Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
An Integrated Audit
Balanced Scorecard
Business impact analysis

2. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
PERT Diagram?
The Software Program Library
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI Layer 5: Session

3. The risk that an IS auditor will overlook errors or exceptions during an audit.
The Requirements
Detection Risk
Inform the auditee
Sampling

4. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Information systems access
Inform the auditee
Business Continuity
Release management

5. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
Segregation of duties issue in a high value process
Statistical Sampling
Rating Scale for Process Maturity

6. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Change management
Testing activities
Confidence coefficient
An Integrated Audit

7. The main hardware component of a computer system - which executes instructions in computer programs.
Main types of Controls
Project Management Strategies
SDLC Phases
CPU

8. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
An IS audit
Hash
objective and unbiased
The Internet Layer in the TCP/IP model

9. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Judgmental sampling
ITIL definition of CHANGE MANAGEMENT
Separate administrative accounts
Grid Computing

10. The means by which management establishes and measures processes by which organizational objectives are achieved
Testing activities
Controls
Release management
Service Continuity Management

11. Delivery of packets from one station to another - on the same network or on different networks.
An IS audit
Formal waterfall
An Administrative
The Internet Layer in the TCP/IP model

12. Guide program execution through organization of resources and development of clear project objectives.
Precision means
The audit program
Project Management Strategies
Structural fires and transportation accidents

13. Used to measure the relative maturity of an organization and its processes.
WAN Protocols
Antivirus software on the email servers
Capability Maturity Model
Categories of risk treatment

14. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Project Management Strategies
BCP Plans
Buffers
Volumes of COSO framework

15. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
General Controls
A gate process
Three Types of Controls

16. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Reduced sign-on
Business Realization
The Release process
OSI: Data Link Layer

17. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Capability Maturity Model
Examples of Application Controls
The BCP process
Application Controls

18. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
IT executives and the Board of Directors
OSI: Data Link Layer
PERT Diagram?
Organizational culture and maturity

19. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Project change request
Deming Cycle
OSI Layer 7: Application
SDLC Phases

20. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Resource details
The audit program
Volumes of COSO framework
Tolerable Error Rate

21. The first major task in a disaster recovery or business continuity planning project.
An Administrative
OSI: Data Link Layer
Annualized Loss Expectance (ALE)
Business impact analysis

22. To measure organizational performance and effectiveness against strategic goals.
Insourcing
The availability of IT systems
Control Unit
Balanced Scorecard

23. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
IT Services Financial Management
Background checks performed
Segregation of duties issue in a high value process
The 5 types of Evidence that the auditor will collect during an audit.

24. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
ITIL definition of PROBLEM
Segregation of duties issue in a high value process
The 7 phases and their order in the SDLC
Release management

25. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
The Software Program Library
SDLC Phases
Types of sampling an auditor can perform.
Prblem Management

26. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
SDLC Phases
Resource details
Frameworks

27. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Project Management Strategies
The Software Program Library
OSI Layer 7: Application
Network Layer Protocols

28. (1.) General (2.) Application
TCP/IP Network Model
List of systems examined
The audit program
Main types of Controls

29. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Sample Standard Deviation
Concentrate on samples known to represent high risk
A gate process
Control Unit

30. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
Split custody
Main types of Controls
Server cluster

31. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Data Link Layer Standards
(1.) Man-made (2.) Natural
List of systems examined

32. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Employees with excessive privileges
The BCP process
Project change request

33. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
(1.) Polices (2.) Procedures (3.) Standards
Organizational culture and maturity
Options for Risk Treatment
Current and most up-to-date

34. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Stop-or-go Sampling
Statement of Impact
Hash
Tolerable Error Rate

35. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
Stratified Sampling
Disaster Recovery
OSI: Transport Layer

36. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
A Service Provider audit
Audit logging
Sampling Risk
Critical Path Methodology

37. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Split custody
Balanced Scorecard
The Release process
(1.) Man-made (2.) Natural

38. (1.) Automatic (2.) Manual
A Server Cluster
OSI Layer 5: Session
Examples of IT General Controls
The two Categories of Controls

39. An alternate processing center that contains no information processing equipment.
OSI Layer 5: Session
Grid Computing
OSI: Transport Layer
A Cold Site

40. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Sampling
Expected Error Rate
The 5 types of Evidence that the auditor will collect during an audit.
Service Continuity Management

41. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Personnel involved in the requirements phase of a software development project
Attribute Sampling
An Integrated Audit
Options for Risk Treatment

42. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
objective and unbiased
Inform the auditee
OSI Layer 6: Presentation
OSI: Transport Layer

43. Defines internal controls and provides guidance for assessing and improving internal control systems.
The Internet Layer in the TCP/IP model
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Steering Committee
Network Layer Protocols

44. One of a database table's fields - whose value is unique.
Data Link Layer Standards
Risk Management
A Compliance audit
Database primary key

45. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Business Realization
OSI: Physical Layer
Reduced sign-on
A Service Provider audit

46. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Substantive Testing (test of transaction integrity)
Main types of Controls
Detection Risk

47. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Expected Error Rate
Project Management Strategies
Emergency Changes

48. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Security Awareness program
The 5 types of Evidence that the auditor will collect during an audit.
Substantive Testing (test of transaction integrity)
Business Realization

49. The highest number of errors that can exist without a result being materially misstated.
IT executives and the Board of Directors
TCP/IP Network Model
Tolerable Error Rate
A Compliance audit

50. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Capability Maturity Model Integration (CMMI)
Prblem Management
Current and most up-to-date