SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
The BCP process
Assess the maturity of its business processes
Background checks performed
Substantive Testing (test of transaction integrity)
2. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Input validation checking
Vulnerability in the organization's PBX
Employees with excessive privileges
A Forensic Audit
3. A sampling technique where at least one exception is sought in a population
Discovery Sampling
TCP/IP Transport Layer packet delivery
A Server Cluster
Stay current with technology
4. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Main types of Controls
A gate process
Deming Cycle
TCP/IP Link Layer
5. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Audit logging
Compliance Testing
Entire password for an encryption key
Release management
6. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Audit logging
An Administrative
Project Management Strategies
Emergency Changes
7. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Business Realization
Application Layer protocols
Project Management Strategies
8. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Recovery time objective
OSI: Physical Layer
Information security policy
Input validation checking
9. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Application Controls
Dimensions of the COSO cube
Advantages of outsourcing
10. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Sampling Risk
Testing activities
Statistical Sampling
TCP/IP Transport Layer packet delivery
11. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
The two Categories of Controls
Sampling Risk
The Requirements
A Financial Audit
12. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Current and most up-to-date
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
An Operational Audit
13. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Precision means
TCP/IP Link Layer
ISO 20000 Standard:
Audit Methodologies
14. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
A Forensic Audit
Application Layer protocols
Sample Standard Deviation
Background checks performed
15. Describes the effect on the business if a process is incapacitated for any appreciable time
Security Awareness program
Statement of Impact
Controls
Inform the auditee
16. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Prblem Management
Cloud computing
Reduced sign-on
Categories of risk treatment
17. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Power system controls
Disaster Recovery
SDLC Phases
Judgmental sampling
18. Focuses on: post-event recovery and restoration of services
Prblem Management
A Financial Audit
Disaster Recovery
ITIL definition of PROBLEM
19. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Prblem Management
Background checks performed
Employee termination process
OSI: Transport Layer
20. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Organizational culture and maturity
OSI: Data Link Layer
OSI: Physical Layer
Elements of the COBIT Framework
21. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Discovery Sampling
A Sample Mean
Variable Sampling
Structural fires and transportation accidents
22. IT Governance is most concerned with ________.
Confidence coefficient
Inherent Risk
Network Layer Protocols
IT Strategy
23. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Capability Maturity Model
PERT Diagram?
Project change request
24. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Audit logging
TCP/IP Internet Layer
Background checks performed
25. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Testing activities
TCP/IP Network Model
Substantive Testing
26. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
A Financial Audit
Overall audit risk
Personnel involved in the requirements phase of a software development project
The availability of IT systems
27. A collection of two or more servers that is designed to appear as a single server.
The Release process
Server cluster
An IS audit
Sampling
28. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Volumes of COSO framework
Personnel involved in the requirements phase of a software development project
A gate process
Expected Error Rate
29. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
ITIL - IT Infrastructure Library
(1.) Polices (2.) Procedures (3.) Standards
Information systems access
Wet pipe fire sprinkler system
30. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
ITIL definition of PROBLEM
Network Layer Protocols
An Operational Audit
31. Delivery of packets from one station to another - on the same network or on different networks.
OSI: Data Link Layer
Reduced sign-on
The Internet Layer in the TCP/IP model
Referential Integrity
32. The maximum period of downtime for a process or application
Recovery time objective
The Release process
PERT Diagram?
Stratified Sampling
33. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
An Integrated Audit
A Compliance audit
Separate administrative accounts
Input validation checking
34. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Concentrate on samples known to represent high risk
OSI: Data Link Layer
Application Layer protocols
35. Subjective sampling is used when the auditor wants to _________________________.
Stratified Sampling
Database primary key
TCP/IP Link Layer
Concentrate on samples known to represent high risk
36. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Substantive Testing
Application Layer protocols
Tolerable Error Rate
37. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Categories of risk treatment
ITIL definition of PROBLEM
Referential Integrity
The BCP process
38. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Function Point Analysis
Background checks performed
OSI Layer 7: Application
Service Continuity Management
39. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Categories of risk treatment
Examples of Application Controls
The Internet Layer in the TCP/IP model
Annualized Loss Expectance (ALE)
40. Defines internal controls and provides guidance for assessing and improving internal control systems.
Server cluster
Database primary key
Personnel involved in the requirements phase of a software development project
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
41. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Attribute Sampling
Service Continuity Management
Application Layer protocols
Department Charters
42. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
Sample Standard Deviation
Employee termination process
Elements of the COBIT Framework
43. Used to measure the relative maturity of an organization and its processes.
A Financial Audit
Capability Maturity Model
To identify the tasks that are responsible for project delays
Critical Path Methodology
44. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Deming Cycle
Geographic location
Configuration Management
A Sample Mean
45. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Geographic location
Foreign Key
Notify the Audit Committee
IT Service Management
46. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
A Service Provider audit
Frameworks
Cloud computing
47. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Information security policy
Service Level Management
Cloud computing
Discovery Sampling
48. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
ISO 20000 Standard:
Security Awareness program
Network Layer Protocols
Service Continuity Management
49. An audit of a third-party organization that provides services to other organizations.
Foreign Key
A Service Provider audit
Blade Computer Architecture
Annualized Loss Expectance (ALE)
50. The inventory of all in-scope business processes and systems
Balanced Scorecard
The first step in a business impact analysis
Buffers
PERT Diagram?