SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Annualized Loss Expectance (ALE)
The two Categories of Controls
Risk Management
The best approach for identifying high risk areas for an audit
2. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
The audit program
A Sample Mean
Service Level Management
A Virtual Server
3. (1.) Automatic (2.) Manual
Confidence coefficient
Controls
TCP/IP Link Layer
The two Categories of Controls
4. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
The two Categories of Controls
PERT Diagram?
Controls
5. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Judgmental sampling
Sampling Risk
Examples of IT General Controls
The Software Program Library
6. One of a database table's fields - whose value is unique.
An Operational Audit
Database primary key
Input validation checking
Disaster Recovery
7. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
Tolerable Error Rate
Substantive Testing (test of transaction integrity)
Antivirus software on the email servers
8. (1.) Link (2.) Internet (3.) Transport (4.) Application
ISO 20000 Standard:
Disaster Recovery
TCP/IP Network Model
The typical Configuration Items in Configuration Management
9. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Attribute Sampling
OSI: Network Layer
Structural fires and transportation accidents
The Internet Layer in the TCP/IP model
10. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Control Risk
A gate process
OSI: Network Layer
objective and unbiased
11. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Documentation and interview personnel
Compliance Testing
The Steering Committee
A Server Cluster
12. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Hash
Rating Scale for Process Maturity
Audit logging
Configuration Management
13. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Application Controls
The 5 types of Evidence that the auditor will collect during an audit.
IT Strategy
Sample Standard Deviation
14. The main hardware component of a computer system - which executes instructions in computer programs.
Segregation of duties issue in a high value process
CPU
Business Realization
Confidence coefficient
15. Support the functioning of the application controls
General Controls
Frameworks
Server cluster
Insourcing
16. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Volumes of COSO framework
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Security Awareness program
17. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
ITIL definition of CHANGE MANAGEMENT
Testing activities
A gate process
The audit program
18. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
ISO 20000 Standard:
Emergency Changes
Split custody
Capability Maturity Model
19. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
OSI Layer 5: Session
An Integrated Audit
Grid Computing
Stratified Sampling
20. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Split custody
Department Charters
Foreign Key
Gantt Chart
21. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Statistical Sampling
Incident Management
Separate administrative accounts
Risk Management
22. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Attribute Sampling
To identify the tasks that are responsible for project delays
The appropriate role of an IS auditor in a control self-assessment
23. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Service Continuity Management
PERT Diagram?
Examples of Application Controls
24. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Control Risk
Rating Scale for Process Maturity
OSI Layer 5: Session
25. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Six steps of the Release Management process
ITIL definition of CHANGE MANAGEMENT
Business Realization
Server cluster
26. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
OSI: Data Link Layer
Structural fires and transportation accidents
Employees with excessive privileges
27. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Sampling Risk
The first step in a business impact analysis
Annualized Loss Expectance (ALE)
Frameworks
28. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
A Compliance audit
A Problem
Grid Computing
Information security policy
29. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
A Virtual Server
Employee termination process
IT Strategy
Information systems access
30. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Transport Layer Protocols
Audit Methodologies
The BCP process
31. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Information systems access
Geographic location
Examples of IT General Controls
Insourcing
32. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Critical Path Methodology
A Compliance audit
OSI: Physical Layer
The 4-item focus of a Balanced Scorecard
33. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Network Layer Protocols
IT Strategy
The 7 phases and their order in the SDLC
34. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
The audit program
Department Charters
Elements of the COSO pyramid
Grid Computing
35. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
The BCP process
ITIL definition of PROBLEM
Security Awareness program
Grid Computing
36. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Expected Error Rate
SDLC Phases
Formal waterfall
ITIL definition of CHANGE MANAGEMENT
37. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
The Internet Layer in the TCP/IP model
Power system controls
Annualized Loss Expectance (ALE)
38. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Main types of Controls
Lacks specific expertise or resources to conduct an internal audit
ITIL definition of PROBLEM
39. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
WAN Protocols
Grid Computing
Incident Management
40. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
List of systems examined
ITIL definition of PROBLEM
IT Service Management
41. (1.) General (2.) Application
A gate process
Main types of Controls
Service Level Management
Background checks performed
42. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Gantt Chart
OSI Layer 5: Session
less than 24 hours
Security Awareness program
43. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Split custody
Overall audit risk
OSI: Network Layer
44. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Elements of the COBIT Framework
Buffers
A Server Cluster
45. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Statement of Impact
Examples of IT General Controls
Wet pipe fire sprinkler system
A Server Cluster
46. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Application Layer protocols
ITIL definition of CHANGE MANAGEMENT
Data Link Layer Standards
Disaster Recovery
47. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Formal waterfall
Precision means
Stratified Sampling
A Financial Audit
48. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
CPU
IT standards are not being reviewed often enough
The 7 phases and their order in the SDLC
Risk Management
49. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
The appropriate role of an IS auditor in a control self-assessment
Application Layer protocols
To identify the tasks that are responsible for project delays
50. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Rating Scale for Process Maturity
A Compliance audit
Structural fires and transportation accidents
