SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
OSI Layer 5: Session
General Controls
IT Strategy
2. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Stay current with technology
Substantive Testing (test of transaction integrity)
The audit program
Rating Scale for Process Maturity
3. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
ITIL definition of PROBLEM
Substantive Testing (test of transaction integrity)
Organizational culture and maturity
SDLC Phases
4. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
TCP/IP Link Layer
Split custody
(1.) Polices (2.) Procedures (3.) Standards
5. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
PERT Diagram?
Antivirus software on the email servers
Hash
(1.) Man-made (2.) Natural
6. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
OSI: Transport Layer
Assess the maturity of its business processes
Judgmental sampling
7. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Notify the Audit Committee
An Administrative
The first step in a business impact analysis
8. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Examples of IT General Controls
ITIL - IT Infrastructure Library
Categories of risk treatment
9. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Capability Maturity Model
OSI: Network Layer
An Operational Audit
Discovery Sampling
10. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Expected Error Rate
Capability Maturity Model Integration (CMMI)
Application Controls
11. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
General Controls
The first step in a business impact analysis
Release management
12. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
The 4-item focus of a Balanced Scorecard
To identify the tasks that are responsible for project delays
Network Layer Protocols
13. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
ITIL definition of PROBLEM
The two Categories of Controls
Audit logging
The audit program
14. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
A Cold Site
Antivirus software on the email servers
Prblem Management
A Compliance audit
15. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Registers
The two Categories of Controls
Application Controls
Change management
16. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Documentation and interview personnel
Expected Error Rate
Segregation of duties issue in a high value process
Department Charters
17. (1.) Objectives (2.) Components (3.) Business Units / Areas
less than 24 hours
Dimensions of the COSO cube
TCP/IP Transport Layer packet delivery
Cloud computing
18. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Frameworks
Attribute Sampling
Entire password for an encryption key
Current and most up-to-date
19. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Six steps of the Release Management process
Database primary key
Release management
20. PERT: shows the ______________ critical path.
Current and most up-to-date
Tolerable Error Rate
Buffers
The two Categories of Controls
21. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
TCP/IP Network Model
Grid Computing
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Employee termination process
22. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Personnel involved in the requirements phase of a software development project
ITIL definition of PROBLEM
Annualized Loss Expectance (ALE)
Deming Cycle
23. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
A Forensic Audit
Examples of IT General Controls
Overall audit risk
24. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
ITIL definition of CHANGE MANAGEMENT
Audit logging
Application Layer protocols
Risk Management
25. The risk that an IS auditor will overlook errors or exceptions during an audit.
Attribute Sampling
Stay current with technology
Detection Risk
Sampling Risk
26. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Testing activities
Change management
Deming Cycle
Critical Path Methodology
27. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Lacks specific expertise or resources to conduct an internal audit
Assess the maturity of its business processes
The best approach for identifying high risk areas for an audit
Frameworks
28. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Deming Cycle
The Release process
Gantt Chart
The Requirements
29. One of a database table's fields - whose value is unique.
Substantive Testing
A Compliance audit
Foreign Key
Database primary key
30. A sampling technique where at least one exception is sought in a population
IT Services Financial Management
Discovery Sampling
Stay current with technology
TCP/IP Transport Layer packet delivery
31. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
More difficult to perform
Cloud computing
Reduced sign-on
An IS audit
32. Gantt: used to display ______________.
Antivirus software on the email servers
Controls
Foreign Key
Resource details
33. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Advantages of outsourcing
Business Continuity
Sampling
TCP/IP Link Layer
34. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Control Unit
Lacks specific expertise or resources to conduct an internal audit
Employees with excessive privileges
Resource details
35. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Current and most up-to-date
Disaster Recovery
Inform the auditee
Service Level Management
36. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
OSI: Physical Layer
IT executives and the Board of Directors
Configuration Management
Attribute Sampling
37. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
Substantive Testing
TCP/IP Network Model
OSI: Data Link Layer
38. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Department Charters
Application Layer protocols
Rating Scale for Process Maturity
Examples of Application Controls
39. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
The audit program
Sampling
Testing activities
40. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Options for Risk Treatment
OSI: Physical Layer
General Controls
Confidence coefficient
41. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
A Service Provider audit
Application Controls
An IS audit
Geographic location
42. An audit of operational efficiency.
Audit Methodologies
Statement of Impact
The appropriate role of an IS auditor in a control self-assessment
An Administrative
43. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Service Continuity Management
Database primary key
The 7 phases and their order in the SDLC
Substantive Testing
44. Contains programs that communicate directly with the end user.
Attribute Sampling
OSI Layer 7: Application
(1.) Polices (2.) Procedures (3.) Standards
Transport Layer Protocols
45. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Rating Scale for Process Maturity
Current and most up-to-date
TCP/IP Network Model
46. An audit of an IS department's operations and systems.
Precision means
Power system controls
Foreign Key
An IS audit
47. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Service Continuity Management
OSI: Data Link Layer
Rating Scale for Process Maturity
Compliance Testing
48. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Cloud computing
objective and unbiased
Stratified Sampling
Security Awareness program
49. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
ITIL - IT Infrastructure Library
Separate administrative accounts
Types of sampling an auditor can perform.
The Eight Types of Audits
50. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Risk Management
Audit Methodologies
Audit logging
Structural fires and transportation accidents