SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A maturity model that represents the aggregations of other maturity models.
Examples of Application Controls
General Controls
Capability Maturity Model Integration (CMMI)
Vulnerability in the organization's PBX
2. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Six steps of the Release Management process
OSI: Transport Layer
Dimensions of the COSO cube
Buffers
3. An audit of a third-party organization that provides services to other organizations.
Transport Layer Protocols
Inform the auditee
Rating Scale for Process Maturity
A Service Provider audit
4. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The Internet Layer in the TCP/IP model
A Compliance audit
Grid Computing
An Integrated Audit
5. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Judgmental sampling
The Software Program Library
Transport Layer Protocols
Testing activities
6. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Prblem Management
OSI: Network Layer
Critical Path Methodology
BCP Plans
7. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
General Controls
A Sample Mean
SDLC Phases
Organizational culture and maturity
8. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Current and most up-to-date
Network Layer Protocols
Variable Sampling
Split custody
9. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
A Server Cluster
Employee termination process
OSI Layer 5: Session
OSI: Network Layer
10. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
objective and unbiased
Resource details
Foreign Key
IT standards are not being reviewed often enough
11. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
The Steering Committee
Overall audit risk
IT executives and the Board of Directors
TCP/IP Transport Layer packet delivery
12. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
More difficult to perform
An Integrated Audit
Attribute Sampling
13. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Service Level Management
Wet pipe fire sprinkler system
Rating Scale for Process Maturity
The first step in a business impact analysis
14. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Main types of Controls
Antivirus software on the email servers
less than 24 hours
A gate process
15. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
The two Categories of Controls
Audit Methodologies
A Service Provider audit
Assess the maturity of its business processes
16. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
The Requirements
Control Unit
Power system controls
17. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
The typical Configuration Items in Configuration Management
Inherent Risk
Employee termination process
Control Unit
18. (1.) Objectives (2.) Components (3.) Business Units / Areas
Assess the maturity of its business processes
Six steps of the Release Management process
Prblem Management
Dimensions of the COSO cube
19. Gantt: used to display ______________.
Resource details
Statement of Impact
ITIL definition of CHANGE MANAGEMENT
Application Layer protocols
20. PERT: shows the ______________ critical path.
OSI Layer 7: Application
Department Charters
General Controls
Current and most up-to-date
21. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Formal waterfall
A Compliance audit
Entire password for an encryption key
The two Categories of Controls
22. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Database primary key
Substantive Testing (test of transaction integrity)
A Financial Audit
23. IT Governance is most concerned with ________.
Risk Management
IT Strategy
The BCP process
Examples of IT General Controls
24. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Hash
Testing activities
Incident Management
Business Realization
25. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
The appropriate role of an IS auditor in a control self-assessment
Inform the auditee
Concentrate on samples known to represent high risk
Personnel involved in the requirements phase of a software development project
26. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Geographic location
CPU
Reduced sign-on
Emergency Changes
27. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Cloud computing
Employee termination process
ITIL definition of PROBLEM
Incident Management
28. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Recovery time objective
The Eight Types of Audits
Critical Path Methodology
The Software Program Library
29. Used to determine which business processes are the most critical - by ranking them in order of criticality
Six steps of the Release Management process
An Administrative
TCP/IP Transport Layer packet delivery
Criticality analysis
30. An alternate processing center that contains no information processing equipment.
Statistical Sampling
A Cold Site
The Eight Types of Audits
OSI: Data Link Layer
31. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
The 4-item focus of a Balanced Scorecard
Personnel involved in the requirements phase of a software development project
The Internet Layer in the TCP/IP model
Examples of IT General Controls
32. The means by which management establishes and measures processes by which organizational objectives are achieved
Organizational culture and maturity
Buffers
Controls
Audit Methodologies
33. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Elements of the COBIT Framework
ITIL - IT Infrastructure Library
WAN Protocols
Reduced sign-on
34. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Data Link Layer Standards
Wet pipe fire sprinkler system
Critical Path Methodology
OSI: Transport Layer
35. Focuses on: post-event recovery and restoration of services
Disaster Recovery
IT executives and the Board of Directors
Emergency Changes
Overall audit risk
36. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
The two Categories of Controls
IT executives and the Board of Directors
Reduced sign-on
37. The highest number of errors that can exist without a result being materially misstated.
Entire password for an encryption key
Background checks performed
Tolerable Error Rate
Overall audit risk
38. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Discovery Sampling
Volumes of COSO framework
The 4-item focus of a Balanced Scorecard
Sampling
39. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Judgmental sampling
IT Services Financial Management
A Compliance audit
Variable Sampling
40. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
BCP Plans
Concentrate on samples known to represent high risk
Information security policy
Referential Integrity
41. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
OSI: Network Layer
Testing activities
Input validation checking
42. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Current and most up-to-date
Elements of the COSO pyramid
Overall audit risk
Structural fires and transportation accidents
43. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Separate administrative accounts
Employee termination process
Referential Integrity
44. The risk that an IS auditor will overlook errors or exceptions during an audit.
Overall audit risk
Testing activities
BCP Plans
Detection Risk
45. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Emergency Changes
The Steering Committee
IT Service Management
46. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
BCP Plans
(1.) Polices (2.) Procedures (3.) Standards
Capability Maturity Model Integration (CMMI)
Elements of the COBIT Framework
47. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Department Charters
Service Continuity Management
Information systems access
TCP/IP Link Layer
48. The maximum period of downtime for a process or application
Disaster Recovery
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Options for Risk Treatment
Recovery time objective
49. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
BCP Plans
Current and most up-to-date
Employees with excessive privileges
Service Continuity Management
50. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
More difficult to perform
Department Charters
IT Services Financial Management
Prblem Management