CISA EXAM QUESTIONS AND ANSWERS FOR A+
SCORE!!!
1. Chapter 1
2. Source code uncompiled, archive code
3. Object code compiled code that is distributed and put into production; not able
to be read by humans
4. Inherent risk the risk that an error could occur assuming no compensating control ex
5. Control risk the risk that an error exists that would not be prevented by internal
controls
6. Detection risk the risk that an error exists, but is not detected. The risk that an IS
auditor may use an inadequate test procedure and conclude that no
material error exists when in fact errors do exist.
7. Audit risk the overall level of risk; the level of risk the auditor is prepared to accept
8. Compliance determines if controls are being applied in a manner that complies with
test- ing mgmt's policies and procedures
9. Substantive evaluates the integrity of individual transactions, data, and other
test- ing information.
10. Regression
test- ing used to retest earlier program abends that occurred during the initial
testing phase.
11. Sociability
test- ing to ensure the application works as expected in the specified
environment where other applications run concurrently. Includes
testing of interfaces with other systems.
12. Parallel testing Feeding test data into two systems and comparing the results.
13. White box testing test the software's program logic.
14. Black box testing
, CISA EXAM QUESTIONS AND ANSWERS FOR A+
SCORE!!!
Testing the functional operating ettectiveness without regard to internal
program structure.
15. Redundanc detects transmission errors by appending calculated bits onto the end of each
y check segment of data.
16. Variable used to estimate the average or total value of a population.
sam- pling
17. Discovery used to determine the probability of finding an attribute in a population.
sam- pling
18. Attribute selecting items from a population based on a common attribute. Used for
sam- pling com- pliance testing.
19. Chapter 2
20. Steering Appointed by senior management. Serves as a general review board for
Com- mittee projects and acquisitions... not involved in routine operations. The
committee should include representatives from senior management,
user management, and the IS department. Escalates issues to senior
management.
21. Request for
A document distributed to software vendors requesting their submission of a
Pro- posal
proposal to develop or provide a software product. RFP should include:
(RFP)
Project Overview, Key Requirements and Constraints, Scope Limitations,
Vendor ques- tionnaire, customer references, demonstrations, etc.
Check to verify policies are followed.
22. Quality
Assur- ance
23. Quality Control Check to verify free from defects.
24. begins by defining operational-level requirements and policies which
are derived and implemented as a result of a risk assessment.
, CISA EXAM QUESTIONS AND ANSWERS FOR A+
SCORE!!!
Bottom-up ap-
proach for
policy
development
25. Chapter 3
26. OSI Model All People Seem To Need Dominos Pizza
27. Layer 7 - The application layer interfaces directly to and performs common
Applica- tion application services for the application processes.
layer
The presentation layer relieves the Application layer of concern
28. Layer 6 - regarding syntacti- cal ditterences in data representation within the end-
Presen- tation user systems. MIME encod- ing, data compression, encryption, and
layer similar manipulation of the presentation of data is done at this
layer.
The session layer provides the mechanism for managing the dialogue
29. Layer 5 - between end-user application processes (By dialog we mean that
Session layer whose turn is it to transmit). It provides for either duplex or half-
duplex operation. This layer is responsible for setting up and tearing
down TCP/IP sessions.
30. Layer 4 - The transport layer is responsible for reliable data delivery. The transpor
Trans- port layer provides transparent transfer of data between end users, thus
layer relieving the upper layers from any concern with providing reliable and
cost-ettective data transfer.
The transport layer controls the reliability of a given link. The
transport layer can keep track of packets and retransmit those that
fail. Also addresses packet sequencing. The best known example of a
layer 4 protocol is TCP.
31. Layer 3 - Network The network layer provides the functional and procedural means of
transferring
, CISA EXAM QUESTIONS AND ANSWERS FOR A+
SCORE!!!
layer variable length data sequences from a source to a destination via one or
more networks while maintaining the quality of service requested by
the Transport layer. The Network layer performs network routing, flow
control, segmentation/deseg-
SCORE!!!
1. Chapter 1
2. Source code uncompiled, archive code
3. Object code compiled code that is distributed and put into production; not able
to be read by humans
4. Inherent risk the risk that an error could occur assuming no compensating control ex
5. Control risk the risk that an error exists that would not be prevented by internal
controls
6. Detection risk the risk that an error exists, but is not detected. The risk that an IS
auditor may use an inadequate test procedure and conclude that no
material error exists when in fact errors do exist.
7. Audit risk the overall level of risk; the level of risk the auditor is prepared to accept
8. Compliance determines if controls are being applied in a manner that complies with
test- ing mgmt's policies and procedures
9. Substantive evaluates the integrity of individual transactions, data, and other
test- ing information.
10. Regression
test- ing used to retest earlier program abends that occurred during the initial
testing phase.
11. Sociability
test- ing to ensure the application works as expected in the specified
environment where other applications run concurrently. Includes
testing of interfaces with other systems.
12. Parallel testing Feeding test data into two systems and comparing the results.
13. White box testing test the software's program logic.
14. Black box testing
, CISA EXAM QUESTIONS AND ANSWERS FOR A+
SCORE!!!
Testing the functional operating ettectiveness without regard to internal
program structure.
15. Redundanc detects transmission errors by appending calculated bits onto the end of each
y check segment of data.
16. Variable used to estimate the average or total value of a population.
sam- pling
17. Discovery used to determine the probability of finding an attribute in a population.
sam- pling
18. Attribute selecting items from a population based on a common attribute. Used for
sam- pling com- pliance testing.
19. Chapter 2
20. Steering Appointed by senior management. Serves as a general review board for
Com- mittee projects and acquisitions... not involved in routine operations. The
committee should include representatives from senior management,
user management, and the IS department. Escalates issues to senior
management.
21. Request for
A document distributed to software vendors requesting their submission of a
Pro- posal
proposal to develop or provide a software product. RFP should include:
(RFP)
Project Overview, Key Requirements and Constraints, Scope Limitations,
Vendor ques- tionnaire, customer references, demonstrations, etc.
Check to verify policies are followed.
22. Quality
Assur- ance
23. Quality Control Check to verify free from defects.
24. begins by defining operational-level requirements and policies which
are derived and implemented as a result of a risk assessment.
, CISA EXAM QUESTIONS AND ANSWERS FOR A+
SCORE!!!
Bottom-up ap-
proach for
policy
development
25. Chapter 3
26. OSI Model All People Seem To Need Dominos Pizza
27. Layer 7 - The application layer interfaces directly to and performs common
Applica- tion application services for the application processes.
layer
The presentation layer relieves the Application layer of concern
28. Layer 6 - regarding syntacti- cal ditterences in data representation within the end-
Presen- tation user systems. MIME encod- ing, data compression, encryption, and
layer similar manipulation of the presentation of data is done at this
layer.
The session layer provides the mechanism for managing the dialogue
29. Layer 5 - between end-user application processes (By dialog we mean that
Session layer whose turn is it to transmit). It provides for either duplex or half-
duplex operation. This layer is responsible for setting up and tearing
down TCP/IP sessions.
30. Layer 4 - The transport layer is responsible for reliable data delivery. The transpor
Trans- port layer provides transparent transfer of data between end users, thus
layer relieving the upper layers from any concern with providing reliable and
cost-ettective data transfer.
The transport layer controls the reliability of a given link. The
transport layer can keep track of packets and retransmit those that
fail. Also addresses packet sequencing. The best known example of a
layer 4 protocol is TCP.
31. Layer 3 - Network The network layer provides the functional and procedural means of
transferring
, CISA EXAM QUESTIONS AND ANSWERS FOR A+
SCORE!!!
layer variable length data sequences from a source to a destination via one or
more networks while maintaining the quality of service requested by
the Transport layer. The Network layer performs network routing, flow
control, segmentation/deseg-
