In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: A. isolation. B. consistency. C. atomicity. D. durability.
Correct Answer: C
Explanation:
Explanation:
The principle of atomicity requires that a transaction be completed in its entirety or not at all. If an error or interruption occurs, all changes made up to that point are backed out. Consistency ensures that all integrity conditions in the database be maintained with each transaction. Isolation ensures that each transaction is isolated from other transactions; hence, each transaction only accesses data that are part of a consistent database state. Durability ensures that, when a transaction has been reported back to a user as complete, the resultant changes to the database will survive subsequent hardware or software failures.
Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally changes jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.
Correct Answer: C
Explanation:
Explanation:
Because of the diversified nature of both data and application systems, the actual owner of data and applications may be hard to establish.
An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation? A. Log all table update transactions. B. implement before-and-after image reporting. C. Use tracing and tagging. D. implement integrity constraints in the database.
Correct Answer: D
Explanation:
Explanation:
Implementing integrity constraints in the database is a preventive control, because data is checked against predefined tables or rules preventing any undefined data from being entered. Logging all table update transactions and implementing before-and-after image reporting are detective controls that would not avoid the situation. Tracing and tagging are used to test application systems and controls and could not prevent out-of-range data.
During an application audit, an IS auditor finds several problems related to corrupted data in the database. Which of the following is a corrective control that the IS auditor should recommend? A. implement data backup and recovery procedures. B. Define standards and closely monitor for compliance. C. Ensure that only authorized personnel can update the database. D. Establish controls to handle concurrent access problems.
Correct Answer: A
Explanation:
Explanation:
Implementing data backup and recovery procedure is a corrective control, because backup and recovery procedures can be used to roll back database errors. Defining or establishing standards is a preventive control, while monitoring for compliance is a detective control. Ensuring that only authorized personnel can update the database is a preventive control. Establishing controls to handle concurrent access problems is also a preventive control.
During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
Correct Answer: A
Explanation:
Explanation:
Reviewing access control configuration would be the first task performed to determine whether security has been appropriately mapped in the system. Since a postimplementation review is done after user acceptance testing and actual implementation, one would not engage in interface testing or detailed design documentation. Evaluating interface testing would be part of the implementation process. The issue of reviewing detailed design documentation is not generally relevant to an enterprise resource management system, since these are usually vendor packages with user manuals. System testing should be performed before final user signoff.
The reason a certification and accreditation process is performed on critical systems is to ensure that: A. security compliance has been technically evaluated. B. data have been encrypted and are ready to be stored. C. the systems have been tested to run on different platforms. D. the systems have followed the phases of a waterfall model.
Correct Answer: A
Explanation:
Explanation:
Certified and accredited systems are systems that have had their security compliance technically evaluated for running on a specific production server. Choice B is incorrect because not all data of certified systems are encrypted. Choice C is incorrect because certified systems are evaluated to run in a specific environment. A waterfall model is a software development methodology and not a reason for performing a certification and accrediting process.
An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a: A. correlation of semantic characteristics of the data migrated between the two systems. B. correlation of arithmetic characteristics of the data migrated between the two systems. C. correlation of functional characteristics of the processes between the two systems. D. relative efficiency of the processes between the two systems.
Correct Answer: A
Explanation:
Explanation:
Due to the fact that the two systems could have a different data representation, including the database schema, the IS auditor’s main concern should be to verify that the interpretation of the data is the same in the new as it was in the old system. Arithmetic characteristics represent aspects of data structure and internal definition in the database, and therefore are less important than the semantic characteristics. A review of the correlation of the functional characteristics or a review of the relative efficiencies of the processes between the two systems is not relevant to a data migration review.
From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is: A. a big bang deployment after proof of concept. B. prototyping and a one-phase deployment. C. a deployment plan based on sequenced phases. D. to simulate the new infrastructure before deployment.
Correct Answer: C
Explanation:
Explanation:
When developing a large and complex IT infrastructure, the best practice is to use a phased approach to fitting the entire system together. This will provide greater assurance of quality results. The other choices are riskier approaches.
Which of the following would impair the independence of a quality assurance team? A. Ensuring compliance with development methods B. Checking the testing assumptions C. Correcting coding errors during the testing process D. Checking the code to ensure proper documentation
Correct Answer: C
Explanation:
Explanation:
Correction of code should not be a responsibility of the quality assurance team as it would not ensure segregation of duties and would impair the team’s independence. The other choices are valid quality assurance functions.
Which of the following system and data conversion strategies provides the GREATEST redundancy? A. Direct cutover B. Pilot study C. Phased approach D. Parallel run
Correct Answer: D
Explanation:
Explanation:
Parallel runs are the safest-though the most expensive-approach, because both the old and new systems are run, thus incurring what might appear to be double costs. Direct cutover is actually quite risky, since it does not provide for a ‘shake down period’ nor does it provide an easy fallback option. Both a pilot study and a phased approach are performed incrementally, making rollback procedures difficult to execute.
Please disable your adblocker or whitelist this site!