERENCES 38 CHAPTER ONE: THE PROBLEM AND ITS COMPONENTS Introduction America’s children are falling behind other......

Words: 9921 - Pages: 40

Premium Essay

Summary Ch 3

...Topic Report Chapter 3 Communicating in a World of Diversity This chapter is explaining to us how communication is diverse all over the world. The first thing the chapter talks about is the opportunities in a global marketplace, which includes new customers, labor sources, and new possibilities for enhancement. The advantages of a Diverse Workforce connects you with customers in different parts of the world and extend you pool of talent, you get a broader range of views and ideas, and a better understanding of diverse, fragmented markets. Another thing they talk about is some challenges faced with intercultural communication like skills, traditions backgrounds, experiences, outlooks, and attitudes toward work; all which can affect communication in the workplace. For example, teams face the challenge of working together closely, and companies are challenged to co-exist peacefully with business partners and with the community as a whole. The way you communicate is deeply influenced by the culture in which you were raised.  The meaning of words, gestures, the importance of time and space, the rules of the human relationships- these and many others are defined by culture.  Your culture also influences the way you think, which naturally affects the way you communicate as both a sender and receiver. Another thing also discussed in this chapter are the negative cultural attitudes like Ethnocentrism and Stereotyping. Ethnocentrism means when a person is judging another......

Words: 321 - Pages: 2

Premium Essay

Ch 3 Review

...Chapter 3 (REVIEW-Self study chapter) After studying this chapter, you should be able to: Understand basic accounting terminology. Explain double-entry rules. Explain how transactions affect the accounting equation. Identify the steps in the accounting cycle and the steps in the recording process. Explain the reasons for and prepare adjusting entries. Explain how the type of ownership structure affects the financial statements. Prepare closing entries and consider other matters relating to the closing process. Prepare a 10-column work sheet and financial statements. After studying Appendix 3A, you should be able to: Identify adjusting entries that may be reversed. THE ACCOUNTING INFORMATION SYSTEM The Accounting Information System Basic Terminology Event: The cause of changes of assets, liabilities, and equity Transaction: A transfer or exchange between two or more entities or parties Account: Where transactions are recorded - A separate account is used for each asset, liability, revenue, expense, gain, loss and capital (owner’s equity) Permanent accounts (or “real” accounts) * Asset, liability, and equity accounts * Appear on the balance sheet * Permanent accounts are not closed at year end Temporary accounts (or “nominal” accounts) * Revenue, expense, and dividend accounts * Revenue and expenses are on the income statement; dividends are on the statement of changes in shareholders equity. *......

Words: 1362 - Pages: 6

Free Essay

Ch. 1 & 3

...Chapter 1 and Chapter 3 - Questions and Exercises Chapter 1 (pages 26-27) 1. What are the potential ethical issues faced by Acme Corporation? The potential ethical issues faced by Acme Corporation is giving gifts can lead to dilemmas about whether the gift being given will be perceived as a bribe or simply a gift. If gifts are given, it shouldn’t be given to one person, but instead, an entire team or division. As this could cause other members of the team to feel that there is something more is happening. In this specific case, Frank is giving personal gifts only to Otis, which could cause problems for Frank and/or Acme Corporation in the future. 2. What should Acme do if there is a desire to make ethics a part of its core organizational values? Acme Corporation should make sure that all the rules and guidelines are in writing as well as communicate them to all the personnel as part of its core organizational values. These guidelines should detail items including the giving of gifts to customers as far as a maximum dollar amount or the number of times you are allowed to do it per customer. 3. Identify the ethical issues of which Frank needs to be aware. The ethical issue that Frank needs to be aware of is the fact that, Otis can perceives the gifts he is being given as a bribe. It seemed as Frank was unsure about Otis’ request in Vegas, what will happen if he doesn’t satisfy this request? It’s good to go with your initial feeling and if needed, say no in a......

Words: 680 - Pages: 3

Premium Essay

Patterson Ch. 3

...Chapter Three Federalism: Forging a Nation Chapter Outline I. Federalism: National and State Sovereignty A. The Argument for Federalism 1. Protecting Liberty 2. Moderating the Power of Government 3. Strengthening the Union B. The Powers of the Nation 1. Enumerated Powers 2. Implied Powers C. The Powers of the States II. Federalism in Historical Perspective A. An Indestructible Union (1789–1865) 1. The Nationalist View: McCulloch v. Maryland 2. The States’ Rights View: The Dred Scott Decision B. Dual Federalism and Laissez-Faire Capitalism (1865–1937) 1. The Fourteenth Amendment and State Discretion 2. Judicial Protection of Business 3. National Authority Prevails C. Toward National Citizenship III. Federalism Today A. Interdependency and Intergovernmental Relations B. Government Revenues and Intergovernmental Relations 1. Fiscal Federalism 2. Categorical and Block Grants C. Devolution 1. The Republican Revolution 2. Devolution, Judicial Style IV. The......

Words: 3398 - Pages: 14

Free Essay

Alvis Ch 3

...Ch 3 Alvis Corporation Kevin McCarthy is a manager of a production department in Alvis Corporation, a firm that manufactures office equipment. After reading an article that stressed the benefits of participative management, Kevin believes that these benefits could be realised in his department if the workers are allowed to participate in making some decisions that affect them. The workers are not unionized. Kevin selected two decisions for his experiment in participative management. The first decision involved vacation schedules. Each summer the workers were given two weeks- vacation, but no more than two workers can go on vacation at the same time. In prior years, Kevin made this decision himself. He would first ask the workers to indicate their preference dates, and then he considered how the work would be affected if different people were out at the same time. It was important to plan a vacation schedule that would ensure adequate staffing for all the essential operations performed by the department. When more than two workers wanted the same time period, and they had similar skills, he usually gave preference to the worker with highest productivity. The second decision involved production standards. Sales had been increasing steadily over the past few years, and the company recently installed some new equipment to increase productivity. The new equipment would allow Kevin%u2019s department to produce more with the same number of workers. The company had a pay......

Words: 1184 - Pages: 5

Premium Essay

Case 3 Auditing

...Prefab Sprout Construction Company You have been approached about auditing Prefab Sprout Construction Company, a family-run general contracting company which is publicly traded on the New York Stock Exchange. The president of Prefab is Jack Warner. His wife, Joan, is the vice president and his son, John, is the treasurer. The Warner family owns about 40 percent of all outstanding shares and no other investor owns more than 1 percent. The company has been previously audited (receiving standard unqualified opinions) by a sole practitioner who closed his practice and is now the controller of Prefab. The company has an audit committee consisting of Joan, John and a local college professor. The company also has a compensation committee consisting of Jack, the company’s lawyer and an employee selected on a rotating basis. Prefab specializes in modular home developments located in areas of South Florida that are densely populated by retirees and recent immigrants from the Caribbean basin. Prefab acquires land, builds streets and other land improvements, builds modular homes on the land and then sells the entire development to limited partnerships that are set up as tax shelters. Prefab finances most of its construction costs through the Sun Atlantic Bank in Fort Lauderdale. Prefab's condensed financial statements for 2013 (audited) and 2014 (un-audited) are presented below. 2013 2014 Cash Receivables Projects in progress Total assets Bank loans......

Words: 867 - Pages: 4

Premium Essay

Mkt 215 Ch 3

...Kimley Ferguson MKT 215 DL01 9/21/14 Chapter 3 Review 3-1. List the three prescriptions to serve as a foundation for development of a relationship strategy. Values Clarity Support 3-2. How does business slander differ from business libel? Slander is verbal while libel is written untrue or unfair statements about a competitor 3-3. What major factors helped influence salespeople's ethical conduct? Legal standards, Standards set forth by their company; officially and what is observed by the salesperson Their own personal set of ethics 3-4. What is the Uniform Commercial Code? Why is it needed? The laws most directly influencing sales in the United States. They focused on the buyer-seller dynamic and give the customers some protection with the opportunity to reconsider purchasing decisions in the event that they were misled or persuaded toward purchases unfairly. 3-5. Why must a salesperson's ethical sense extend beyond the legal definition of what is right and wrong? What is legal may not necessarily be ethical. It is perfectly legal to leave your sales team in a lurch only to return in time to save the transaction and get all the credit for solving the issue. Your co workers (and likely your supervisor) will see it as unethical and dishonest. 3-6. Explain why the sales manager plays such an important role in influencing the ethical behavior of salespeople. The sales manager is the salesperson's role mode. Their behavior and......

Words: 330 - Pages: 2

Premium Essay

Nt1210 Ch 3 Review

...NT1210 Chapter 3 Review 1. B 2. C, D 3. C 4. A, D 5. C, D 6. A 7. D 8. B 9. B 10. D 11. C 12. C 13. C 14. D 15. B 16. A, D 17. A, C 18. B, C 19. B 20. B, C, D Key Terms TCP/IP Networking – Computer network that uses the standards defined by the TCP/IP model. Networking standard – Document that details information about technology related to networking. TCP/IP model – Collection of standards related to all parts of networking. Open networking model – Model whose standards can be read and used to create products. Open Systems Interconnection (OSI) Model – Open networking model developed by ISO. Encoding – Process of varying the energy signal on a link so that bits can communicate over a link. Header – Bytes of data, defined by some standard or protocol. Trailer – Used almost exclusively by data link layer protocols. Leased line – A physical line between two locations, provided by a telco. Internet Protocol (IP) – The main TCP/IP network layer protocol. IP address – A 32 bit binary number, often written in the DDN format. IP routing – Forwarding an IP packet from end to end through a TCP/IP network. Frame – Refers to the data link header and trailer plus data encapsulated in between Packet – Refers to the network layer header plus any headers that follow through the user data. Acronyms TCP/IP – Transmission Control Protocol/Internet Protocol TCP – Transmission Control Protocol HTTP – Hypertext Transfer Protocol LAN – Local......

Words: 286 - Pages: 2

Premium Essay

Ib Ch.3

...across and within nations can affect the way in which business is practiced) is important to success in international business There may be a relationship between culture and the costs of doing business in a country or region Culture is not static, and the actions of MNEs can contribute to cultural change 2. What is Culture? Question: What is culture?  Culture is a system of values (abstract ideas about what a group believes to be good, right, and desirable) and norms (the social rules and guidelines that prescribe appropriate behavior in particular situations) that are shared among a group of people and that when taken together constitute a design for living  A society is a group of people who share a common set of values and norms 3. Values and Norms  Values provide the context within which a society’s norms are established and justified  Norms are the social rules that govern the actions of people toward one another and can be further subdivided into ◦ folkways (the routine conventions of everyday life) ◦ mores (norms that are seen as central to the functioning of a society and to its social life) 4. Culture, Society, and the Nation-State A society can be defined as a group of people that share a common set of values and norms  There is not a strict one-to-one correspondence between a society and a nation-state ◦ Nation- states are political creations that can contain a single culture or several cultures ◦ Some cultures embrace several nations 5. Cultural......

Words: 2521 - Pages: 11

Premium Essay

Laib- Ch 3-Disputes

...3/7/2016 CHAPTER 3 Disputes involving private parties  International disputes must either be heard • • DISPUTE RESOLUTION   in a domestic system using domestic law (with the consent of both parties) unless the dispute is between 2 states (then an international tribunal/court can be convened). The law of the forum, where the dispute is being heard, will supply the procedural rules that will allow it to review the substantive matter (legal issues at stake). Disputes involving a private individual or company usually end up in a domestic court of a state. 3-1 © 2009 Pearson Education, Inc publishing as Prentice Hall Disputes between states   3-2 © 2009 Pearson Education, Inc publishing as Prentice Hall Are taken to an international tribunal, such as the ICJ (International Court of Justice) or the dispute resolution panel of the World Trade Organization (if both states are members) and the matter involves a trade in goods issue. The International Criminal Court (ICC) is a court of last resort which tries persons accused of the most serious crimes against humanity (crimes such as genocide). Settlement of Disputes in International Tribunals International Court of Justice International Criminal Court World Trade Organization Dispute Settlement Procedures 3-3 © 2009 Pearson Education, Inc publishing as Prentice Hall 4 © 2009 Pearson Education, Inc publishing as Prentice......

Words: 3005 - Pages: 13

Premium Essay

Review of Ch 6 Auditing

...more professional If we can learn employer’s expectations for document design and adhere to them. We should choose high quality material-the best paper and the best print. To give a document a professional look we should consider the following: 1. Paper and print: We should always choose high quality paper for a formal or professional document. The paper always makes a good impression. Also, we should print the document on a good printer to give a professional appearance. Choosing a right font size and a right font style are important considerations too. We shouldn’t use unusual fonts for business document. 2. White space and margin: In order to look appealing, a document should have a good balance between the white space and the margin. 3. Neatness: Sloppiness in a document is unprofessional and careless. We should always proofread the final hard copy as well as using computer spell-checker. Formatting Use of various formatting devices, such as headings, lists and set-off material make pages more attractive and easier to read. • Headings: Headings break up the text into smaller chunks and help readers to reflect on what they have read. Headings can be broken down into several level of division and the style of the headings varies with the level of division. • Lists and set-off material: Lists and set-off material makes a document easier to read. Use of number, bullet etc. for listing items and double space before and after the list makes it look......

Words: 743 - Pages: 3

Premium Essay

Ch 2 Ex 3

...Andrew Gunnoe MSBA 5600 Ch 2 Ex 3 8/28/12 A) Rash-Away Contribution Margin (CM) = ($2.00 - $1.40)/$2.00 = .3 CM = Unit Selling Price – Unit Variable Cost / Unit Selling Price Absolute Increase in Unit Sales = $150,000 / $.60 (Unit Contribution) = 250,000 units Absolute Increase in Dollar Sales = $150,000 / .3 (CM) = $500,000 Red-Away Contribution Margin (CM) = ($1.00 - .25)/$1.00 = .75 CM = Unit Selling Price – Unit Variable Cost / Unit Selling Price Absolute Increase in Unit Sales = $150,000 / $.75 (Unit Contribution) = 200,000 units Absolute Increase in Dollar Sales = $150,000 / .75 (CM) = $200,000 B) Absolute Increase in dollar sales / Advertising (Fixed Cost) = Total Sales Dollars that must be produced to cover each incremental dollar of advertising Rash-Away $500,000 / $150,000 = $3.33 An additional $1.33 is needed to support the $150,000 of advertising Red-Away $200,000 / $150,000 = $1.67 An additional $.67 is needed to support the $150,000 of advertising C) Rash-Away Contribution Margin (CM) = ($1.80 - $1.40)/$.40 = .22 CM = Unit Selling Price – Unit Variable Cost / Unit Selling Price Absolute Increase in Unit Sales = $150,000 / $.40 (Unit Contribution) = 375,000 units Absolute Increase in Dollar Sales = $150,000 / .22 (CM) =......

Words: 256 - Pages: 2