












Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A concise overview of key concepts related to the cisa (certified information systems auditor) exam. It covers topics such as source code, object code, risk management (inherent, control, detection, and audit risk), and various testing methodologies (compliance, substantive, regression, sociability, parallel, white box, and black box). Additionally, it includes definitions and explanations of network components like routers, switches, hubs, and bridges, as well as database concepts such as primary and foreign keys, referential integrity, and normalization. The document also touches on the osi model and its layers, providing a foundational understanding of network communication. Useful for students and professionals preparing for the cisa exam or seeking a quick reference guide to essential it audit and security concepts. (449 characters)
Typology: Exams
1 / 20
This page cannot be seen from the preview
Don't miss anything!













Chapter 1 correct answer Source code correct answer uncompiled, archive code Object code correct answer compiled code that is distributed and put into production; not able to be read by humans Inherent risk correct answer the risk that an error could occur assuming no compensating control exist Control risk correct answer the risk that an error exists that would not be prevented by internal controls Detection risk correct answer the risk that an error exists, but is not detected. The risk that an IS auditor may use an inadequate test procedure and conclude that no material error exists when in fact errors do exist. Audit risk correct answer the overall level of risk; the level of risk the auditor is prepared to accept. Compliance testing correct answer determines if controls are being applied in a manner that complies with mgmt's policies and procedures Substantive testing correct answer evaluates the integrity of individual transactions, data, and other information. Regression testing correct answer used to retest earlier program abends that occurred during the initial testing phase. Sociability testing correct answer to ensure the application works as expected in the specified environment where other applications run concurrently. Includes testing of interfaces with other systems.
Parallel testing correct answer Feeding test data into two systems and comparing the results. White box testing correct answer test the software's program logic. Black box testing correct answer Testing the functional operating effectiveness without regard to internal program structure. Redundancy check correct answer detects transmission errors by appending calculated bits onto the end of each segment of data. Variable sampling correct answer used to estimate the average or total value of a population. Discovery sampling correct answer used to determine the probability of finding an attribute in a population. Attribute sampling correct answer selecting items from a population based on a common attribute. Used for compliance testing. Chapter 2 correct answer Steering Committee correct answer Appointed by senior management. Serves as a general review board for projects and acquisitions... not involved in routine operations. The committee should include representatives from senior management, user management, and the IS department. Escalates issues to senior management. Request for Proposal (RFP) correct answer A document distributed to software vendors requesting their submission of a proposal to develop or provide a software product. RFP should include: Project Overview, Key Requirements and Constraints, Scope Limitations, Vendor questionnaire, customer references, demonstrations, etc. Quality Assurance correct answer Check to verify policies are followed.
Layer 2 - Data link layer correct answer The data link layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical layer. The addressing scheme is physical which means that the addresses (MAC address) are hard-coded into the network cards at the time of manufacture. The addressing scheme is flat. Note: The best known example of this is Ethernet. Layer 1 - Physical layer correct answer The physical layer defines all electrical and physical specifications for devices. This includes the layout of pins, voltages, and cable specifications. Hubs and repeaters are physical-layer devices. Metadata correct answer is literally "data about data." This term refers to information about data itself -- perhaps the origin, size, formatting or other characteristics of a data item. Primary key correct answer Every database table should have one or more columns designated as the primary key. The value this key holds should be unique for each record in the database (e.g. Social Security number). Foreign key correct answer These keys are used to create relationships between tables. Referential integrity constraints correct answer ensure that a change in a primary key of one table is automatically updated in a matching foreign key of other tables. This is done using triggers. Normalization correct answer The elimination of redundant data. Tuple correct answer row in a table Dangling Tuple correct answer row in a table that has lost referential integrity DDL - Data Definition Language correct answer used for setup an removal phases, defines db structure DML- Data Manipulation Language correct answer used to insert, retrieve and modify data
Normalization correct answer The elimination of redundant data Modulation correct answer Converting digital signal to analog. Protocol analyzers correct answer are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached. REPEATER correct answer Physical layer device that extends the network range or connects two separate network segments together Layer 1 Routers correct answer are physical devices that join multiple wired or wireless networks together. Technically, a wired or wireless router is a Layer 3 gateway, meaning that the wired/wireless router connects networks (as gateways do), and that the router operates at the network layer of the OSI model. A network switch correct answer is a small hardware device that joins multiple computers together within one local area network (LAN). Technically, network switches operate at layer two (Data Link Layer
Asymmetric Key Algorithms correct answer In an asymmetric key algorithm (e.g., RSA), there are two separate keys: a public key is published and enables any sender to perform encryption, while a private key is kept secret by the receiver and enables him to perform decryption. (PKI) Certificate Authority (CA) correct answer issues and manages security credentials and public keys for message encryption. This includes revocation and suspension and issuance and distribution of the subscriber certificate. Generation and distribution of the CA public key is also part of the CA key life cycle management process and, as such, cannot be delegated. Registration Authority (RA) correct answer verifies user requests for a digital cert. and tells the CA to issue it. Establishing a link between the requesting entity and its public key is a function of a registration authority. A public key infrastructure consists of correct answer • A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public key
Encapsulation or tunneling correct answer is a technique used to carry the traffic of one protocol over a network that does not support that protocol directly. The original packet is wrapped in another packet. Secure Sockets Layer (SSL) correct answer a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message (PKI). S/HTTP correct answer An extension to the HTTP protocol to support sending data securely over the World Wide Web. Whereas SSL is designed to establish a secure connection between two computers, S- HTTP is designed to send individual messages securely. IP Security (IPSec) correct answer a set of protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs). Operates at the network layer. IPsec supports two encryption modes correct answer • Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched.
created for the session, allowing packets to flow freely without the need for inspecting individual packets. Operates at the session layer of the OSI model. ADV of circuit-level gateway correct answer • speed of connection
RSA keys correct answer are large numbers that are suitable only for short messages, such as the creation of a digital signature. The RSA asymmetric key transport algorithm is based on factoring prime numbers. Can be used to securely transport symmetric keys. Biometric Order of Effectiveness correct answer 1. Palm
Chapter 5 correct answer Alternative Routing correct answer The method of routing traffic via an alternative medium such as copper cable or fiber optics. This involves use of different networks, circuits or end points should the normal network be unavailable. Diverse Routing correct answer The method of routing traffic through split or duplicate cable facilities. Critical correct answer only can be replaced by identical capabilities, can't be replaced by manual methods, very high cost of interruption Vital correct answer can be performed manually for a short time period, slightly lower costs of interruption (5 days of less functional restoration) Sensitive correct answer can be performed manually at a tolerable cost for an extended period of time, requiring additional staff Non-sensitive correct answer can be interrupted for an extended period of time at little or no cost to the computer and require little or no catching up when restored Fault Tolerant Servers correct answer Provide for fail-safe redundancy through mirrored images of the primary server Recovery Point Object correct answer amount of acceptable data loss allowed (4 hours of lost data, means that backups should be run every 4 hours) Recovery Time Object correct answer acceptable down time Chapter 6 correct answer Feasibility correct answer Used to determine if the project should get the go-ahead. The feasibility study will produce a project plan and budget estimates for the future stages of development.
Emergency Action Team correct answer first responders at the emergency Emergency Management Team correct answer responsible for coordinating the activities of all other recovery teams. Disaster overseers. Transportation team correct answer Serves as the facilities team to locate a recovery site; and is resp. for transporting the employees to the recovery site. Relocation team correct answer Coordinates the process of moving from the hot site to a new location. Rapid Application Development (RAD) correct answer RAD does NOT support the planning or analysis required to define the information needs of the enterprise as a whole. RAD provides the means for developing systems faster, cheaper, and with a higher quality. Four RAD stages. Four RAD Stages correct answer 1. Concept definition (defines business functions and determines system scope)
Computer-Aided Software Engineering (CASE) correct answer 1. Upper CASE
A redundancy check correct answer detects transmission errors by appending calculated bits onto the end of each segment of data. This is an error detection methods but not an error correction method. Forward error control correct answer involves transmitting additional redundant information with each character or frame to facilitate detection and correction of errors. In feedback error control, only enough additional information is transmitted so the receiver can identify that an error has occurred. A reasonableness check correct answer compares data to predefined reasonability limits or occurrence rates established for the data. Checksum correct answer A checksum is a form of redundancy check, a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space (telecommunications) or time (storage). It works by adding up the basic components of a message, typically the bytes, and storing the resulting value. Later, anyone can perform the same operation on the data, compare the result to the authentic checksum and (assuming that the sums match) conclude that the message was probably not corrupted. Database commits correct answer Commits ensure that data are saved to a disk. Database Rollbacks correct answer ensure that the already completed processing is reversed back, and that the data already processed are not saved to the disk in the event of the failure of the completion of the transaction processing. Clerical control procedures correct answer Used to MANUALLY sum and compare inputs and outputs (which is more susceptible to error than an automated process). Electronic Data Interchange (EDI) correct answer The electronic transmission of transactions between two organizations. Provides fewer opportunities for review and authorization since there is les human intervention. Batch Controls and Balancing correct answer group input transactions to provide control totals. Can be based on total monetary amount, total items, or hash totals. Batch registers correct answer manual recording and comparison of batch totals.
Control accounts correct answer reconciliation between initial and master files containing batch totals. Computer agreement correct answer batch header data is input and compared with calculated totals. Automated Online Auditing Techniques correct answer Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM) correct answer Embedding specially written audit software in the host system so the applications systems are audited on a selective basis. Snapshots correct answer Taking pictures of the processing path. Audit hooks correct answer Embedding hooks in application systems to function as red flags to induce auditors to act before an error gets out of hand. Integrated Test Facility correct answer Dummy facilities are set up and included in the production files. Test transactions are then processed with live transactions during regular process runs. Continuous and Intermittent Simulation (CIS) correct answer A simulator decides whether transactions meet certain criteria and audits transactions as applicable. IT Balanced Scorecard correct answer A process management technique used to assess IT functions and processes. Goes beyond financial evaluation and addresses user satisfaction, internal processes, and the ability to innovate.