Академический Документы
Профессиональный Документы
Культура Документы
TRUE/FALSE
1. The database approach to data management is sometimes called the flat file approach.
ANS: F PTS: 1
2. The database management system provides a controlled environment for accessing the database.
ANS: T PTS: 1
3. To the user, data processing procedures for routine transactions, such as entering sales orders, appear to
be identical in the database environment and in the traditional environment.
ANS: T PTS: 1
4. An important feature associated with the traditional approach to data management is the ability to
produce ad hoc reports.
ANS: F PTS: 1
5. The data definition language is used to insert special database commands into application programs.
ANS: F PTS: 1
ANS: F PTS: 1
ANS: F PTS: 1
ANS: F PTS: 1
ANS: F PTS: 1
ANS: F PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
11. Subschemas are used to authorize user access privileges to specific data elements.ACCESS CONTROL
ANS: F PTS: 1
12. A recovery module suspends all data processing while the system reconciles its journal files against the
database.CHECKPOINT FEATURE
ANS: F PTS: 1
13. The database management system controls access to program files.ACCESS CONTROL
ANS: F PTS: 1
14. Examining programmer authority tables for information about who has access to Data Definition
Language commands will provide evidence about who is responsible for creating subschemas.
ANS: T PTS: 1
15. Data normalization groups data attributes into tables in accordance with specific design objectives.
ANS: T PTS: 1
16. Under the database approach, data is viewed as proprietary or owned by users.
ANS: F PTS: 1
17. The data dictionary describes all of the data elements in the database.
ANS: T PTS: 1
ANS: F PTS: 1
ANS: T PTS: 1
ANS: F PTS: 1
21. A lockout is a software control that prevents multiple users from simultaneous access to data.
ANS: T PTS: 1
22. An entity is any physical thing about which the organization wishes to capture data.
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
ANS: F PTS: 1
ANS: T PTS: 1
24. The term occurrence is used to describe the number of attributes or fields pertaining to a specific
entity.RECORD
ANS: F PTS: 1
25. Cardinality describes the number of possible occurrences in one table that are associated with a single
occurrence in a related table.
ANS: T PTS: 1
MULTIPLE CHOICE
a. data deletion
b. data storage
c. data attribution
d. data retrieval
ANS: C PTS: 1
2. The task of searching the database to locate a stored record for processing is called
a. data deletion
b. data storage
c. data attribution
d. data retrieval
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
ANS: D PTS: 1
3. Which of the following is not a problem usually associated with the flat-file approach to data
management?
a. data redundancy
c. data storage
d. currency of information
ANS: B PTS: 1
a. data sharing
c. data redundancy
ANS: A PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
5. Which characteristic is not associated with the database approach to data management?
ANS: D PTS: 1
6. The textbook refers to four interrelated components of the database concept. Which of the following is
not one of the components?
ANS: D PTS: 1
c. ensure that the internal schema and external schema are consistent
ANS: C PTS: 1
c. the subschema
ANS: A PTS: 1
9. Which of the following may provide many distinct views of the database?
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
a. the schema
ANS: C PTS: 1
a. by direct query
ANS: A PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
11. The data definition language
a. identifies, for the database management system, the names and relationships of all data
elements, records, and files that comprise the database
c. permits users to process data in the database without the need for conventional programs
ANS: A PTS: 1
ANS: C PTS: 1
ANS: B PTS: 1
ANS: C PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
a. links between related records are implicit
c. an owner (parent) record may own just one member (child) record
d. a member (child) record may have more than one owner (parent)
ANS: B PTS: 1
16. Which term is not associated with the relational database model?
a. tuple
b. attribute
c. collision
d. relation
ANS: C PTS: 1
ANS: C PTS: 1
18. In the relational database model all of the following are true except
ANS: D PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
a. the users view of the physical database is the same as the physical database
c. a virtual table exists in the form of rows and columns of a table stored on the disk
ANS: B PTS: 1
20. Which of the following is not a common form of conceptual database model?
a. hierarchical
b. network
c. sequential
d. relational
ANS: C PTS: 1
a. The DBMS is special software that is programmed to know which data elements each user
is authorized to access.
c. During processing, the DBMS periodically makes backup copies of the physical database.
ANS: D PTS: 1
22. All of the following are elements of the DBMS which facilitate user access to the database except
a. query language
ANS: B PTS: 1
23. Which of the following is a level of the database that is defined by the data definition language?
a. user view
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
b. schema
c. internal view
ANS: D PTS: 1
a. partitioned database
b. centralized database
c. networked database
ANS: A PTS: 1
ANS: B PTS: 1
26. Which procedure will prevent two end users from accessing the same data element at the same time?
a. data redundancy
b. data replication
c. data lockout
ANS: C PTS: 1
27. The advantages of a partitioned database include all of the following except
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
ANS: B PTS: 1
ANS: B PTS: 1
29. What control maintains complete, current, and consistent data at all information processing units?
a. deadlock control
b. replication control
c. concurrency control
d. gateway control
ANS: C PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
ANS: B PTS: 1
ANS: B PTS: 1
32. Which backup technique is most appropriate for sequential batch systems?
a. grandparent-parent-child approach
c. direct backup
ANS: A PTS: 1
33. When creating and controlling backups for a sequential batch system,
a. the number of backup versions retained depends on the amount of data in the file
d. the more significant the data, the greater the number of backup versions
ANS: D PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
ANS: C PTS: 1
a. antivirus software
c. passwords
d. voice prints
ANS: A PTS: 1
36. Which of the following is not a basic database backup and recovery feature?
a. checkpoint
b. backup database
c. transaction log
ANS: D PTS: 1
37. Audit objectives for the database management system include all of the following except
a. verifying that the security group monitors and reports on fault tolerance violations
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
c. ensuring that authorized users access only those files they need to perform their duties
ANS: A PTS: 1
38. All of the following tests of controls will provide evidence that access to the data files is limited except
c. comparing job descriptions with access privileges stored in the authority table
ANS: B PTS: 1
a. biometric controls
b. encryption controls
c. backup controls
d. inference controls
ANS: C PTS: 1
40. The database attributes that individual users have permission to access are defined in
a. operating system.
b. user manual.
c. database schema.
d. user view.
e. application listing.
ANS: D PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
SHORT ANSWER
1. _________________________ occurs when a specific file is reproduced for each user who needs
access to the file.
ANS:
data redundancy
PTS: 1
ANS:
schema
PTS: 1
ANS:
query language
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
PTS: 1
ANS:
database administrator
PTS: 1
ANS:
data dictionary
PTS: 1
6. How does the database approach solve the problem of data redundancy?
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
ANS:
Data redundancy is not a problem with the database approach because individual data elements need to
be stored only once yet be available to multiple users.
PTS: 1
7. Describe two tests of controls that would provide evidence that the database management system is
protected against unauthorized access attempts.
ANS:
compare job descriptions with authority tables; verify that database administration employees have
exclusive responsibility for creating authority tables and designing user subschemas; evaluate biometric
and inference controls
PTS: 1
ANS:
The database authorization table contains rules that limit the actions a user can take. Each user is
granted certain privileges that are coded in the authority table, which is used to verify the users action
requests.
PTS: 1
ANS:
PTS: 1
ANS:
A partitioned database approach works best in organizations that require minimal data sharing among
its information processing units and when a primary user of the data can be identified.
PTS: 1
11. Why are the hierarchical and network models called navigational databases?
ANS:
These are called navigational models because traversing or searching them requires following a
predefined path which is established through explicit linkages between related records.
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
12. What is a database lockout?
ANS:
To achieve data currency, simultaneous access to individual data elements by multiple sites needs to be
prevented. The solution to this problem is to use a database lockout, which is a software control that
prevents multiple simultaneous accesses to data.
PTS: 1
13. What is the partitioned database approach and what are its advantages?
ANS:
The partitioned database approach splits the central database into segments or partitions that are
distributed to their primary users. The advantages of this approach are:
14. What is a replicated database and what are the advantages of this approach?
ANS:
Replicated databases are effective in companies where there exists a high degree of data sharing but no
primary user. Since common data are replicated at each site, the data traffic between sites is reduced
considerably.
PTS: 1
ANS:
Legacy systems are large mainframe systems that were implemented from the late 1960s through the
1980s. Organizations today still make extensive use of these systems.
PTS: 1
ANS:
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
The flat-file model describes an environment in which individual data files are not related to other files.
End users in this environment own their data files rather than share them with other users.
PTS: 1
17. What are the four primary elements of the database approach?
ANS:
The users, the database management system, the database administrator, and the physical database
structures.
PTS: 1
ANS:
a. increased data storage because the same data is stored in multiple files
b. increased data updating because changes must be made to multiple files
c. problem of current data in some files, but not all files
PTS: 1
19. What flat-file data management problems are solved as a result of using the database concept?
ANS:
a. no data redundancy
b. single update of data
c. current values for all user applications
d. task-data independence.
PTS: 1
20. What are four ways in which database management systems provide a controlled environment to
manage user access and the data resources?
ANS:
Program development, backup and recovery, database usage reporting, and database access.
PTS: 1
21. Explain the relationship between the three levels of the data definition language. As a user, which level
would you be most interested in?
ANS:
One level is the schema, which is the conceptual view of the data. The schema describes the entire
database and it represents the database logically. The second level is the internal view, which is the
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
physical arrangement of the records. At this level, the data records are described as well as linkages
between files. The next level is the subschema, which is the external view of the database that specific
users have authorization to use. This is also called the user view and is the level that users find of most
interest.
PTS: 1
ANS:
The internal view of a database is the physical arrangement of the records. It describes the data
structure, the linkages between files, and the physical arrangement of the records.
PTS: 1
ANS:
DML is the proprietary database language that a particular DBMS uses to retrieve, process, and store
data.
PTS: 1
ANS:
The data dictionary describes every data element in the database. It enables all users (and programmers)
to share a common view of the data resource, thus greatly facilitating the analysis of user needs.
PTS: 1
25. Discuss and give an example of one-to-one, one-to-many, and many-to-many record associations.
ANS:
A one-to-one association means that for every occurrence in record type X, either zero or one
occurrence exists of record type Y. An example would be that for every student, only one social security
number exists.
A one-to-many association means that for every occurrence in record type X, either zero, one,
or many occurrences exist of record type Y. An example would be buyers of assigned seating at
concerts. Each potential buyer would leave the sales box office with zero, one, or many seats.
A many-to-many association is a two-way relationship. For each occurrence of record types X
and Y, zero, one, or many occurrences exist of record type Y and X, respectively. An example would be
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
a student-professor relationship. Each student has multiple professors each semester, and each professor
has multiple students each semester.
PTS: 1
ESSAY
1. What are the four elements of the database approach? Explain the role of each.
ANS:
Users are the individuals in the organization who access the data in the database. This may happen via
user programs or by direct query.
The database management system is a set of programs that control access to the database and that
manage the data resource through program development, backup and recovery functions, usage
reporting, and access authorization.
The database administrator is a function (which may involve part of one individuals duties or an entire
department) which manages the database resources through database planning, design, implementation,
operation and maintenance, and growth and change.
The physical database is the only physical form that the database has. It is comprised of magnetic spots
on magnetic media.
PTS: 1
ANS:
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
The unique internal view of the database is the physical arrangement of records which describes the
structure of data records, the linkages between files, and the physical arrangement and sequence of
records in the file.
The unique conceptual view (or schema) represents the database logically and abstractly.
The many user views (or subschema) define the portion of a database that an individual user is
authorized to access.
PTS: 1
3. Explain a database lockout and the deadlock phenomenon. Contrast that to concurrency control and the
timestamping technique. Describe the importance of these items in relation to database integrity.
ANS:
In a centralized database, a lockout is used to ensure data currency. A lockout prevents simultaneous
access to individual data elements by different information processing units (IPU). When one IPU
requests access to a data element, a lock is put on the file, record, or element. No other IPU can access
the file, record, or element until the lock is released.
In a partitioned database, lockouts are also used to ensure data currency. It is possible, however, for
multiple sites to place locks on records that results in a deadlock condition which prevents transactions
from processing. All transactions are in a wait state until the locks are removed. A deadlock cannot be
resolved without outside intervention from the users application, the DBMS, or the operating system.
In a replicated database, a large volume of data flows between sites, and temporary inconsistencies in
the database may occur. Concurrency control ensures that transactions executed at each IPU are
accurately reflected in the databases of all other sites. A popular method for concurrency control is to
timestamp transactions. Transactions that may be in conflict are assigned a system-wide timestamp.
Then, the identified transactions are processed in timestamp order.
Both database lockouts and concurrency controls are designed to ensure that the transactions are
completely processed and that all transactions are accurately reflected in the firms databases. Failure to
implement these controls can result in transactions being lost, being partially processed, or with
inconsistent databases.
PTS: 1
4. One purpose of a database system is the easy sharing of data. But this ease of sharing can also
jeopardize security. Discuss at least three forms of access control designed to reduce this risk.
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
ANS:
Many types of access control are possible. A user view is a subset of a database that limits a users view
or access to the database. The database authorization table contains rules that limit what a user can do,
i.e., read, insert, modify, delete. A user-defined procedure adds additional queries to user access to
prevent others from accessing in a specific users place. To protect the data in a database, many systems
use data encryption to make it unreadable by intruders. A newer technique uses biometric devices to
authenticate users.
PTS: 1
5. In a distributed data processing system, a database can be centralized or distributed. What are the
options? Explain.
ANS:
In a distributed data processing system, a database can be centralized or distributed. When the database
is centralized, the entire database is stored at a central site which processes requests from users at
remote locations. Certain concerns arise when data processing is distributed. Questions arise with regard
to data currency when multiple users have access to the database. Database lockout prevents more than
one user from making changes at the same time.
Distributed databases can be partitioned with parts stored at different sites, or replicated, with the entire
database stored in multiple locations. When the database is partitioned, users have more control over
data stored at local sites, transaction processing time is improved, and the potential of data loss is
reduced. When the database is replicated, the entire database is stored at multiple locations. This works
well when the primary use of the database is for querying. When transactions are processed at many
sites, problems of database concurrency arise.
PTS: 1
6. Ownership of data in traditional legacy systems often leads to data redundancy. This in turn leads to
several data management problems. What are they? How does the database approach solve them?
ANS:
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
Data redundancy causes significant data management problems in three areas: data storage, data
updating, and currency of information. Data storage is a problem because if multiple users need the
data, it must be collected and stored multiple times at multiple costs. When multiple users hold the same
information, changes must be updated in all locations or data inconsistency results. Failure to update all
occurrence of a data item can affect the currency of the information.
With a database system, these problems are solved. There is no data redundancy since a data item is
stored only once. Hence changes require only a single update, thus leading to current value.
PTS: 1
ANS:
a. program development which permits both programmers and end users to create applications to
access the database;
c. database usage reporting captures statistics on what data is being used, by whom, when; and
especially
PTS: 1
8. Discuss the key factors to consider in determining how to partition a corporate database.
ANS:
The partitioned approach works best for organizations that require minimal data sharing among users at
remote sites. To the extent that remote users share common data, the problems associated with the
centralized approach will apply. The primary user must now manage requests for data from other sites.
Selecting the optimum host location for the partitions to minimize data access problems requires an in-
depth analysis of end-user data needs.
PTS: 1
ANS:
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
To achieve data currency, simultaneous access to individual data elements or records by multiple users
needs to be prevented. The solution to this problem is a database lockout, which is a software control
that prevents multiple simultaneous accesses to data. A deadlock occurs when multiple users seeking
access to the same set of records lockout each other. As a result, the transactions of all users assume a
wait state until the locks are removed. A deadlock is a permanent condition that must be resolved by
special software that analyzes each deadlock condition to determine the best solution.
PTS: 1
10. Replicated databases create considerable data redundancy, which is in conflict with the database
concept. Explain the justification of this approach.
ANS:
The primary justification for a replicated database is to support read-only queries in situations involving
a high degree of data sharing, but no primary user exists. With data replicated at every site, data access
for query purposes is ensured, and lockouts and delays due to network traffic are minimized. A potential
problem arises, however, when replicated databases need to be updated by transactions. Since each site
processes only local transactions, the common data attributes that are replicated at each site will be
updated by different transactions and thus, at any point in time, will have uniquely different values.
System designers need to employ currency control techniques to ensure that transactions processed at
different locations are accurately reflected in all the databases copies.
PTS: 1
11. Contrast the navigational databases with relational databases. What is the primary advantage of the
relational model?
ANS:
The most apparent difference between the relational model and navigational models is the way that data
associations are represented to the user. In navigational models, data are represented in tree structures or
network structures. The navigational database models have explicit links, called pointers, between
records. Data are accessed using defined data paths.
The relational model portrays data in the form of two-dimensional tables. Users do not perceive any
pointers linking the tables. At the conceptual level (logical view) and the external level (users view), data
are represented only as tables. Relations between tables are formed by an attribute (data element) that is
common to the tables. This attribute is a primary key in one table and a foreign key in the other.
The relational model is more flexible than a navigational model. Users can obtain data from the
database by using the primary key and a database query language. Typically users do not require
assistance from programmers to obtain answers to ad hoc queries.
PTS: 1
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.
IT Auditing 3rd Ed—Test Bank, Chapter 4
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated,
or posted to a publicly accessible website, in whole or in part.