SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Wet pipe fire sprinkler system
Information security policy
(1.) Polices (2.) Procedures (3.) Standards
Control Unit
2. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
BCP Plans
Categories of risk treatment
Business Continuity
Elements of the COSO pyramid
3. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
An Operational Audit
Entire password for an encryption key
Wet pipe fire sprinkler system
4. IT Governance is most concerned with ________.
IT Strategy
BCP Plans
Stratified Sampling
Categories of risk treatment
5. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
The typical Configuration Items in Configuration Management
Information systems access
Function Point Analysis
6. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
The best approach for identifying high risk areas for an audit
Primary security features of relational databases
Formal waterfall
7. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
The two Categories of Controls
BCP Plans
The 4-item focus of a Balanced Scorecard
8. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
ITIL definition of CHANGE MANAGEMENT
A Sample Mean
Configuration Management
Dimensions of the COSO cube
9. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Confidence coefficient
Audit logging
The Internet Layer in the TCP/IP model
Geographic location
10. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Frameworks
Audit Methodologies
Lacks specific expertise or resources to conduct an internal audit
The Steering Committee
11. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
The typical Configuration Items in Configuration Management
Capability Maturity Model Integration (CMMI)
less than 24 hours
Deming Cycle
12. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Wet pipe fire sprinkler system
Information systems access
Risk Management
OSI: Data Link Layer
13. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Attribute Sampling
A Compliance audit
Rating Scale for Process Maturity
Gantt Chart
14. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Main types of Controls
TCP/IP Transport Layer packet delivery
Separate administrative accounts
A Cold Site
15. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Insourcing
Assess the maturity of its business processes
Audit logging
16. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
Advantages of outsourcing
Security Awareness program
A Compliance audit
17. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Assess the maturity of its business processes
Examples of Application Controls
Critical Path Methodology
More difficult to perform
18. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Substantive Testing
The Internet Layer in the TCP/IP model
IT standards are not being reviewed often enough
19. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
OSI: Data Link Layer
ITIL definition of CHANGE MANAGEMENT
TCP/IP Network Model
OSI: Network Layer
20. Gantt: used to display ______________.
Entire password for an encryption key
Resource details
less than 24 hours
Elements of the COSO pyramid
21. An audit of a third-party organization that provides services to other organizations.
Confidence coefficient
TCP/IP Transport Layer
A Service Provider audit
The 5 types of Evidence that the auditor will collect during an audit.
22. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
A Virtual Server
ITIL definition of PROBLEM
Project Management Strategies
Statement of Impact
23. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Judgmental sampling
IT Services Financial Management
The Business Process Life Cycle
24. Describes the effect on the business if a process is incapacitated for any appreciable time
Antivirus software on the email servers
The Release process
Statement of Impact
Judgmental sampling
25. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Wet pipe fire sprinkler system
The Steering Committee
TCP/IP Network Model
26. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
IT Service Management
Release management
Sampling Risk
The 4-item focus of a Balanced Scorecard
27. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
ITIL definition of PROBLEM
The Internet Layer in the TCP/IP model
The typical Configuration Items in Configuration Management
28. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
A Service Provider audit
The Eight Types of Audits
Data Link Layer Standards
29. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Capability Maturity Model Integration (CMMI)
Substantive Testing (test of transaction integrity)
An Administrative
30. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Split custody
Critical Path Methodology
Stop-or-go Sampling
OSI Layer 7: Application
31. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
The BCP process
Service Level Management
Annualized Loss Expectance (ALE)
Overall audit risk
32. The means by which management establishes and measures processes by which organizational objectives are achieved
Capability Maturity Model
Controls
Business impact analysis
objective and unbiased
33. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Inherent Risk
A Service Provider audit
Primary security features of relational databases
34. The first major task in a disaster recovery or business continuity planning project.
The Eight Types of Audits
Compliance Testing
Business impact analysis
Security Awareness program
35. Defines internal controls and provides guidance for assessing and improving internal control systems.
Server cluster
A Compliance audit
Security Awareness program
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
36. The sum of all samples divided by the number of samples.
Entire password for an encryption key
The Eight Types of Audits
Application Layer protocols
A Sample Mean
37. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Annualized Loss Expectance (ALE)
Input validation checking
The Business Process Life Cycle
Sampling Risk
38. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Project Management Strategies
Buffers
Documentation and interview personnel
Formal waterfall
39. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Separate administrative accounts
Recovery time objective
Cloud computing
Project change request
40. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Resource details
The Business Process Life Cycle
The Eight Types of Audits
The audit program
41. A sampling technique where at least one exception is sought in a population
A Virtual Server
Service Continuity Management
The Steering Committee
Discovery Sampling
42. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
The Business Process Life Cycle
Entire password for an encryption key
Security Awareness program
Data Link Layer Standards
43. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Registers
Vulnerability in the organization's PBX
The Requirements
44. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
A Forensic Audit
Emergency Changes
Three Types of Controls
OSI: Transport Layer
45. Focuses on: post-event recovery and restoration of services
Notify the Audit Committee
The availability of IT systems
Referential Integrity
Disaster Recovery
46. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Main types of Controls
Advantages of outsourcing
The Internet Layer in the TCP/IP model
47. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Sampling
OSI: Data Link Layer
Blade Computer Architecture
48. An audit that combines an operational audit and a financial audit.
Gantt Chart
An Integrated Audit
Business impact analysis
Wet pipe fire sprinkler system
49. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
General Controls
Annualized Loss Expectance (ALE)
Service Continuity Management
Organizational culture and maturity
50. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Power system controls
Entire password for an encryption key
The Requirements
Antivirus software on the email servers