SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Current and most up-to-date
Audit Methodologies
Network Layer Protocols
Split custody
2. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
OSI: Data Link Layer
Application Layer protocols
CPU
3. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Three Types of Controls
Overall audit risk
IT Strategy
IT Services Financial Management
4. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
Examples of Application Controls
Rating Scale for Process Maturity
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
5. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Detection Risk
Tolerable Error Rate
Reduced sign-on
IT Service Management
6. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Advantages of outsourcing
Examples of Application Controls
Hash
Project Management Strategies
7. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
TCP/IP Transport Layer packet delivery
Service Continuity Management
The 7 phases and their order in the SDLC
Inform the auditee
8. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
General Controls
A Virtual Server
Server cluster
9. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Examples of Application Controls
Segregation of duties issue in a high value process
Release management
ITIL - IT Infrastructure Library
10. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
An Administrative
The 5 types of Evidence that the auditor will collect during an audit.
Entire password for an encryption key
11. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Disaster Recovery
Project change request
The availability of IT systems
12. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Referential Integrity
Application Layer protocols
Judgmental sampling
Lacks specific expertise or resources to conduct an internal audit
13. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
PERT Diagram?
Three Types of Controls
Employees with excessive privileges
14. Defines internal controls and provides guidance for assessing and improving internal control systems.
(1.) Polices (2.) Procedures (3.) Standards
Vulnerability in the organization's PBX
Department Charters
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
15. ITIL term used to describe the SDLC.
A Sample Mean
Release management
Sampling Risk
Background checks performed
16. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Segregation of duties issue in a high value process
Application Controls
Substantive Testing (test of transaction integrity)
Blade Computer Architecture
17. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Sample Standard Deviation
Examples of Application Controls
Annualized Loss Expectance (ALE)
18. (1.) Automatic (2.) Manual
Judgmental sampling
The two Categories of Controls
Main types of Controls
Risk Management
19. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
A Forensic Audit
IT Services Financial Management
An Administrative
20. An audit that combines an operational audit and a financial audit.
Options for Risk Treatment
An Integrated Audit
ITIL definition of PROBLEM
IT standards are not being reviewed often enough
21. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
To identify the tasks that are responsible for project delays
The availability of IT systems
Grid Computing
Compliance Testing
22. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Project Management Strategies
A Cold Site
The 5 types of Evidence that the auditor will collect during an audit.
List of systems examined
23. PERT: shows the ______________ critical path.
Referential Integrity
The availability of IT systems
Current and most up-to-date
Categories of risk treatment
24. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A Server Cluster
ITIL definition of PROBLEM
A gate process
The best approach for identifying high risk areas for an audit
25. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Main types of Controls
Foreign Key
Employees with excessive privileges
Notify the Audit Committee
26. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Security Awareness program
To identify the tasks that are responsible for project delays
Capability Maturity Model Integration (CMMI)
TCP/IP Transport Layer packet delivery
27. A representation of how closely a sample represents an entire population.
Precision means
Annualized Loss Expectance (ALE)
Release management
Sampling Risk
28. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
The availability of IT systems
Lacks specific expertise or resources to conduct an internal audit
BCP Plans
The two Categories of Controls
29. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
OSI: Transport Layer
Dimensions of the COSO cube
OSI Layer 7: Application
30. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
The two Categories of Controls
Incident Management
Separate administrative accounts
Substantive Testing
31. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
TCP/IP Internet Layer
Annualized Loss Expectance (ALE)
Change management
Primary security features of relational databases
32. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Criticality analysis
A Compliance audit
Documentation and interview personnel
Insourcing
33. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Assess the maturity of its business processes
A Service Provider audit
Audit Methodologies
General Controls
34. Delivery of packets from one station to another - on the same network or on different networks.
Notify the Audit Committee
Business Continuity
Incident Management
The Internet Layer in the TCP/IP model
35. Focuses on: post-event recovery and restoration of services
The Release process
Sampling Risk
Disaster Recovery
A Virtual Server
36. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Hash
A Financial Audit
Release management
Statistical Sampling
37. The maximum period of downtime for a process or application
Network Layer Protocols
Background checks performed
A Virtual Server
Recovery time objective
38. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Sampling
less than 24 hours
Sampling Risk
Buffers
39. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Change management
OSI: Data Link Layer
An Administrative
Tolerable Error Rate
40. The first major task in a disaster recovery or business continuity planning project.
The Software Program Library
Volumes of COSO framework
Business impact analysis
Geographic location
41. Describes the effect on the business if a process is incapacitated for any appreciable time
Rating Scale for Process Maturity
Sample Standard Deviation
Service Continuity Management
Statement of Impact
42. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
Service Level Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Risk Management
43. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Dimensions of the COSO cube
A Problem
A Server Cluster
The 5 types of Evidence that the auditor will collect during an audit.
44. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Concentrate on samples known to represent high risk
The best approach for identifying high risk areas for an audit
OSI: Transport Layer
45. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
A Financial Audit
Sampling Risk
OSI: Data Link Layer
46. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Sampling Risk
OSI: Transport Layer
A Virtual Server
General Controls
47. The memory locations in the CPU where arithmetic values are stored.
Lacks specific expertise or resources to conduct an internal audit
Attribute Sampling
The two Categories of Controls
Registers
48. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
To identify the tasks that are responsible for project delays
The first step in a business impact analysis
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Attribute Sampling
49. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
ITIL definition of PROBLEM
Gantt Chart
Registers
TCP/IP Internet Layer
50. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Testing activities
Stay current with technology
Judgmental sampling
PERT Diagram?