我的CISA38天学习笔记(20080614考试)

appppa

Which of the following is used to ensure that batch data is completely and accurately transferred between two systems?
A. Control total
B. Check digit
C. Check sum
D. Control account


Explanation:
A control total is frequently used as an easily recalculated control. The number of invoices in a batch or the value of invoices in a batch are examples of control totals. They provide a simple way of following an audit trail from a general ledger summary item to an individual transaction, and back.
Control total是一种简单重新计算控制，如批处理中的发票数量或者发票总额
A check digit is a method of verifying the accuracy of a single data item, such as a credit card number.
检验位是一种校验单个数据项的准确性的方法，如信用卡号。
Although a check sum is an excellent control over batch completeness and accuracy, it is not easily recalculated and, therefore, is not as commonly used in financial systems as a control total. Check sums are frequently used in data transfer as part of encryption protocols.
虽然检验和在验证批处理完整性和准确性上是一种优秀的控制，但他不是一种简单的重新计算，因此也不像control total那么普遍地运用于财务系统中。检验和经常作为加密协议的一部分用于数据传输。
Control accounts are used in financial systems to ensure that components that exchange summary information, such as a sales register and a general ledger, can be reconciled.
control accounts用于财务系统中确保交互总计信息的组件的结果可以被重新核对，如果销售登记簿和总账。

The correct answer is:A.

Additional information：
A checksum is a count of the number of bits in a transmission unit that is included with the unit so that the receiver can check to see whether the same number of bits arrived. If the counts match, it's assumed that the complete transmission was received. Both TCP and UDP communication layers provide a checksum count and verification as one of their services.
校验和是传输单位里二进制码（比特）的总数，因此接收者可以检验是否一样的比特数达到。如果总数一致，那就表示所有的传输被完整接收。TCP&UDP通讯层都提供了检验和计数和检验。

A check digit, also known as a checksum character, is the number located on the far right side of a bar code. The purpose of a check digit is to verify that the information on the barcode has been entered correctly. The barcode reader's decoder calculates the checksum by performing a series of mathematical operations on the digits that precede the check digit, and comparing the result of the calculation to the value of the check digit. Typically, if the check digit matches the result of the calculation, the reader emits a signal (such as a beep) to acknowledge that the results match, and the scan has been successful.
检验位，是一个位于条形码最右端的数值。目的用于检验条形码的信息是否被完整输入。条形码的读取器通过一系列的数学运算计算校验位前的所有数字，然后和检验位比较验证其正确性。信用卡号也有检验位。

control account，也就是检查total amount of subledger for each account是否和 general ledger的amount of each account一样。

wzfinish

不错呀

appppa

A universal serial bus (USB) port:
A. connects the network without a network card.
B. connects the network with an Ethernet adapter.
C. replaces all existing connections.
D. connects the monitor.

The correct answer is:B.
The USB port connects the network without having to install a separate network interface card inside a computer by using a USB Ethernet adapter.

--------------------------------------------------------------
关于这道题，我看了很久，始终不明白怎么一回事，看了解释也不明白。突然间，想通了，原来它只是问USB端口可以干啥。很快的排除了，A和C。剩下B和D，我觉得两个答案都是对的。
USB端口可以通过适配器连接网络，也可以连接显示器。
因为这是2006年的题，在那个时候出题者可能还不知道，USB也可以连接显示器吧。
在08年的题库里已经没有这道题了。

自己想的，不知道对不对，欢迎拍砖。。。。。

appppa

Which one of the following could an IS auditor use to validate the effectiveness of edit and validation routines?
A. Domain integrity test
B. Relational integrity test
C. Referential integrity test
D. Parity checks


Explanation:
Domain integrity testing is aimed at verifying that the data conform to definitions, i.e., the data items are all in the correct domains. The major objective of this exercise is to verify that the edit and validation routines are working satisfactorily. Relational integrity tests are performed at the record level and usually involve calculating and verifying various calculated fields, such as control totals. Referential integrity tests involve ensuring that all references to a primary key from another file actually exist in their original file. A parity check is a bit added to each character prior to transmission. The parity bit is a function of the bits making up the character. The recipient performs the same function on the received character and compares the result to the transmitted parity bit. If it is different, an error is assumed.
The correct answer is: A. Domain integrity test

---------------------------------------------------------------------
为什么贴这题呢。因为，又是一个看了一遍题目，看了一遍解释，还是不明白在说什么的题目。英文太差啊。

题目大概的意思：
IS审计员可以使用下列哪个方法来检查编辑检查程序和有效性检查程序的有效性？


域完整性测试主要是为了验证数据是否和定义的一致，如，性别的域值：男or 女，如果出现第三种值就是错的。

关系完整性测试是在记录层面上执行的，通常要计算并且验证各种计算域，如control total。---与题干不符。

参照完整性测试应该是测试一个表的外键一定要是另外一个表的主键，那个表一定要存在。----这个也好排除了。

奇偶校验---直接排除。奇偶校验是发送方在传输前为要传输的内容多加了一位，这一位怎么来的根据二进制中1或0的位数总计得来的。接收方根据同样的方法计算中出结果然后对比。如果不同就报错。

appppa

顺手把这道题贴在这里

QUOTE:原帖由 jemmy001 于 2008-5-30 14:37 发表
2.An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the:

A. manager's assistant perpetrated the fraud.
B. perpetrator cannot be established beyond doubt.
C. fraud must have been perpetrated by the manager.
D. system administrator perpetrated the fraud.

答案是B，不知啥原因！

A.经理的助手犯了这个错误。-----这个有可能
B.犯错者不能被确定
C.错误一定是经理犯的。-----这不一定，有可能是系统管理员，有可能是经理，有可能是任何一个知道经理USER ID和知道密码的人
D.系统管理员犯了这个错误。----解释同上。


原帖地址：http://www.itpub.net/viewthread.php?tid=997212

appppa

The development of an IS security policy is ultimately the responsibility of the:


A. IS department.
B. security committee.
C. security administrator.
D. board of directors.

The correct answer is:
D. board of directors.

Explanation:
Normally, the designing of an information systems security policy is the responsibility of top management or the board of directors. The IS department is responsible for the execution of the policy, having no authority in framing the policy. The security committee also functions within the broad security policy framed by the board of directors. The security administrator is responsible for implementing, monitoring and enforcing the security rules that management has established and authorized.

这道题记住就好。再说policy这种东西一般由高层来决定。IS department负责执行。security committee参与policy的development，但不能有最终决定权。security administrator一个人更不可能有policy的最终决定权，他主要负责实施，监控，执行那些管理层建好并且授权的安全规则。

[ 本帖最后由 appppa 于 2008-5-30 16:58 编辑 ]

appppa

发现个特点，题目如果出现another country，答案就可以选leagl----------------这个只可适用于在看到题目和答案，但是怎么也看不明白，要么觉得四个选项都对，要么觉得都不对的时候

1.When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?


A. There could be a question with regards to the legal jurisdiction.
B. Having a provider abroad will cause excessive costs in future audits.
C. The auditing process will be difficult because of the distances.
D. There could be different auditing norms.

The correct answer is: A. There could be a question with regards to the legal jurisdiction.

(待续)

voca

原帖由 appppa 于 2008-5-28 17:42 发表
A universal serial bus (USB) port:
A. connects the network without a network card.
B. connects the network with an Ethernet adapter.
C. replaces all existing connections.
D. connects the monitor.

The correct answer is:B.
The USB port connects the network without having to install a separate network interface card inside a computer by using a USB Ethernet adapter.

--------------------------------------------------------------
关于这道题，我看了很久，始终不明白怎么一回事，看了解释也不明白。突然间，想通了，原来它只是问USB端口可以干啥。很快的排除了，A和C。剩下B和D，我觉得两个答案都是对的。
USB端口可以通过适配器连接网络，也可以连接显示器。
因为这是2006年的题，在那个时候出题者可能还不知道，USB也可以连接显示器吧。
在08年的题库里已经没有这道题了。

自己想的，不知道对不对，欢迎拍砖。。。。。

我拍～

voca

原帖由 appppa 于 2008-5-30 17:17 发表
发现个特点，题目如果出现another country，答案就可以选leagl----------------这个只可适用于在看到题目和答案，但是怎么也看不明白，要么觉得四个选项都对，要么觉得都不对的时候

1.When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?


A. There could be a question with regards to the legal jurisdiction.
B. Having a provider abroad will cause excessive costs in future audits.
C. The auditing process will be difficult because of the distances.
D. There could be different auditing norms.

The correct answer is: A. There could be a question with regards to the legal jurisdiction.

(待续)

因为是题库， 出题的意图比较明显。 考试的题目可能要留意一下

voca

原帖由 appppa 于 2008-5-30 16:40 发表
顺手把这道题贴在这里

QUOTE:原帖由 jemmy001 于 2008-5-30 14:37 发表
2.An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the:

A. manager's assistant perpetrated the fraud.
B. perpetrator cannot be established beyond doubt.
C. fraud must have been perpetrated by the manager.
D. system administrator perpetrated the fraud.

答案是B，不知啥原因！

A.经理的助手犯了这个错误。-----这个有可能
B.犯错者不能被确定
C.错误一定是经理犯的。-----这不一定，有可能是系统管理员，有可能是经理，有可能是任何一个知道经理USER ID和知道密码的人
D.系统管理员犯了这个错误。----解释同上。


原帖地址：http://www.itpub.net/viewthread.php?tid=997212

这个个人感觉就是没办法确定是谁的责任了， 没太大的意思吧