Memorize Me!

Question 1

Sampling for compliance test

Answer 1

Attribute

Question 2

Sampling for substantive test

Answer 2

Variable

Question 3

Sampling for fraud

Answer 3

Discovery

Question 4

Sampling for objective of probability of error, and what does it minimize?

Answer 4

Statistical. Minimizes detection risk.

Question 5

Who approves charter?

Answer 5

Board of directors

Question 6

Who approves policies?

Answer 6

Board of directors

Question 7

Who is primarily responsible for IT Governance?

Answer 7

Board of Directors

Question 8

What does the strategy committee do?

Answer 8

Advise board on IT initiatives

Develop standards/define and set objectives and controls

Question 9

What does the steering committee do?

Answer 9

Keep BOD informed

Resourcing/general review board for major IT projects

Question 10

what are the 3 indicators of IT BSC?

Answer 10

• Customer satisfaction
• Internal processes
• Ability to innovate
• note – financial performance is not part of IT BSC*

Question 11

Identify transcription/transposition errors

Answer 11

Check Digit

Question 12

Ensure accuracy

Answer 12

Check Digit

Question 13

Identify transmission error

Answer 13

CRC>Checksum>Parity Bits

Question 14

Ensure completeness

Answer 14

CRC>Checksum>Parity Bits

Question 15

Ensure integrity

Answer 15

CRC>Checksum>Parity Bits

Question 16

Detect and correct transmission error

Answer 16

FEC

Question 17

ACID principle

Answer 17

Atomicity
Consistency
Isolation
Durability

Question 18

What online audit technique to use if requires audit trail

Answer 18

Snapshot

Question 19

What online audit technique to use if requires early detection of error or irregularities

Answer 19

Audit hook

Question 20

What online audit technique to use if requires audit trail identify transactions as per pre-defined criteria

Answer 20

Continuous and intermittent simulation (CIS)

Question 21

What online audit technique to use if requires fictitious entity created in live prod

Answer 21

ITF

Question 22

What online audit technique to use if regular processing cannot be interrupted

Answer 22

SCARF EAM

Question 23

Not beneficial to use test data

Answer 23

ITF

Question 24

PM - estimate project timelines or duration

Answer 24

PERT>CPM

Question 25

Monitor progress of project

Answer 25

GANTT

Question 26

EVA?

Answer 26

PM - calculate budget to date, actual spending to date, estimate to complete, estimate at completion

Question 27

Estimate size of sw development efforts

Answer 27

FPA or SLOC

Question 28

Prevent cost overruns and delivery delays

Answer 28

time-box management

Question 29

What is the primary function of QoS?

Answer 29

The main function of QoS is to optimize network performance by assigning priority to business applications and end users through the allocation of dedicated parts of the bandwidth to specific traffic.

Question 30

What are the pros and cons of agile development methods?

Answer 30

Quick building of functionality Reliance on tacit knowledge – faster – lessons learned to identify for next use Lack of documentation

Question 31

What are the pros and cons of prototyping?

Answer 31

Significant time and cost savings Pressure to implement early prototype Leads to functions or extras that were not included in initial requirements doc

Question 32

What are the pros and cons of rapid app dev?

Answer 32

Quick development and reduces dev costs using well defined techniques. Rigid time limits

Question 33

What are the pros and cons of object oriented development methods?

Answer 33

Manage unrestricted variety of data types Model complex relationships Capacity to meet demands of changing environment Re-use objects none

Question 34

What are the pros and cons of component based development methods?

Answer 34

Ability to buy proven, tested software from commercial developers. Need for software integration of components

Question 35

What are the pros and cons of web based development methods?

Answer 35

Tries to solve/avoid need to perform redundant computing tasks with the inherent need for redundant code ``` Exploitation over internet use App development risk Business risk Tech vulnerabilities Change control ```

Question 36

What are the pros and cons of software re-engineering?

Answer 36

None listed None listed

Question 37

What are the pros and cons of reverse engineering?

Answer 37

Faster dev and reduced SDLC duration Introducing improvements by overcoming the reverse-engineered drawbacks - SW license agreements prohibit this so trade secrets or programming techniques are not compromised - de-compilers are new tools that depend on specific comps, OS's and

Question 38

Alpha/Beta/Pilot

Answer 38

System in stages, alpha proto to users within the org developing sw, and beta to limited users. Pilot – prelim test focusing on specific aspects. Proof of concept are early pilots.

Question 39

White box

Answer 39

Assess effectiveness of sw program logic/log paths. | Unit and integration testing.

Question 40

Black box

Answer 40

Integrity test | UA and Integration Test

Question 41

Function/validation testing

Answer 41

Functionality of system against detailed requirements to ensure traceability to customer requirements.

Question 42

Regression

Answer 42

Rerunning portion of test scenario to ensure changes have not introduced new errors.

Question 43

Parallel

Answer 43

Feeding data into two systems and comparing

Question 44

Sociability testing

Answer 44

Confirm that new or modded system can operate in its target environment without impacting other systems. Should cover all processes.

Question 45

EDI

Answer 45

Transaction authorization is the BIGGEST RISK TO EDI – electronic = no inherent authentication.

Question 46

E-Commerce

Answer 46

Security architecture (firewalls, PKI, encryption, certificates, password management) and SSL

Question 47

E-mail

Answer 47

- Man in the middle, phishing, spear phishing, flaws in config, denial of service (DOS), sensitive info, altered email, viruses, inappropriate email in corp. - Digital sigs are good method of securing emails. Outgoing email - Simple Mail Transport Protocol (SMTP): can only be used to send emails, not to receive them Incoming email - Post Office Protocol (POP) - Internet Message Access Protocol (IMAP) - Hypertext Transfer Protocol (HTTP)—also called “web-based email” - Messaging Application Programming Interface (MAPI)—used with Outlook in conjunction with a Microsoft Exchange Server mail server; very close to IMAP but has extended features to interact with other applications

Question 48

E-banking

Answer 48

Strategic, reputational, operational, including security – sometimes called transactional risk, and legal risk. Credit, price, foreign exchange, interest rate, and liquidity. Control: SOD, Security (IAAA, non-repudiation, confidentiality) Board & management oversight

Question 49

Industrial Control systems

Answer 49

Physical access restriction and redundancy

Question 50

EFT (and ATMs)

Answer 50

Access security and authorization of processing are important controls. Central bank requirements should be reviewed for application in these processes.

Question 51

Recovery for low RTO

Answer 51

Mirror or Hot Site

Question 52

Recovery for low RPO

Answer 52

Mirror imaging or real-time replication for data backup

Question 53

Recovery for zero RPO

Answer 53

Synchronous data backup

Question 54

RTO/RPO for critical systems/critical data

Answer 54

Zero or near zero

Question 55

Speed of recovery rankings

Answer 55

Slowest to fastest | Cold, Warm, Hot, Mirrored

Question 56

Most secure media transfer

Answer 56

Fibre-optic cables because of low transmission loss and not effected by EMI. Preferred for high volumes and long-distance calls

Question 57

Transmission error that can occur in wired and wireless communication

Answer 57

Attenuation: - Weakening of signals during transmission - Length of wire impacts severity

Question 58

Electro-magnetic Interference (EMI)

Answer 58

- Disturbance generated by external source that affects electrical circuit - Can degrade circuit performance o For data paths can range from increase in error rate to total loss of data - Caused by electrical storms or noisy electrical equipment

Question 59

Alternate Routing

Answer 59

Method of routing information via an alternative medium, such as copper cable or fiber optics. Two types: Last mile circuit protection: redundancy for local communication loop. Long haul network diversity: redundancy for long distance availability.

Question 60

Diverse Routing:

Answer 60

Method of routing traffic through split-cable facilities or duplicate-cable facilities.

Question 61

What are the OSI Layer, Address, and functionality of a LAN repeater?

Answer 61

Physical Layer (1) N/A Extend transmissions further or to other side of obstruction

Question 62

What are the OSI Layer, Address, and functionality of a LAN Hub?

Answer 62

Physical (1) N/A Broadcast message to all connected devices

Question 63

What are the OSI Layer, Address, and functionality of a LAN Layer 2 Switch?

Answer 63

Data Link (2) MAC Send message to only required devices

Question 64

What are the OSI Layer, Address, and functionality of a LAN Bridge?

Answer 64

Data Link (2) MAC Similar to switch, has capacity to store frames and act as a store and forward device.

Question 65

What are the OSI Layer, Address, and functionality of a LAN Router?

Answer 65

Data Link (2) IP Examines IP address to make decision to forward packet to destination

Question 66

Backup Time & Media Storage

Answer 66

Full (slow/large) – Differential – Incremental

Question 67

Restoration time

Answer 67

Incremental (slow) - Differential - Full (fast restore)

Question 68

PKI Confidentiality

Answer 68

Encrypt using receivers public key

Question 69

PKI Authentication of message

Answer 69

Encrypt user sender’s private key

Question 70

PKI Integrity

Answer 70

Create hash of message and encrypt hash using sender’s private key

Question 71

PKI Confidentiality and Authentication of message

Answer 71

HASH-encrypt using sender’s private key | MESSAGE – encrypt using receiver’s public key

Question 72

PKI Confidentiality and Authentication and Integrity of message

Answer 72

HASH-encrypt using sender’s private key | MESSAGE – encrypt using receiver’s public key

Question 73

Layer: MAC address

Answer 73

Data link layer

Question 74

Layer: IP Address/Routing

Answer 74

Network layer

Question 75

Layer: Electric signal/hardware devices

Answer 75

Physical layer

Question 76

Layer: Reliable delivery or connection/congestion control/order of sequence

Answer 76

Transport layer

Question 77

Layer: Establishing connection

Answer 77

Session layer

Question 78

Layer: Acceptable format

Answer 78

Presentation layer

Question 79

Layer: End user

Answer 79

Application layer

Question 80

What are the environmental, personal, and other risks of water based fire suppression systems?

Answer 80

none none Pipe leaks

Question 81

What are the environmental, personal, and other risks of dry pipe fire suppression systems?

Answer 81

none none Comparatively less reliable than water based

Question 82

What are the environmental, personal, and other risks of halon fire suppression systems?

Answer 82

Bad for environment Lethal to humans No good?

Question 83

What are the environmental, personal, and other risks of FM 200 fire suppression systems?

Answer 83

none none Best gas?

Question 84

What are the environmental, personal, and other risks of Argonite fire suppression systems?

Answer 84

Okay for environment Suffocates people No good?

Question 85

What are the environmental, personal, and other risks of CO2 fire suppression systems?

Answer 85

None Lethal to humans Illegal in most countries if there is any chance of humans around

Question 86

Application firewalls

Answer 86

Application – 7th layer Highest security option The application gateway is similar to a circuit gateway, but it has specific proxies for each service. To handle web services, it has a Hypertext Transmission Protocol (HTTP) proxy that acts as an intermediary between externals and internals, but is specifically for HTTP. This means that it not only checks the packet IP addresses (layer 3) and the ports it is directed to (in this case port 80, or layer 4), it also checks every HTTP command (layers 5 and 7). Therefore, it works in a more detailed (granularity) way than the other choices.

Question 87

Circuit firewalls

Answer 87

Session – 5th layer Based on a proxy or program that acts as an intermediary between external and internal accesses. This means that during an external access, instead of opening a single connection to the internal server, two connections are established

Question 88

Stateful inspection

Answer 88

Network – 3rd layer

Question 89

Packet filtering/screening router

Answer 89

Network – 3rd layer No granular control

Question 90

What are the characteristics of dual homed firewalls?

Answer 90

(i) One Packet Filtering Router | ii) One bastion host with two NIC (Network Interface Card

Question 91

What are the characteristics of screened host firewalls?

Answer 91

(i) One Packet Filtering Router | (ii) One Bastion Host

Question 92

What are the characteristics of Screened subnet (demilitarized zone) firewalls?

Answer 92

(i) Two Packet Filtering Router (ii) One Bastion Host (2) Out of all types of firewall implementation structures, Screened Subnet Firewall (DMZ) provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host). MOST SECURE

Question 93

MAC Address filtering

Answer 93

Access to router allowed or rejected by unique identifier

Question 94

SSID

Answer 94

Wireless network name broadcast by a router. Disable this for securiity .

Question 95

WPA-2

Answer 95

Encrypted, strongest standard to date for wireless connection.

Question 96

What is the prime objective of logical access control?

Answer 96

Ensure access has been assigned per organizations

Question 97

SSL

Answer 97

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.

Question 98

DHCP

Answer 98

Client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. Beneficial for laptop users, but should be disabled for good wireless security.

Question 99

Global System for Mobile Comms (GSM)

Answer 99

Super safe mobile technology, encrypts but should require an encrypted session (vpn)

Question 100

5 steps for classification of information assets

Answer 100

1) inventory 2) establish ownership 3) classify IS resources 4) label IS resources 5) create access control list

Question 101

Greatest benefit of well-defined data?

Answer 101

Reduce cost of control

Question 102

What is the main objective of library control software?

Answer 102

Authorized changes

Question 103

When is a Check Sum used?

Answer 103

A checksum or digital signature is commonly used to validate the integrity of a downloaded program or other transferred data.

Question 104

When is CRC used?

Answer 104

The accuracy of blocks of data transfers, such as data transfer from hard disks, is validated by a cyclic redundancy check (CRC).

Question 105

What is shadow file processing?

Answer 105

Exact duplicates of files are maintained at the same site or at a remote site. The two files are processed concurrently – used for critical data files such as airline booking systems. Careful if the answer is hard disk mirroring – this just means redundancy on the same server in case one of the disks fails, it’s not a mirror site data storage.