Information Systems Operations Flashcards
What activity performed during peak production hours could result in unexpected downtime?
Performing preventive maintenance on electrical systems
e.g. A mishap or incident caused by a maintenance worker could result in unplanned downtime
How does “Atomicity” work?
It guarantees that either the entire transaction is processed or none of it is
What would be considered a HIGH LEVEL exposure when auditing a database server?
THAT default global security settings for the database remain unchanged
i.e. This could allow issues such as blank user passwords or passwords that were the same as the username
WHAT should an IS auditor do after realizing that some tables in the database are not normalized?
Review the justification
WHY? - Because in some situations, denormalization is recommended for performance reasons
What control would help mitigate the risk of undetected and unauthorized program changes to the production environment?
Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs
i.e. This matching of hash keys over time would allow detection of changes to files
WHAT would be considered an effective compensating control for bypassed or ignored tape header records?
Staging and job setup
i.e. this could help prevent the loading of the wrong tape and deleting or accessing data on the loaded tape
What is the advantage of using web services for the exchange of information between two systems?
Efficient interfacing
WHY? - Because it facilitates the interoperable exchange of information between two systems regardless of the operating system or programming language used
What does the use of library control software provide reasonable assurance of?
That program changes have been authorized
i.e. The main objective of library control software is to provide assurance that program changes have been authorized
What type of “key” would prevent primary key changes and record deletions (within a relational database)?
The foreign key
i.e. In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions
What is the Primary benefit of an IT manager monitoring technical capacity?
To ensure that the Service Level Requirements are met
What would be considered an effective way to test the design effectiveness of a change control process?
Performing an end-to-end walkthrough of the process
i.e. Observation is the best and most effective method to test changes
What would be considered the “First” step in execution of a problem management mechanism?
Exception Reporting
i.e. The reporting of operational issues
What would be considered an effective method for testing program changes?
Tracing a sample of modified programs to supporting change tickets
i.e. This method would help identify instances in which a change was made without supporting documentation
When are emergency changes that bypass the normal change control process acceptable?
WHEN management reviews and approves the changes after they have occurred
i.e. It is acceptable for changes to be reviewed and approved within a reasonable time period after they occur
What control would provide the most assurance for database integrity?
Table link/reference checks
Why? - Because this method helps detect table linking errors (such as completeness and accuracy of the contents of the database)
