Domain 3- Controls for IS

Question 1

migrating from a legacy system to an enterprise resource planning (ERP) system

Answer 1

correlation of semantic characteristics of the data migrated between the two systems (data schema)

Question 2

live transactions in test data

Answer 2

Test data will be representative of live processing; however, it is important that all sensitive information in the live transaction file is sanitized to prevent improper data disclosure.

Question 3

program logic definitions

Answer 3

Mapping identifies specific program logic that has not been tested and analyzes programs during execution to indicate whether program statements have been executed.

Question 4

System Testing

Answer 4

System testing is undertaken by the development team to determine if the combined units of software work together and that the software meets user requirements per specifications. A failure here would be expensive but easier to fix than a failure found later in the testing process.

Question 5

Integration testing

Answer 5

Integration testing examines the units/modules as one integrated system and unit testing examines the individual units or components of the software. A failure here would be expensive and require re-work of the modules, but would not be as expensive as a problem found just prior to implementation.

Question 6

cryptographic hashing algorithm and checksum

Answer 6

data integrity

Question 7

Error Reports

Answer 7

System Testing Phase

Question 8

business process reengineering (BPR) project

Answer 8

inclusion of the key controls and verify that the controls are in place before implementing the new process.

Question 9

stress testing

Answer 9

Stress testing is carried out to ensure that a system can cope with production workloads. Testing with production level workloads is important to ensure that the system will operate effectively when moved into production.

Question 10

quality of data in a data warehouse?

Answer 10

Accuracy of source data

Question 11

production data for testing

Answer 11

Senior IS and business management must approve use before production data can be utilized for testing.

Question 12

object-oriented design and development techniques

Answer 12

one of the major benefits of object-oriented design and development is the ability to reuse modules.

Question 13

sociability testing

Answer 13

KEY WORDS: can operate in its target environment without adversely impacting existing systems.

Question 14

waterfall life cycle model

Answer 14

stable conditions and well-defined requirements.

Question 15

availability and confidentiality of the web application in production

Answer 15

The most important control to test in this configuration is the server configuration hardening

Question 16

bottom-up approach to software testing

Answer 16

testing of atomic units, such as programs and modules, and works upward until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that errors in critical modules are found earlier.

Question 17

top down approach to software testing

Answer 17

interface errors are detected early and that testing of major functions is conducted early.

Question 18

Atomicity vs. Durability

Answer 18

C. The principle of atomicity requires that a transaction be completed in its entirety or not at all. If an error or interruption occurs, all changes made up to that point are backed out.

D. Durability ensures that, when a transaction has been reported back to a user as complete, the resultant changes to the database will survive subsequent hardware or software failures.

Question 19

Functionality

Answer 19

Functionality is the set of attributes that bears on the existence of a set of functions and their specified properties. The functionality of a system represents the tasks, operations and purpose of the system in achieving its objective.

Question 20

portability.

Answer 20

The ability of the software to be transferred from one environment to another refers to portability.

Question 21

Quality of the metadata

Answer 21

most important element in the design of a data warehouse

Question 22

data warehouse

Answer 22

used for analysis and research,

Question 23

advantage of prototyping

Answer 23

Prototype systems can provide significant time and cost savings through better user interaction and the ability to rapidly adapt to changing requirements; however, they also have several disadvantages, including loss of overall security focus, project oversight and implementation of a prototype that is not yet ready for production.

Question 24

functional acknowledgments

Answer 24

main controls used in data mapping- Acting as an audit trail for electronic data interchange (EDI) transactions

Question 25

electronic data interchange (EDI) environment

Answer 25

Because the interaction between parties is electronic, there is no inherent authentication occurring; therefore, transaction authorization is the greatest risk.

Question 26

Check Digit

Answer 26

Transposition

Question 27

checksum

Answer 27

A checksum calculated on an amount field and included in the electronic data interchange (EDI) communication can be used to identify unauthorized modifications.

Question 28

EDI Authenticity

Answer 28

C. An electronic data interchange (EDI) system is subject not only to the usual risk exposures of computer systems but also to those arising from the potential ineffectiveness of controls on the part of the trading partner and the third-party service provider, making authentication of users and messages a major security concern.

Question 29

RAD

Answer 29

The greatest advantage and core objective of RAD is a shorter time frame for the development of a system.

Question 30

tracing and tagging

Answer 30

system testing:

Question 31

buffer overflow.

Answer 31

Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques.

Question 32

agile software development methodology

Answer 32

an iterative process where each iteration or “sprint” produces functional code. If a development team was producing code for demonstration purposes, this would be an issue because the following iterations of the project build on the code developed in the prior sprint.

Question 33

online electronic funds transfer (EFT) reconciliation procedures

Answer 33

Tracing is a transaction reconciliation effort that involves following the transaction from the original source to its final destination. In electronic funds transfer (EFT) transactions, the direction on tracing may start from the customer-printed copy of the receipt, checking the system audit trails and logs, and finally checking the master file records for daily transactions.

Question 34

Automated systems balancing

Answer 34

Automated systems balancing would be the best way to ensure that no transactions are lost as any imbalance between total inputs and total outputs would be reported for investigation and correction.

Question 35

Program coding standards

Answer 35

are required for efficient program maintenance and modifications.

Question 36

Integration testing

Answer 36

Integration testing evaluates the connection of two or more components that pass information from one area to another. The objective is to utilize unit-tested modules, thus building an integrated structure according to the design.

Question 37

Systems Testing

Answer 37

System testing relates a series of tests by the test team or system maintenance staff to ensure that the modified program interacts correctly with other components. System testing references the functional requirements of the system.