CISA EXAM
Chapter 1 - Answer
Source code - Answer uncompiled, archive code
Object code - Answer compiled code that is distributed and put into production; not able
to be read by humans
Inherent risk - Answer the risk that an error could occur assuming no compensating
control exist
Control risk - Answer the risk that an error exists that would not be prevented by internal
controls
Detection risk - Answer the risk that an error exists, but is not detected. The risk that an
IS auditor may use an inadequate test procedure and conclude that no material error
exists when in fact errors do exist.
Audit risk - Answer the overall level of risk; the level of risk the auditor is prepared to
accept.
Compliance testing - Answer determines if controls are being applied in a manner that
complies with mgmt's policies and procedures
Substantive testing - Answer evaluates the integrity of individual transactions, data, and
other information.
Regression testing - Answer used to retest earlier program abends that occurred during
the initial testing phase.
Sociability testing - Answer to ensure the application works as expected in the specified
environment where other applications run concurrently. Includes testing of interfaces
with other systems.
Parallel testing - Answer Feeding test data into two systems and comparing the results.
White box testing - Answer test the software's program logic.
Black box testing - Answer Testing the functional operating effectiveness without regard
to internal program structure.
Redundancy check - Answer detects transmission errors by appending calculated bits
onto the end of each segment of data.
,Variable sampling - Answer used to estimate the average or total value of a population.
Discovery sampling - Answer used to determine the probability of finding an attribute in
a population.
Attribute sampling - Answer selecting items from a population based on a common
attribute. Used for compliance testing.
Chapter 2 - Answer
Steering Committee - Answer Appointed by senior management. Serves as a general
review board for projects and acquisitions... not involved in routine operations. The
committee should include representatives from senior management, user management,
and the IS department. Escalates issues to senior management.
Request for Proposal (RFP) - Answer A document distributed to software vendors
requesting their submission of a proposal to develop or provide a software product. RFP
should include: Project Overview, Key Requirements and Constraints, Scope
Limitations, Vendor questionnaire, customer references, demonstrations, etc.
Quality Assurance - Answer Check to verify policies are followed.
Quality Control - Answer Check to verify free from defects.
Bottom-up approach for policy development - Answer begins by defining operational-
level requirements and policies which are derived and implemented as a result of a risk
assessment.
Chapter 3 - Answer
OSI Model - Answer All People Seem To Need Dominos Pizza
Layer 7 - Application layer - Answer The application layer interfaces directly to and
performs common application services for the application processes.
Layer 6 - Presentation layer - Answer The presentation layer relieves the Application
layer of concern regarding syntactical differences in data representation within the end-
user systems. MIME encoding, data compression, encryption, and similar manipulation
of the presentation of data is done at this layer.
Layer 5 - Session layer - Answer The session layer provides the mechanism for
managing the dialogue between end-user application processes (By dialog we mean
that whose turn is it to transmit). It provides for either duplex or half-duplex operation.
This layer is responsible for setting up and tearing down TCP/IP sessions.
, Layer 4 - Transport layer - Answer The transport layer is responsible for reliable data
delivery. The transport layer provides transparent transfer of data between end users,
thus relieving the upper layers from any concern with providing reliable and cost-
effective data transfer. The transport layer controls the reliability of a given link. The
transport layer can keep track of packets and retransmit those that fail. Also addresses
packet sequencing. The best known example of a layer 4 protocol is TCP.
Layer 3 - Network layer - Answer The network layer provides the functional and
procedural means of transferring variable length data sequences from a source to a
destination via one or more networks while maintaining the quality of service requested
by the Transport layer. The Network layer performs network routing, flow control,
segmentation/desegmentation, and error control functions. Routers operate at this layer
-- sending data throughout the extended network
Layer 2 - Data link layer - Answer The data link layer provides the functional and
procedural means to transfer data between network entities and to detect and possibly
correct errors that may occur in the Physical layer. The addressing scheme is physical
which means that the addresses (MAC address) are hard-coded into the network cards
at the time of manufacture. The addressing scheme is flat. Note: The best known
example of this is Ethernet.
Layer 1 - Physical layer - Answer The physical layer defines all electrical and physical
specifications for devices. This includes the layout of pins, voltages, and cable
specifications. Hubs and repeaters are physical-layer devices.
Metadata - Answer is literally "data about data." This term refers to information about
data itself -- perhaps the origin, size, formatting or other characteristics of a data item.
Primary key - Answer Every database table should have one or more columns
designated as the primary key. The value this key holds should be unique for each
record in the database (e.g. Social Security number).
Foreign key - Answer These keys are used to create relationships between tables.
Referential integrity constraints - Answer ensure that a change in a primary key of one
table is automatically updated in a matching foreign key of other tables. This is done
using triggers.
Normalization - Answer The elimination of redundant data.
Tuple - Answer row in a table
Dangling Tuple - Answer row in a table that has lost referential integrity
DDL - Data Definition Language - Answer used for setup an removal phases, defines db
structure
Chapter 1 - Answer
Source code - Answer uncompiled, archive code
Object code - Answer compiled code that is distributed and put into production; not able
to be read by humans
Inherent risk - Answer the risk that an error could occur assuming no compensating
control exist
Control risk - Answer the risk that an error exists that would not be prevented by internal
controls
Detection risk - Answer the risk that an error exists, but is not detected. The risk that an
IS auditor may use an inadequate test procedure and conclude that no material error
exists when in fact errors do exist.
Audit risk - Answer the overall level of risk; the level of risk the auditor is prepared to
accept.
Compliance testing - Answer determines if controls are being applied in a manner that
complies with mgmt's policies and procedures
Substantive testing - Answer evaluates the integrity of individual transactions, data, and
other information.
Regression testing - Answer used to retest earlier program abends that occurred during
the initial testing phase.
Sociability testing - Answer to ensure the application works as expected in the specified
environment where other applications run concurrently. Includes testing of interfaces
with other systems.
Parallel testing - Answer Feeding test data into two systems and comparing the results.
White box testing - Answer test the software's program logic.
Black box testing - Answer Testing the functional operating effectiveness without regard
to internal program structure.
Redundancy check - Answer detects transmission errors by appending calculated bits
onto the end of each segment of data.
,Variable sampling - Answer used to estimate the average or total value of a population.
Discovery sampling - Answer used to determine the probability of finding an attribute in
a population.
Attribute sampling - Answer selecting items from a population based on a common
attribute. Used for compliance testing.
Chapter 2 - Answer
Steering Committee - Answer Appointed by senior management. Serves as a general
review board for projects and acquisitions... not involved in routine operations. The
committee should include representatives from senior management, user management,
and the IS department. Escalates issues to senior management.
Request for Proposal (RFP) - Answer A document distributed to software vendors
requesting their submission of a proposal to develop or provide a software product. RFP
should include: Project Overview, Key Requirements and Constraints, Scope
Limitations, Vendor questionnaire, customer references, demonstrations, etc.
Quality Assurance - Answer Check to verify policies are followed.
Quality Control - Answer Check to verify free from defects.
Bottom-up approach for policy development - Answer begins by defining operational-
level requirements and policies which are derived and implemented as a result of a risk
assessment.
Chapter 3 - Answer
OSI Model - Answer All People Seem To Need Dominos Pizza
Layer 7 - Application layer - Answer The application layer interfaces directly to and
performs common application services for the application processes.
Layer 6 - Presentation layer - Answer The presentation layer relieves the Application
layer of concern regarding syntactical differences in data representation within the end-
user systems. MIME encoding, data compression, encryption, and similar manipulation
of the presentation of data is done at this layer.
Layer 5 - Session layer - Answer The session layer provides the mechanism for
managing the dialogue between end-user application processes (By dialog we mean
that whose turn is it to transmit). It provides for either duplex or half-duplex operation.
This layer is responsible for setting up and tearing down TCP/IP sessions.
, Layer 4 - Transport layer - Answer The transport layer is responsible for reliable data
delivery. The transport layer provides transparent transfer of data between end users,
thus relieving the upper layers from any concern with providing reliable and cost-
effective data transfer. The transport layer controls the reliability of a given link. The
transport layer can keep track of packets and retransmit those that fail. Also addresses
packet sequencing. The best known example of a layer 4 protocol is TCP.
Layer 3 - Network layer - Answer The network layer provides the functional and
procedural means of transferring variable length data sequences from a source to a
destination via one or more networks while maintaining the quality of service requested
by the Transport layer. The Network layer performs network routing, flow control,
segmentation/desegmentation, and error control functions. Routers operate at this layer
-- sending data throughout the extended network
Layer 2 - Data link layer - Answer The data link layer provides the functional and
procedural means to transfer data between network entities and to detect and possibly
correct errors that may occur in the Physical layer. The addressing scheme is physical
which means that the addresses (MAC address) are hard-coded into the network cards
at the time of manufacture. The addressing scheme is flat. Note: The best known
example of this is Ethernet.
Layer 1 - Physical layer - Answer The physical layer defines all electrical and physical
specifications for devices. This includes the layout of pins, voltages, and cable
specifications. Hubs and repeaters are physical-layer devices.
Metadata - Answer is literally "data about data." This term refers to information about
data itself -- perhaps the origin, size, formatting or other characteristics of a data item.
Primary key - Answer Every database table should have one or more columns
designated as the primary key. The value this key holds should be unique for each
record in the database (e.g. Social Security number).
Foreign key - Answer These keys are used to create relationships between tables.
Referential integrity constraints - Answer ensure that a change in a primary key of one
table is automatically updated in a matching foreign key of other tables. This is done
using triggers.
Normalization - Answer The elimination of redundant data.
Tuple - Answer row in a table
Dangling Tuple - Answer row in a table that has lost referential integrity
DDL - Data Definition Language - Answer used for setup an removal phases, defines db
structure
