CISA Certified Information Systems Auditor – Question2968

A database administrator has detected a performance problem with some tables which could be solved through denormalization. This situation will increase the risk of:

A.
concurrent access.
B. deadlocks.
C. unauthorized access to data.
D. a loss of data integrity.

Correct Answer: D

Explanation:

Explanation:
Normalization is the removal of redundant data elements from the database structure. Disabling normalization in relational databases will create redundancy and a risk of not maintaining consistency of data, with the consequent loss of data integrity. Deadlocks are not caused by denormalization. Access to data is controlled by defining user rights to information, and is not affected by denormalization.

CISA Certified Information Systems Auditor – Question2967

When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:

A.
recommend that the database be normalized.
B. review the conceptual data model.
C. review the stored procedures.
D. review the justification.

Correct Answer: D

Explanation:

Explanation:
If the database is not normalized, the IS auditor should review the justification since, in some situations, denormalization is recommended for performance reasons. The IS auditor should not recommend normalizing the database until further investigation takes place. Reviewing the conceptual data model or the stored procedures will not provide information about normalization.

CISA Certified Information Systems Auditor – Question2966

In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table?

A.
Foreign key
B. Primary key
C. Secondary key
D. Public key

Correct Answer: A

Explanation:

Explanation:
In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions, resulting in orphaned relations within the database. It should not be possible to delete a row from a customer table when the customer number (primary key) of that row is stored with live orders on the orders table (the foreign key to the customer table). A primary key works in one table, so it is not able to provide/ensure referential integrity by itself. Secondary keys that are not foreign keys are not subject to referential integrity checks. Public key is related to encryption and not linked in any way to referential integrity.

CISA Certified Information Systems Auditor – Question2965

During maintenance of a relational database, several values of the foreign key in a transaction table of a relational database have been corrupted. The consequence is that:

A.
the detail of involved transactions may no longer be associated with master data, causing errors when these transactions are processed.
B. there is no way of reconstructing the lost information, except by deleting the dangling tuples and reentering the transactions.
C. the database will immediately stop execution and lose more information.
D. the database will no longer accept input data.

Correct Answer: A

Explanation:

Explanation:
When the external key of a transaction is corrupted or lost, the application system will normally be incapable of directly attaching the master data to the transaction data. This will normally cause the system to undertake a sequential search and slow down the processing. If the concerned files are big, this slowdown will be unacceptable. Choice B is incorrect, since a system can recover the corrupted external key by reindexing the table. Choices C and D would not result from a corrupted foreign key.

CISA Certified Information Systems Auditor – Question2964

An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated?

A.
Consistency
B. Isolation
C. Durability
D. Atomicity

Correct Answer: D

Explanation:

Explanation:
Atomicity guarantees that either the entire transaction is processed or none of it is. Consistency ensures that the database is in a legal state when the transaction begins and ends, isolation means that, while in an intermediate state, the transaction data is invisible to external operations. Durability guarantees that a successful transaction will persist, and cannot be undone.

CISA Certified Information Systems Auditor – Question2963

Which of the following controls would provide the GREATEST assurance of database integrity?

A.
Audit log procedures
B. Table link/reference checks
C. Query/table access time checks
D. Rollback and roll forward database features

Correct Answer: B

Explanation:

Explanation:
Performing table link/reference checks serves to detect table linking errors (such as completeness and accuracy of the contents of the database), and thus provides the greatest assurance of database integrity. Audit log procedures enable recording of all events that have been identified and help in tracing the events. However, they only point to the event and do not ensure completeness or accuracy of the database’s contents. Querying/monitoring table access time checks helps designers improve database performance, but not integrity. Rollback and roll forward database features ensure recovery from an abnormal disruption. They assure the integrity of the transaction that was being processed at the time of disruption, but do not provide assurance on the integrity of the contents of the database.

CISA Certified Information Systems Auditor – Question2962

The objective of concurrency control in a database system is to:

A.
restrict updating of the database to authorized users.
B. prevent integrity problems when two processes attempt to update the same data at the same time.
C. prevent inadvertent or unauthorized disclosure of data in the database.
D. ensure the accuracy, completeness and consistency of data.

Correct Answer: B

Explanation:

Explanation:
Concurrency controls prevent data integrity problems, which can arise when two update processes access the same data item at the same time. Access controls restrict updating of the database to authorized users, and controls such as passwords prevent the inadvertent or unauthorized disclosure of data from the database. Quality controls, such as edits, ensure the accuracy, completeness and consistency of data maintained in the database.

CISA Certified Information Systems Auditor – Question2961

Which of the following will prevent dangling tuples in a database?

A.
Cyclic integrity
B. Domain integrity
C. Relational integrity
D. Referential integrity

Correct Answer: D

Explanation:

Explanation:
Referential integrity ensures that a foreign key in one table will equal null or the value of a primary in the other table. For every tuple in a table having a referenced/foreign key, there should be a corresponding tuple in another table, i.e., for existence of all foreign keys in the original tables, if this condition is not satisfied, then it results in a dangling tuple. Cyclical checking is the control technique for the regular checking of accumulated data on a file against authorized source documentation. There is no cyclical integrity testing. Domain integrity testing ensures that a data item has a legitimate value in the correct range or set. Relational integrity is performed at the record level and is ensured by calculating and verifying specific fields.

CISA Certified Information Systems Auditor – Question2960

Which of the following would BEST maintain the integrity of a firewall log?

A.
Granting access to log information only to administrators
B. Capturing log events in the operating system layer
C. Writing dual logs onto separate storage media
D. Sending log information to a dedicated third-party log server

Correct Answer: D

Explanation:

Explanation:
Establishing a dedicated third-party log server and logging events in it is the best procedure for maintaining the integrity of a firewall log. When access control to the log server is adequately maintained, the risk of unauthorized log modification will be mitigated, therefore improving the integrity of log information. To enforce segregation of duties, administrators should not have access to log files. This primarily contributes to the assurance of confidentiality rather than integrity. There are many ways to capture log information: through the application layer, network layer, operating systems layer, etc.; however, there is no log integrity advantage in capturing events in the operating systems layer. If it is a highly mission-critical information system, it may be nice to run the system with a dual log mode. Having logs in two different storage devices will primarily contribute to the assurance of the availability of log information, rather than to maintaining its integrity.

CISA Certified Information Systems Auditor – Question2959

Doing which of the following during peak production hours could result in unexpected downtime?

A.
Performing data migration or tape backup
B. Performing preventive maintenance on electrical systems
C. Promoting applications from development to the staging environment
D. Replacing a failed power supply in the core router of the data center

Correct Answer: B

Explanation:

Explanation:
Choices A and C are processing events which may impact performance, but would not cause downtime. Enterprise-class routers have redundant hot-swappable power supplies, so replacing a failed power supply should not be an issue. Preventive maintenance activities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime.