CISA Flashcards-Domain 3





[qdeck xqrecord_id=”hemangdoshi99-CISA flashcards Domain 3″ random=”true” card_back=”none” align=”center” style=”border-width: 5px !important; border-color: #ffcc00 !important;”]

[q]  When objective is to ensure that a transaction must either fully happen, or not happens at all, which control should be used ?

 

 

[a] Snapshot

[q] Which online audit technique is used when early detection of error or irregularities is required ?

 

[a] Audit Hook.

 

[q] Which is the best online audit technique to identify transactions as per pre-defined criteria ?

 

 

[a] CIS

 

[q] In which online audit technique fictitious entity is created in live production ?

 

[a] ITF

 

[q] Which of the SDLC testing involves testing of individual program or module ?

 

[a] Unit testing

 

 

[q] Which of the following approach is used for unit testing ? (a)White box approach or (b) Black box approach.

 

 

[a] (a)White box approach (i.e. testing of internal program logic)

 

 

 

[q] Which of the SDLC testing involves testing of connection of two or more module or components that pass information from one area to another ?

 

 

[a] Integrated testing

 

 

 

 

[q] SDLC testing that includes (i) Recovery testing (ii) Security testing (iii) Load testing (iv) Volume testing (v) Stress testing & (vi) Performance testing is:

 

 

[a] System Testing

 

 

[q] User Acceptance testing (UAT) is performed by: (a) IS department or (b) User department

 

[a] (b) User department

 

 

 

[q] Quality Acceptance Testing (QAT) is performed by: (a) IS department or (b) User department

 

[a] (b) IS department

 

 

 

 

[q] In which SDLC testing, testing done again to ensure that changes or corrections in a program have not introduced new errors?

 

 

 

[a] Regression Testing

 

 

 

 

[q] Data used for regression testing should be same data as used in previous test.   True or False

 

 

[a] True. Regression testing ensures that changes or corrections in a program have not introduced new errors. Therefore, this would be achieved only if the data used for regression testing are the same as the data used in previous tests.

 

 

 

[q] Which SDLC testing is done to ensure that new or modified system can work in the specified environment without adversely impacting existing system ?

 

 

[a] Sociability Test

 

 

 

[q] Detailed program logic is tested in: (a) White Box Testing or (b) Black box testing

 

 

[a] (a) White Box Testing

 

 

 

[q] Which testing is done by internal user ? (a) Alpha testing or (b) Beta Testing

 

 

 

[a] (a) Alpha testing

 

 

 

[q] Which testing is done by external user? (a) Alpha testing or (b) Beta Testing

 

 

 

[a] (b) Beta Testing

 

 

 

[q] When objective is to identify transcription and transposition error, which control should be used ?

 

[a] Check Digit

 

[q] When objective is to identify transmission error, which control should be used ?

 

 

[a] Parity bits/ checksum / CRC

 

 

 

[q]  When objective is to ensure that a transaction must either fully happen, or not happens at all, which control should be used ?

 

 

[a] Atomicity

 

 

 

[q] When objective is to monitor the project or track any milestone, answer should be (a) PERT or (b)Gantt Chart

 

 

 

[a] (b)Gantt Chart

 

 

[q] An existing system is being extensively enhanced by extracting and reusing design and
program components. This is an example of:

(a)reverse engineering Or (b) reengineering.

[a] (b) reengineering.

[q] __________ is an indirect method of measuring the size of an application by
considering the number and complexity of its inputs, outputs and files.

[a] Function Point Analysis (FPA)

[q] __________ tests ensure that individual programs are working correctly.

[a] unit

[q] An organization planning to purchase a software package asks the IS auditor for a risk
assessment. Which of the following is the MAJOR risk?

(a)Unavailability of the source code Or (b)Lack of a vendor-quality certification

[a] (a)Unavailability of the source code

[q] During unit testing, the test strategy applied is:

(a) black box Or (b) white box.

[a] (b) white box
[q] During the review of a web-based software development project, the IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:

(a) buffer overflow Or (b) brute force attack.

[a] (a) buffer overflow

Poorly written code, especially in web-based applications, is often exploited by hackers using
buffer overflow techniques. A brute-force attack is used to crack passwords.

[q] Which of the following is used to ensure that batch data is completely and accurately
transferred between two systems?

(a) control total Or (b)check digit Or (c)checksum

[a] control total

A control total is frequently used as an easily recalculated control. A check digit is a method of verifying the accuracy of a single data item, such as a credit card number. Although a check sum is an excellent control over batch completeness and accuracy, it is not easily recalculated and, therefore, is not as commonly used in financial systems as a control total. Check sums are frequently used in data transfer as part of encryption protocols.

[q] The use of object-oriented design and development techniques would MOST likely:

(a) facilitate the ability to reuse modules. Or (b) improve system performance.

[a] facilitate the ability to reuse modules

[q]The primary purpose of a system test is to:

(a) test the generation of the designed control totals. (b) evaluate the system functionally.

[a] evaluate the system functionally.

[q]Which of the following is a check (control) for completeness?

(a)Check digits Or (b)Parity bits

[a] Parity bits
Parity bits are used to check for completeness of data transmissions. Check digit is incorrect
because check digits are a control check for accuracy.

[q] Parity bits are used to check for completeness of data transmissions. Check digit
are a control check for accuracy.

(a)True (b)False

[a] True
[q] __________ is a tool in which an existing system is being extensively enhanced by extracting and reusing design and program components

[a]Re-engineering

[q] In __________ technique, snaps (pictures) are taken of the transactions as transaction moves through various stages in the application system.
[a]Snapshot

[q]__________ would be the best way to ensure that no transactions are lost as
any imbalance between total inputs and total outputs would be reported for investigation and
correction.
[a]Automated systems balancing

[q]__________ report on the sequence of steps executed by a program. This provides the programmer with clues to logic errors, if any, in the program.

[a]Logic path monitors

[q]__________ involves testing of individual program or module.
[a] Unit test
[q] In white box testing, __________ is tested. In black box, only __________ is tested.
[a] In white box testing, program logic is tested. In black box, only functionality is tested.
[q]Ideally, stress testing should be carried out in a __________environment using l__________workloads.

[a] Ideally, stress testing should be carried out in a test environment using live workloads.
[q]__________ testing is the process of comparing results of the old and new system.
[a] Parallel testing is the process of comparing results of the old and new system.
[q]Bottom-Up Approach starts with testing of individual units such as programs or modules and work upward until a complete system is tested. What are the advantages of bottom-up approach?
[a]Advantages of bottom-up: (i) Test can be started even before all programs are complete (ii) Errors in critical modules can be found early.

[q]Top-Down Approach test starts from broader level and then gradually moves towards individual programs and modules. What are the advantages of top down

[a]Advantages of top-down: (i) Interface error can be detected earlier (ii) confidence in the system is achieved earlier.
[q]First stage of testing is __________ testing. Second stage is i__________ testing. Third stage is __________ testing and fourth one is __________ testing.
[a] First stage of testing is unit testing. Second stage is integrated testing. Third stage is system testing and fourth one is final acceptance testing
[q]
(i) __________integrity testing examines the accuracy, completeness, consistency and authorization of data.

(ii)__________ integrity testing detects modification to sensitive data by the use of control totals.

(iii)__________ integrity testing verifies that data conforms to specifications.

(iv)__________integrity testing ensures that data exists in its parent or original file before it exists in the child or another file.

[a]
(i) Data integrity testing examines the accuracy, completeness, consistency and authorization of
data.

(ii)Relational integrity testing detects modification to sensitive data by the use of control totals.

(iii)Domain integrity testing verifies that data conforms to specifications.

(iv)Referential integrity testing ensures that data exists in its parent or original file before it exists in the child or another file.

[q]The major risk of combining quality assurance testing and user acceptance testing is :

(a) improper documentation of testing Or (b)inadequate functional testing.

[a] inadequate functional testing.

[q]Following are the characteristics of which software development methodology?
-Dictionary meaning is ‘able to move quickly and easily’.

-It allows the programmer to just start writing a program without spending much time on preplanning documentation.

-Less importance is placed on formal paper-based deliverables, with the preference being to produce releasable software in short iterations, typically ranging from 4 to 8 weeks.

-At the end of each iteration, the team considers and documents what worked well and what could have worked better, and identifies improvements to be implemented in subsequent iterations.

[a]Agile Development
[q]Following are the characteristics of which software development methodology?
-Process of creating systems through controlled trial and error.

-It is an early sample or model to test a concept or process. It is a small scale working system used to test the assumptions. Assumptions may be about user requirements, program design or internal logic.

-This method of system development can provide the organization with significant time and cost savings.

– By focusing mainly on what the user wants and sees, developers may miss some of the controls that come from the traditional systems development approach; therefore, a potential risk is that the
finished system will have poor controls.

[a]Prototyping

[q] Following are the characteristics of which software development methodology?
-This method includes use of:
• Small and well trained development teams.
• Prototypes
• Tools to support modelling, prototyping and component reusability.
• Central repository
• Rigid limits on development time frames

-This method enables the organisation to develop systems quickly while reducing development cost and maintaining quality. This is achieved by use of above techniques.

– This method relies on the usage of a prototype that can be updated continually to meet changing user or business requirements.

[a]Rapid Application Development
[q] Following are the characteristics of which software development methodology?
-This refers to small piece of program that can be used individually or in combination with other objects.

-In this method application is made up of smaller components (objects).

-One of the major benefits of this method is the ability to reuse objects.

-It uses a technique known as ‘encapsulation’ in which one object interacts with another object. This is a common practice whereby any particular object may call other object to perform its work.

[a] Object Oriented System Development

[q]__________ testing methods is MOST effective during the initial phases of Prototyping.

(a)Top-up Or (b) Bottom-up
[a] Top-up

[q]__________ uses a prototype approach that can be updated continually to meet changing user or business requirements.
(a)RAD Or (b)Agile
[a] Rapid Application Development (RAD)

[q]A major benefit of __________ is the ability to reuse objects.
(a)RAD Or (b)OOSD
[a] object-oriented system development (OOSD)
[q]__________approach is most suitable when requirements are well defined and understood. Waterfall approach is not successful when requirements are changing frequently.

(a) Waterfall Or (b)Agile
[a] Waterfall

[q]Major risk associated with agile development is __________

[a] lack of documentation.
[q]In __________ approach reviews are done to identify lessons learned for future use in the project.

(a)RAD Or (b)Agile
[a] Agile
[q] What is throughput?
[a] In general terms, throughput is the maximum rate of production or the maximum rate at which something can be processed. In data transmission, network throughput is the amount of data moved successfully from one place to another in a given time period, and typically measured in bits per second (bps), as in megabits per second (Mbps) or gigabits per second (Gbps).

[q]__________ involves procedure throughout the software life cycle (from requirement analysis to maintenance) to identify, define and baseline software items in the system and thus provide a basis of problem management, change management and release management.
[a]Configuration Management involves procedure throughout the software life cycle (from requirement analysis to maintenance) to identify, define and baseline software items in the system and thus provide a basis of problem management, change management and release management.

[q]What are the steps of benchmarking process?
[a]
(1)Plan (for what processes benchmarking is to be done)
(2)Research (from where and with whom benchmarking is to be done)
(3)Observe (visit and observe processes of benchmarking partners)
(4)Analyse (analyzing the gap between organisation’s processes and benchmarking partner’s processes)
(5)Adopt (implement the best practises followed by benchmarking partner)
(6)Improve (continuous improvement)
[q]__________ are controls over input, processing and output functions. They include method for ensuring that:
-Only complete, accurate and valid data are entered and updated in computer systems.
-Processing accomplishes the correct task
-Processing results meet the expectations
-Data are maintained

[a] Application controls

[q]__________ procedure must ensure that every transaction to be processed is entered, processed and recorded accurately and correctly.
[a]Input control

[q]__________ provide the ability to verify data values through stages of application processing. They ensures that data read into the computer were accepted and then applied to the updating process.
[a]Run to run totals

[q]Identify the type of data validation edits for each statement below:
(i) The control number follows sequentially and any sequence or duplicated control numbers are rejected or noted on an exception report for follow-up purposes.

(ii) Data should not exceed a predetermined amount.

(iii) Data should be within a predetermined range of values.

(iv) Programmed checking of the data validity in accordance with predetermined criteria. For example, a payroll record contains a field for marital status and the acceptable status codes are M or S. If any other code is entered, the record should be rejected.

[a]
(i) The control number follows sequentially and any sequence or duplicated control numbers are rejected or noted on an exception report for follow-up purposes – Sequence Check

(ii) Data should not exceed a predetermined amount.-Limit Check

(iii) Data should be within a predetermined range of values-Range Check

(iv) Programmed checking of the data validity in accordance with predetermined criteria. For example, a payroll record contains a field for marital status and the acceptable status codes are M or S. If any other code is entered, the record should be rejected- Validity Check

[q]Identify the type of data validation edits for each statement below:
(i) Input data are matched to predetermined reasonable limits or occurrence rates. For example, a manufacturer usually receives orders for no more than 50 items. If an order for more than 50 items is received, the computer program should be designed to print the record with a warning indicating that the order appears unreasonable.

(ii)Input data comply with predetermined criteria maintained in a computerized table of possible values. For example, the input clerk enters a city code of 1 to 10. This number corresponds with a computerized table that matches the code to a city name.

(iii) Data are entered correctly and agree with valid predetermined criteria. For example, a valid transaction code must be entered in the transaction code field.

(iv) The keying process is repeated by a separate individual using a machine that compares the original keystrokes to the repeated keyed input For example, the worker number is keyed twice and compared to verify the keying process.

[a]
(i) Input data are matched to predetermined reasonable limits or occurrence rates. For example, a manufacturer usually receives orders for no more than 50 items. If an order for more than 50 items is received, the computer program should be designed to print the record with a warning indicating that the order appears unreasonable-Reasonableness Check

(ii)Input data comply with predetermined criteria maintained in a computerized table of possible values. For example, the input clerk enters a city code of 1 to 10. This number corresponds with a computerized table that matches the code to a city name-Table look-ups

(iii) Data are entered correctly and agree with valid predetermined criteria. For example, a valid transaction code must be entered in the transaction code field-Existence check

(iv) The keying process is repeated by a separate individual using a machine that compares the original keystrokes to the repeated keyed input For example, the worker number is keyed twice and compared to verify the keying process-Key Verification

[q]Identify the type of data validation edits for each statement below:
(i) A numeric value that has been calculated mathematically is added to data to ensure that the original data have not been altered or an incorrect, but valid, value substituted. This control is effective in detecting transposition and transcription errors.

(ii) A field should always contain data rather than zeros or blanks. A check of each byte of that field should be performed to determine that some form of data, not blanks or zeros, is present.

(iii) New transactions are matched to those previously input to ensure that they have not already been entered.

[a] (i) A numeric value that has been calculated mathematically is added to data to ensure that the original data have not been altered or an incorrect, but valid, value substituted. This control is effective in detecting transposition and transcription errors- Check Digit

(ii) A field should always contain data rather than zeros or blanks. A check of each byte of that field should be performed to determine that some form of data, not blanks or zeros, is present-Completeness Check

(iii) New transactions are matched to those previously input to ensure that they have not already been entered-Duplicate Check

[/qdeck]

 

 

 

 




Share