SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Concentrate on samples known to represent high risk
Release management
IT executives and the Board of Directors
Application Layer protocols
2. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
The BCP process
OSI: Transport Layer
Elements of the COBIT Framework
Business impact analysis
3. A representation of how closely a sample represents an entire population.
Precision means
A Cold Site
The two Categories of Controls
OSI: Transport Layer
4. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
A Forensic Audit
Expected Error Rate
OSI: Data Link Layer
5. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Precision means
Examples of Application Controls
Judgmental sampling
The Internet Layer in the TCP/IP model
6. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Inherent Risk
The availability of IT systems
Entire password for an encryption key
The Software Program Library
7. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
Structural fires and transportation accidents
The Release process
Transport Layer Protocols
8. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
objective and unbiased
Organizational culture and maturity
A Forensic Audit
Current and most up-to-date
9. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Compliance Testing
Controls
Insourcing
The Eight Types of Audits
10. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Vulnerability in the organization's PBX
Assess the maturity of its business processes
Discovery Sampling
Data Link Layer Standards
11. Describes the effect on the business if a process is incapacitated for any appreciable time
ITIL - IT Infrastructure Library
Stay current with technology
Audit logging
Statement of Impact
12. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
Information systems access
Primary security features of relational databases
objective and unbiased
13. An audit of operational efficiency.
(1.) Polices (2.) Procedures (3.) Standards
Lacks specific expertise or resources to conduct an internal audit
An Administrative
Options for Risk Treatment
14. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Annualized Loss Expectance (ALE)
Elements of the COSO pyramid
Project change request
15. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
A Financial Audit
ITIL definition of CHANGE MANAGEMENT
Critical Path Methodology
Six steps of the Release Management process
16. The memory locations in the CPU where arithmetic values are stored.
The Internet Layer in the TCP/IP model
Registers
A Cold Site
Business impact analysis
17. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Control Unit
Dimensions of the COSO cube
ITIL definition of CHANGE MANAGEMENT
18. PERT: shows the ______________ critical path.
Current and most up-to-date
Employees with excessive privileges
Network Layer Protocols
An Administrative
19. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Advantages of outsourcing
Data Link Layer Standards
The Requirements
Inform the auditee
20. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
(1.) Man-made (2.) Natural
Project Management Strategies
Emergency Changes
Balanced Scorecard
21. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Security Awareness program
Configuration Management
Controls
A gate process
22. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Control Unit
Tolerable Error Rate
The appropriate role of an IS auditor in a control self-assessment
Foreign Key
23. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Inherent Risk
Entire password for an encryption key
The availability of IT systems
24. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Application Layer protocols
Power system controls
Control Risk
Recovery time objective
25. Subjective sampling is used when the auditor wants to _________________________.
Critical Path Methodology
Control Risk
(1.) Man-made (2.) Natural
Concentrate on samples known to represent high risk
26. The maximum period of downtime for a process or application
Formal waterfall
Recovery time objective
Stop-or-go Sampling
Service Level Management
27. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Assess the maturity of its business processes
Confidence coefficient
A Forensic Audit
28. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
TCP/IP Transport Layer packet delivery
Judgmental sampling
An Operational Audit
29. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Inform the auditee
Control Unit
Referential Integrity
IT Services Financial Management
30. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
An Operational Audit
Service Continuity Management
Judgmental sampling
Six steps of the Release Management process
31. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Segregation of duties issue in a high value process
Compliance Testing
Critical Path Methodology
Change management
32. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
The availability of IT systems
Stratified Sampling
ITIL definition of PROBLEM
An Integrated Audit
33. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Substantive Testing (test of transaction integrity)
Statistical Sampling
Dimensions of the COSO cube
List of systems examined
34. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Deming Cycle
A gate process
Reduced sign-on
Inherent Risk
35. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Substantive Testing
Function Point Analysis
The 5 types of Evidence that the auditor will collect during an audit.
36. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
IT Service Management
OSI: Physical Layer
Change management
37. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
The typical Configuration Items in Configuration Management
Separate administrative accounts
Gantt Chart
Annualized Loss Expectance (ALE)
38. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
A Service Provider audit
Buffers
Foreign Key
39. An audit that combines an operational audit and a financial audit.
The typical Configuration Items in Configuration Management
An Integrated Audit
Three Types of Controls
ITIL definition of PROBLEM
40. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Lacks specific expertise or resources to conduct an internal audit
Department Charters
The Software Program Library
A Service Provider audit
41. To communication security policies - procedures - and other security-related information to an organization's employees.
IT Service Management
The availability of IT systems
Grid Computing
Security Awareness program
42. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Insourcing
Substantive Testing
TCP/IP Link Layer
Employee termination process
43. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Security Awareness program
Network Layer Protocols
Assess the maturity of its business processes
44. Guide program execution through organization of resources and development of clear project objectives.
The two Categories of Controls
Project Management Strategies
Segregation of duties issue in a high value process
Wet pipe fire sprinkler system
45. A sampling technique where at least one exception is sought in a population
A Cold Site
Discovery Sampling
Capability Maturity Model
IT Services Financial Management
46. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Controls
Information security policy
Service Continuity Management
47. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
A Financial Audit
The 4-item focus of a Balanced Scorecard
Audit logging
Application Layer protocols
48. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
TCP/IP Internet Layer
Control Risk
A gate process
Expected Error Rate
49. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
The Steering Committee
Background checks performed
Personnel involved in the requirements phase of a software development project
OSI: Transport Layer
50. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
General Controls
Reduced sign-on
Network Layer Protocols
The Internet Layer in the TCP/IP model
