CISA Refresher 6 Flashcards

Question 1

Q

Audit Charter

Answer

A

document that states management’s objectives for and delegation of authority to IS audit. Should be approved at the highest levels of management, and should outline the overall authority scope, and responsibilities of the audit function. Should not significantly change over time.

Question 2

Q

Engagement Letter

Answer

A

a letter that formalizes the contract between the auditor and the client and outlines the responsibilities of both parties; focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind

Question 3

Q

Audit Plan

Answer

A

A list of the audit procedures the auditors need to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements; consists of both short-term and long-term planning

Question 4

Q

Sarbanes-Oxley Act of 2002

Answer

A

Law that requires companies to maintain adequate systems of internal control

Question 5

Q

Professional Independence

Answer

A

In all matters related to the audit, the IS auditor should be independent of the auditee in both attitude and appearance

Question 6

Q

Organizational Independence

Answer

A

The IS audit function should be independent of the area or activity being reviewed to permit objective completion of the audit assignment

Question 7

Q

Audit Risk

Answer

A

the risk that information may contain a material error that may go undetected during the course of the audit

Question 8

Q

Error Risk

Answer

A

the risk of errors occurring in the area being audited

Question 9

Q

Information Technology Assurance Framework (ITAF)

Answer

A

provides an integrated process (involving technical and non-technical aspects) for developing and deploying IT systems with intrinsic and appropriate security measures in order to meet the organizations mission

Question 10

Q

General standards

Answer

A

standards that establish the guiding principles under which the IT assurance profession operates; they apply to the conduct of all assignments, and deal with the IT audit and assurance professional’s ethics, independence, objectivity and due care, as well as knowledge, competency and skill

Question 11

Q

Performance standards

Answer

A

standards that establish baseline expectations in the conduct of IT assurance engagements; focused on the design of the assurance work, the conduct of the assurance, the evidence required, and the development of assurance and audit findings and conclusions

Question 12

Q

Reporting standards

Answer

A

standards that address the types of audit reports, means of communication, and information to be communicated at the conclusion of an audit

Question 13

Q

Risk analysis

Answer

A

part of audit planning, and helps identify risks and vulnerabilities so the IS auditor can determine the controls needed to mitigate those risks

Question 14

Q

Risk

Answer

A

the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization; the combination of the probability of an event and its consequence

Question 15

Q

Business Risk

Answer

A

a risk that may negatively impact the assets, processes or objectives of a specific business or organization

Question 16

Q

IT Risk

Answer

A

the risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise

Question 17

Q

Risk Assessment Process

Answer

A

Identify Business Objectives

Question 18

Q

Internal controls

Answer

A

normally composed of policies, procedures, practices and organizational structures which are implemented to reduce risk to the organization; developed to provide reasonable assurance to management that the organization’s business objectives will be achieved and risk events will be prevented, or detected and corrected

Question 19

Q

Preventive controls

Answer

A

Controls that deter control problems before they occur

Question 20

Q

Detective controls

Answer

A

Controls that discover problems as soon as they arise

Question 21

Q

Corrective controls

Answer

A

Controls that remedy control problems that have been discovered

Question 22

Q

Control objectives

Answer

A

statements of the desired result or purpose to be achieved by implementing control activities (procedures)

Question 23

Q

IS Control objectives

Answer

A

provide a complete set of high-level requirements to be considered by management for effective control of each IT process

Question 24

Q

COBIT 5

Answer

A

a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT; helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use

Question 25

Q

COBIT 5 Principles

Answer

A

Meeting stakeholder needs

Question 26

Q

Controls

Answer

A

include policies, procedures and practices established by management to provide reasonable assurance that specific objectives will be achieved

Question 27

Q

Compliance Audit

Answer

A

an audit that includes specific tests of controls to demonstrate adherence to specific regulator or industry standards

Question 28

Q

Financial Audit

Answer

A

an audit that assesses the accuracy of financial reporting

Question 29

Q

Operational Audit

Answer

A

an audit designed to evaluate the internal control structure in a given process or area

Question 30

Q

Integrated Audit

Answer

A

an audit that combines financial and operational audit steps

Question 31

Q

Administrative Audit

Answer

A

an audit oriented to assess issues related to the efficiency of operational productivity within an organization

Question 32

Q

IS Audit

Answer

A

an audit that collects and evaluates evidence to determine whether the information systems and related resources adequately safeguard assets, maintain data and system integrity and availability, provide relevant and reliable information, achieve organizational goals, consume resources efficiently, and have, in effect, internal controls that provide reasonable assurance that business, operational and control objectives will be met

Question 33

Q

Statement on Standards for Attestation Engagements (SSAE 16)

Answer

A

a widely known auditing standard developed by the AICPA that defines the professional standards used by a service auditor to assess the internal controls of a service organization

Question 34

Q

Forensic Audit

Answer

A

an audit specialized in discovering, disclosing and following up on frauds and crimes

Question 35

Q

Audit Program

Answer

A

identifies the scope, audit objectives and audit procedures to obtain sufficient, relevant and reliable evidence to draw and support audit conclusions and opinions; includes the audit strategy and audit plan

Question 36

Q

Audit Strategy

Answer

A

overall approach to the audit that considers the nature of the client, risk of significant misstatements, and other factors such as the number of client locations and past effectiveness of client controls

Question 37

Q

Audit Methodology

Answer

A

a set of documented audit procedures designed to achieve planned audit objectives; components include a statement of scope, statement of objectives, and a statement of audit programs

Question 38

Q

Risk-Based Auditing

Answer

A

an audit approach that is adapted to develop and improve the continuous audit process; used to assess risk and assist the IS auditor in making the decision to perform either compliance testing or substantive testing

Question 39

Q

Inherent Risk

Answer

A

the risk level or exposure of the process/entity to be audited without taking into account the controls that management has implemented

Question 40

Q

Control Risk

Answer

A

the risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls

Question 41

Q

Detection Risk

Answer

A

the risk that material errors or misstatements that have occurred will not be detected by the IS auditor

Question 42

Q

Overall Audit Risk

Answer

A

the probability that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred

Question 43

Q

Statistical Sampling Risk

Answer

A

the risk that incorrect assumptions are made about the characteristics of a population from which a sample is selected

Question 44

Q

Risk Mitigation

Answer

A

a risk response that includes applying appropriate controls to reduce the risks

Question 45

Q

Risk Acceptance

Answer

A

a risk response that includes knowingly and objectively not taking action, providing the risk clearly satisfies the organization’s policy and criteria

Question 46

Q

Risk Avoidance

Answer

A

a risk response that includes avoiding risks by not allowing actions that would cause the risks to occur

Question 47

Q

Risk transfer/sharing

Answer

A

a risk response that includes transferring the associated risks to other parties, e.g. insurers or suppliers

Question 48

Q

Audit objectives

Answer

A

refer to the specific goals that must be accomplished by the audit

Question 49

Q

Compliance Testing

Answer

A

evidence gathering for the purposes of testing an organization’s compliance with control procedures; determines if controls are being applied in a manner that complies with management policies and procedures

Question 50

Q

Substantive Testing

Answer

A

evidence gathering for the purposes of evaluating the integrity of individual transactions, data or other information; substantiates the integrity of actual processing

Question 51

Q

Evidence

Answer

A

any information used by the IS auditor to determine whether the entity or data being audited follows the established criteria or objectives, and supports audit conclusions

Question 52

Q

Sample

Answer

A

the subset of population members used to perform testing

Question 53

Q

Statistical Sampling

Answer

A

sampling that uses the laws of probability to select and evaluate the results of an audit sample, thereby permitting the auditor to quantify the sampling risk for the purpose of reaching a conclusion about the population

Question 54

Q

Nonstatistical Sampling

Answer

A

audit sampling that relies on the auditor’s judgment to determine sample size, select the sample, and/or evaluate the results for the purpose of reaching a conclusion about the population

Question 55

Q

Attribute Sampling

Answer

A

sampling used to estimate the proportion of a population that possesses a specified characteristic; the primary sampling method used for compliance testing

Question 56

Q

Stop-or-go Sampling

Answer

A

sampling that allows the audit test to be stopped at the earliest possible moment

Question 57

Q

Discovery Sampling

Answer

A

a sampling plan that is appropriate when the expected occurrence rate is extremely low, used when the auditor desires a specific chance of observing at least one example of occurrence

Question 58

Q

Variable Sampling

Answer

A

sampling that deals with population characteristics that vary, such as monetary values and weights, and provides conclusions related to deviations from the norm

Question 59

Q

Confidence Coefficient

Answer

A

a percentage expression of the probability that the characteristics of the sample are a true representation of the population

Question 60

Q

Level of Risk

Answer

A

equal to one minus the confidence coefficient

Question 61

Q

Precision

Answer

A

represents the acceptable range difference between the sample and the actual population

Question 62

Q

Expected Error Rate

Answer

A

an estimate stated as a percent of the errors that may exist

Question 63

Q

Sample mean

Answer

A

the sum of all sample values, divided by the size of the sample

Question 64

Q

Sample standard deviation

Answer

A

computes the variance of the sample values from the mean of the sample

Answer 65

A

maximum misstatement or number of errors that can exist without an account being materially misstated

Answer 66

A

measures the relationship to the normal distribution

Answer 67

A

refer to audit software that uses auditor-supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

Answer 68

A

standard software designed to read, process, and write data with the help of functions performing specific audit routines and with self-made macros

Answer 69

A

subset of software that provides evidence to auditors about system control effectiveness

Answer 70

A

using a sample set of data to assess whether logic errors exist in a program and whether the program meets its objectives

Answer 71

A

A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective (e.g., avoiding misstatements).

Answer 72

A

used by the auditor to report findings and recommendations to management

Answer 73

A

A method/process by which management and staff of all levels collectively identify and evaluate risk and controls with their business areas. This may be under the guidance of a facilitator such as an auditor or risk manager; includes testing the design of automated application controls

Answer 74

A

any approach in which the primary responsibility for analyzing and reporting on internal control and risk is assigned to auditors, and to a lesser extent, controller departments and outside consultants

Answer 75

A

the process whereby appropriate audit disciplines are combined to assess key internal controls over an operation, process or entity

Answer 76

A

provided by IS management and tools and typically based on automated procedures to meet fiduciary responsibilities

Answer 77

A

“A methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditors reports issued simultaneously with or a short period of time after the occurrence of the events underlying the subject matter”

Answer 78

A

the system by which business corporations are directed and controlled; a set of responsibilities and practices used by an organization’s management to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized

Answer 79

A

the body of issues addressed in considering how IT is applied within the enterprise

Answer 80

A

a structure of relationships and processes used to direct and control the enterprise toward achievement of its goals by adding value while balancing risk vs. return over IT and its processes

Answer 81

A

Strategic Alignment

Answer 82

A

focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations

Answer 83

A

executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT

Answer 84

A

the optimal investment it, and the proper management of, critical IT resources: applications, information, infrastructure and people

Answer 85

A

tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery

Answer 86

A

a process management evaluation technique that can be applied to the IT governance process in assessing the IT functions and processes; supplements traditional financial evaluation with measures concerning user satisfaction, internal processes and the ability to innovate

Answer 87

A

As a committee of the board, it assists the board in overseeing the enterprise’s IT-related matters by ensuring that the board has the internal and external information it requires for effective IT governance decision making.

Answer 88

A

a committee, comprised of a group of managers and staff representing various organizational units, set up to establish IT priorities and to ensure that the MIS function is meeting the needs of the enterprise

Answer 89

A

governance focused on specific value drivers: confidentiality, integrity, and availability of information, continuity of services and protection of information assets

Answer 90

A

integration of an organization’s management assurance processes for security

Answer 91

A

involves documenting an organization’s IT assets in a structured manner to facilitate understanding, management and planning for IT investments; involves both a current state and an optimized state

Answer 92

A

a model framework that is a starting point for many contemporary EA projects the helps move IT projects from abstract to physical using models and representations with progressively greater levels of detail

Answer 93

A

a business and performance based framework to support cross-agency collaboration, transformation and government-wide improvement

Answer 94

A

long-term direction an enterprise wants to take in leveraging information technology for improving its business processes

Answer 95

A

has an explicitly directive, strategic goal in determining what the enterprise will continue to invest in vs. what the enterprise will divest

Answer 96

A

high-level document that represents the corporate philosophy of an organization

Answer 97

A

policy that communicates a coherent security standard to users, management and technical staff

Answer 98

A

policy that includes statements on confidentiality, integrity, and availability

Answer 99

A

policy that should describe the classifications, levels of control at each classification and responsibilities of all potential users including ownership

Answer 100

A

policy that includes information for all information resources and describes the organizational permissions for the usage of IT and information-related resources

Answer 101

A

policy that describes the parameters and usage of desktop, mobile computing and other tools by users

Answer 102

A

policy that describes the method for defining and granting access to users to various IT resources

Answer 103

A

detailed steps defined and documented for implementing policies

Answer 104

A

the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization

Answer 105

A

The quantifiable metrics a company uses to evaluate progress toward critical success factors

Answer 106

A

any circumstance or event with the potential to cause harm (such as destruction, disclosure, modification of data and/or denial of service) to an information resource

Answer 107

A

characteristics of information resources that can be exploited by a threat to cause harm

Answer 108

A

the result of a threat agent exploiting a vulnerability

Answer 109

A

the remaining level of risk once controls have been applied; can be used by management to further reduce risk by identifying those areas in which more control is needed

Answer 110

A

method that uses words or descriptive rankings to describe in the impact or likelihood of risk (high, medium, low)

Answer 111

A

method that uses descriptive rankings that are associated with a numeric scale to describe the impact or likelihood of risk

Answer 112

A

method that uses numeric values to describe the likelihood and impact of risk, using data from several types of sources such as historic records, past experiences, industry practices and records, statistical theories, testing, and experiments (usually monetary terms)

Answer 113

A

practices that reflect the implementation of policies and procedures developed for various IS-related management activities

Answer 114

A

organizational policies and procedures for recruiting, selecting, training and promoting staff, measuring staff performance, disciplining staff, succession planning, and staff retention

Answer 115

A

the way in which the organization will obtain the IS functions required to support the business (in-house, outsource)

Answer 116

A

contractual agreements under which an organization hands over control of part or all of the functions of the IS department to an external party

Answer 117

A

a document that provides a company with a performance guarantee for services outsourced to a vendor

Answer 118

A

A process of continuously measuring system results, comparing those results to optimal system performance (industry standards or best practices), and identifying steps and procedures to improve system performance

Answer 119

A

model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction

Answer 120

A

provides a framework for three Service Organization Control (SOC) reporting options

Answer 121

A

focus solely on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements

Answer 122

A

the set of responsibilities, roles, objectives, interfaces and controls required to anticipate change and manage the introduction, maintenance, performance, costs and control of third-party provided services

Answer 123

A

involves the use of a defined and documented process to identify and apply technology improvements at the infrastructure and application level that are beneficial to the organization and involve all levels of the organization impacted by the changes

Answer 124

A

one of the means by which IT department-based processes are controlled, measured and improved; may include: software development/maintenance/implementation, acquisition of hardware or software, day-to-day operations, service management, security, HR management, general administration

Answer 125

A

Measure products/services

Answer 126

A

responsible for programmers and analysts who implement new systems and maintain existing systems

Answer 127

A

responsible for planning and executing IT projects and may report to a project management officer or to the development organization

Answer 128

A

unit within an organization that responds to technical questions and problems faced by users

Answer 129

A

responsible for operations related to business application services; used to distinguish the person for whom the product was designed from the person who programs, services, or installs applications

Answer 130

A

responsible as a liaison between the IS department and the end users

Answer 131

A

responsible for the data architecture in larger IT environments and tasked with managing data as a corporate asset

Answer 132

A

responsible for negotiating and facilitating quality activities in all areas of information technology

Answer 133

A

responsible for computer operations personnel, including all staff required to run the data center efficiently and effectively

Answer 134

A

responsible for the collection, conversion and control of input, and the balancing and distribution of output to the user communicty

Answer 135

A

responsible for recording, issuing, receiving, and safeguarding all program and data files that are maintained on removable media

Answer 136

A

The process of getting information into a database, usually done by people typing it in by way of data-entry forms designed to simplify the proces

Answer 137

A

responsible for maintaining major multi-user computer systems, including LANs, WLANs, WANs, PANs, SANs, intranets and extranets, and mid-range and mainframe systems

Answer 138

A

responsible for ensuring that the various users are complying with the corporate security policy and controls are adequate to prevent unauthorized access to the company assets

Answer 139

A

helps the IS department to ensure that personnel are following prescribed quality processes

Answer 140

A

responsible for conducting tests or reviews to verify and ensure that software is free from defects and meets user expectations

Answer 141

A

custodian of an organization’s data; defines and maintains the data structures in the corporate database system

Answer 142

A

specialist who designs systems based on the needs of the user and are usually involved during the initial phase of the system development life cycle

Answer 143

A

responsible for evaluating security technologies; design security aspects of the network topology, access control identity management and other security systems; and establish security policies and security requirements

Answer 144

A

responsible for developing and maintaining applications; should work in a test-only environment

Answer 145

A

responsible for maintaining the systems software, including the operating system

Answer 146

A

responsible for key components of the infrastructure (routers, switches, firewalls, network segmentation, performance management, remote access, etc.); report to the director of the IPF or an end-user manager

Answer 147

A

avoids the possibility that a single person could be responsible for diverse and critical functions in such a way that errors or misappropriations could occur and not be detected in a timely manner an in the normal course of business processes

Answer 148

A

custody of the assets, authorization, recording transactions

Answer 149

A

internal controls that are intended to reduce the risk of an existing or potential control weakness when duties cannot be appropriately segregated

Answer 150

A

help the IS and user departments as well as the IS auditor by providing a map to retrace the flow of a transaction; recreates the actual transaction flow from the point of origination to its existence on an updated file

Answer 151

A

independent verification typically performed by the user that increases the level of confidence that the application processed successfully and the data are in proper balance

Answer 152

A

Identifying data that is not within “normal limits” so that managers can follow up and take corrective action; should require evidence, such as initials on a report, noting that the exception has been handled properly

Answer 153

A

a record of transactions (can be logged manually or automatically)

Answer 154

A

A document specifying all the system requirements and soliciting a proposal from each vendor contacted

Answer 155

A

the ability of an organization to maintain its operations and services in the face of a disruptive event

Answer 156

A

Provides procedures for emergency responses, extended backup operations, and post-disaster recovery

Answer 157

A

a detailed process for recovering information or an IT system in the event of a catastrophic disaster such as a fire or flood

Answer 158

A

a process to return operations to normality whether in a restored or new facility

Answer 159

A

specifies how to resume business processes specifically related to IS in the face of a disruptive event; should be aligned with the strategy of the organization

Answer 160

A

how risk is calculated; uses either qualitative or quantitative means

Answer 161

A

the activity in Business Continuity Management that identifies vital business functions and their dependencies; allows the organization to determine the maximum downtime possible and to quantify losses as they grow after a disruption, thus allowing the organization to make a decision on the technology used for protection and recovery of its key information assets

Answer 162

A

typically details the process IT personnel will use to restore the computer systems

Answer 163

A

disruptions that cause critical information resources to be inoperative for a period of time, adversely impacting organizational operations

Answer 164

A

an epidemic or outbreak of infectious diseases in humans that have the ability to spread rapidly over large areas

Answer 165

A

a document approved by top management that defines the extent and scope of the business continuity effort within the organization

Answer 166

A

any unexpected event, even if it causes no significant damage

Answer 167

A

incident that causes no perceptible or significant damage

Answer 168

A

incidents that, while not negligible, produce no negative material (of relative importance) or financial impact

Answer 169

A

incidents that cause a negative material impact on business processes and may affect other systems, departments or even outside clients

Answer 170

A

a major incident that can have serious material impact on the continued functioning of the business and may also adversely impact other systems or third parties

Answer 171

A

costs incurred during the period after a disaster in which the business is not functioning; cost grows quickly with time, where the impact of a disruption increases the longer it lasts

Answer 172

A

cost of activating the business continuity plan (alternative corrective measures), which decreases with the target chosen for recovery time

Answer 173

A

determination of risk based upon the impact derived from the critical recovery time period, as well as the likelihood that an adverse disruption will occur (critical, vital, sensitive, nonsensitive)

Answer 174

A

a paper walk-through of the BCP, involving major players in the plan’s execution who reason out what might happen in a particular type of service disruption

Answer 175

A

localized version of a full BCP test, wherein actual resources are expanded in the simulation of a system crash

Answer 176

A

one step away from an actual service disruption; a full test of the BCP

Answer 177

A

the process by which an organization evaluates technology solutions to business problems

Answer 178

A

all of the projects (related or unrelated) being carried out in an organization at a given point in time

Answer 179

A

a group of projects and time-bound tasks that are closely linked together through common objectives, a common budget, and intertwined schedules and strategies

Answer 180

A

document that provides the information required for an organization to decide whether a project should proceed

Answer 181

A

the application of knowledge, skills, tools, and techniques to a broad range of project activities to achieve a stated objective such as meeting the defined user requirements, budget and deadlines for an IS project

Answer 182

A

a type of project organization in which the project manager has only a staff function without formal management authority; the PM can only advise peers and team members as to which activities should be completed

Answer 183

A

a type of project organization in which the project manager has formal authority over those taking part in the project

Answer 184

A

a type of project organization in which management authority is shared between the project manager and the department heads

Answer 185

A

objectives that will always be directly coupled with business success

Answer 186

A

objectives that are not directly related to the main results of the project but may contribute to project success

Answer 187

A

objectives that add clarity to the scope, and project boundaries become clearer; these objectives shape the contours of the deliverables and help all parties to gain a clear understanding of what has to be done to avoid any ambiguities

Answer 188

A

a structure that represents the individual components of the solution and their relationships to each other in a hierarchical manner, either graphically or in a table

Answer 189

A

designed after the OBS has been compiled, this structures all the tasks that are necessary to build up the elements of the OBS during the project

Answer 190

A

a list of actions to be carried out in relation to work packages and includes assigned responsibilities and deadlines

Answer 191

A

management that demonstrates commitment to the project and approves the necessary resources to complete the project

Answer 192

A

management that assumes ownership of the project and resulting system, allocates qualified representatives to the team, and actively participates in business process redesign, system requirements definition, test case development, acceptance testing and user training

Answer 193

A

group that provides overall direction and ensures appropriate representation of the major stakeholders in the project’s outcome; should be comprised of a senior representative from each relevant business area

Answer 194

A

person or group that provides funding for the project and works closely with the project manager to define the critical success factors and metrics for measuring the success of the project

Answer 195

A

management that provides technical support for hardware and software environments by developing, installing and operating the requested system

Answer 196

A

person that provides day-to-day management and leadership of the project, ensures that project activities remain in line with the overall direction, ensures appropriate representation of the affected departments, ensures that the project adheres to local standards, ensures that deliverables meet the quality expectations of key stakeholders, resolves interdepartmental conflicts, and monitors and controls costs and the project timetable

Answer 197

A

group that completes assigned tasks, communicates effectively with users by actively involving them in the development process, works according to local standards and advises the project manager of necessary project plan deviations

Answer 198

A

group that completes assigned tasks, communicates effectively with the systems developers by actively involving themselves in the development process as subject matter experts (SMEs), works according to local standards and advises the project manager of expected and actual project plan deviations

Answer 199

A

person that ensures that system controls and supporting processes provide an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures

Answer 200

A

personnel who review results and deliverables within each phase of a project and at the end of each phase, and confirm compliance with requirements

Answer 201

A

relates to methods of determining the relative physical size of the application software to be developed

Answer 202

A

a multiple-point technique widely used for estimating complexity in developing large business applications

Answer 203

A

the sequence of activities whose sum of activity time is longer than that for any other path through the network; if everything goes according to schedule, the duration gives the shortest possible completion time for the overall project

Answer 204

A

the difference between the latest possible completion time of each activity that will not delay the completion of the overall project and the earliest possible completion time based on all predecessor activities

Answer 205

A

chart that aids in the scheduling of activities needed to complete a project; shows when an activity should begin and when it should end along a timeline

Answer 206

A

technique that uses three different estimates of each activity duration in lieu of using a single number for each activity duration (as used by CPM); the three estimates are then reduced to a single number and then the classic CPM algorithm is applied

Answer 207

A

a project management technique for defining and deploying software deliverables within a relatively short and fixed period of time, and with predetermined specific resources

Answer 208

A

consists of comparing the following metrics at regular intervals during the project: budget to date, actual spending to date, estimate to complete and estimate at completion

Answer 209

A

formal process in which lessons learned and an assessment of project management processes used are documented to allow reference, in the future, by other project managers or users working on projects of similar size and scope

Answer 210

A

process typically completed once the project has been in use for some time - long enough to realize its business benefits and costs, and measure the project’s overall success and impact on the business units

Answer 211

A

the attributes of a business function that drive the behavior and implementation of that business function to achieve the strategic business goals of the company

Answer 212

A

modified Waterfall model that provides for back references for VERIFICATION and VALIDATION

Answer 213

A

an SDLC approach that assumes the various phases of a project can be completed sequentially - one phase leads (falls) into the next phase

Answer 214

A

method in which business requirements are developed and tested in iterations until the entire application is designed, built and tested

Answer 215

A

a study concerned with analyzing the benefits and solutions for the identified problem area

Answer 216

A

concerned with identifying and specifying the business requirements of the system chosen for development during the feasibility study

Answer 217

A

written request asking contractors to propose solutions and prices that fit customer’s requirements; this method is more applicable in system integration projects when the requirement is more toward a solution and related support and maintenance

Answer 218

A

written request asking contractors to propose solutions and prices that fit customer’s requirements; this method is more applicable where procurement of hardware, network, database, etc. is involved and when the product and related services are known in advance

Answer 219

A

these diagrams show how the entities that make up a relational database are linked together. Using cardinality the relationships are displayed using a straight line to link the entities, which are represented by a rectangle

Answer 220

A

groupings of like data elements or instances that may represent actual physical objects or logical constructs

Answer 221

A

properties or characteristics common to all or some of the instances of the entity

Answer 222

A

uniquely identifies each instance of the entity

Answer 223

A

depict how two entities are associated (and, in some cases, how instances of the same entity are associated)

Answer 224

A

one or more attributes held in one entity that map to the primary key of a related entity

Answer 225

A

the cutoff point in the design; also referred to as design freeze

Answer 226

A

developed early in the life cycle and refined until the actual testing phase, this identifies the specific portions of the system to be tested

Answer 227

A

a testing strategy that begins testing of atomic units, such as programs or modules, and work upward until a complete system testing has taken place

Answer 228

A

a testing strategy where the component at the top of the component hierarchy is tested first, with lower level components being simulated by stubs; tested components are then used to test lower level components; the process is repeated until the lowest level components have been tested

Answer 229

A

testing of an individual program or module

Answer 230

A

a hardware or software test that evaluates the connection of two or more components that pass information from one area to another

Answer 231

A

a series of tests designed to ensure that modified programs, objects, database schema, etc., which collectively constitute a new or modified system, function properly

Answer 232

A

checking the system’s ability to recover after a software or hardware failure

Answer 233

A

making sure that the modified/new system includes provisions for appropriate access controls and does not introduce any security holes that might compromise other systems

Answer 234

A

testing an application with large quantities of data to evaluate its performance during peak hours

Answer 235

A

studying the impact on the application by testing with an incremental volume of records to determine the maximum volume of records (data) that the application can process

Answer 236

A

studying the impact on the application by testing with an incremental number of concurrent users/services on the application to determine the maximum number of concurrent users/services the application can process; should be carred out ina test environment using live workloads

Answer 237

A

comparing the system’s performance to other equivalent systems using well-defined benchmarks

Answer 238

A

testing that focuses on the documented specifications and the technology employed; verifies that the application works as documented by testing the logical design and the technology itself

Answer 239

A

testing that supports the process of ensuring that the system is production-ready and satisfies all documented requirements; focuses on functional aspect of the application

Answer 240

A

testing that is performed only by users within the organization developing the software

Answer 241

A

a form of user acceptance testing that generally involves a limited number of external users

Answer 242

A

preliminary test that focuses on specific and predetermined aspects of a system; provides a limited evaluation of the system

Answer 243

A

testing that assesses the effectiveness of software program logic

Answer 244

A

an integrity-based form of testing associated with testing components of an information system’s “functional” operating effectiveness without regard to any specific internal program structure

Answer 245

A

used to test the functionality of the system against the detailed requirements to ensure that the software that has been built is traceable to customer requirements

Answer 246

A

the process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors

Answer 247

A

the process of feeding test data into two systems - modified system and and alternative system - and comparing the results

Answer 248

A

tests to confirm that the new or modified system can operate in its target environment without adversely impacting existing systems

Answer 249

A

consists of defining, tracking and controlling changes in a purchased system to meet the needs of the business

Answer 250

A

the actual operation of the new information system is established and tested

Answer 251

A

a full-system test conducted on the actual operations environment

Answer 252

A

the moving of data from the original application system into the newly implemented system

Answer 253

A

the conversion of existing data into the new required format, coding and structure while preserving the meaning and integrity of the data

Answer 254

A

refers to an approach to shift users from using the application from the existing (old) system to the replacing (new) system

Answer 255

A

a changeover approach that includes running the old system, then running both the old and new systems in parallel, and finally fully changing over to the new system after gaining confidence in the working of the new system

Answer 256

A

a changeover approach where the older system is broken into deliverable modules; the first module of the older system is phased out using the first module of the new system, then the second module is replaced, and so on until the last module is replaced

Answer 257

A

a changeover approach where the newer system is changed over from the older system on a cutoff date and time, and the older system is discontinued once the changeover to the new system takes place

Answer 258

A

the process by which an assessor organization performs a comprehensive assessment against a standard of management and operational and technical controls in an information system

Answer 259

A

the official management decision (given by a senior official) to authorize operation of an information system and to explicitly accept the risk to the organization’s operations, assets, or individuals based on the implementation of an agreed-upon set of requirements and security controls

Answer 260

A

internal review to assess and critique the project process

Answer 261

A

review to assess and measure the value the project has on the business (benefits realization)

Answer 262

A

risk related to the likelihood that the new system may not meet the users’ business needs, requirements and expectations

Answer 263

A

risk that the project activities to design and develop the system exceed the limits of the financial resources set aside for the project and, as a result, it may be completed late, if ever

Answer 264

A

the buying and selling of goods online, usually via the Internet

Answer 265

A

applies to any business that sells its products or services to consumers over the internet

Answer 266

A

applies to businesses buying from and selling to each other over the Internet

Answer 267

A

when administrative transactions are conducted over the Internet between a business and its employees, such as payroll and benefits

Answer 268

A

online transactions between businesses and governmental agencies

Answer 269

A

replaces the traditional paper document exchange (purchase orders, invoices, material release schedules), the proper controls and edits need to be built within each company’s application system to allow this communication to take place

Answer 270

A

use computerized message switching and storage capabilities to provide electronic mailbox services similar to a post office

Answer 271

A

hosts that deliver, forward and store mail

Answer 272

A

interface with users and allow users to read, compose, send and store email messages

Answer 273

A

system that enables the capture of data at the time and place that sales transactions occur

Answer 274

A

a computerized cash payments system that transfers funds without the use of checks, currency, or other paper documents

Answer 275

A

a new means of delivering financial services electronically

Answer 276

A

a specialized form of the POS terminal that is designed for the unattended use by a customer of a financial institution

Answer 277

A

a phone technology that allows a computer to detect voice and touch tones using a normal phone call

Answer 278

A

system that stores, retrieves and processes graphic data, such as pictures, charts and graphs, instead of or in addition to text data

Answer 279

A

the science of designing and programming computer systems to do intelligent things and to simulate human thought processes suchs as reasoning and understanding language

Answer 280

A

systems that allow the user to specify certain basic assumptions or formulas and then uses these assumptions or formulas to analyze arbitrary events

Answer 281

A

a broad field of IT that encompasses the collection and analysis of information to assist decision making and assess organizational performance

Answer 282

A

a system that consists of individual databases contributing to a central repository from which data may be either drawn directly to supply an EHR workstation or sent to a warehouse that performs sophisticated analysis on data to supply decision support

Answer 283

A

diagrams that outline the major processes of an organization and the external parties with which the business interacts

Answer 284

A

diagrams that deconstruct business processes

Answer 285

A

an interactive system that provides the user with easy access to decision models and data from a wide range of sources in order to support semi-structured decision-making tasks typically for business purposes

Answer 286

A

an emphasis on the importance of focusing on information relating to transaction data, preferences, purchase patterns, status, contact history, demographic information, and service trends of customers rather than on products

Answer 287

A

concerned with maximizing the utility of the customer’s service experience while also capturing useful data about the customer interaction

Answer 288

A

seeks to analyze information captured by the organization about its customers and their interactions with the organization into information that allows greater value to be obtained from the customer base

Answer 289

A

a system development strategy that refers to a family of similar development processes that espouse a nontraditional way of developing complex systems

Answer 290

A

an agile process that aims to move planning and directing tasks from the project manager to the team, leaving the project manager to work on removing the obstacles to the team, achieving their objectives

Answer 291

A

aka heuristic or evolutionary development, the process of creating a system through controlled trial and error procedures to reduce the level of risk in developing the system

Answer 292

A

a methodology that enables organizations to develop strategically important systems quickly while reducing development costs and maintaining quality

Answer 293

A

the process of solution specification and modeling where data and procedures can be grouped into an entity known as an object

Answer 294

A

the process of assembling applications from cooperating packages of executable software that make their services available through defined interfaces

Answer 295

A

a software development approach designed to achieve easier and more effective integration of code modules within and between enterprises

Answer 296

A

a process of updating an existing system by extracting and reusing design and program components

Answer 297

A

the process of studying and analyzing an application, a software application or a product to see how it functions and to use that information to develop a similar system

Answer 298

A

Review of existing architecture

Answer 299

A

Procurement phase

Answer 300

A

the processes of managing change to application systems while maintaining the integrity of both the production source and executable code

Answer 301

A

a systematic way of approving and executing changing in order to assure maximum security, stability and availability of information technology services

Answer 302

A

procedures throughout the software life cycle to identify, define and baseline software items in the system and thus provide a basis for problem management, change management and release management

Answer 303

A

tools, often incorporated with CASE products, that generate program code based on parameters defined by a systems analyst or on data/entity flow diagrams developed by the design module of a CASE product

Answer 304

A

the use of automated tools to aid in the software development process

Answer 305

A

CASE products used to describe and document business and application requirements

Answer 306

A

CASE products used for developing the detailed designed

Answer 307

A

CASE products involved with the generation of program code and database definitions

Answer 308

A

fourth-generation language; nonprocedural language that enables users and programmers to access data in a database

Answer 309

A

the process of responding to competitive and economic pressures, and customer demands to survive in the current business environment; usually done by automating system processes so that there are fewer manual interventions and manual controls

Answer 310

A

a continuous, systematic process for evaluating the products, services, or work processes of organizations recognized as a world-class “reference” in a globalized world

Answer 311

A

an international standard to assess the quality of software products that provides the definition of the characteristics and associated quality evaluation process to be used when specifying the requirements for, and evaluating the quality of, software products throughout their life cycle

Answer 312

A

a five-level model laying out a generic path to process improvement (maturity) for software development in organizations

Answer 313

A

a series of documents that provide guidance on process improvement, benchmarking and assessment including detailed guidance that can be leveraged to create enterprise best practices

Answer 314

A

Incomplete process

Answer 315

A

controls over input, processing, and output functions

Answer 316

A

verifies that all transactions have been authorized and approved by management

Answer 317

A

comparison of the items or documents actually processed against a predetermined control total

Answer 318

A

a process to identify data errors, incomplete or missing data and inconsistencies among related data items

Answer 319

A

controls that ensure that data in a file/database remain complete and accurate until changed as a result of authorized processing or modification routines

Answer 320

A

controls that ensure that only authorized processing occurs to stored data files

Answer 321

A

controls that provide assurance that the data delivered to users will be presented, formatted and delivered in a consistent and secure manner

Answer 322

A

involves evaluating controls at the process and activity level

Answer 323

A

implementing control procedures to clearly divide authority and responsibility within the information system function to prevent employees from perpetrating and concealing fraud

Answer 324

A

set of substantive tests that examines accuracy, completeness, consistency and authorization of data presently held in a system

Answer 325

A

uses auditor-supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

Answer 326

A

refer to audit software, often called generalized audit software (GAS), that uses auditor- supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

Answer 327

A

technique that involves taking “pictures” of the processing path that a transaction follows, from the input to the output stage

Answer 328

A

technique that involves embedding hooks in application systems to function as red flags and to induce IS auditors to act before an error or irregularity gets out of hand

Answer 329

A

a key encryption technique for wireless networks that uses keys both to authenticate network clients ant to encrypt data in the transit; has been demonstrated to have numerous flaws and has been deprecated in favor of newer standards

Answer 330

A

standard EDI transactions that tell trading partners that their electronic documents were received; used as an audit trail for electronic data interchange (EDI) transactions

Answer 331

A

responsible for the ongoing support of an organization’s computer and information systems environment

Answer 332

A

has the overall responsibility for all operations within the IS department

Answer 333

A

a concept that comprises processes and procedures for efficient and effective delivery of IT services to business

Answer 334

A

a release that contains only those items that have undergone changes since the last release

Answer 335

A

an agreement between the IT organization and the customer that details the service(s) to be provided; the IT organization could be an internal IT department or an external IT service provider, and the customer is the business

Answer 336

A

the process of defining, agreeing upon, documenting and managing levels of service that are required and cost justified

Answer 337

A

automated reports that identify all applications that did not successfully complete or otherwise malfunctioned

Answer 338

A

logs generated from various systems and applications that should be considered to identify all application problems and provide additional, useful information regarding activities performed on the computer since most abnormal system and application events will generate a record in the logs

Answer 339

A

manual reports that are used by operators to log computer operations problems and their resolutions

Answer 340

A

schedules that are generally maintained manually by IS management to assist in human resource planning

Answer 341

A

a major function within the IS department that includes scheduling jobs that must be run, the sequence of job execution and the conditions that cause program execution

Answer 342

A

system software used by installations that process a large number of batch routines

Answer 343

A

focuses on providing increased continuity of service by reducing or removing the adverse effect of disturbances to IT services, and covers almost all nonstandard operations of IT services

Answer 344

A

aims to resolve issues through the investigation and in-depth analysis of a major incident, or several incidents that are similar in nature, in order to identify the root cause

Answer 345

A

part of change management that are established to control the movement of applications from the test environment, where development and maintenance occurs, to the quality assurance (QA) environment, to the production environment

Answer 346

A

the process responsible for planning, scheduling and controlling the movement of releases to test and live environments; primary objective is to ensure that the integrity of the live environment is protected and that the correct components are released

Answer 347

A

ensures continuous IT operation and security of business process and data

Answer 348

A

establishes the controls, techniques and processes necessary to preserve the confidentiality of sensitive information stored on media to be reused, transported, or discarded; involves the eradication of information recorded on storage media to the extent of providing reasonable assurance that residual content cannot be salvaged or restored

Answer 349

A

executes commands from a computer’s hardware and software; the principal computer chip that contains several processing components, which determines the computer’s operating speed; the “brain” of a computer

Answer 350

A

temporary memory a computer uses to store information while it is processing; memory is volatile

Answer 351

A

form of primary memory that holds items that can be read but not erased or changed by normal computer input; memory is nonvolatile

Answer 352

A

servers that allow businesses to consolidate printing resources for cost-savings

Answer 353

A

servers that provide for organization-wide access to files and programs

Answer 354

A

servers that host the software programs that provide application access to client computers, including the processing of the application business logic and communication with the application’s database

Answer 355

A

servers that provide information and services to external customers and internal employees through web pages

Answer 356

A

servers that provide an intermediate link between users and resources; servers that access services on a user’s behalf

Answer 357

A

servers that store raw data and act as a repository for storing information rather than presenting it to be usable

Answer 358

A

provide a specific service and normally would not be capable of running other services; these devices are significantly smaller, faster, and very efficient

Answer 359

A

a serial bus standard that interfaces devices with a host; was designed to allow connection of many peripherals to a single standardized interface socket; allows devices to be connected and disconnected without rebooting

Answer 360

A

a solid-state electronic data storage device used with digital cameras, handheld and mobile computers, telephones, music players, video game consoles and other electronics

Answer 361

A

uses radio waves to identify tagged objects within a limited radius

Answer 362

A

the planning and monitoring of computing and network resources to ensure that the available resources are used efficiently and effectively

Answer 363

A

the process of ensuring that the resource provision can always meet business requirements

Answer 364

A

a number of layers of circuitry and logic, arranged in a hierarchical structure that interacts with the computer’s operating system

Answer 365

A

contains programs that interface between the user, processor and applications software; provides the primary means of managing the sharing and use of computer resources such as processors, real memory, auxiliary memory and I/O devices

Answer 366

A

software designed to prevent unauthorized access to data, unauthorized use of system functions and programs, and unauthorized updates/changes to data, and to detect or prevent unauthorized attempts to access computer resources

Answer 367

A

software that is used to transmit messages or data from one point to another, which may be local or remote

Answer 368

A

capabilities that are enabled by the system software components that enact and support the definition, storage, sharing and processing of user data, and deal with file management

Answer 369

A

system software that aids in organizing, controlling and using the data needed by application programs

Answer 370

A

helps define and store source and object forms of all data definitions for external schemas, conceptual schemas, the internal schema and all associated mappings

Answer 371

A

model where there is a hierarchy of parent and child data segments (parent-child relationships) that are 1:N relationships between record types

Answer 372

A

a flexible way of representing objects and their relationships (each entity can have multiple relationships); rarely used in current environments

Answer 373

A

a relational model based on the set theory and relational calculations that allows the definition of data structures, storage/retrieval operations and integrity constraints

Answer 374

A

a technique to make complex databases more efficient by eliminating as much redundant data as possible

Answer 375

A

system software used to perform maintenance and routines that frequently are required during noromal processing operations

Answer 376

A

where a number of users can access the software on the network at one time

Answer 377

A

refers to access control technologies that can be used by hardware manufacturers, publishers, copyright holders and individuals to impose limitations on the usage of digital content and devices

Answer 378

A

a technology in which users share common carrier resources

Answer 379

A

the signals are directly injected on the communication link so that one single channel is available on that link for transmitting signals; the entire capacity of the communication channel is used to transmit one data signal and communication can move in only one direction at a time

Answer 380

A

different carrier frequencies defined within the available band, can carry analog signals as if they were placed on separate baseband channels

Answer 381

A

the electronic transmission of data, sound and images between connected end systems

Answer 382

A

microcomputer network used for communications among computer devices being used by an individual person (typical range of 33 ft)

Answer 383

A

computer networks that cover a limited area such as a home, office or campus with higher data transfer rates

Answer 384

A

computer networks that cover a broad area such as a city, region, nation or an international link

Answer 385

A

WANs that are limited to a city or region; higher data transfer rates than WANs

Answer 386

A

a variation of LANs and are dedicated to connecting storage devices to servers and other computing devices

Answer 387

A

functional features made possible by appropriate OS applications that allow orderly utilization of the resources on the network

Answer 388

A

two insulated wires are twisted around each other, with current flowing through them in opposite directions

Answer 389

A

glass fibers are used to carry binary signals as flashes of light

Answer 390

A

data are communicated between devices using low-powered systems that broadcast and receive electromagnetic signals representing data

Answer 391

A

provide line-of-site transmission of voice and data through the air

Answer 392

A

contain several receiver/amplifier/transmitter sections called transponders; sends narrow beams of microwave signals between Earth and a satellite

Answer 393

A

define how networks are organized from a physical standpoint

Answer 394

A

define how information transmitted over the network is interpreted by systems

Answer 395

A

a data link level device that can divide and interconnect network segments and help to reduce collision domains in Ethernet-based networks

Answer 396

A

a network topology in which all computers and other devices are connected to a central host computer; all communications between network devices must pass through the host computer

Answer 397

A

a networking configuration in which all devices are connected to a central high-speed cable called the bus or backbone

Answer 398

A

a network configuration in which the computers and peripherals are laid out in a configuration resembling a circle; data flows around the circle from device to device in one direction only

Answer 399

A

physical layer devices that extend the range of a network or connect two separate network segments together

Answer 400

A

physical layer devices that serve as the center of a star topology network or network concentrator

Answer 401

A

data link layer devices developed to connect LANs or create two separate LAN or WAN network segments from a single segment to reduce collision domains

Answer 402

A

data link layer devices that link two or more physically separate network segments; operate by examining network addresses and making intelligent decisions to direct packets to their destination

Answer 403

A

devices that are protocol converters; typically connect and convert between LANs and the mainframe or the Internet

Answer 404

A

sends a complete message to the concentration point for storage and routing to the destination point as soon as a communications path becomes available

Answer 405

A

a sophisticated means of maximizing transmission capacity of networks; breaks a message into transmission units (called packets) and routing them individually through the network, depending on the availability of a channel for each packet

Answer 406

A

a physical communications channel is established between communicating equipment, through a circuit-switched network

Answer 407

A

a logical circuit between two network devices that provides for reliable data communications

Answer 408

A

convert computer digital signals into analog data signals and analog data back to digital; make it possible to use analog lines as transmission media for digital networks

Answer 409

A

a physical layer device used when a physical circuit has more bandwidth capacity than required by individual signals; can allocate portions of its total bandwidth and use each portion as a separate signal link

Answer 410

A

provides a single, preestablished WAN communication path from the customer premises to a remote network, usually reached through a carrier network such as a telephone company

Answer 411

A

extends the corporate network securely via encrypted packets sent out via virtual connections over the public Internet to distant offices, home workers, salespeople, and business partners

Answer 412

A

the process of linking different networks over a large geographical area to allow wider IT resource sharing and connectivity

Answer 413

A

connects computers and other components to the network using an access point device (wireless)

Answer 414

A

short-range wireless networks that connect wireless devices to one another (ex: Bluetooth)

Answer 415

A

a wireless protocol that connects devices within a range of up to 49 ft and has become a feature on some PDAs, mobile phones, mice, printers, etc.

Answer 416

A

networks designed to dynamically connect remote devices such as cell phones, laptops, and PDAs; have shifting network topologies and maintain random network configurations, relying on a system of mobile routers connected by wireless links to enable devices to communicate

Answer 417

A

a general term used to describe the multilayered protocol and related technologies that bring Internet content to wireless mobile devices such as PDAs and cell phones

Answer 418

A

protocol that connects computers to the Internet; tells computers how to exchange information over the Internet

Answer 419

A

identifies the address on the www where a specific resource is located

Answer 420

A

a message kept in the web browser for the purpose of identifying users and possibly preparing customized web pages for them

Answer 421

A

programs downloaded from web servers that execute in web browsers on client machines to run any web based application

Answer 422

A

a marker or address that identifies a document or a specific place in a document

Answer 423

A

a traffic concentration spot, usually the point of convergence for Internet access by many Internet service providers

Answer 424

A

a company that provides the communication lines and services for connecting users

Answer 425

A

a distributed database system that translates hostnames to IP addresses and IP addresses to hostnames

Answer 426

A

a protocol that supports one of the most popular uses of the Internet, downloading files (i.e. transferring files from a computer on the Internet to the user’s computers)

Answer 427

A

refers to data transmission between two countries

Answer 428

A

the delay that a message or packet will experience on its way from source to destination

Answer 429

A

the quantity of useful work made by the system per unit of time

Answer 430

A

a network architecture in which each computer or process on the network is either a server (a source of services and data) or a client (a user of these services and data that relies on servers to obtain them)

Answer 431

A

a client that relies on another host for the majority of processing and hard disk resources necessary to run applications and share files over the network

Answer 432

A

application processes most or all of its business logic on local computing resources (e.g., the desktop PC)

Answer 433

A

a class of software employed by client-server applications that serves as the glue between two otherwise distinct application and provides services such as identification, authentication, authorization, directories and security; resides between the application and the network and manages the interaction between the GUI on the front end and data servers on the back end

Answer 434

A

determined based on the acceptable data loss in case of disruption of operations and indicates the earliest point in time in which it is acceptable to recover the data; effectively quantifies the permissible amount of data loss in case of interruption (measured in time)

Answer 435

A

determined based on the acceptable downtime in case of a disruption of operations and indicates the earliest point in time at which the business operations must resume after a disaster

Answer 436

A

identifies the best way to recover a system in case of interruption, including disaster, and provides guidance based on which detailed recovery procedures can be developed

Answer 437

A

facility with the space and basic infrastructure adequate to support resumption of operations, but lacking any IT or communications equipment, programs, data or office support

Answer 438

A

packaged, modular processing facility mounted on transportable vehicles and kept ready to be delivered and set up at a location that may be specified upon activation

Answer 439

A

facility with the space and basic infrastructure, and some or all of the required IT and communications equipment installed

Answer 440

A

agreement between separate, but similar, companies to temporarily share their IT facilities in the even that one company loses processing capability

Answer 441

A

facility with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications, along with office furniture and equipment for use by the staff

Answer 442

A

fully redundant site with real-time data replication from the production site

Answer 443

A

a type of software (agent) that is installed on every server (node) in which the application runs and includes management software that permits control of an tuning the cluster behavior

Answer 444

A

the application runs on only one (active) node, while the other (passive) nodes are used only if the application fails on the active node

Answer 445

A

the application runs on every node of the cluster; cluster agents coordinate the information processing between all of the nodes, providing load balancing and coordinating concurrent data access

Answer 446

A

way to protect data against disk failure by breaking up data and writing data to a series of multiple disks to simultaneously improve performance and/or save large files

Answer 447

A

a well-structured collection of processes and procedures intended to make the disaster response and recover effort swift, efficient and effective to achieve the synergy between recovery teams (IT specifically)

Answer 448

A

systems that consist of disk storage and software that control backup and recovery data sets and behave like a conventional tape library, however data is stored on a disk array

Answer 449

A

replication is executed at the host (server) level by a special software running on this server and on the target server

Answer 450

A

the replication is performed at the disk array level, completely hidden from servers and application

Answer 451

A

technology that is very flexible, allowing making different types of momentary copies of volumes or file systems

Answer 452

A

type of backup that scheme copies all files and folders to the backup media, creating one backup set

Answer 453

A

type of backup that copies the files and folders that changes or are new since the last incremental or full backup

Answer 454

A

type of backup that copies all files and folders that have been added or changed since a full backup was performed; faster and requires less media capacity than a full backup

Answer 455

A

a backup method in which daily backups (sons) are made over the course of a week, the final backup during the week becomes the backup for that week (father), the earlier daily backup media are then rotated for reuse as backup media for the second week, at the end of the month, the final weekly backup is retained as the backup for that month (grandfather)

Answer 456

A