Information Systems Operations 2 Flashcards
How could an IS auditor most effectively detect when a programmer maliciously modified a production program to change the original code?
Reviewing system log files
Why? - Because this is more than likely the only trail that may provide information about the unauthorized activities in the production library
What is an effective performance monitoring tool for an IS auditor?
Availability
i.e. the characteristic that is most directly affected by network monitoring is availability
Why? - Because network monitoring tools allow observation of network performance and problems.
What method would be most effective for ensuring production source code and object code are synchronized?
Date and time-stamp reviews of source and object code
i.e. This would ensure that source code, which has been compiled, matches the production object code
What is the objective of concurrency control in a database system?
To ensure integrity when two processes attempt to update the same data at the same time
Note: Concurrency controls prevent data integrity problems
What would the effect of increased denormalization to tables within a system database cause?
Increased redundancy
Note: Normalization is a design or optimization process for a relational database that increases redundancy
What would be considered a network diagnostic tool that monitors and records network information?
Protocol analyzer
i.e. This network diagnostic tool monitors and records network information from packets traveling in the link to which the analyzer is attached
What measure would help to ensure the portability of an application connected to a database?
Use of Structured Query Language (SQL)
Why? - because it is an industry standard used by many systems.
What is a critical component in networking management?
Configuration and change management
Why? - Because on one end, configuration management establishes how the network will function internally and externally; and
- Change management ensures that the setup and management of the network is done properly
What audit procedure would help determine if unauthorized changes have been made to production code?
Examining object code to find instances of changes and tracing them back to change control records
i.e. The process begins by examining object code files to establish instances of code changes
What is a prevalent risk in the development of end-user computing applications?
Applications may not be subject to testing and IT general controls
HOW would an IS auditor determine if unauthorized modifications were made to production programs?
By conducting Compliance testing
i.e. This would require the change management process be reviewed to evaluate the existence of a trail of documentary evidence.
What is an IS auditor’s main concern when reviewing a hardware maintenance program
Whether the program has been validated against vendor-provided specifications.
What database control would ensure integrity of transactions is maintained in a online transaction processing database?
Commitment and rollback controls
Why? - Because these controls ensure that database operations that form a logical transaction unit will be completed entirely or not at all
What should an IS auditor recommend to protect specific sensitive information stored in a data warehouse?
Implement column- and row-level permissions
I.e. Column-level security prevents users from seeing one or more attributes on a table. With row-level security a certain grouping of information on a table is restricted
What is an advantage of using unshielded twisted-pair (UTP) cable versus other copper-based cables
UTP cable reduces crosstalk between pairs
