SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An alternate processing center that contains no information processing equipment.
TCP/IP Network Model
Statement of Impact
A Cold Site
Buffers
2. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Six steps of the Release Management process
OSI: Transport Layer
Information security policy
Insourcing
3. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Data Link Layer
The Business Process Life Cycle
A Cold Site
Service Level Management
4. Focuses on: post-event recovery and restoration of services
The Business Process Life Cycle
Capability Maturity Model Integration (CMMI)
Disaster Recovery
Capability Maturity Model
5. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Gantt Chart
Rating Scale for Process Maturity
Stratified Sampling
6. The main hardware component of a computer system - which executes instructions in computer programs.
Incident Management
Antivirus software on the email servers
Insourcing
CPU
7. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Six steps of the Release Management process
Documentation and interview personnel
SDLC Phases
8. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
OSI Layer 6: Presentation
Volumes of COSO framework
TCP/IP Network Model
9. Handle application processing
Application Controls
Balanced Scorecard
Buffers
Variable Sampling
10. (1.) Objectives (2.) Components (3.) Business Units / Areas
A Problem
Dimensions of the COSO cube
Critical Path Methodology
Variable Sampling
11. Used to determine which business processes are the most critical - by ranking them in order of criticality
A gate process
TCP/IP Link Layer
Criticality analysis
Referential Integrity
12. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Substantive Testing
TCP/IP Transport Layer
Risk Management
Gantt Chart
13. Consists of two main packet transport protocols: TCP and UDP.
Audit logging
Resource details
The 4-item focus of a Balanced Scorecard
TCP/IP Transport Layer
14. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Organizational culture and maturity
Examples of IT General Controls
The audit program
Variable Sampling
15. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Concentrate on samples known to represent high risk
TCP/IP Internet Layer
Input validation checking
Server cluster
16. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Main types of Controls
Substantive Testing (test of transaction integrity)
Business Continuity
A Forensic Audit
17. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
OSI: Transport Layer
Elements of the COSO pyramid
WAN Protocols
18. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Transport Layer
TCP/IP Network Model
Release management
Confidence coefficient
19. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Elements of the COSO pyramid
Entire password for an encryption key
Capability Maturity Model
20. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Employee termination process
Blade Computer Architecture
Emergency Changes
21. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
TCP/IP Internet Layer
Categories of risk treatment
Examples of IT General Controls
22. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Frameworks
Configuration Management
Attribute Sampling
An IS audit
23. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Application Layer protocols
List of systems examined
A gate process
Separate administrative accounts
24. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Elements of the COBIT Framework
Annualized Loss Expectance (ALE)
Discovery Sampling
25. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Options for Risk Treatment
Substantive Testing
OSI Layer 5: Session
An IS audit
26. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Hash
Background checks performed
The Internet Layer in the TCP/IP model
27. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Discovery Sampling
Change management
Rating Scale for Process Maturity
The appropriate role of an IS auditor in a control self-assessment
28. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Control Unit
Project change request
Structural fires and transportation accidents
objective and unbiased
29. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Main types of Controls
Hash
Recovery time objective
Assess the maturity of its business processes
30. Delivery of packets from one station to another - on the same network or on different networks.
Lacks specific expertise or resources to conduct an internal audit
Elements of the COBIT Framework
The availability of IT systems
The Internet Layer in the TCP/IP model
31. A representation of how closely a sample represents an entire population.
Substantive Testing (test of transaction integrity)
Organizational culture and maturity
Stop-or-go Sampling
Precision means
32. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Disaster Recovery
ITIL - IT Infrastructure Library
Reduced sign-on
Business Continuity
33. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
List of systems examined
Statistical Sampling
Stay current with technology
Security Awareness program
34. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Judgmental sampling
Information security policy
A Financial Audit
Balanced Scorecard
35. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
ISO 20000 Standard:
TCP/IP Network Model
Vulnerability in the organization's PBX
36. An audit that is performed in support of an anticipated or active legal proceeding.
ITIL - IT Infrastructure Library
A Forensic Audit
Testing activities
Primary security features of relational databases
37. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
TCP/IP Transport Layer
Capability Maturity Model Integration (CMMI)
Business Continuity
38. Used to translate or transform data from lower layers into formats that the application layer can work with.
The Eight Types of Audits
The Steering Committee
OSI Layer 6: Presentation
Discovery Sampling
39. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
A Problem
BCP Plans
Inform the auditee
OSI Layer 7: Application
40. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Lacks specific expertise or resources to conduct an internal audit
Formal waterfall
A Server Cluster
41. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
A Server Cluster
ITIL definition of PROBLEM
less than 24 hours
A Sample Mean
42. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
The two Categories of Controls
Business Realization
less than 24 hours
43. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
IT Services Financial Management
Data Link Layer Standards
Statement of Impact
Project Management Strategies
44. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Controls
Power system controls
General Controls
45. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Audit Methodologies
ITIL definition of PROBLEM
BCP Plans
Foreign Key
46. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
Registers
A Problem
Attribute Sampling
47. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Configuration Management
A Service Provider audit
Input validation checking
To identify the tasks that are responsible for project delays
48. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Expected Error Rate
The 4-item focus of a Balanced Scorecard
IT Services Financial Management
SDLC Phases
49. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
PERT Diagram?
CPU
More difficult to perform
Network Layer Protocols
50. The inventory of all in-scope business processes and systems
Split custody
The first step in a business impact analysis
Geographic location
Rating Scale for Process Maturity
