ISC S2

Question 1

Modems

Answer 1

-a device that bring the internet into a home or office ( receives analog signals from the internet provider and translates those signals into digital signals)

Question 2

Routers

Answer 2

-manage network traffic by connecting devices to form a network
-act as a link between modem and switches ( computers)
-each router has public IP address

Question 3

Switches

Answer 3

-similar with routers but does not has IP address, but does not have many advanced functions as router
-network switch can turn one network jack into several network jacks

Question 4

Gateways

Answer 4

A gateway is a computer/device that acts as an intermediary between different networks.
Transforms data from One Protocol Into Another so that information can flow between networks.
A protocol is a rule, or set of rules, that governs the way in which information is transmitted.

Question 5

edge-enable device

Answer 5

Allows computing, storage, and networking functions to be closer to the devices where the data or system request originates, rather than a distant central location.

The benefit is that distributed computing power is faster network response times.

Question 6

Servers

Answer 6

Physical/Virtual machines that Coordinate computers, programs, and networks together.

Most networks use a client/server model in which the client sends a request to the server, and it provides a response or executes some action

Question 7

Firewalls

Answer 7

-software applications or hardware devices that protect a person’s company’s network traffic by filtering it through security protocols with predefined rules

Question 8

Network address translation firewalls

Answer 8

-Assign an internal network address to specific, approved external sources so that those sources are approved to be inside the firewall.

Question 9

Topology

Answer 9

-Network infrastructure physical layout
-its a physical layout of equipment, or nodes in a network

Question 10

Bus Topology

Answer 10

layout is either in a linear/tree form, with nodes connected to a single line/cable.
Data can be transmitted by any node on the system at the same time which can cause signal interference.信号干扰
To avoid, cables must be Terminated/Properly finished, at each end so signal is managed
Disadvantage of this is if the central line is compromised, the entire network is offline.

Question 11

Mesh topology

Answer 11

-there are numerous connections between nodes
-While the number of pathways allows high levels of traffic and promotes network stability if a node is damaged, it can be costly to implement and maintain over the network’s lifespan

Question 12

Ring Topology

Answer 12

-unidirectional ring path: move in one direction
-muti-directional paths that allow two way data transmission
-when data is transferred it must go through every other device between the source and the destination
-advantage: data transmission collision is minimized or eliminated

Question 13

Star Topology

Answer 13

-There can be multiple hubs so that if one fails, only the nodes connected to that hub will stop functioning
-while the hub is a single point of failure, this structure makes it easy to identify damaged cables

Question 13

The open system interconnection ( OSI) model - 7 layers

Answer 13

-explains how these protocols work, and how networking devices communicate with each other
- 7 layers ( from 7 to 1): application -> presentation-> session -> transport -> network -> data link-> physical

Question 14

Layer 7 : application

Answer 14

-serves as the interface 界面between application that a person uses and the network protocol needed to transmit a message
-common protocols used in this layer: http, FTP, simple mail transfer protocol ( SMTP), electronic data interchange ( EDI)

Question 15

Layer 6: presentation

Answer 15

• device using the OSI model can interpret such as standard format for video, images and web page
  -Encryption 加密 occurs at this layer
• ie: JPEG, MPEG, ASCII

Question 16

Layer 5: Session ( think chat-room)

Answer 16

-sessions allow networking devices to have dialogue with each other
-ie: SQL, remote procedure call ( RPC), network file system ( NFS)

Question 17

Layer 4: transport

Answer 17

-this layer supports and controls the communication connections between devices. it involves setting the rules for how devices are referenced, the amount of data can be transmitted, validating the data’s integrity, and determining whether data has been lost
-ie: TCP, UDP

Question 18

Layer 3: Network

Answer 18

-adds routing and address headers/footers to the data, such as source and destination IP addresses so that the message reaches to correct devices
-it detects errors
-ie: IP, internet protocol security ( IPSec), Network address translation ( NAT), internet group management protocol ( IGMP)

Question 19

Layer 2: data link

Answer 19

-data packets are formatted for transmissions. It is determined by the hardware and networking technology, which is Ethernet
-Media access control ( MAC) addresses
-Integrated Services Digital Network (ISDN), Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Address Resolution Protocol (ARP).

Question 20

Layer 1: physical

Answer 20

-converts the message sent form the data link layer into bits
-ie: high speed serial interface ( HSSI), synchronous optical networking

Question 21

Local -Area Network ( LAN)

Answer 21

-provide access to a limited geographic area such as home or single location office

Question 22

Wide-area network ( WAN)

Answer 22

-hardware- based
- good example is internet
-provide access to a larger geographic area such as cities, regions, or countries

Question 23

Software-defined WAN ( SD-WAN)

Answer 23

-software-defined, dynamic
-in WAN the control and management of the network is integrated into hardware, but in SD-WAN control and management are separated from the hardware and included in software

Question 24

Virtual private network ( VPN)

Answer 24

-virtual connections through a secure channel that provide remote and access to an existing network

Question 25

firmware 固件

Answer 25

-software that is locally embedded in hardware that instructs the hardware how to operate -operates like software but exists locally on the machine directing the function of physical components. -motherboard, microprocessor 微处理器 -not updated frequently or not at all

Question 26

three primary Cloud computing models

Answer 26

-IaaS: company is responsible for environment runtime, virtual management. CSP is responsible for use operating system & firewalls but not update or maintain them -PaaS: CSP is responsible for environment runtime, virtual management, and firewalls and cybersecurity. keeping the application's uptime -Saas: CSP offers access to application via the internet and is responsible for recurring upgrades, security enhancements, and other support functions

Question 27

COSO enterprise risk management

Answer 27

-COSO -committee of sponsoring organization -created by the treadway commission -develop guidance for internal control, enterprise risk management, governance, fraud deterrence

Question 28

COSO enterprise risk management 5 components

Answer 28

-governance and culture -strategy and objective -setting -performance -review and revision -information, communication and reporting

Question 29

AIS ( accounting informatmion system) is made up of three main subsystem

Answer 29

-Transaction processing system ( TPS) : sales cycle, conversion cycle, and expenditure cycle -Financial reporting system ( FRS): aggregates with transaction processing system for infrequent events such as merges, lawsuit settlements or natural disasters -management reporting system ( MRS): solve daily business problems ( budgeting, variance analysis )

Question 30

five objective of AIS ( accounting information system)

Answer 30

-record valid transaction -properly classify those transactions -record transactions at their correct values -record the transactions in the correct accounting period -properly present the transactions and related information in the F/S

Question 31

Process improvement driven by IT systems

Answer 31

objective: fewer errors, more efficient accounting, enhanced reporting -automation -shared services -outsourcing -offshore operations

Question 32

detecting design deficiencies in processing integrity

Answer 32

-processing integrity =confidentiality and privacy -design deficiencies= necessary controls that are missing or existing controls that are not designed properly -method 1: 5 trust service criteria -method 2: AICPA's “Description Criteria for a Description of a Service Organization's System in a SOC 2®” Report

Question 33

Deviation in operations of controls

Answer 33

-does not operate as designed or performed by a person who lacks authority or competence ( controls is designed) -method: performing test of control, if deficiencies are already identified, test the effectives of those control is not required

Question 34

Blockchain

Answer 34

-control system originally designed to govern the creation and distribution of Bitcoin

Question 35

in the event of a disaster, an organization has 3 option for how to maintain IT operation

Answer 35

-Cold site -Hot site -Warn site

Question 36

Cold site

Answer 36

-off site location with electric connections and physical infrastructure for data processing but lacks the actual equipment -need one to three days -rely on hardware that can be quickly sourced from vendors -cheapest

Question 37

Hot site

Answer 37

-off site location fully equipped with necessary hardware, office management, and pre-wired for immediate use -backup copies are kept at the hot site or nearby facility -more expensive

Question 38

warn site

Answer 38

-facility with hardware installed but lacking the full processing capabilities of a hot site due to incomplete equipment

Question 39

Business impact analysis ( BIA)

Answer 39

-establish the BIA approach -identify critical resources -define disruption impact -estimate losses -establish recovery priorities -create the BIA report -implement BIA recommendations

Question 40

business resiliency include

Answer 40

-business continuity : focuses on non-IT functions -system availability controls -crisis management : focuses on large-scale incidents that are considered a crisis -disaster recovery : focuses on IT functions

Question 41

System availability control ( method to prevent system disruption and loss of information)

Answer 41

-physical control: physical access controls, fire alarms and sprinklers -IT infrastructure controls: anti-malware software, periodic reviews, network security controls, access and authorization logical control -uninterrupted power supply -redundancy: have redundant hardware, software, and storage as a normal part of their operations

Question 41

System backup 3 type

Answer 41

-Full : exact copy of the entire database ( time-consuming to create but lease time to restore) -incremental: copy only data that have changed sine last time have changed, recovery is the slowest. recovery first load last full backup + install each subsequent incremental backup in the proper sequence -differential: copy all changes made since the last full backup : for restoration: the most recent full backup + the single differential backup, daily backup need more time than incremental but restoration is simple than incremental

Question 42

System conversion method

Answer 42

-direct : stop the old and start the new one immediately. it has risk for if new system doesn't work -parallel: new system is implemented while old system is still in use for an extended period of time. It need more personnel -pilot ( smaller than parallel): performs a conversion on a small scale within a test environment while continue the older system -phased ( gradual ): gradually adds volume to the new system while still opening the old. It is useful for business with distributed locations - hybrid: combination of each approach

Question 43

data life cycle

Answer 43

-definition: first step, is define what data business need -capture/creation: obtain data -preparation: determine if the data is complete, clean, current, encrypted and user-friendly. Enhancing completeness and integrity of data -synthesis 合成 :between preparation and usage, not always a necessary stage -Analytics and usage : this stage data focus on the use in the internal company -Publication : share with external users, once data is considered published and the internal company no longer has sole control of how that data will be used -Archival 档案的: data moved from active system to passive system for archiving to free up storage resource for the active system; enhance active system performance & reduce security risks --Purging: data is completely removed from the company's storage system

Question 44

Type of data collection

Answer 44

-Extract, transform and load ( ETL): similar to capture, preparation and synthesis but ETL is more specific method for collecting existing data in order to answer a specific data analysis question -active data collection : this can occur from survey or interview results, for getting personal information such as user's email, phone numbers -passive data collection: gather information without direct permission through tracking web usage via gookies

Question 45

Type of data storage

Answer 45

-operational data store ( ODS): it is a repository 存储库 of transactional data from multiple sources and it is a interim area between data source and data warehouse -Data lake: similar with data warehouse but it does not have predefined data structure or schema. it contains both structured and unstructured data, whit data most being in its nature or raw format -Data warehouse: very large data repositories that are centralized and used for reporting and analysis rather than for transactional purpose -Data mart: it is much like data warehouse but is more focused on a specific purpose such as marketing or logistics. and it is often a subset of a data warehouse

Question 46

Relational databases

Answer 46

-most common method for storing structured data -data warehouse and operational data store ( ODS) build according database design -benefits: a. completeness b. no redundancy avoid unnecessary resources, unnecessary processing to run reports to check multiple version of truth . Only require one version of the truth and for each element of data to be stored in only one place c. help for placement and enforcement of internal controls and business rules d. improve communication and integration of business process

Question 47

Elements in relational database

Answer 47

-row ( records) -column ( attributes): primary key( identify a specific record) , foreign key ( points to another primary key) , and descriptive attribute ( record but not have unique identifying role) -tables: relational databases are made up of a least two tables, and it has table is the major difference with flat files -fields: a intersection of a column and row

Question 48

Normalization

Answer 48

- it is a database technique that reduces data redundancy and eliminates undesirable characteristics like insertion and update anomalies -divide larger tables into smaller tables and link, purpose is to eliminate redundant ( repetitive) data

Question 49

First normal from ( 1NF)

Answer 49

-first normal form ( 1NF): a. each cell in a table must has one piece of information, b. each record in every table must be uniquely identified , primary key

Question 50

Second Normal Form ( 2NF)

Answer 50

-requires all non-key attributes in a table to depend on the entire primary key ( composite primary key)

Question 51

third Normal Form ( 3NF)

Answer 51

-none of the non-key attributes depend on other non-key attributes

Question 52

Database model

Answer 52

-high level design of the data structures in an information system

Question 53

database schema

Answer 53

-actual implementation and execution of that design in a specific relational databases

Question 54

Database model type

Answer 54

-conceptual : high level, big picture, is an excellent place for discussion to begin with stockholders and potential system users to determine that what needs to be stored in the system . ( cover table name, table relationship ) -logical : more detailed representation of the data structures in an information system at the level of the data itself . It will identify the primary and foreign keys in each entity , adjust any entity relationship related to first /second normal form ( cover table name, table relationship, primary keys, foreign keys) -physical: most detailed , detail enough to specify how the data stored in the database (cover table name, table relationship, primary keys, foreign keys, column data types)

Question 55

Database Schemas 图式

Answer 55

-star schema : most common schema for dimension modeling -snowflakes schema : similar to a star schema but with dimension tables further normalized. more complex as it requires more tables and more foreign keys to link together. it is more flexible as it allows for more detailed information to be stored about the dimensions