Domain 4 - IS Operation Management

Question 1

What is the use of calculating hash sums?

Answer 1

Calculating hash sums of applications can be useful since doing so provides a quick method to test for future unauthorized application code modifications

Question 2

What does “Online Monitor Reports” provide?

Answer 2

Online monitor reports provide a measure of telecommunication transmissions & determines whether transmissions are completed accurately

Question 3

Best practice to effectively detect the loading of illegal software packages onto a network?

Answer 3

Periodic checking of hard drives

Question 4

In DBMS, what is “Normalization”?

Answer 4

Normalization is a database design technique used to minimize redundancy & dependence in a database. The goal is to ensure data is organized in a way that minimizes data duplication which can lead to data inconsistencies & errors.

As such, “De-normalization” would increase data redundancy while “Normalization” decreases data redundancy.

Question 5

Where should error codes & its recovery actions are found?

Answer 5

It is in application run manuals

Question 6

What controls provides the greatest assurance of database integrity?

Answer 6

Performing table link/reference checks serves to detect table linking errors (such as completeness and accuracy of the contents of the database), and thus provides the greatest assurance of database integrity.

Question 7

What does “enforcing referential integrity of foreign keys” prevents?

Answer 7

It prevents the deletion of customer record if the record is associated with linked order records in a related database

Question 8

“Repeater” operates in which OSI layer?

Answer 8

Physical Layer (OSI Layer 1).

It is a networking device used to extend the distance of a network. A repeater receives a weak or damaged network signal, amplifies it, and then retransmits the signal to extend the network’s overall reach.

Question 9

“Hub” operates in which OSI layer?

Answer 9

Physical Layer (OSI Layer 1).

A hub receives data from one device and then retransmits the data to all other devices connected to it. This means that all devices connected to a hub can hear all data transmitted over the network.

Question 10

“Bridge” operates in which OSI layer?

Answer 10

Data Link Layer (OSI Layer 2).

A bridge reads the Media Access Control (MAC) addresses of the devices in the network, and it only passes data between network segments if the destination device is located on a different segment from the source device. This helps to control the flow of data within the network and reduces network congestion.

Question 11

“Switch” operates in which OSI layer?

Answer 11

Data Link Layer (OSI Layer 2)

Similar functionality as bridge but has more advanced features, such as virtual LANs (VLANs), Quality of Service (QoS), and advanced security features. Switches also typically have higher port density, allowing more devices to be connected to the network.

Question 12

What is main function of “Quality of Service (QoS)” as found in switches?

Answer 12

Prioritize different types of network traffic and ensure that critical applications receive the necessary bandwidth and processing resources they require.

As such, main function of QoS is to optimize network performance by assigning priority to business applications & end users through the allocation of dedicated parts of the bandwidth to specific traffic.

This prevents network congestion, improve network efficiency, and ensure that network resources are used optimally.

Question 13

Referential integrity characteristics

Answer 13

1) Ensures no record refers to a primary keys of a non-existing record, or null value
2) Is a data integrity principle that supports achieving faster performance/ execution in a database application
3) Prevents dangling tuples (record) in a database
4) Ensures that data are updated through triggers

Question 14

When migrating an application program from test to production environment, best practice is?

Answer 14

Have the production control group copy the source program to the production libraries & then compile the program

Question 15

Should a database administrator be allowed to patch or upgrade the operating system?

Answer 15

A database administrator should NOT be allowed to patch or upgrade the operating system since the function should be performed by a separate system administrator

Question 16

What does OSI Transport Layer addresses?

Answer 16

The OSI Transport Layer addresses out-of-sequence messages through segment sequencing

Question 17

What is the 7 layers of OSI model?

Answer 17

1) Layer 1 - Physical
2) Layer 2 - Data Link
3) Layer 3 - Network
4) Layer 4 - Transport
5) Layer 5 - Session
6) Layer 6 - Presentation
7) Layer 7 - Application

Question 18

Which network topology is subject to single point of failure?

Answer 18

1) Bus topology physical layout is subject to total loss if one device, the serial bus media itself fails

2) Star topology can fail if the central hub or concentrator fails

Question 19

Which layer in OSI model best manage traffic congestion?

Answer 19

OSI Layer 4 - Transport

Question 20

Where does Bastion Host placed in a network?

Answer 20

Bastion Host directly connects to the untrusted network

Question 21

What is a Firewall?

Answer 21

Firewalls are primarily implemented as a security measure to prevent unauthorized traffic between different segments of the network

Question 22

What is a “Screened Host”?

Answer 22

Screened Host sits behind Bastion Host & is protected from direct exposure to the untrusted network (internet)

Question 23

What is “Screened Subnet”?

Answer 23

Screened Subnet is an entire subnet of screened hosts. This is often the location for DMZ

Question 24

The most critical element of SLA between organization & 3rd-party service provider is?

Answer 24

Stipulating how termination & transition of the contract or service is handled.

Also, the “right to audit”

Question 25

Installing an open-relay SMTP server exposes the organization to what risk?

Answer 25

Risk that the e-mail server will be used by unauthorized users to send spam

Question 26

Best security for a telecommunication network WAN connection is using?

Answer 26

Dedicated lines

Question 27

What is “Disk-to-disk” Backup?

Answer 27

Disk-to-disk backup (or disk-to-disk-to-tape backup or tape cache) is when primary backup is written to disk instead of tape. This backup can then be copied, cloned or migrated to tape at a later time.

This technology allows backup of data be performed without impacting system performance & allows large quantity of data to be backed up in a very short backup window.

In case of a failure, the fault-tolerant system can transfer immediately to other disk set.

Question 28

What is the steps to audit network configuration?

Answer 28

1) Determine importance of network devices within the topology
2) Ensure devices are deployed according to best practices
3) Identify missing network components & inappropriate use of network components

Question 29

The FIRST step in securing or hardening a database is?

Answer 29

Change all default configurations of system passwords & services

Question 30

What is Address Resolution Protocol (ARP)?

Answer 30

Address Resolution Protocol (ARP) provides dynamic address mapping between Network Layer IP address & a Data Link Layer MAC address

Question 31

What is the best practices for securing wireless network?

Answer 31

1) Enable strong encryption
2) Change Default Service Set ID (SSID)
3) Disable “broadcast SSID” on the Access Point
4) Physically locate the Access Point in the center of the building

Question 32

The first protocol layer to establish security for user application is?

Answer 32

OSI Layer 5 - Session

Question 33

IS Auditor’s primary concern when reviewing system parameters (configurations) are?

Answer 33

Whether they meet both security & performance requirements.

If parameters are not set according to business rules, monitoring of changes may not be an effective control.

Question 34

Purpose of code signing

Answer 34

Ensures that the executable code came from a reputable source and has not been modified after being signed.

Question 35

What is a Utilization Report?

Answer 35

It records the use of computer equipment & can be used by management to predict how, where &/or when resources are required.

Question 36

What does “system downtime log” provides?

Answer 36

It provides evidence regarding the effectiveness and adequacy of computer preventive maintenance programs.

The log is a detective control, but because it is validating the effectiveness of the maintenance program, it is validating a preventive control.

Question 37

What does Hardware error reports provide?

Answer 37

It provide information to aid in detecting hardware failures and initiating corrective action. These error reports may not indicate actual system uptime.

Question 38

What is the prerequisite for the quality of the data in a data warehouse?

Answer 38

Accuracy of source data.

This is because inaccurate source data will corrupt the integrity of the data in the data warehouse.

Question 39

What is the characteristic that is most directly affected by network monitoring?

Answer 39

Availability.

Because network monitoring tools allow observation of network performance and problems.

This allows administrator to take corrective action when network problems are observed.

Question 40

Purpose of data flow diagram

Answer 40

It is used as aids to graph or chart data flow and storage.

They trace data from their origination to destination, highlighting the paths and storage of data.

Question 41

What is the preventive control for out-of-range data?

Out-of-range data refers to data values that fall outside of an acceptable range for a specific field or attribute in a database.

Answer 41

Implementing integrity constraints. This is because data are checked against predefined tables or rules, preventing any undefined data from being entered.

Example of integrity constrains are:
1) “Primary key constraint” which ensures each record has unique identifier;
2) “Not null constraint” which specifies that column cannot have null value.

Question 42

What is Configuration Management?

Answer 42

1) It is widely accepted as one of the key components of any network because it establishes how the network will function internally and externally.

2) It deals with the management of configuration and monitoring performance.

3) It may also has automated tools that will provide an automated recording of software release baselines. Should the new release fail, the baseline will provide a return point.

Question 43

What is Change Management?

Answer 43

Change management ensures setup and management of the network is done properly, including managing changes to the configuration, removal of default passwords and possibly hardening the network by disabling unneeded services.

Question 44

What is topological mapping?

Answer 44

It outlines the components of the network and its connectivity.

This is important to address issues such as single points of failure and proper network isolation but is not the most critical component of network management.

Question 45

What does concurrency controls prevent?

Answer 45

It prevent data integrity problems, which can arise when two update processes access the same data item at the same time.

Question 46

Best method for preventing exploitation of system vulnerabilities is?

Answer 46

Patch Management

Question 47

What is the 2 modes in IPSec Protocol?

Answer 47

1) Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched

2) Tunnel mode encrypts both header & payload

Question 48

If unauthorized network monitoring & port scanning is detected, the proper response steps are?

Answer 48

1) Immediately isolate the affected network segment
2) Review IDS logs
3) Monitor the ongoing probe

Question 49

What is the FIRST response after suffering a denial-of-service (DOS) attack?

Answer 49

Assessing current system status should be the FIRST response after suffering a denial-of-service attack

Question 50

What is “Reference Monitor Concept”?

Answer 50

It checks each request by a subject (user process) to access & use an object (e.g. file, device, program) to ensure the request complies with security policy

Question 51

What should IS auditor assess when reviewing hardware maintenance program?

Answer 51

Whether the program is validated against vendor specifications

Question 52

Purpose of library control software?

Answer 52

The main objective of library control software is to provide assurance that program changes have been authorized.

It should be used to separate test from production libraries in mainframe and/or client server environments.

Question 53

In the context of data backup, what is “staging” & “Job setup”?

Answer 53

1) Staging refers to the process of copying data from the primary to secondary storage system for backup purposes. This typically involves moving data from a high-performance (e.g., disk) to a lower-cost, lower-performance storage system (e.g., tape).

2) Job setup refers to the process of configuring a backup job, which determines what data to backup, where to backup it, and how often to perform the backup.

Question 54

Why unchanged database default settings has greatest risk exposure?

Answer 54

1) It could allow issues such as blank user passwords or passwords that were the same as username.

2) It could also be easily compromised by malicious code and by intruders.

Question 55

Controls that best mitigate the risk of undetected & unauthorized program changes is?

Answer 55

Using hash keys, calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs.

Question 56

What is a system log?

Answer 56

Automated reports which identify most of the activities performed on computer.

It enables IS auditor carry out tests to ensure correct file version was used for production run by analyzing the log.

Question 57

What is End-User Computing (EUC) & its risks?

Answer 57

It is defined as the ability of end users to design and implement their own information system using computer software products.

End-user developed applications may not be subjected to an independent outside review by systems analysts and frequently are not created based on formal development methodology.

These applications may lack appropriate standards, controls, quality assurance procedures, and documentation. A risk of end-user applications is that management may rely on them as much as traditional applications.

Question 58

What is User Spool Limits?

Answer 58

It restrict the space available for running user queries.

This prevents poorly formed queries from consuming excessive system resources and impacting general query performance.

Limiting the space available to users in their own databases prevents them from building excessively large tables.

This helps to control space utilization which itself acts to help performance by maintaining a buffer between the actual data volume stored and the physical device capacity.

Additionally, it prevents users from consuming excessive resources in ad hoc table builds.

Question 59

Purpose of Service-Level Agreement (SLA)?

Answer 59

SLA is a guarantee that the provider will deliver the services according to the contract.

The IS auditor will want to ensure that performance and security requirements are clearly stated in the SLA.

Question 60

What is Transaction Logs?

Answer 60

It generate an audit trail by providing a detailed list of date of input, time of input, user ID, terminal location, etc.

Research time can be reduced in investigating exceptions because the review can be performed on the logs rather than on the entire transaction file.

It also helps to determine which transactions have been posted to an account—by a particular individual during a particular period.

Question 61

Purpose of Hash Totals?

Answer 61

An effective method to reliably detect errors in data processing.

A hash total would indicate an error in data integrity.

Question 62

What is referential integrity?

Answer 62

Referential integrity in a relational database refers to consistency between coupled (linked) tables.

Referential integrity is usually enforced by the combination of a primary key or candidate key (alternate key) and a foreign key.

For referential integrity to hold, any field in a table that is declared a foreign key should contain only values from a parent table’s primary key or a candidate key.