CISA EXAM – Questions With Clear Solutions
Save
Terms in this set (182)
Chapter 1
Source code uncompiled, archive code
Object code compiled code that is distributed and put into
production; not able to be read by humans
Inherent risk the risk that an error could occur assuming no
compensating control exist
Control risk the risk that an error exists that would not be
prevented by internal controls
Detection risk the risk that an error exists, but is not detected. The
risk that an IS auditor may use an inadequate test
procedure and conclude that no material error exists
when in fact errors do exist.
Audit risk the overall level of risk; the level of risk the auditor is
prepared to accept.
Compliance testing determines if controls are being applied in a manner
that complies with mgmt's policies and procedures
Substantive testing evaluates the integrity of individual transactions, data,
and other information.
Regression testing used to retest earlier program abends that occurred
during the initial testing phase.
,Sociability testing to ensure the application works as expected in the
specified environment where other applications run
concurrently. Includes testing of interfaces with other
systems.
Parallel testing Feeding test data into two systems and comparing
the results.
White box testing test the software's program logic.
Black box testing Testing the functional operating effectiveness
without regard to internal program structure.
Redundancy check detects transmission errors by appending calculated
bits onto the end of each segment of data.
Variable sampling used to estimate the average or total value of a
population.
Discovery sampling used to determine the probability of finding an
attribute in a population.
Attribute sampling selecting items from a population based on a
common attribute. Used for compliance testing.
Chapter 2
Steering Committee Appointed by senior management. Serves as a
general review board for projects and acquisitions...
not involved in routine operations. The committee
should include representatives from senior
management, user management, and the IS
department. Escalates issues to senior management.
, Request for Proposal (RFP) A document distributed to software vendors
requesting their submission of a proposal to develop
or provide a software product. RFP should include:
Project Overview, Key Requirements and Constraints,
Scope Limitations, Vendor questionnaire, customer
references, demonstrations, etc.
Quality Assurance Check to verify policies are followed.
Quality Control Check to verify free from defects.
Bottom-up approach for policy begins by defining operational-level requirements
development and policies which are derived and implemented as a
result of a risk assessment.
Chapter 3
OSI Model All People Seem To Need Dominos Pizza
Layer 7 - Application layer The application layer interfaces directly to and
performs common application services for the
application processes.
Layer 6 - Presentation layer The presentation layer relieves the Application layer
of concern regarding syntactical differences in data
representation within the end-user systems. MIME
encoding, data compression, encryption, and similar
manipulation of the presentation of data is done at
this layer.
Layer 5 - Session layer The session layer provides the mechanism for
managing the dialogue between end-user
application processes (By dialog we mean that
whose turn is it to transmit). It provides for either
duplex or half-duplex operation. This layer is
responsible for setting up and tearing down TCP/IP
sessions.
Save
Terms in this set (182)
Chapter 1
Source code uncompiled, archive code
Object code compiled code that is distributed and put into
production; not able to be read by humans
Inherent risk the risk that an error could occur assuming no
compensating control exist
Control risk the risk that an error exists that would not be
prevented by internal controls
Detection risk the risk that an error exists, but is not detected. The
risk that an IS auditor may use an inadequate test
procedure and conclude that no material error exists
when in fact errors do exist.
Audit risk the overall level of risk; the level of risk the auditor is
prepared to accept.
Compliance testing determines if controls are being applied in a manner
that complies with mgmt's policies and procedures
Substantive testing evaluates the integrity of individual transactions, data,
and other information.
Regression testing used to retest earlier program abends that occurred
during the initial testing phase.
,Sociability testing to ensure the application works as expected in the
specified environment where other applications run
concurrently. Includes testing of interfaces with other
systems.
Parallel testing Feeding test data into two systems and comparing
the results.
White box testing test the software's program logic.
Black box testing Testing the functional operating effectiveness
without regard to internal program structure.
Redundancy check detects transmission errors by appending calculated
bits onto the end of each segment of data.
Variable sampling used to estimate the average or total value of a
population.
Discovery sampling used to determine the probability of finding an
attribute in a population.
Attribute sampling selecting items from a population based on a
common attribute. Used for compliance testing.
Chapter 2
Steering Committee Appointed by senior management. Serves as a
general review board for projects and acquisitions...
not involved in routine operations. The committee
should include representatives from senior
management, user management, and the IS
department. Escalates issues to senior management.
, Request for Proposal (RFP) A document distributed to software vendors
requesting their submission of a proposal to develop
or provide a software product. RFP should include:
Project Overview, Key Requirements and Constraints,
Scope Limitations, Vendor questionnaire, customer
references, demonstrations, etc.
Quality Assurance Check to verify policies are followed.
Quality Control Check to verify free from defects.
Bottom-up approach for policy begins by defining operational-level requirements
development and policies which are derived and implemented as a
result of a risk assessment.
Chapter 3
OSI Model All People Seem To Need Dominos Pizza
Layer 7 - Application layer The application layer interfaces directly to and
performs common application services for the
application processes.
Layer 6 - Presentation layer The presentation layer relieves the Application layer
of concern regarding syntactical differences in data
representation within the end-user systems. MIME
encoding, data compression, encryption, and similar
manipulation of the presentation of data is done at
this layer.
Layer 5 - Session layer The session layer provides the mechanism for
managing the dialogue between end-user
application processes (By dialog we mean that
whose turn is it to transmit). It provides for either
duplex or half-duplex operation. This layer is
responsible for setting up and tearing down TCP/IP
sessions.
