CISA EXAM QUESTIONS &
ANSWES(RATED A+)
Chapter 1 - ANSWER
Source code - ANSWERuncompiled, archive code
Object code - ANSWERcompiled code that is distributed and put into production; not
able to be read by humans
Inherent risk - ANSWERthe risk that an error could occur assuming no compensating
control exist
Control risk - ANSWERthe risk that an error exists that would not be prevented by
internal controls
Detection risk - ANSWERthe risk that an error exists, but is not detected. The risk
that an IS auditor may use an inadequate test procedure and conclude that no
material error exists when in fact errors do exist.
Audit risk - ANSWERthe overall level of risk; the level of risk the auditor is prepared
to accept.
Compliance testing - ANSWERdetermines if controls are being applied in a manner
that complies with mgmt's policies and procedures
Parallel testing - ANSWERFeeding test data into two systems and comparing the
results.
White box testing - ANSWERtest the software's program logic.
Black box testing - ANSWERTesting the functional operating effectiveness without
regard to internal program structure.
Redundancy check - ANSWERdetects transmission errors by appending calculated
bits onto the end of each segment of data.
Variable sampling - ANSWERused to estimate the average or total value of a
population.
Discovery sampling - ANSWERused to determine the probability of finding an
attribute in a population.
Attribute sampling - ANSWERselecting items from a population based on a common
attribute. Used for compliance testing.
, Chapter 2 - ANSWER
Steering Committee - ANSWERAppointed by senior management. Serves as a
general review board for projects and acquisitions... not involved in routine
operations. The committee should include representatives from senior management,
user management, and the IS department. Escalates issues to senior management.
Substantive testing - ANSWERevaluates the integrity of individual transactions, data,
and other information.
Regression testing - ANSWERused to retest earlier program abends that occurred
during the initial testing phase.
Sociability testing - ANSWERto ensure the application works as expected in the
specified environment where other applications run concurrently. Includes testing of
interfaces with other systems.
Request for Proposal (RFP) - ANSWERA document distributed to software vendors
requesting their submission of a proposal to develop or provide a software product.
RFP should include: Project Overview, Key Requirements and Constraints, Scope
Limitations, Vendor questionnaire, customer references, demonstrations, etc.
Quality Assurance - ANSWERCheck to verify policies are followed.
Quality Control - ANSWERCheck to verify free from defects.
Bottom-up approach for policy development - ANSWERbegins by defining
operational-level requirements and policies which are derived and implemented as a
result of a risk assessment.
Chapter 3 - ANSWER
OSI Model - ANSWERAll People Seem To Need Dominos Pizza
Layer 7 - Application layer - ANSWERThe application layer interfaces directly to and
performs common application services for the application processes.
Layer 6 - Presentation layer - ANSWERThe presentation layer relieves the
Application layer of concern regarding syntactical differences in data representation
within the end-user systems. MIME encoding, data compression, encryption, and
similar manipulation of the presentation of data is done at this layer.
Layer 5 - Session layer - ANSWERThe session layer provides the mechanism for
managing the dialogue between end-user application processes (By dialog we mean
that whose turn is it to transmit). It provides for either duplex or half-duplex operation.
This layer is responsible for setting up and tearing down TCP/IP sessions.
Layer 4 - Transport layer - ANSWERThe transport layer is responsible for reliable
data delivery. The transport layer provides transparent transfer of data between end
users, thus relieving the upper layers from any concern with providing reliable and
cost-effective data transfer. The transport layer controls the reliability of a given link.
ANSWES(RATED A+)
Chapter 1 - ANSWER
Source code - ANSWERuncompiled, archive code
Object code - ANSWERcompiled code that is distributed and put into production; not
able to be read by humans
Inherent risk - ANSWERthe risk that an error could occur assuming no compensating
control exist
Control risk - ANSWERthe risk that an error exists that would not be prevented by
internal controls
Detection risk - ANSWERthe risk that an error exists, but is not detected. The risk
that an IS auditor may use an inadequate test procedure and conclude that no
material error exists when in fact errors do exist.
Audit risk - ANSWERthe overall level of risk; the level of risk the auditor is prepared
to accept.
Compliance testing - ANSWERdetermines if controls are being applied in a manner
that complies with mgmt's policies and procedures
Parallel testing - ANSWERFeeding test data into two systems and comparing the
results.
White box testing - ANSWERtest the software's program logic.
Black box testing - ANSWERTesting the functional operating effectiveness without
regard to internal program structure.
Redundancy check - ANSWERdetects transmission errors by appending calculated
bits onto the end of each segment of data.
Variable sampling - ANSWERused to estimate the average or total value of a
population.
Discovery sampling - ANSWERused to determine the probability of finding an
attribute in a population.
Attribute sampling - ANSWERselecting items from a population based on a common
attribute. Used for compliance testing.
, Chapter 2 - ANSWER
Steering Committee - ANSWERAppointed by senior management. Serves as a
general review board for projects and acquisitions... not involved in routine
operations. The committee should include representatives from senior management,
user management, and the IS department. Escalates issues to senior management.
Substantive testing - ANSWERevaluates the integrity of individual transactions, data,
and other information.
Regression testing - ANSWERused to retest earlier program abends that occurred
during the initial testing phase.
Sociability testing - ANSWERto ensure the application works as expected in the
specified environment where other applications run concurrently. Includes testing of
interfaces with other systems.
Request for Proposal (RFP) - ANSWERA document distributed to software vendors
requesting their submission of a proposal to develop or provide a software product.
RFP should include: Project Overview, Key Requirements and Constraints, Scope
Limitations, Vendor questionnaire, customer references, demonstrations, etc.
Quality Assurance - ANSWERCheck to verify policies are followed.
Quality Control - ANSWERCheck to verify free from defects.
Bottom-up approach for policy development - ANSWERbegins by defining
operational-level requirements and policies which are derived and implemented as a
result of a risk assessment.
Chapter 3 - ANSWER
OSI Model - ANSWERAll People Seem To Need Dominos Pizza
Layer 7 - Application layer - ANSWERThe application layer interfaces directly to and
performs common application services for the application processes.
Layer 6 - Presentation layer - ANSWERThe presentation layer relieves the
Application layer of concern regarding syntactical differences in data representation
within the end-user systems. MIME encoding, data compression, encryption, and
similar manipulation of the presentation of data is done at this layer.
Layer 5 - Session layer - ANSWERThe session layer provides the mechanism for
managing the dialogue between end-user application processes (By dialog we mean
that whose turn is it to transmit). It provides for either duplex or half-duplex operation.
This layer is responsible for setting up and tearing down TCP/IP sessions.
Layer 4 - Transport layer - ANSWERThe transport layer is responsible for reliable
data delivery. The transport layer provides transparent transfer of data between end
users, thus relieving the upper layers from any concern with providing reliable and
cost-effective data transfer. The transport layer controls the reliability of a given link.
