GeT oN It Flashcards
WHAT is Gray-box testing?
HAVING knowledge of internal data structures and algorithms for the purpose of designing tests, while executing those tests at the user, or black-box, level
WHAT is Static Testing?
TESTING methods that examine a program’s code and associated documentation through reviews, walkthroughs, or inspections but does not require the program be executed
WHAT would be considered a denial-of-service attack?
AN attempt to overload a system with messages so that the system cannot function
e.g. A company’s web server being overwhelmed with a sudden surge of false requests which cause their server to crash
WHAT would be considered a detective IT Control?
While comparing reports, an employee notices that information sent to the subsystem was not fully processed
i.e. They noticed an error already in the system
WHAT control would prevent the unauthorized access of sensitive data of an unattended workstation?
USE of an automatic log-off of an inactive user
WHAT is a control activity that should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?
Independent verification of transactions
i.e. IT is an important compensating control in the absence of segregation of duties and reduced individual authorization
WHAT are Application controls?
CONTROLS built into each computer application
i.e. THESE types of control plans are particular to a specific process or subsystem rather than to the timing of its occurrence
WHAT is a job/ responsibility that should be assigned to the Network Administrator?
MANAGING remote access
WHY? - Because they are responsible for developing and maintaining the organization’s databases and for establishing controls to protect the database’s integrity
NOTE: network administrator are also known as “Database administrators (DBAs)”
WHAT is the purpose of the “completeness test?”
TO check whether all data elements are entered before processing
i.e. THE interactive system can be programmed to notify the user to enter the number before accepting the receiving report
WHAT is an example of a run-to-run total?
AN online system creates separate totals that are accumulated for all transactions processed throughout the day
- The computer then agrees these totals to the total of items accepted for processing
THE key here is that a run-to-run ensure the completeness of an update
WHAT errors would a batch financial total most likely detect?
A transposition error on one employee’s paycheck on a weekly payroll run
i.e. Batch financial totals compare the sum of the dollar amounts of the individual items as reported by the system with the amount calculated by the user
WHAT are the responsibilities of the application programmer within an information technology function?
TO code approved changes to a payroll program
i.e. Applications programmers design, write, test, and document computer programs according to specifications provided by the end users
WHAT would be considered an application input control?
An Edit Check
WHY? - Because it prevents invalid characters from being accepted
i.e. Transactions that attempt to use an invalid character are rejected
WHAT responsibility is normally assigned to a systems programmer in a computer system environment?
Operating Systems and Compilers
Systems programmers write systems software
WHAT is the purpose of the Reasonableness checks?
TO perform checks based on known limits for given information
e.g. validation of proper entry of hours worked for each employee
