ExamPrep Notes

Question 1

Control Function Planning

Answer 1

(1) Efficient and effective use of the resources

(2) Upgrades and modification to system’s process to meet management’s goals and objectives

Question 2

Control Function Reviewing

Answer 2

(1) Audit logs and user activities

(2) Changes to operation schedule

Question 3

Control Function Detecting

Answer 3

(1) Unauthorized access attempts

(2) Incidents and problems

Question 4

Control Function Monitoring

Answer 4

(1) System performance
(2) Environmental control to make sure variables such as temperature and humidity are set to maintain the proper conditions for equipment
(3) Vulnerabilities discovered and addressed

Question 5

Control Function Limiting

Answer 5

(1) Physical access to those who have a need

(2) Logical access to code and applications to those who have a need

Question 6

Control Function Ensuring

Answer 6

(1) Backup so that operations can be recovered in a timely fashion
(2) Detailed schedules for operations employees working on all shifts
(3) Job accountability and adequate audit records collected

Question 7

Some common types of SLAs include the following:

Answer 7

(1) Uptime agreements (UAs)—UAs are one of the most well-known type of SLA. UAs detail the agreed-on amount of uptime. As an example, these can be used for network services, such as a WAN link or equipment-like servers.
(2) Time service factor (TSF)—The TSF is the percentage of help desk or response calls answered within a given time.
(3) Abandon rate (AR)—The AR is the number of callers that hang up while waiting for a service representative to answer.
(4) First call resolution (FCR)—The FCR is the number of resolutions that are made on the first call and that do not require the user to call back to the help desk to follow up or seek additional measures for resolution.

Question 8

IS operations are responsible for

Answer 8

(1) monitoring resources,
(2) incident/problem handling,
(3) infrastructure operations,
(4) help desk and support, and
(5) change management.

Question 9

Lights-Out Operations

Answer 9

Lights-out operations can take place without human interaction. These include job scheduling, report generation, report balancing, and backup.

Question 10

If there is a downside to all this logging, it is that all the information must be recorded and reviewed. Reviewing it can be expedited by using ________ _______ _________. These tools parse the data and eliminate unneeded information.

Answer 10

audit reduction tools

Question 11

As example of _________ ___________ __________ if an employee normally enters the building around 8 a.m. and leaves about 5 p.m., but now is seen entering the building at 3 a.m., a variance detection tool can detect this abnormality.

Answer 11

variance detection tool,

Question 12

Another useful tool for an auditor is a variance detection tool, which

Answer 12

looks for trends that fall outside the realm of normal activity

Question 13

Keystroke Monitoring

Answer 13

Capturing a user’s keystrokes for later review is an example of monitoring. Users need to be made aware of such activities through acceptable use policies and warning banners.

Question 14

The time between when an incident occurs and when it is addressed is called the ___________ _________. Incident handling should look at ways to reduce the delay window to the smallest value possible.

Answer 14

delay window

Question 15

Auditing Problem Reports - The auditor should know to

Answer 15

review the problem log to verify that problems are being resolved. Auditors must also check to see that the most appropriate department or individual is handling the problems.

Question 16

STEP BY STEP

Troubleshooting Connectivity Problems

Answer 16

1. Do you have connectivity to the web? Can you access the company webserver at http://192.168.1.254?
2. Can you ping 192.168.1.254? (Yes/No)
3. Can you verify that the network cable is attached to your computer and is connected to the wall jack? (Yes/No)
4. Open a command prompt and enter ipconfig/all. Can you please read off the settings? (Yes/No)
5. Click Start, Settings, Control Panel, Network Connections, Local Area Network Connection. Next select the Properties button. Now double-click on Internet Protocol. Please read off the values listed in each field. Are these correct? (Yes/No)
6. All obvious checks have been completed and the problem has not been resolved. Refer problem to Level 2 response.

Question 17

Common teams include the following:

Answer 17

. Deskside team—Responsible for desktops and laptops
. Network team—Responsible for network issues
. Application software team—Responsible for application issues
. Printer team—Responsible for printers and printer-related problems
. Telecom team—Responsible for VoIP systems, PBX, voice mail, modems, and fax machines

Question 18

CPUs have two primary components:

Answer 18

. The arithmetic logic unit—Computations are performed here, in the brain of the CPU.
. The control unit—This unit handles the sequence of operations for the CPU and is also responsible for the retrieval of instructions and data.

Question 19

The CPU

Answer 19

The CPU consists of the control unit, the arithmetic logic unit, and registers. The arithmetic unit performs computations and is the brain of the CPU.

Question 20

CPUs can be classified according to several categories, based on their functionality:

Answer 20

. Multiprogramming—The CPU can interleave two or more programs for execution at any one time.
. Multitasking—The CPU can perform one or more tasks or subtasks at a time.
. Multiprocessor—The computer has the support for more than one CPU. As an example, Windows 95 does not support the multiprocessor, but Windows Longhorn does.

Question 21

Some common types of ROM include the following:

Answer 21

. Erasable Programmable Read-Only Memory (EPROM)
. Electrically Erasable Programmable Read-Only Memory (EEPROM)
. Flash memory
. Programmable logic devices (PLD)

Question 22

Some common bus architectures follow:

Answer 22

. The ISA bus—The Industry Standard Architecture (ISA) bus started as an 8-bit bus designed for IBM PCs. It is now obsolete.
. The PCI bus—The Peripheral Component Interface (PCI) bus was developed by Intel and served as a replacement for the ISA and other bus standards.
. The SCSI bus—The Small Computer Systems Interface (SCSI) bus allows a variety of devices to be daisy-chained off a single controller. Many servers use the SCSI bus for their preferred hard drive solution.

Question 23

The best way to prevent problems is to monitor current activity. Monitoring should include the following:

Answer 23

. Availability reports—These reports indicate availability. The key to these reports is determining when and why resources are unavailable.
. Hardware error reports—These reports indicate hardware problems and can be used to look for recurring problems.
. Utilization reports—These reports look at overall usage and can be used to help plan needed upgrades to the infrastructure.

Question 24

Utilization- CISA candidates should know that utilization rates above 95% require

Answer 24

attention to determine needed upgrades and that short-term fixes might include countermeasures such as reducing unneeded activities or shifting schedules so that some activities take place at less demanding times, such as the late-night or second shift.

Question 25

Capacity management provides the capability to monitor and measure usage in real time and forecast future needs before they are required. Capacity management requires

Answer 25

analyzing current utilization, past performance, and capacity changes

Question 26

Sandbox Scheme

Answer 26

A sandbox scheme is a software security mechanism designed to limit the the ability of untrusted code. This allows programs from unknown or untrusted vendors to be executed on a system without the fear that the programs will access privileged commands.

Question 27

Decompilers

Answer 27

When a programmer writes programs to be sold to the public, the source code normally is not provided. Decompilers can analyze the compiled code and rebuild the original source code. The soft- ware license might prohibit decompiling, but unscrupulous competitors or software hackers might still attempt it.

Question 28

Supervisory Mode CISA candidates should know that any user allowed to run programs in kernel mode can

Answer 28

bypass any type of security mechanism and gain complete control of the system. Many system utilities run in supervisory mode and should be under strict control.

Question 29

Information Leakage Security issues are possible with sensitive data written to

Answer 29

swap that becomes accessible to non-supervisor users.

Question 30

Site Licensing The CISA exam might ask you about ways to reduce illegal usage of software. One useful control to prevent unlawful duplication of software on multiple computers at a company’s site is

Answer 30

to purchase site licensing. This allows the software to be loaded on as many computers as needed at the organization.