CISA 2025
2025/2026
Exam Prep Material
with
Verified Questions and Answers
A+ Grades Guarantee
,Chapter 1
Source code uncompiled, archive code
compiled code that is distributed and put into production; not able to be
Object code read by humans
the risk that an error could occur assuming no compensating control exist
Inherent risk
the risk that an error exists that would not be prevented by internal
Control risk controls
the risk that an error exists, but is not detected. The risk that an IS auditor
may use an inadequate test procedure and conclude that no material error
Detection risk exists when in fact errors do exist.
the overall level of risk; the level of risk the auditor is prepared to accept.
Audit risk
determines if controls are being applied in a manner that complies with
Compliance testing mgmt's policies and procedures
evaluates the integrity of individual transactions, data, and other
Substantive testing information.
used to retest earlier program abends that occurred during the initial
Regression testing testing phase.
to ensure the application works as expected in the specified environment
where other applications run concurrently. Includes testing of interfaces
Sociability testing with other systems.
Parallel testing Feeding test data into two systems and comparing the results.
White box testing test the software's program logic.
Testing the functional operating effectiveness without regard to internal
Black box testing program structure.
detects transmission errors by appending calculated bits onto the end of
Redundancy check each segment of data.
Variable sampling used to estimate the average or total value of a population.
used to determine the probability of finding an attribute in a population.
Discovery sampling
selecting items from a population based on a common attribute. Used for
Attribute sampling compliance testing.
Chapter 2
, Appointed by senior management. Serves as a general review board for
projects and acquisitions... not involved in routine operations. The
committee should include representatives from senior management, user
Steering Committee management, and the IS department. Escalates issues to senior
management.
A document distributed to software vendors requesting their submission
of a proposal to develop or provide a software product. RFP should
include: Project Overview, Key Requirements and Constraints, Scope
Request for Proposal (RFP) Limitations, Vendor questionnaire, customer references, demonstrations,
etc.
Quality Assurance Check to verify policies are followed.
Quality Control Check to verify free from defects.
begins by defining operational-level requirements and policies which are
Bottom-up approach for policy derived and implemented as a result of a risk assessment.
development
Chapter 3
OSI Model All People Seem To Need Dominos Pizza
The application layer interfaces directly to and performs common
Layer 7 - Application layer application services for the application processes.
The presentation layer relieves the Application layer of concern regarding
syntactical differences in data representation within the end-user systems.
MIME encoding, data compression, encryption, and similar manipulation
Layer 6 - Presentation layer of the presentation of data is done at this layer.
The session layer provides the mechanism for managing the dialogue
between end-user application processes (By dialog we mean that whose
turn is it to transmit). It provides for either duplex or half-duplex
Layer 5 - Session layer operation. This layer is responsible for setting up and tearing down
TCP/IP sessions.
The transport layer is responsible for reliable data delivery. The transport
layer provides transparent transfer of data between end users, thus
relieving the upper layers from any concern with providing reliable and
cost-effective data transfer. The transport layer controls the reliability of a
given link. The transport layer can keep track of packets and retransmit
Layer 4 - Transport layer those that fail. Also addresses packet sequencing. The best known
example of a layer 4 protocol is TCP.
2025/2026
Exam Prep Material
with
Verified Questions and Answers
A+ Grades Guarantee
,Chapter 1
Source code uncompiled, archive code
compiled code that is distributed and put into production; not able to be
Object code read by humans
the risk that an error could occur assuming no compensating control exist
Inherent risk
the risk that an error exists that would not be prevented by internal
Control risk controls
the risk that an error exists, but is not detected. The risk that an IS auditor
may use an inadequate test procedure and conclude that no material error
Detection risk exists when in fact errors do exist.
the overall level of risk; the level of risk the auditor is prepared to accept.
Audit risk
determines if controls are being applied in a manner that complies with
Compliance testing mgmt's policies and procedures
evaluates the integrity of individual transactions, data, and other
Substantive testing information.
used to retest earlier program abends that occurred during the initial
Regression testing testing phase.
to ensure the application works as expected in the specified environment
where other applications run concurrently. Includes testing of interfaces
Sociability testing with other systems.
Parallel testing Feeding test data into two systems and comparing the results.
White box testing test the software's program logic.
Testing the functional operating effectiveness without regard to internal
Black box testing program structure.
detects transmission errors by appending calculated bits onto the end of
Redundancy check each segment of data.
Variable sampling used to estimate the average or total value of a population.
used to determine the probability of finding an attribute in a population.
Discovery sampling
selecting items from a population based on a common attribute. Used for
Attribute sampling compliance testing.
Chapter 2
, Appointed by senior management. Serves as a general review board for
projects and acquisitions... not involved in routine operations. The
committee should include representatives from senior management, user
Steering Committee management, and the IS department. Escalates issues to senior
management.
A document distributed to software vendors requesting their submission
of a proposal to develop or provide a software product. RFP should
include: Project Overview, Key Requirements and Constraints, Scope
Request for Proposal (RFP) Limitations, Vendor questionnaire, customer references, demonstrations,
etc.
Quality Assurance Check to verify policies are followed.
Quality Control Check to verify free from defects.
begins by defining operational-level requirements and policies which are
Bottom-up approach for policy derived and implemented as a result of a risk assessment.
development
Chapter 3
OSI Model All People Seem To Need Dominos Pizza
The application layer interfaces directly to and performs common
Layer 7 - Application layer application services for the application processes.
The presentation layer relieves the Application layer of concern regarding
syntactical differences in data representation within the end-user systems.
MIME encoding, data compression, encryption, and similar manipulation
Layer 6 - Presentation layer of the presentation of data is done at this layer.
The session layer provides the mechanism for managing the dialogue
between end-user application processes (By dialog we mean that whose
turn is it to transmit). It provides for either duplex or half-duplex
Layer 5 - Session layer operation. This layer is responsible for setting up and tearing down
TCP/IP sessions.
The transport layer is responsible for reliable data delivery. The transport
layer provides transparent transfer of data between end users, thus
relieving the upper layers from any concern with providing reliable and
cost-effective data transfer. The transport layer controls the reliability of a
given link. The transport layer can keep track of packets and retransmit
Layer 4 - Transport layer those that fail. Also addresses packet sequencing. The best known
example of a layer 4 protocol is TCP.
