SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Recovery time objective
Testing activities
(1.) Polices (2.) Procedures (3.) Standards
2. (1.) Automatic (2.) Manual
Disaster Recovery
PERT Diagram?
Inform the auditee
The two Categories of Controls
3. Used to determine which business processes are the most critical - by ranking them in order of criticality
Testing activities
Stop-or-go Sampling
Criticality analysis
Rating Scale for Process Maturity
4. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Types of sampling an auditor can perform.
BCP Plans
Statistical Sampling
Data Link Layer Standards
5. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Input validation checking
Inform the auditee
Sampling Risk
Options for Risk Treatment
6. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
TCP/IP Link Layer
A Compliance audit
SDLC Phases
Stay current with technology
7. An audit of an IS department's operations and systems.
Audit logging
General Controls
An IS audit
A Server Cluster
8. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
A Compliance audit
Assess the maturity of its business processes
Statement of Impact
Frameworks
9. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
ISO 20000 Standard:
The appropriate role of an IS auditor in a control self-assessment
Structural fires and transportation accidents
Lacks specific expertise or resources to conduct an internal audit
10. (1.) Objectives (2.) Components (3.) Business Units / Areas
ISO 20000 Standard:
Dimensions of the COSO cube
Wet pipe fire sprinkler system
Annualized Loss Expectance (ALE)
11. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Database primary key
Categories of risk treatment
Change management
12. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Discovery Sampling
Disaster Recovery
The 5 types of Evidence that the auditor will collect during an audit.
WAN Protocols
13. Gantt: used to display ______________.
Referential Integrity
Network Layer Protocols
Registers
Resource details
14. The maximum period of downtime for a process or application
Audit logging
Volumes of COSO framework
Recovery time objective
Antivirus software on the email servers
15. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Examples of Application Controls
Inherent Risk
Input validation checking
Advantages of outsourcing
16. One of a database table's fields - whose value is unique.
Reduced sign-on
OSI Layer 7: Application
Database primary key
Grid Computing
17. To measure organizational performance and effectiveness against strategic goals.
Gantt Chart
Balanced Scorecard
Application Controls
The typical Configuration Items in Configuration Management
18. Handle application processing
Application Controls
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
ITIL - IT Infrastructure Library
OSI Layer 6: Presentation
19. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Judgmental sampling
Current and most up-to-date
Detection Risk
Prblem Management
20. (1.) Link (2.) Internet (3.) Transport (4.) Application
Vulnerability in the organization's PBX
The 4-item focus of a Balanced Scorecard
TCP/IP Network Model
Reduced sign-on
21. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Frameworks
Stop-or-go Sampling
IT standards are not being reviewed often enough
22. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Compliance Testing
Discovery Sampling
Audit Methodologies
Referential Integrity
23. The risk that an IS auditor will overlook errors or exceptions during an audit.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Detection Risk
Blade Computer Architecture
Incident Management
24. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
An IS audit
OSI: Network Layer
The Internet Layer in the TCP/IP model
25. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
The Steering Committee
A Problem
The audit program
Recovery time objective
26. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
A Virtual Server
OSI: Data Link Layer
Inherent Risk
Variable Sampling
27. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
ISO 20000 Standard:
Reduced sign-on
The availability of IT systems
Control Unit
28. IT Service Management is defined in ___________________ framework.
less than 24 hours
The 7 phases and their order in the SDLC
To identify the tasks that are responsible for project delays
ITIL - IT Infrastructure Library
29. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Security Awareness program
The 4-item focus of a Balanced Scorecard
The Business Process Life Cycle
Lacks specific expertise or resources to conduct an internal audit
30. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
The Eight Types of Audits
Personnel involved in the requirements phase of a software development project
BCP Plans
A Service Provider audit
31. PERT: shows the ______________ critical path.
Organizational culture and maturity
Risk Management
Current and most up-to-date
Sample Standard Deviation
32. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Registers
Antivirus software on the email servers
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Structural fires and transportation accidents
33. An alternate processing center that contains no information processing equipment.
Examples of IT General Controls
A gate process
OSI: Data Link Layer
A Cold Site
34. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Capability Maturity Model
IT Strategy
Expected Error Rate
35. An audit of operational efficiency.
Overall audit risk
An Administrative
A Virtual Server
Cloud computing
36. Collections of Controls that work together to achieve an entire range of an organization's objectives.
A Problem
Sampling
Reduced sign-on
Frameworks
37. Used to measure the relative maturity of an organization and its processes.
Emergency Changes
General Controls
Attribute Sampling
Capability Maturity Model
38. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
Statistical Sampling
Stay current with technology
Sampling Risk
39. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Foreign Key
Emergency Changes
TCP/IP Network Model
PERT Diagram?
40. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Service Continuity Management
IT standards are not being reviewed often enough
The BCP process
Primary security features of relational databases
41. Consists of two main packet transport protocols: TCP and UDP.
Buffers
OSI Layer 5: Session
TCP/IP Transport Layer
Criticality analysis
42. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
WAN Protocols
Elements of the COSO pyramid
Inherent Risk
A Financial Audit
43. Guide program execution through organization of resources and development of clear project objectives.
WAN Protocols
Project Management Strategies
Variable Sampling
To identify the tasks that are responsible for project delays
44. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Grid Computing
Business impact analysis
Information security policy
IT standards are not being reviewed often enough
45. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Service Level Management
OSI: Physical Layer
The Eight Types of Audits
Segregation of duties issue in a high value process
46. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
The Internet Layer in the TCP/IP model
Control Unit
Precision means
Hash
47. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Transport Layer Protocols
Examples of IT General Controls
Stay current with technology
Expected Error Rate
48. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Function Point Analysis
CPU
Referential Integrity
Inform the auditee
49. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Inform the auditee
A Virtual Server
Notify the Audit Committee
Substantive Testing (test of transaction integrity)
50. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Concentrate on samples known to represent high risk
Prblem Management
A Server Cluster
Types of sampling an auditor can perform.