2023 Gleim CIA Part 3 PDF

Summary

This document is part of the Gleim CIA Part 3 study notes, covering topics such as IT infrastructure and systems. The notes cover various computer concepts such as networks, protocols, and software development.

Full Transcript

22 SU 6: Databases and Applications Development

Role of Internal Auditors
Internal auditors assist in change management by

 Understanding the organization’s IT objectives,

 Assisting in identifying risks to IT objectives,

 Assessing whether such risks are aligned with the organization’s risk appetite and tolerances,

 Assisting in deciding the appropriate risk management response (e.g., avoid, accept, reduce,
or share),

 Understanding the controls used to manage risks and carry out risk responses, and

 Promoting a culture of effective change management.

Internal audit engagements associated with systems and application development include but are
not limited to

 An access control review that evaluates whether controls are effective at preventing and
detecting unauthorized access

 An application control review that evaluates whether application controls effectively manage
related risks

 A source code review that evaluates whether the program’s source code is effectively
managed and controlled

 A system design review that evaluates whether the system to be developed meets business
requirements

 A post-implementation review that evaluates whether the system or application meets
expectations

GLEIM REVIEW PART 3 2023 121
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 6: Databases and Applications Development 23

Rapid Application Development
Rapid application development (RAD) enables programmers to develop software with minimal
planning and without beginning from scratch. RAD generally employs the following:

 Prototyping is an alternative approach to application development. Prototyping involves
creating a working model of the system requested, demonstrating it for the user, obtaining
feedback, and making changes to the underlying code.
 This process repeats through several iterations until the user is satisfied with the
system’s functionality.
 Formerly, this approach was derided as being wasteful of resources and tending to
produce unstable systems, but with vastly increased processing power and high-
productivity development tools, prototyping can, in some cases, be an efficient means
of systems development.

 Computer-aided software engineering (CASE) is another form of RAD. CASE applies the
computer to software design and development.
 It provides the capacity to
 Maintain on the computer all of the system documentation, e.g., data flow
diagrams, data dictionaries, and pseudocode (structured English);
 Develop executable input and output screens; and
 Generate program code in at least skeletal form.
 Thus, CASE facilitates the creation, organization, and maintenance of documentation
and permits some automation of the coding process.

End-User vs. Centralized Computing
End-user computing (EUC) involves user-created or user-acquired systems that are maintained
and operated outside of traditional information systems controls.

 Certain environmental control risks are more likely in EUC. They include copyright violations
that occur when unauthorized copies of software are made or when software is installed on
multiple computers.

 Unauthorized access to application programs and related data is another concern. EUC lacks
physical access controls, application-level controls, and other controls found in mainframe or
networked environments.

 Moreover, EUC may not have adequate backup, recovery, and contingency planning. The
result may be an inability to recreate the system or its data.

GLEIM REVIEW PART 3 2023 122
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
24 SU 6: Databases and Applications Development

Program development, documentation, and maintenance also may lack the centralized control
found in larger systems.

 The risk of allowing end-users to develop their own applications is decentralization of control.
These applications may not be reviewed by independent outside systems analysts and
are not created using a formal development methodology. They also may not be subject to
appropriate standards, controls, and quality assurance procedures.
 End-user applications may not receive the independent testing associated with
traditional development.
 End-user applications may not be adequately documented to facilitate review.
 Segregation of duties is inadequate if the same person performs programmer and
operator functions.
 End-user applications generally do not follow a structured and controlled application
development and change management life cycle.
 Review and analysis of user needs may be insufficient when user and analyst functions
are no longer separate.

In a personal computer setting, the user is often the programmer and operator. Thus, the
protections provided by segregation of duties are eliminated.

The audit trail is diminished because of the lack of history files, incomplete printed output, etc.

In general, available security features for stand-alone machines are limited compared with those in
a network.

Responsibility for the control of EUC exists at the organizational, departmental, and individual user
levels. The end-user is directly responsible for security of equipment. Acquisition of hardware and
software, taking equipment inventories, and strategic planning of EUC are organizational- and
departmental-level responsibilities.

GLEIM REVIEW PART 3 2023 123
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 1
STUDY UNIT SEVEN

IT INFRASTRUCTURE

7.1 Functional Areas of IT Operations......................................... 2
7.2 Web Infrastructure...................................................... 4
7.3 IT System Communications, Networks, and Software Licensing................... 9
7.4 Software Systems...................................................... 17

This study unit is the second of three covering Domain III: Information Technology from The IIA’s
CIA Exam Syllabus. This domain makes up 20% of Part 3 of the CIA exam and is tested at the
basic cognitive level. The three study units are
 Study Unit 6: Databases and Applications Development
 Study Unit 7: IT Infrastructure
 Study Unit 8: IT Control Frameworks and Disaster Recovery

The learning objectives of Study Unit 7 are

 Explain internet terms [HTML, HTTP, URL, domain name, browser, click-through, electronic
data interchange (EDI), cookies, etc.]

 Identify key characteristics of software systems [customer relationship management (CRM)
systems; enterprise resource planning (ERP) systems; governance, risk, and compliance
(GRC) systems; etc.]

 Explain basic IT infrastructure and network concepts (server, mainframe, client-server
configuration, gateways, routers, LAN, WAN, VPN, etc.) and identify potential risks

 Define the operational roles of a network administrator, database administrator, and help desk

The range of networking has expanded from the earliest form (two computers in the same room)
to the global reach of the Internet. The Internet was initially restricted to email and text-only
documents. As the use of HTML and its successor languages spread, it became possible to
display rich graphics and stream audio and video in addition to text. Currently, businesses can
be run and managed by personnel working remotely from their homes or even from vacation
destinations.

GLEIM REVIEW PART 3 2023 124
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
2 SU 7: IT Infrastructure

7.1 FUNCTIONAL AREAS OF IT OPERATIONS

In the early days of computing, maintaining a rigid segregation of duties was a simple
matter because the roles surrounding a mainframe computer were so specialized. As IT
became more and more decentralized over the years, clear lines that once separated jobs
such as systems analyst and programmer blurred and then disappeared. Candidates for
the CIA exam must be aware of the evolving roles of IT personnel.

Segregation of Duties
Controls should ensure the efficiency and effectiveness of IT operations. They include proper
segregation of the duties within the IT environment. Thus, the responsibilities of systems analysts,
programmers, operators, file librarians, the control group, and others should be assigned to
different individuals, and proper supervision should be provided.

Segregation of duties is vital because a traditional segregation of responsibilities for authorization,
recording, and access to assets may not be feasible in an IT environment.

 For example, a computer may print checks, record disbursements, and generate information
for reconciling the account balance, which are activities customarily segregated in a manual
system.
 If the same person provides the input and receives the output for this process, a
significant control weakness exists. Accordingly, certain tasks should not be combined.
 Compensating controls may be necessary, such as library controls, computer logs,
effective supervision, and rotation of personnel. Segregating test programs makes
concealment of unauthorized changes in production programs more difficult.

Responsibilities of IT Personnel
Systems analysts are specifically qualified to analyze and design computer information systems.
They survey the existing system, analyze the organization’s information requirements, and design
new systems to meet those needs. The design specifications guide the preparation of specific
programs by computer programmers.

 Because systems analysts may be able to modify programs, controls, and data files, systems
analysts should not have access to data center operations, production programs, or data
files.

The database administrator (DBA) is the individual who has overall responsibility for developing
and maintaining the database and for establishing controls to protect its integrity.

GLEIM REVIEW PART 3 2023 125
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 7: IT Infrastructure 3

Programmers design, write, test, and document the specific programs according to specifications
developed by the systems analysts.

 Programmers may be able to modify programs, data files, and controls. They should have no
access to the data center operations, production programs, or data files.

Operators are responsible for the day-to-day functioning of the data center, whether the
organization runs a mainframe, servers, or anything else.

 Operators load data, mount storage devices, and operate the equipment. Operators should
not be assigned programming duties or responsibility for systems design. They also should
have no opportunity to make changes in programs and systems as they operate the
equipment. Ideally, computer operators should not have programming knowledge or access
to documentation not strictly necessary for their work.

Help desks are usually a responsibility of computer operations because of the operational nature of
their functions. Help desk personnel log reported problems, resolve minor problems, and forward
more difficult problems to the appropriate information systems resources, such as a technical
support unit or vendor assistance.

Information security officers typically develop information security policies, comment on security
controls in new applications, and monitor and investigate unsuccessful login attempts.

Network technicians maintain the bridges, hubs, routers, switches, cabling, and other devices
that interconnect the organization’s computers. They are also responsible for maintaining the
organization’s connection to other networks, such as the Internet.

End users must be able to change production data but not programs.

The network administrator manages data and network communication which includes, but is not
limited to, managing local area networks (LANs), metropolitan area networks (MANs), wide area
networks (WANs), Internet systems or other forms of data, and network communication.

The system administrator oversees all the parts that make a computer function, such as hardware
and software, data backup and recovery, and maintenance of the computer system.

 System administrator responsibilities overlap with network administrator responsibilities at
times.

 System administrator responsibilities include installing and testing computer equipment
network systems, resolving help desk requests, designing and upgrading systems and
processes, and monitoring the system daily for potential problems.

GLEIM REVIEW PART 3 2023 126
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
4 SU 7: IT Infrastructure

7.2 WEB INFRASTRUCTURE

The Internet is a network of networks all over the world.

 A network is a collection of hardware devices that are interconnected so they can
communicate among themselves. This allows different hardware to share software and
communicate data.
 The Internet is an example of a network, but many offices have intranets through which
office computers can communicate with other office computers.

The Internet facilitates inexpensive communication and information transfer among computers, with
gateways allowing mainframe computers to interface with personal computers. Very high-speed
Internet backbones carry signals around the world and meet at network access points. Computer
programs such as web-crawlers (spiders or bots) access and read information on websites.

Most Internet users obtain connections through Internet service providers (ISPs) that in turn
connect either directly to a backbone or to a larger ISP with a connection to a backbone.

 The topology of the backbone and its interconnections may once have resembled a spine with
ribs connected along its length but is now almost certainly more like a fishing net wrapped
around the world with many circular paths.

The three main parts of the Internet are the servers that hold information, the clients that view the
information, and the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols
that connect the two.

A gateway makes connections between dissimilar networks possible by translating between two
or more different protocol families. For example, a gateway can be used to exchange messages
between different email systems.

A bridge joins two similar networks so that they look like one network.

GLEIM REVIEW PART 3 2023 127
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 7: IT Infrastructure 5

Increasing Decentralization
Improvements in technology have led to the increasing decentralization of information processing.

 The mainframe-style computer was the only arrangement available in the early days of data
processing. International Business Machines (IBM) dominated the marketplace.

 Mainframes are still in use at large institutions, such as governments, banks, insurance
companies, and universities.

 As minicomputers evolved, the concept of distributed processing arose. Distributed
processing involves the decentralization of processing tasks and data storage and
assigning these functions to multiple computers, often in separate locations.
 Each remote location has a processing unit that is linked to a central server. The
advantage is that processing tasks may be undertaken where they are best performed.
This allows for a drastic reduction in the amount of communications traffic because
data needed locally could reside locally.

Servers
A server is generally a dedicated computer or device that manages specific resources.

 A file server is a computer in a network that operates as a librarian.

 A web server hosts a website.

 An enterprise server manages computer programs that collectively serve the needs of an
organization.

One of the risks associated with having data centrally located is that data files may be subject to
change by unauthorized users without proper documentation or any indication of who made the
changes.

 Staff members may not be aware of how often they need to download data to keep it current,
or whether their queries, especially the ones they modified, obtain all of the necessary
information.

GLEIM REVIEW PART 3 2023 128
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
6 SU 7: IT Infrastructure

Languages and Protocols
In the 1980s, English computer scientist Tim Berners-Lee conceived the idea of allowing users
to click on a word or phrase (a hyperlink) on their screens and having another document
automatically be displayed.

 Click-through rate is used in advertising to calculate the percentage of individuals who view
an advertisement and then click on the advertisement to be transferred to another website.
The rate is used to determine the effectiveness of the advertisement.

 Berners-Lee created a simple coding mechanism called Hypertext Markup Language
(HTML) to perform this function. He also created a set of rules called Hypertext Transfer
Protocol (HTTP) to allow hyperlinking across the Internet rather than on just a single
computer. He then created software (a browser) that allowed users to read HTML from any
brand of computer. The result was the World Wide Web (often simply called the Web).

Extensible Markup Language (XML) was developed by an international consortium and released
in 1998 as an open standard usable with many programs and platforms.

 XML is a variation of HTML, which uses fixed codes (tags) to describe how web pages and
other hypermedia documents should be presented.

 XML codes all information in such a way that a user can determine not only how it should be
presented but also what it is presenting. Thus, all computerized data may be tagged with
identifiers.

 Unlike HTML, XML uses codes that are extensible, not fixed. If an industry can agree on a set
of codes, software for that industry can be written that incorporates those codes.

 For example, XML allows the user to label the Uniform Product Code (UPC), price, color,
size, etc., of goods so that other systems will know exactly what the tag references mean. In
contrast, HTML tags would only describe how items are placed on a page and provide links
to other pages and objects.

Extensible Business Reporting Language (XBRL) for financial statements is the specification
developed by an AICPA-led consortium for commercial and industrial entities that report in
accordance with U.S. GAAP.

 XBRL is a variation of XML that decreases the costs of generating financial reports,
reformulating information for different uses, and sharing business information using
electronic media.

GLEIM REVIEW PART 3 2023 129
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 7: IT Infrastructure 7

Uses
The most difficult aspect of using Internet resources is locating the best information given the large
number of information sources.

An organization’s presence on the Web is its website. The website consists of a home page, which
is the first screen encountered by users, and subsidiary web pages (screens constructed using
HTML or a similar language).

Every resource on the Web has a unique address, made up of alphanumeric characters, periods,
and forward slashes, called a uniform resource locator (URL). A URL is recognizable by any
web-enabled device. An example is https://www.gleim.com. However, a recognizable address is
not necessarily accessible to every user. Security is a major feature of any organization’s website.

 Domain names are used in URLs to identify specific web pages.
 A domain name contains a descriptive suffix, e.g.,.gov for governmental agencies,.com
for commercial businesses, and.edu for educational institutions.
Cookies are small text files created by a website as a means of recognizing users and tracking
their preferences and activity on the website.

An intranet permits sharing of information throughout an organization by applying Internet
connectivity standards and web software (e.g., browsers) to the organization’s internal network.

 An intranet addresses the connectivity problems of an organization with many types of
computers. It is ordinarily restricted to those within the organization and to outsiders after
appropriate identification.

 An extranet consists of the linked intranets of two or more organizations, for example, of a
supplier and its customers. It typically uses the public Internet as its transmission medium
but requires a password for access.

GLEIM REVIEW PART 3 2023 130
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
8 SU 7: IT Infrastructure

Cloud computing (the cloud) provides on-demand access to resources that are on the Internet and
may be shared by others.

 Advantages of using cloud computing include fast access to software, a reduced need for
investment in IT infrastructure, and the ability to use “pay as you go” services.

 IT security in the cloud is potentially more difficult due to the convenience and ease of access
to sensitive data provided by cloud computing services.

 The following are the primary cloud services:
 Infrastructure-as-a-Service (IaaS)
 Platform-as-a-Service (PaaS)
 Software-as-a-Service (SaaS)

 Cloud computing also has benefited from the rise of smartphones and tablets. Because these
devices have limited memory, personal data (e.g., pictures, contacts, etc.) may be stored on
the cloud (to be retrieved later) so that memory can be available for application software.

GLEIM REVIEW PART 3 2023 131
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 7: IT Infrastructure 9

7.3 IT SYSTEM COMMUNICATIONS,
NETWORKS, AND SOFTWARE LICENSING

Systems Software
Systems software performs the fundamental tasks needed to manage computer resources. The
most basic piece of systems software is the operating system.

An operating system is a combination of programs that coordinates the actions of a computer,
including its peripheral devices and memory.

Controls over operating systems are essential because they may affect the entire database.

 Those controls include
 Segregation of duties (for example, system programmers should not be allowed to
perform applications programming)
 Testing before use
 Making back-out plans and implementing changes in off-hours
 Keeping detailed logs of all changes
 Error notification for failed hardware
 Detection of abnormalities

Internal auditors should review the controls over operating systems. They should monitor change
procedures and determine whether
 System programmers have sufficient training
 The operating system is up to date
 An error tracking system exists

A computer program is a set of instructions that directs a computer to perform certain tasks and
produce certain results.

Utility programs are sometimes called privileged software.

 Utilities perform basic data maintenance tasks, such as
 Sorting, e.g., arranging all the records in a file by invoice number
 Merging, i.e., combining the data from two files into one
 Copying and deleting entire files

 A utility program could be used to read a file that contains all user access codes for the
network. A control feature to negate this vulnerability is to encrypt passwords before storing
them in the file.

 The use of utility programs should be restricted to appropriate personnel, and each
occurrence should be logged.
GLEIM REVIEW PART 3 2023 132
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
10 SU 7: IT Infrastructure

A graphical user interface (GUI) is a link to a system that allows users to use icons, buttons,
windows, and menus rather than command words to initiate processing.

 GUIs simplify the process of moving data from one application to another (e.g., copying a
chart from a spreadsheet and pasting the chart into a word processing document).

Optical character recognition (OCR) is a method of scanning printed documents and saving them
to a digital storage medium.

Network Equipment
Networks consist of both of the following:
 Connected hardware devices
 The medium through which the connection is made

Client Devices

Devices of all sizes and functions (mainframes, laptop computers, personal digital assistants, MP3
players, printers, scanners, cash registers, ATMs, etc.) can be connected to networks.

 Connecting a device to a network requires a network interface card (NIC). The NIC allows the
device to speak that particular network’s “language,” that is, its protocol.

Data and Network Communication
A network consists of multiple connected computers at multiple locations. Computers that
are electronically linked permit an organization to assemble and share transaction and other
information among different physical locations.

A local area network (LAN) connects devices within a single office or home or among buildings in
an office park. The LAN is owned entirely by a single organization. The LAN is the network familiar
to office workers all over the world. In its simplest form, it can consist of a few desktop computers
and a printer.

 A peer-to-peer network operates without a mainframe or file server, but does processing
within a series of personal computers.
 Very small networks with few devices can be connected using a peer-to-peer
arrangement, where every device is directly connected to every other.
 Peer-to-peer networks become increasingly difficult to administer with each added
device.

GLEIM REVIEW PART 3 2023 133
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 7: IT Infrastructure 11

 Client-server networks differ from peer-to-peer networks in that the devices play more
specialized roles. Client processes (initiated by the individual user) request services from
server processes (maintained centrally).
 The most cost-effective and easy-to-administer arrangement for LANs uses the client-
server model.
 In a client-server arrangement, servers are centrally located and devoted to the
functions that are needed by all network users.
 Examples include mail servers (to handle electronic mail), application servers
(to run application programs), file servers (to store databases and make user
inquiries more efficient), Internet servers (to manage access to the Internet), and
web servers (to host websites).
 Whether a device is classified as a server is not determined by its hardware
configuration but rather by the function it performs. A simple desktop computer
can be a server.
 Technically, a client is any object that uses the resources of another object. Thus, a
client can be either a device or a software program.
 In common usage, however, a client is a device that requests services from a
server. This understanding of the term encompasses anything from a powerful
graphics workstation to a smartphone.
 A client device normally displays the user interface and enables data entry,
queries, and the receipt of reports.
 The key to the client-server model is that it runs processes on the platform most
appropriate to that process while attempting to minimize traffic over the network.
 This model is commonly referred to as the three-tiered architecture of client,
application, and database.
 Because of the specialized roles, client-server systems often contain equipment
from multiple vendors.
 Security for client-server systems may be more difficult than in a highly centralized
system because of the numerous access points.

A metropolitan area network (MAN) connects devices across an urban area, for example, two or
more office parks.

 This concept had limited success as a wire-based network, but it may be more widely used as
a microwave network.

GLEIM REVIEW PART 3 2023 134
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
12 SU 7: IT Infrastructure

A wide area network (WAN) consists of a group of LANs operating over widely separated
locations. WANs come in many configurations and can be either publicly or privately owned.

 Publicly owned WANs, such as the Internet, are available to any user with a compatible
device. The assets of these networks are paid for by means other than individually imposed
user fees.

 Privately owned WANs are profit-making enterprises. They offer fast, secure data
communication services to organizations that do not wish to make their own large
investments in the necessary infrastructure.
 Value-added networks (VANs) are private networks that provide their customers with
reliable, high-speed, secure transmission of data.
 To compete with the Internet, these third-party networks add value by providing
their customers with (1) error detection and correction services, (2) electronic
mailbox facilities for EDI purposes, (3) EDI translation, and (4) security for email
and data transmissions.
 Virtual private networks (VPNs) are a relatively inexpensive way to solve the problem
of the high cost of leased lines.
 A company connects each office or LAN to a local Internet service provider and
routes data through the shared, low-cost public Internet.
 The success of VPNs depends on the development of secure encryption products
that protect data while in transit.
 A private branch exchange (PBX) is a specialized computer used for both voice and
data traffic.
 A PBX can switch digital data among computers and office equipment, e.g.,
printers, copiers, and fax machines. A PBX uses telephone lines, so its data
transmission capacity is limited.

A distributed network connects multiple computers for communication and data transmission and
enables each connected computer to process its own data.

Performance Monitoring
Performance monitoring is the systematic measurement and evaluation of operating results such as
transaction rates, response times, and incidence of error conditions.

 Performance monitoring reveals trends in usage so that capacity can be upgraded before
response deteriorates to the point that users behave in unintended or undesirable ways.

GLEIM REVIEW PART 3 2023 135
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 7: IT Infrastructure 13

Classifying Networks by Protocol
A protocol is a set of standards for message transmission among the devices on the network.

LAN Protocols

Ethernet has been the most successful protocol for LAN transmission. The Ethernet design breaks
up the flow of data between devices into discrete groups of data bits called “frames.”

 Ethernet is described as following the “polite conversation” method of communicating.
 Each device “listens” to the network to determine whether another conversation is taking
place, that is, whether the network is busy moving another device’s message.
 When the network is determined to be free of traffic, the device sends its message.

Switched Networks

As described on page 10, in a LAN, all the devices and all the transmission media belong to
one organization. This single ownership of infrastructure assets plus the ability to unify all
communication on a single protocol make for great efficiency and security.

When communication must cross organizational boundaries or travel beyond a limited geographical
range, this single ownership principle no longer applies. A WAN is the applicable model.

 A WAN, with its hundreds of users and much greater distances, could never function using
the collision-detection-and-retransmission method of Ethernet. To overcome this difficulty,
switching is used.

Switches are the networking devices that read the address on each packet and send it along the
appropriate path to its destination.

 A convenient analogy is a group of 18-wheelers loaded with new machinery destined for a
remote plant site. The trucks leave the machinery vendor’s factory headed to the destination.
 As each truck arrives at a traffic light, it stops while vehicles going in other directions
pass through the intersection.
 As the trucks arrive at the plant site, they are unloaded and the machinery is installed.

GLEIM REVIEW PART 3 2023 136
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
14 SU 7: IT Infrastructure

Routed Networks

Routers have more intelligence than hubs, bridges, or switches. Routing is what makes the Internet
possible.

 Routers have tables stored in memory that tell them the most efficient path along which each
packet should be sent.

 An analogy is that the trucks leave the machinery vendor’s factory with the same destination.
 As the trucks stop at each intersection, traffic cops redirect them down different routes
depending on traffic conditions.
 As the trucks arrive in unknown sequence at the plant site, they are held until the
machinery can be unloaded in the correct order.

Transmission Control Protocol/Internet Protocol (TCP/IP) is the suite of routing protocols that
permits interconnection of thousands of devices from dozens of entities all over the world through
the Internet.

The use of Internet Protocol addresses (IP addresses) is the heart of Internet routing. It allows
any device anywhere in the world to be recognized on the Internet through the use of a standard-
format IP address.

Dynamic host configuration protocol (DHCP) allows tremendous flexibility on the Internet by
enabling the constant reuse of IP addresses.

 Routers generally have their IP addresses hardcoded when they are first installed. However,
the individual client devices on most organizational networks are assigned an IP address by
DHCP from a pool of available addresses every time they boot up.

Wireless Networks

The Wi-Fi family of protocols supports client devices within a radius of about 300 feet around a
wireless router. This usable area is called a hot spot.

 Wi-Fi avoids the collisions inherent in Ethernet by constantly searching for the best frequency
within its assigned range to use.

 Security was a problem in early incarnations of Wi-Fi. Later versions alleviated some of these
concerns with encryption.

The Bluetooth standard operates within a much smaller radius of about 30 feet.

 This distance permits the creation of what has come to be called the personal area network
(PAN), which is a network of devices for a single user.

 Bluetooth is considerably slower than Wi-Fi.

GLEIM REVIEW PART 3 2023 137
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 7: IT Infrastructure 15

The WiMax standard uses microwaves to turn an entire city into a hot spot, reviving the old MAN
model. The radius is about 10 miles, and it is generally faster than traditional Wi-Fi.

Radio-frequency identification (RFID) technology involves the use of a combined microchip with
antenna to store data about a product, pet, vehicle, etc. Common applications include
 Inventory tracking
 Lost pet identification
 Tollbooth collection

Network Topology
Network topologies are either physical or logical. Physical topology is the set of physical connection
points between devices on a LAN or similar network. Logical topology describes the path data
travel through the network.

The following are the basic topology arrangements:

 A bus network has a main line, and each node is connected to the line. It is the simplest and
most common method of networking computers.
 If a bus network is interrupted (e.g., Ethernet cable becomes unplugged or one device
malfunctions), the access points on one side of the network cannot access the
computers and other devices on the other side of the network.

 A ring network is arranged in a circle, so two paths for data are available. Thus, if an
interruption occurs at one point, the data can travel in the opposite direction and still be
received.

 In a star network, cable segments from each computer are connected to centralized
components. If one computer becomes unplugged, the remaining computers are still
connected to the network.

 In a mesh network, each computer is connected to every other computer by separate cabling.
This configuration provides redundant paths throughout the network. If one cable fails,
another will take over the traffic.

GLEIM REVIEW PART 3 2023 138
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
16 SU 7: IT Infrastructure

Rights Pertaining to Software
Software is copyrightable, but a substantial amount is in the public domain. Networks of computer
users may share such software.

 Shareware is software made available for a fee (usually with an initial free trial period) by the
owners to users through a distributor (or websites or electronic bulletin board services).

Software piracy is a problem for vendors. Any duplication of the software beyond what is allowed in
the software license agreement is illegal.

 The best way to detect an illegal copy of application software is to compare the serial number
on the screen with the vendor’s serial number.

 Use of unlicensed software increases the risk of introducing computer viruses into the
organization. Such software is less likely to have been carefully tested.

 To avoid legal liability, controls also should be implemented to prevent use of unlicensed
software that is not in the public domain.
 A software licensing agreement permits a user to employ either a specified or an
unlimited number of copies of a software product at given locations, at particular
machines, or throughout the organization. The agreement may restrict reproduction or
resale, and it may provide subsequent customer support and product improvements.

 Software piracy can expose an organization’s personnel to both civil and criminal penalties.
The Business Software Alliance (BSA) is a worldwide trade group that coordinates software
vendors’ efforts to prosecute the illegal duplication of software.

Diskless workstations increase security by preventing the copying of software to a flash drive from
a workstation. This control not only protects the company’s interests in its data and proprietary
programs but also guards against theft of licensed third-party software.

To shorten the installation time for revised software in a network, an organization may implement
electronic software distribution (ESD), which is the computer-to-computer installation of
software on workstations.

 Instead of weeks, software distribution can be accomplished in hours or days and can be
controlled centrally.

 Another advantage of ESD is that it permits the tracking of PC program licenses.

GLEIM REVIEW PART 3 2023 139
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].
 SU 7: IT Infrastructure 17

7.4 SOFTWARE SYSTEMS

Management Information System (MIS)
A MIS typically receives input from a transaction processing system, aggregates it, then reports it
in a format useful to middle management in running the business. For this reason, MISs are often
classified by function or activity, such as the following:

 Accounting: general ledger, accounts receivable, accounts payable, payroll processing, fixed
asset management, and tax accounting

 Finance: capital budgeting, operational budgeting, and cash management

 Manufacturing: production planning, cost control, and quality control

 Logistics: inventory management and transportation planning

 Marketing: sales analysis and forecasting

 Human resources: projecting payroll, projecting benefits obligations, employment-level
planning, and employee evaluation tracking

Integrated systems link multiple business activities across the enterprise. The most comprehensive
integrated system is an enterprise resource planning (ERP) system.

Accounting Information System (AIS)
An AIS is a subsystem of a MIS that processes routine, highly structured financial and transactional
data relevant to managerial as well as financial accounting. An AIS processes information about

 Transactions with external parties (e.g., customers, suppliers, governments, owners, and
creditors) reflected in financial statements prepared in conformity with GAAP

 Internal activities recorded in the cost accounting system and the preparation of related
reports and analyses (e.g., production reports, pro forma financial statements, budgets, and
cost-volume-profit analyses)

GLEIM REVIEW PART 3 2023 140
Copyright © 2023 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact [email protected].