SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Service Level Management
Dimensions of the COSO cube
An Integrated Audit
2. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Elements of the COBIT Framework
OSI: Network Layer
Input validation checking
3. (1.) Automatic (2.) Manual
Elements of the COSO pyramid
OSI: Data Link Layer
Resource details
The two Categories of Controls
4. The main hardware component of a computer system - which executes instructions in computer programs.
Notify the Audit Committee
Annualized Loss Expectance (ALE)
The audit program
CPU
5. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Annualized Loss Expectance (ALE)
Three Types of Controls
An Administrative
6. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Entire password for an encryption key
Balanced Scorecard
less than 24 hours
Department Charters
7. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
(1.) Man-made (2.) Natural
Controls
To identify the tasks that are responsible for project delays
Wet pipe fire sprinkler system
8. The risk that an IS auditor will overlook errors or exceptions during an audit.
Sampling Risk
IT Services Financial Management
Detection Risk
OSI Layer 5: Session
9. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
TCP/IP Transport Layer packet delivery
ITIL definition of PROBLEM
A Financial Audit
A Compliance audit
10. An audit of operational efficiency.
An Administrative
A gate process
The 7 phases and their order in the SDLC
Sampling Risk
11. ITIL term used to describe the SDLC.
Release management
Business Realization
Grid Computing
Categories of risk treatment
12. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
The Software Program Library
Deming Cycle
Options for Risk Treatment
13. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Assess the maturity of its business processes
Network Layer Protocols
Capability Maturity Model
14. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
The Business Process Life Cycle
A Forensic Audit
(1.) Polices (2.) Procedures (3.) Standards
Business impact analysis
15. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Blade Computer Architecture
TCP/IP Internet Layer
Stratified Sampling
An IS audit
16. A maturity model that represents the aggregations of other maturity models.
(1.) Polices (2.) Procedures (3.) Standards
Background checks performed
Inform the auditee
Capability Maturity Model Integration (CMMI)
17. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Documentation and interview personnel
Critical Path Methodology
Deming Cycle
Primary security features of relational databases
18. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Criticality analysis
Statistical Sampling
A Sample Mean
19. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Stay current with technology
The typical Configuration Items in Configuration Management
Server cluster
Cloud computing
20. Delivery of packets from one station to another - on the same network or on different networks.
Control Risk
The 7 phases and their order in the SDLC
The Internet Layer in the TCP/IP model
Annualized Loss Expectance (ALE)
21. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
The availability of IT systems
Foreign Key
Insourcing
A Cold Site
22. IT Governance is most concerned with ________.
IT Strategy
A gate process
Business impact analysis
Entire password for an encryption key
23. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Detection Risk
The Internet Layer in the TCP/IP model
A Compliance audit
Antivirus software on the email servers
24. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Cloud computing
Information systems access
Precision means
25. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
A Cold Site
Referential Integrity
TCP/IP Internet Layer
Assess the maturity of its business processes
26. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Security Awareness program
Control Unit
Confidence coefficient
The 7 phases and their order in the SDLC
27. Used to translate or transform data from lower layers into formats that the application layer can work with.
Stratified Sampling
OSI Layer 6: Presentation
Volumes of COSO framework
Change management
28. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Service Level Management
Examples of Application Controls
Annualized Loss Expectance (ALE)
Insourcing
29. IT Service Management is defined in ___________________ framework.
Variable Sampling
ITIL - IT Infrastructure Library
Advantages of outsourcing
A gate process
30. An alternate processing center that contains no information processing equipment.
CPU
A Cold Site
Frameworks
Application Controls
31. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
IT executives and the Board of Directors
Cloud computing
Concentrate on samples known to represent high risk
Service Continuity Management
32. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
OSI Layer 6: Presentation
Critical Path Methodology
Primary security features of relational databases
33. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Main types of Controls
Configuration Management
Inherent Risk
A gate process
34. The inventory of all in-scope business processes and systems
Frameworks
The first step in a business impact analysis
Expected Error Rate
Substantive Testing
35. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Geographic location
Sampling
PERT Diagram?
36. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Formal waterfall
Options for Risk Treatment
Testing activities
Detection Risk
37. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
A Cold Site
The 4-item focus of a Balanced Scorecard
Registers
38. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Inherent Risk
Input validation checking
Database primary key
List of systems examined
39. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
Types of sampling an auditor can perform.
Information systems access
Change management
40. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Stay current with technology
IT Strategy
ITIL definition of PROBLEM
Application Controls
41. The memory locations in the CPU where arithmetic values are stored.
Separate administrative accounts
Registers
Emergency Changes
Project change request
42. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
A Compliance audit
(1.) Man-made (2.) Natural
The Business Process Life Cycle
43. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
A Compliance audit
A gate process
CPU
Sampling Risk
44. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
ITIL definition of PROBLEM
List of systems examined
Prblem Management
Referential Integrity
45. Framework for auditing and measuring IT Service Management Processes.
Examples of Application Controls
Sampling
ISO 20000 Standard:
BCP Plans
46. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
Registers
More difficult to perform
A Problem
47. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
The appropriate role of an IS auditor in a control self-assessment
Application Controls
ITIL definition of CHANGE MANAGEMENT
Data Link Layer Standards
48. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Application Controls
Stay current with technology
SDLC Phases
Elements of the COSO pyramid
49. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
Release management
Audit Methodologies
Detection Risk
50. The highest number of errors that can exist without a result being materially misstated.
Input validation checking
Advantages of outsourcing
Tolerable Error Rate
Sampling Risk