S2

Questions and Answers

Which action is the first step in managing the risks associated with adding a Cloud Service Provider (CSP)?

Integrate governance of CSP with existing risk management policies

Define systems and structure provided by CSP

Create steering committee (correct)

Assess risk of adding CSP

Which of the following scenarios is likely to increase cloud computing risks?

Switching from on-premises software to SaaS

Migrating from private cloud to public model (correct)

Implementing IaaS in a private cloud

Utilizing a hybrid cloud model

Which type of processing control involves ensuring that data pricing is accurate and complete throughout the processing stage?

Access control

Processing control (correct)

Output control

Input control

Which general control in an information system focuses on maintaining security and compliance?

Security management

What is a benefit of using Enterprise Resource Planning (ERP) systems in an organization?

Supports cross-functional systems effectively

What is the primary advantage of conducting a full backup?

It provides the quickest restoration to functionality.

Which disaster recovery site type incurs the lowest costs?

Cold Site

What does an incremental backup specifically capture?

Only the changes made on the day of the backup.

Which of the following actions is considered the most important in a disaster recovery plan?

Testing the disaster recovery plan.

Which backup method requires more time compared to incremental backups but provides a simpler restoration process?

Differential Backup

What is the primary function of a modem in a network?

Translates analog signals from the internet into digital signals

Which hardware is specifically responsible for managing network traffic by connecting multiple devices?

Router

Which type of firewall analyzes packets to determine if they can be accepted by the firewall's storage?

Basic Packet-Filtering Firewall

What is a major advantage of star topology in network design?

Easy identification of damaged cables

Which device acts as an intermediary between different networks and translates protocols?

Gateway

Which firewalls combine packet-filtering and network address translation?

Stateful Multilayer Inspection Firewalls

What is true about edge-enabled devices in a network?

They allow for faster network response times by decentralizing computing power.

What does the OSI model represent?

A visualization of network functions across seven layers

Which of the following is NOT considered part of internal computer hardware?

Keyboard

Which networking device does NOT assign IP addresses?

Switch

What is the main purpose of change management controls?

To establish policies and procedures for managing change

Which of the following is NOT a type of change environment?

Regulatory

What does the phrase 'baseline configuration' refer to in the context of documenting systems controls?

The initial state of the system before any changes are made

What is the primary benefit of the Agile method in project management?

Increased flexibility and shorter deadlines

Which type of testing is focused on evaluating the smallest unit of an application?

Unit Testing

In the change management process, what step follows gaining approval from management?

Develop budget and timeline

What is meant by 'proactive' patch management?

Identifying weaknesses and applying patches as vulnerabilities arise

What is the purpose of the 'Archival' step in the data lifecycle process?

To transfer data from active systems to passive systems

Which of the following best describes the concept of 'mirroring' in data management?

Duplicating a database onto a machine at the same site

Which of the following is a critical part of logging during change management?

Implementing application logs, change logs, and event logs

What is a significant risk associated with outsourcing in change management?

Potential lack of security from third parties

What is the focus of integration testing in software development?

Ensuring combined modules work together as intended

What does the 'Capture' phase in the data lifecycle process involve?

Retrieving data from existing or external sources

What function does the Presentation Layer (Layer 6) serve in the OSI model?

Transforming data into a suitable format

Which layer of the OSI model is responsible for establishing, maintaining, and terminating sessions?

Session Layer

Which protocol operates at the Transport Layer (Layer 4)?

User Datagram Protocol (UDP)

What does the Data Link Layer (Layer 2) primarily handle?

Adds MAC addresses to packets

Which of the following is NOT a common type of Network Architecture?

Private Local Network (PLN)

What is the primary function of a Cloud Service Provider (CSP)?

Delivering cloud computing services

In the context of cloud computing, what characterizes Software as a Service (SaaS)?

Selling applications to consumers

Which COSO component is focused on prioritizing risks based on organizational objectives?

Performance

What does the acronym CRRIME OIE represent in the COSO Enterprise Risk Management Framework?

Control Activities, Risk Assessment, Risk Response, Information, Monitoring, Event ID

Which deployment model in cloud computing allows resources to be shared among multiple organizations?

Community Cloud

What capability does Platform as a Service (PaaS) provide within cloud computing?

Development of applications and tools

What does the physical layer (Layer 1) primarily accomplish in the OSI model?

Converts data into binary format

Which of the following is a key aspect of the COSO Enterprise Risk Management - Review and Revision component?

Reviewing performance over time

What is a primary characteristic of Mobile Technology?

Combines hardware and software for connectivity

What is the primary purpose of an Operational Data Store (ODS)?

To serve as an interim area for data warehousing.

Which of the following statements best describes a Data Mart?

It focuses on specific departments and tailored data needs.

What does First Normal Form (1NF) require in a relational database?

Each cell must contain only one piece of information.

What is the key distinction between a database model and a database schema?

A model defines the structure while the schema executes the design.

In which type of database key do multiple attributes collaborate to generate a unique identifier?

Composite Primary Key

Which SQL command is used to filter records based on specific criteria?

WHERE

What does a Dimension Table in a database schema provide?

Contextual or descriptive data related to measures.

What is represented by a Start Event in BPMN Activity Models?

The initiation of a specific task.

What is the role of Intermediate Events in BPMN Activity Models?

They indicate changes occurring during a process.

Which of the following best defines a Data Lake?

A location for storing raw data in both structured and unstructured formats.

What type of flow do Sequence Flows represent in BPMN?

The connection of objects within a single pool.

What is the definition of a Data Dictionary in the context of databases?

A reference that provides information about the structure of the database and its data elements.

Which of the following features distinguishes a Snowflake Schema from a Star Schema?

It has a more complex structure with further normalization in dimension tables.

Which system aggregates daily financial information for infrequent events such as mergers and lawsuits?

Financial Reporting System (FRS)

What is the primary goal of the Management Reporting System (MRS)?

To provide internal financial information for daily business problems

In which cycle does a company pay its employees?

Payroll Cycle

What is NOT a function of the Purchasing and Disbursement Cycle?

Recording cash collection

What does the term 'Annualized Loss Expectancy (ALE)' refer to?

Total expected losses over a defined period

Which of the following is NOT a key function of Robotic Process Automation (RPA)?

Interpreting human language

What is the Recovery Point Objective (RPO)?

Threshold for acceptable data loss

What does the acronym COSO stand for in the context of internal controls?

Committee of Sponsoring Organizations of the Treadway Commission

Which phase of Business Impact Analysis (BIA) involves identifying risks?

Identify risks

Which of the following best describes the meaning of 'Maximum Tolerable Downtime (MTD)'?

Time business can tolerate an outage without causing long-term consequences

What type of technology does blockchain primarily represent?

Decentralized control system

Which element is critical for effective crisis management plans?

Unexpected incident preparation

Which function is associated with the General Ledger and Reporting system?

Updates GL continuously

Which accounting cycle is responsible for buying and paying for goods and services?

Purchasing and Disbursement Cycle

Study Notes

IT Infrastructure

• Computer Hardware: physical components of computers, including external peripherals (mouse, keyboard, etc.), back-end devices (switches, servers, routers), and end-user devices (laptops, tablets).

• Internal Hardware: microprocessor (brain), graphics/sound cards, hard drives (permanent storage), RAM (temporary storage), power supply, motherboard.

• External Peripherals: devices not integrated into the computer, such as monitors, disk drives, memory devices, network cards, speakers, and microphones.

• Infrastructure Housing: data centers or offices, advanced security systems, ventilation, and climate control.

• Network Infrastructure Hardware: hardware, software, layout, and topology of network resources for connectivity and communication.

Network Infrastructure

• Modems: connect computers to the internet, translating analog signals to digital, providing internet access to homes or offices.

• Routers: manage network traffic, read source packets, route them, assign IP addresses, and connect modems to switches.

• Switches: divide network connections, route traffic to specific destinations, but cannot assign IP addresses like routers (essentially a more advanced hub).

• Gateways: act as intermediaries between networks, converting protocols.

• Proxies: gateways that mediate without protocol translation, often blocking hackers.

• Protocol: sets of rules for information transmission, like TCP/IP (common internet protocol).

• Edge-enabled devices: process data near the source, decentralizing power and speeding network response.

• Servers: master coordination and communication in networks, serving data to clients.

• Signal Modifiers: increase signal strength for electrical, radio frequency, audio, and optical signals.

• Firewalls: prevent unauthorized access through physical, software, or combined methods; improve traffic flow.

Types of Firewalls

• Basic Packet-Filtering Firewalls: analyze network packets to determine if data should pass through the firewall.

• Circuit-Level Firewall: verify packet source against rules, but don't inspect the packet itself.

• Application-Level Firewalls: inspect packet data and are resource-intensive.

• Network Address Translation (NAT) Firewalls: assign single public address to private network masks.

• Stateful Multilayer Inspection Firewalls: combination of packet filtering and NAT.

• Next-Generation Firewalls (NGFWs): apply firewall rules to specific applications and users.

Network Topology

• Bus Topology: linear or tree-like layout, failure of central line disables the entire network.

• Mesh Topology: numerous connections between nodes, commonly used in wireless networks; high traffic, costly.

• Ring Topology: circular node connections, minimized collision but slower performance.

• Star Topology: central hub through which data passes; easy cable damage identification.

OSI Model

• OSI model: seven-layer model for network function segregation.

• Layer 7 (Application): interface for applications, including HTTP, FTP, SMTP, and EDI.

• Layer 6 (Presentation): transforms data, handles encryption using standards like ASCII, JPEG, MPEG.

• Layer 5 (Session): establishes and maintains sessions between devices, using protocols like SQL, RPC, and NFS.

• Layer 4 (Transport): controls communication connections (TCP, UDP, SSL, TLS).

• Layer 3 (Network): adds routing addresses, uses IP, IPSec, NAT, and IGMP.

• Layer 2 (Data Link): formats data packets (MAC addresses); uses ISDN, PPTP, L2TP, ARP.

• Layer 1 (Physical): converts messages to bits (0s and 1s) for transmission, using technologies like HSSI and SONET.

Common Network Architectures

• Local Area Networks (LAN): limited geographic area.

• Wide Area Networks (WAN): larger geographic area, encompassing multiple offices or the internet.

• Software-Defined WAN (SD-WAN): manages traffic to optimize connectivity.

• Virtual Private Network (VPN): remote, secure access to a network.

Operating Systems (OS), Firmware, Mobile Technology, IoT

• Operating systems (OS): software that supports basic computer functions; e.g., Windows, macOS, iOS.

• Firmware: embedded software directing motherboard/microprocessor functions; less frequently updated.

• Mobile technology: wireless enabled devices connecting to the internet; includes laptops, tablets, hotspots, mobile phones, applications, OS, and connectivity via Wi-Fi, Bluetooth, 4G/5G.

• Internet of Things (IoT): devices like Siri, Alexa, TVs, iHomes; extension of mobile technology, usually connected via Bluetooth or internet.

Cloud Computing

• Cloud Computing: shared computing resources over the internet (e.g., storage, processing, software).

• Cloud models:

  • Infrastructure as a Service (IaaS): outsourcing servers, storage, hardware, and networking.
  • Platform as a Service (PaaS): providing tools for application development.
  • Software as a Service (SaaS): selling applications or business process services (e.g., payroll, billing).

• Cloud deployment models: public, private, hybrid, community.

• Cloud Service Provider (CSP): third-party providing cloud services.

• Governance frameworks: Cloud Controls Matrix, COSO Enterprise Risk Management (including SPRIG methodology).

Other Topics

• Types of Processing Controls: input, output, processing, access controls.

• General Controls: software acquisition, IT infrastructure, security management, development/operations/maintenance controls.

• Enterprise Resource Planning (ERP): cross-functional, central data repository systems for various business functions.

• Accounting Information Systems (AIS): systems used by accountants/financial managers, often a component of an ERP.

• Reasonableness Test: error check for transaction totals.

• AIS Subsystems: Transaction Processing Systems (TPS), Financial Reporting System (FRS), and Management Reporting System (MRS).

• AIS Processes: input, source document processing, journal recording, GL/subsidiary ledger posting, trial balances, adjustments, financial report generation. Cycles include purchasing/disbursement, treasury, payroll, revenue/collection.

• Application Software Provider (ASP) benefits: lower upfront costs, flexibility, suitable for smaller businesses.

• Processes driven by IT: automation, shared services, outsourcing, offshore operations (IT, knowledge, business processes, software R&D).

• Risks in outsourcing: quality, service, productivity, staff turnover, language, security, outsourcer qualifications, labor insecurity.

• Technology forms of IT systems: Robotic Process Automation (RPA), Natural Language Processing (NLP), neural networks.

• COSO Principles related to IT: general control over technology, acquisition of quality information, effective communication.

• Blockchain: decentralized, altered transaction-resistant system.

• Business Resiliency: continuous operation and quick restoration after events; involves business continuity plans, system availability controls, and crisis management.

• Business Impact Analysis (BIA): identifies how quickly business units can recover.

• Recovery Point Objective (RPO) / Recovery Time Objective (RTO): maximum acceptable data loss/inoperability.

• System Availability Controls: redundancy, backups, UPS systems, infrastructure security, physical controls.

• Disaster Recovery: specific IT systems restoration after a major outage.

• Backup Types: full, incremental, differential.

• Replication vs. Mirroring: replication transfers data to a secondary site; mirroring copies a database to the same site.

• Change Management: policies, procedures, and resources for change governance.

• Change Management Process: identifying need, planning, approval, budgeting, personnel assignment, risk identification, implementation, testing, execution, review, monitoring.

• Documenting System Controls: baseline configuration, inventory system, acceptance criteria.

• Change Management Controls: policies/procedures, standardized requests, job separation, testing, reversion access.

• Change Environments: development, testing, staging, production, disaster recovery.

• Integration Risks: user resistance, management/stakeholder support issues, resource concerns, business disruptions, and lack of system integration.

• Logging: critical for testing, including application, change, event, firewall, network, proxy logs.

• Data Collection Types: active, passive.

• Data Lifecycle: capturing, transforming, synthesizing, analyzing, publishing, archiving, and purging data.

• Data Collection methods: ETL, active, passive data collection.

• Data Storage: ODS, data warehouses, data marts, data lakes, Relational databases, Data Elements (tables, attributes, records, fields, data types, keys).

  • Database Keys: primary keys, composite primary keys, foreign keys.

• Data Dictionary: Information about database structure and elements.

• Data Normalization: 1NF, 2NF, 3NF, data model types (conceptual, logical, physical), data models (star, snowflake).

• Structured Query Language(SQL): command structure and examples of SELECT, FROM, JOIN, WHERE, HAVING, GROUP BY

• Data Flow Diagrams (DFDs) / Flowcharts / System Interface Diagrams: standardized diagrams for process visualization

Description

Test your knowledge on IT infrastructure, including computer hardware, internal and external peripherals, and network components. This quiz covers essential concepts and devices used in modern IT environments.