S2, M4-M7 Flashcards
(218 cards)
1
Q
What is change management in simple terms?
A
policies and procedures in place to deal with change
2
Q
What needs to be taken into consideration when you have any change in an organization, big or small?
A
minimizing potential risks and reducing disruptions
3
Q
Changes should be implemented in ____ environments. Why?
A
segregated, to ensure that the normal business operations are not disrupted
4
Q
Development environments usually have what type of tool?
A
source code editing tool
5
Q
What happens in a development environment?
A
programmers write code to create application prototypes
6
Q
What happens in the testing environment?
A
developers test and debug code
7
Q
The testing environment may be considered the same as the ____ environment.
A
development
8
Q
What happens in a staging environment?
A
test programs in their final phases of development (final test)
9
Q
What happens in a production environment?
A
application is deployed and available to end users
10
Q
What happens in a disaster recovery environment?
A
ensure applications can be restored quickly
11
Q
What is deployment?
A
process of making a system available to intended users and other programs
12
Q
What are the three key areas of change management risks?
A
- selection and acquisition risks
- integration risks
- outsourcing risks
13
Q
What two things does a purchaser need knowledge of before selecting/acquiring software?
A
- the subject matter
- the needs of the organization
14
Q
What two things should you check before purchasing new hardware or software?
A
- compatibility
- security
15
Q
What should a service auditor look at in relation to system change controls and process?
A
Look at requests to determine whether the right process was used.
16
Q
What are the two aspects of integration? That is: what two things would a new software have to integrate with?
A
- technical (existing systems)
- people (resistance to change)
17
Q
For what two reasons might an organization choose to outsource a change management process?
A
- cost-savings, or
- expertise
18
Q
What do conversion controls tdo?
A
minimize data conversion errors
19
Q
What is reversion access?
A
the ability to back track to the prior system
20
Q
T/F: Testing is only required before a change, not after.
A
False, you must test before and after a change.
21
Q
Ongoing monitoring would be (more/less) frequent immediately after a change. It would be (more/less) frequent as more time passes after the change.
A
more, less
22
Q
Documentation of changes to a system should start with a ____ ____.
A
baseline configuration
23
Q
What does a baseline configuration entail?
A
the system’s starting state
24
Q
When you mark items on a checklist (for change management) completed, what else should be documented?
A
time stamps
25
Would a system update be considered positive or negative if system uptime increases as a result?
Positive, because the system is up more.
26
Would a system update be considered positive or negative if resource utilization increases as a result?
Negative, because you have to use more resources.
27
What is failover time?
how long is takes backup resources to come online in an outage
28
Would a system update be considered positive or negative if failover time increases as a result?
Negative, because it takes longer to recover.
29
What is a system component inventory?
list of all items that comprise a system
30
A company might look at ____ ____ ____ at different points in time to understand changes and trends in asset acquisition or deployment.
system component inventory
31
Anytime you have a listing of inventory (IT assets), what is important to monitor?
inventory that is nearing the end of its life
32
What three things are involved in closed loop verification (Hint: 3 Cs)?
C - Continuously Monitoring
C - Comparing with Desired Outcome
C - Calibrating Changes to Minimize Discrepancies from Acceptance Criteria
33
What are four potential acceptance criteria?
P - Performance
C - Compliance
F - Functionality
S - Scalability
34
What is a log in change management?
a diary of all the changes and activity
35
What is the biggest challenge of log analysis?
high volume of data to sort through
36
What is the benefit of continuous adoption of changes to code?
increase the speed of updates
37
What is the drawback of continuous adoption of changes to code?
not all code is proven, and some bugs can be released to the live environment
38
Continous release of code is challenging for coding with what two traits?
- complex
- high interdependence between applications
39
What is a change log? What is a great analogy for this?
track requested, approved, and implemented changes (think Google Docs Revision History)
40
What is an application log?
record application data (when an employee accesses something, executes, error)
41
What is an event log?
record various events that occur on a system
42
What are the five types of event logs?
D - Directory Log
D - DNS Server Log
E - Endpoint Log
S - Security Event Log
S - System Log
43
What does a directory log contain?
data on events in Active Directory (AD), related to access and authentication
44
What does a DNS server log have?
source and destination IP addresses
45
What does an endpoint log record?
events on the device-level
46
What does a security event log record?
access to system resources (shared folders, printers, files)
47
What does a system log record?
when system is started, rebooted, updated
48
What does a firewall log record?
all traffic that flows through firewall (IP address, protocol, action, time/date)
49
What does a network/perimeter log record?
data from devices that guard network perimeter (VPNs, firewalls, intrusion detection system)
50
What does a proxy log record?
catalog which sites a user visits, the time of visit, and how long each page was viewed
51
What are the two most common IT change management methodologies?
- waterfall model
- Agile model
52
What is the primary difference between the waterfall and Agile model?
flexibility
53
Describe the waterfall method.
different teams perform separate tasks *in sequence*
54
What are the four disadvantages of the waterfall method?
great deal of time to complete
benefits not realized until complete
no customer input
idle employees
55
What is the agile method (2 key words)?
*cross-functional* teams work on requirements from a *prioritized list* of customer's needs for the system
56
Are deadlines shorter or longer in the agile method?
shorter
57
What becomes critical under the Agile method because of the tighter deadlines?
communication
58
How much customer input takes place in the Agile method?
a lot
59
T/F: The Agile method welcomes change.
True.
60
Patch management is the systematic process of doing what two things?
- identifying vulnerabilities AND
- addressing them with patches/fixes
61
Is evaluating new patch releases reactive or proactive?
reactive
62
Why is it important to evaluate new patch releases?
to ensure that it won't have any adverse impacts on your system
63
Is using a vulnerability tool reactive or proactive?
proactive
64
How should patches be tested before implementation?
They should be implemented in a testing/non-production environment first.
65
What is the con of having a regular schedule for patches?
The timing can be exploited by bad actors.
66
What system conversion method is more likely to be used by smaller companies?
direct changeover
67
What system conversion method is more likely to be used by larger companies?
parallel or phased
68
What happens in the direct conversion method?
cease use of the old system and start the new one immediately, with no overlap
69
What happens in the parallel method?
the new system is implemented in a parallel environment while the old system still exists (overlap)
70
What is the pilot method?
perform conversion on a small scale within the test environment while continuing to use the older system
71
What is the phased method?
gradaully add volume to the new system while still operating the old system
72
What does a change advisory board do?
approve, document, notify people, and deploy resources for testing and responding to change
73
T/F: Developers should not have access to the production environment.
True, there should be a segregation of duties.
74
How should automatic notifications be used in change management?
notifications of changes to code should be sent to the appropriate people
75
What do code repository tools do?
create a queue of proposed changes
76
What are the four types of system tests over changes that can be performed?
Unit Test
Integration Test
System Test
Acceptance Test
77
What is unit testing?
examining the smallest increment, or unit, of an application (ex: units of code)
78
In unit testing, do you look at how one unit may interact with another?
No, you do not look at broader system issues.
79
What is integration testing?
ensure modules will work cohesively once all units are integrated
80
What are two alternative phrases for integration testing?
thread or string testing
81
What does system testing do?
ensure combined modules work in totality (overall functionality)
82
What does acceptance testing do?
ensure that the application meets end-user requirements
83
T/F: When changing from a manual system to a computer system, internal control "objectives" and "principles" do not change.
True, they do not change.
84
T/F: When changing from a manual system to a computer system, controls do not change.
False, the controls themself might change.
85
What do project timekeeping systems do?
identify how much time was spent on specific tasks
86
Can a project timekeeping system prevent more time being spent than what was budgeted?
No, it just identifies the time spent.
87
What is involved in the Definition part of the data life cycle?
determine what data a business needs and where you would get that data from
88
What is involved in the Capture/Create part of the data life cycle?
obtain the data
89
In what three ways can data be created?
manually, automatically, semi-automatically
90
What is the added complexity of getting data externally?
dealing with integrity and safety of the data
91
What do you need to do when data is generated internally?
perform various input checks
92
What is a field check (input check)?
check data type to ensure consistency
93
What does a reasonableness check do?
compare inputs against expected norms
94
What does a completeness check do?
check for missing mandatory fields
95
What does a validity check do?
verify data against predefined rules or reference data
96
What does a limit check do?
check against upper and lower limits
97
What does a size check do?
check if number of characters exceeds the maximum
98
What is an example of a field that could use a size check?
ZIP code, phone number
99
T/F: A reasonableness test can be used for a general value amount or by reference to an original transaction.
True, it can use the context of data.
100
Why is it important to ensure the completeness of data that has been moved?
Because some of the data could have been lost in the process.
101
Cleaning data deals mostly with dealing with ____ in the data.
inconsistency
102
Both data ____ ____ and data ___ ___ should be encrypted.
in transit, in storage (at rest)
103
What is synthesis of data?
create calculated fields to prepare data for usage
104
Analytics and usage is focused on the data being useful to people (internal/external) to the company.
internal
105
Publication is focused on the data being useful to people (internal/external) to the company.
external
106
What is archival of data?
moving data from active to passive systems
107
What is purging of data?
complete removal of data
108
What are three ways of data collection?
- extract, transform, load (ETL)
- active data collection
- passive data collection
109
ETL is used on data that ...
already exists.
110
What is active data collection?
when you directly ask users for data
111
What is passive data collection?
gathering information without direct permission from users
112
What is an operational data store?
repository of transactional data from multiple sources
113
An ODS is an interim area between data ____ and data _____.
source, warehouses
114
What is a data warehouse?
a very large data repository that is centralized and used for reporting and analysis
115
T/F: A data warehouse is used for transactional purposes.
False, it is not used for transactional purposes. It is used for reporting and analysis.
116
What is a data mart?
subset of a data warehouse, focused on a specific purpose
117
What is a data lake?
contains structured and unstructured data (in its original form)
118
Which has a predefined schema, a data lake or a data warehouse?
data warehouse, not data lake!
119
Storing data in a normalized, relational database ensures what three things?
- complete data
- follows controls
- communication/integration
120
What are flat files?
files with no structural interrelationships
121
What is the simplest type of database schema?
flat files
122
Normalized relational databases require what trait?
no redundancy (only one version of the data)
123
What are columns called in a relational database?
attribute
124
What are rows called in a relational database?
records
125
What are the three types of columns?
- primary keys
- foreign keys
- descriptive attributes
126
Tables are also referred to as ____ in the context of relational databases.
entities
127
Each record contains information about ___ ____.
one entity
128
What is a field?
the intersection between columns and rows
129
What is a data type?
specifies how the data is stored
130
Which type of key is required in every table?
primary key
131
What is a composite primary key?
one or more attributes combined to make a primary key
132
What is a primary key (two words)?
unique identifier for each row
133
What is a foreign key?
attributes in one table that are primary keys in another table
134
The link between a primary key in one table and a foreign key is another is what ...
creates the relationship between the tables
135
What is meta data?
data about data
136
How do data dictionaries help analysts?
easier to work with the data because you can understand how its supposed to be used
137
What does normalization do (process)?
divide larger tables into smaller tables and connect them using relationships
138
First normal form meets what two requirements?
- 1 field has 1 piece of data only
- each table has a primary key
139
What is an example to illustrate "1 field has 1 piece of data only"?
An address should be broken into components (street name, zip code, state, etc.)
140
What is 2NF?
all keys that are not primary or foreign should depend on/describe the entire primary key
141
2NF is especially meaningful for tables that have ___ ___ ___.
composite primary keys
142
What is 3NF?
Each column describes only the primary key, and nothing else in the table.
143
Attributes that violate 3NF are referred to as ___ ___ columns.
transitively dependent
144
Operational databases ___ ___ to a data warehouse.
supply data
145
Given data warehouses are frequently the source of reporting and analytics, they must be ___ ___ to stay relevant.
continuously updated
146
What is a data model?
a conceptual representation of data structures in an information system
147
Are data models restricted to relational databases?
No.
148
What is a database schema?
set of instructions to tell the database engine how to organize data to be in compliance with the model
149
What is the difference between a data model and schema?
The schema is more specific, defining the actual structure.
150
What are the three database models, from least to most complex?
conceptual, logical, physical
151
What type of person in an organization would need the level of detail required in a physical data model?
database administrator
152
What is a conceptual data model?
high-level representation of data structures
153
How can you create a conceptual data model? Do you need a software program to do it?
You can do it with pencil and paper.
154
What is a logical model?
more detailed description of data structures (more detailed than conceptual)
155
Do logical data models tell you the data attributes? Do conceptual models?
Yes.
A conceptual model *might.*
156
Do logical data models tell you which items are primary and foreign keys? Do conceptual models?
Yes.
No.
157
What is a physical data model?
most detailed representation that is detailed enough to inform you on how to build the database
158
What is a key difference between a physical and logical data model?
Physical models specify the data types (like a data dictionary) and how the data will be stored.
159
What are the two most popular types of schemas?
star and snowflake
160
Star and snowflake schemas have what two types of tables?
fact tables and dimension tables
161
What do fact tables contain? What do they not contain?
Contain: numbers and metrics you want to analyze
Do not contain: descriptive elements about the business
162
What do dimension tables contain?
descriptive or contextual data for measures
163
What is the most common schema for dimensional modeling?
star
164
What is a star schema?
central fact table, with associated dimension tables around it
165
What is a snowflake schema?
like a star schema, but the dimension tables are further normalized
166
Although the snowflake schema is more complex than star, it is also more ____.
flexible
167
T/F: Dimensional modeling results in normalized databases.
False.
168
What are SQL queries?
SQL statements used to view and extract the data
169
What do you need to do first before making a SQL query?
understand the data, database, etc.
170
SQL queries are made up of what two elements
- SQL commands
- database elements
171
When creating the SQL query, # denotes a ___ ___.
temporary table
172
What are examples of SQL commands?
select, from, join, group by, having, where, order by
173
T/F: SQL commands have to be written in all caps.
False, they could also be lowercase.
174
What are database elements?
references to table names, attribute names, or criteria
175
Does the case matter for database elements (table names) in a SQL command?
No, but the spelling should be correct.
176
What is usaully the first word in a SQL query?
SELECT
177
What do you usually put after the SELECT command?
the variables (attributes) you want to view
178
What do you usually put after the FROM command?
the table that you want to select the variables from
179
In what order do the attributes show up if a table is ordered one way and the SELECT lists variables a different way?
the way you list the variables in the SELECT
180
How do you write a SQL query to select all columns of a table (first line only)?
SELECT * (use the * wildcard)
181
WHERE functions like a ____ in Excel.
filter
181
What is the syntax of a WHERE clause?
WHERE [attribute_name] = criteria
182
Text should be formatted how in a WHERE clause?
with quotes around it
183
Numbers should be formatted how in a WHERE clause?
left alone, no quotes
184
If you want to aggregate data in some way, where do you include the SUM(), COUNT(), AVG(), etc.?
in the SELECT clause
185
What does a GROUP BY allow you to do?
view data by grouping/subtotals
186
What is important to remember about the structure of the SQL query when you use a GROUP BY?
the SELECT needs to include the variable you decide to group by
187
HAVING is most similar to what other clause?
WHERE
188
When is HAVING used?
when you want to filter by aggregate(attribute) instead of the attribute itself
189
What are the two most common JOIN types?
inner join, left join
190
Does the order of the tables matter for an INNER JOIN?
No.
191
Does the order of the tables matter for a LEFT JOIN?
Yes.
192
An inner join will retrieve only the data for which there is ...
a match in both tables.
193
A left join will retrieve only the data for which there is ...
the entire left table, and
from the right table: a match with the left (first) data table
194
What two things can flowcharts help with?
- understand processes
- analyze processes for improvements
195
What are two possible templates for flowcharts?
- Business Process Modeling Notation (BPMN)
- Data Flow Diagrams (DFD)
196
What is BPMN?
standardized tool for creating diagrams with symbols and rules to depict business processes
197
What are pools in a BPMN?
indicates an internal organization involved in a process
198
Every BPMN model should have how many pools at minimum?
at least one
199
Each pool is a separate _____ involved in a process.
organization
200
What do swim lanes delinate?
the segregation of duties among different roles
201
Every pool has how many start events?
one start event per pool
202
Every pool must end with (one/at least one) end event.
at least one
203
T/F: The number of end and start events depends on the swim lanes.
False.
204
Intermediate events indicate when ...
something *changes the course* of a process, such as a time delay or an error
205
What is a task?
every action in a process
206
What are connecting objects?
arrows
207
What does a message flow represent?
communication between the internal and external organizations
208
Message flows are represented as what visually?
dashed arrows
209
T/F: Message flows should never be used within one pool to communicate between lanes in the same pool.
True.
210
The arrow of a message flow should be in what direction?
The person answering the question should be "giving" the information to the other party (where the arrow points).
211
What is a gateway?
a decision point that results in more than one sequence flows (possibilities)
212
What do data flow diagrams do?
describe the way data moves through an organization
213
While data flow diagrams are (more/less) granular than BPMN activity models, there are (more/fewer) objects used in data flow diagrams.
more, fewer
214
What is a data store object?
indicates where data is stored for later use
215
What is the shape of a data store object?
open-ended rectangle
216
What is the shape of an entity object?
square
217
What is the default JOIN type if you don't specify LEFT or INNER?
INNER
