CISA EXAM Questions and Answers
Chapter 1
Source code - answeruncompiled, archive code
Object code - answercompiled code that is distributed and put into production; not able to be
read by humans
Inherent risk - answerthe risk that an error could occur assuming no compensating control
exist
...
Object code - answer✔✔compiled code that is distributed and put into production; not able to be
read by humans
Inherent risk - answer✔✔the risk that an error could occur assuming no compensating control
exist
Control risk - answer✔✔the risk that an error exists that would not be prevented by internal
controls
Detection risk - answer✔✔the risk that an error exists, but is not detected. The risk that an IS
auditor may use an inadequate test procedure and conclude that no material error exists when in
fact errors do exist.
Audit risk - answer✔✔the overall level of risk; the level of risk the auditor is prepared to accept.
Compliance testing - answer✔✔determines if controls are being applied in a manner that
complies with mgmt's policies and procedures
Substantive testing - answer✔✔evaluates the integrity of individual transactions, data, and other
information.
Regression testing - answer✔✔used to retest earlier program abends that occurred during the
initial testing phase.
Sociability testing - answer✔✔to ensure the application works as expected in the specified
environment where other applications run concurrently. Includes testing of interfaces with other
systems.
Parallel testing - answer✔✔Feeding test data into two systems and comparing the results.
White box testing - answer✔✔test the software's program logic.
Black box testing - answer✔✔Testing the functional operating effectiveness without regard to
internal program structure.
Redundancy check - answer✔✔detects transmission errors by appending calculated bits onto the
end of each segment of data.
Variable sampling - answer✔✔used to estimate the average or total value of a population.
Discovery sampling - answer✔✔used to determine the probability of finding an attribute in a
population.
Attribute sampling - answer✔✔selecting items from a population based on a common attribute.
Used for compliance testing.
Chapter 2 - answer✔✔
Steering Committee - answer✔✔Appointed by senior management. Serves as a general review
board for projects and acquisitions... not involved in routine operations. The committee should
include representatives from senior management, user management, and the IS department.
Escalates issues to senior management.
Request for Proposal (RFP) - answer✔✔A document distributed to software vendors requesting
their submission of a proposal to develop or provide a software product. RFP should include:
Project Overview, Key Requirements and Constraints, Scope Limitations, Vendor questionnaire,
customer references, demonstrations, etc.
Quality Assurance - answer✔✔Check to verify policies are followed.
Quality Control - answer✔✔Check to verify free from defects.
Bottom-up approach for policy development - answer✔✔begins by defining operational-level
requirements and policies which are derived and implemented as a result of a risk assessment.
Chapter 3 - answer✔✔
OSI Model - answer✔✔All People Seem To Need Dominos Pizza
Layer 7 - Application layer - answer✔✔The application layer interfaces directly to and performs
common application services for the application processes.
Layer 6 - Presentation layer - answer✔✔The presentation layer relieves the Application layer of
concern regarding syntactical differences in data representation within the end-user systems.
MIME encoding, data compression, encryption, and similar manipulation of the presentation of
data is done at this layer.
Layer 5 - Session layer - answer✔✔The session layer provides the mechanism for managing the
dialogue between end-user application processes (By dialog we mean that whose turn is it to
transmit). It provides for either duplex or half-duplex operation. This layer is responsible for
setting up and tearing down TCP/IP sessions.
Layer 4 - Transport layer - answer✔✔The transport layer is responsible for reliable data
delivery. The transport layer provides transparent transfer of data between end users, thus
relieving the upper layers from any concern with providing reliable and cost-effective data
transfer. The transport layer controls the reliability of a given link. The transport layer can keep
track of packets and retransmit those that fail. Also addresses packet sequencing. The best known
example of a layer 4 protocol is TCP.
Layer 3 - Network layer - answer✔✔The network layer provides the functional and procedural
means of transferring variable length data sequences from a source to a destination via one or
more networks while maintaining the quality of service requested by the Transport layer. The
Network layer performs network routing, flow control, segmentation/desegmentation, and error
control functions. Routers operate at this layer -- sending data throughout the extended network
Layer 2 - Data link layer - answer✔✔The data link layer provides the functional and procedural
means to transfer data between network entities and to detect and possibly correct errors that
may occur in the Physical layer. The addressing scheme is physical which means that the
addresses (MAC address) are hard-coded into the network cards at the time of manufacture. The
addressing scheme is flat. Note: The best known example of this is Ethernet.
Layer 1 - Physical layer - answer✔✔The physical layer defines all electrical and physical
specifications for devices. This includes the layout of pins, voltages, and cable specifications.
Hubs and repeaters are physical-layer devices.
Metadata - answer✔✔is literally "data about data." This term refers to information about data
itself -- perhaps the origin, size, formatting or other characteristics of a data item.
Primary key - answer✔✔Every database table should have one or more columns designated as
the primary key. The value this key holds should be unique for each record in the database (e.g.
Social Security number).
Foreign key - answer✔✔These keys are used to create relationships between tables.
Referential integrity constraints - answer✔✔ensure that a change in a primary key of one table is
automatically updated in a matching foreign key of other tables. This is done using triggers.
Normalization - answer✔✔The elimination of redundant data.
Tuple - answer✔✔row in a table
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
