SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Stratified Sampling
IT Strategy
Wet pipe fire sprinkler system
Categories of risk treatment
2. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Criticality analysis
General Controls
less than 24 hours
3. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Audit logging
To identify the tasks that are responsible for project delays
Configuration Management
The availability of IT systems
4. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Stop-or-go Sampling
ITIL definition of CHANGE MANAGEMENT
The 5 types of Evidence that the auditor will collect during an audit.
Sampling Risk
5. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
A Financial Audit
(1.) Polices (2.) Procedures (3.) Standards
Formal waterfall
Employee termination process
6. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Resource details
Stop-or-go Sampling
Elements of the COBIT Framework
The Internet Layer in the TCP/IP model
7. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Substantive Testing (test of transaction integrity)
Examples of IT General Controls
The best approach for identifying high risk areas for an audit
8. Used to determine which business processes are the most critical - by ranking them in order of criticality
The best approach for identifying high risk areas for an audit
Transport Layer Protocols
Tolerable Error Rate
Criticality analysis
9. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Application Layer protocols
Advantages of outsourcing
Examples of Application Controls
IT Strategy
10. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
The Eight Types of Audits
Referential Integrity
An IS audit
11. An audit of a third-party organization that provides services to other organizations.
Buffers
Gantt Chart
A Service Provider audit
Controls
12. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Split custody
An Administrative
IT Services Financial Management
13. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
OSI: Network Layer
Personnel involved in the requirements phase of a software development project
The availability of IT systems
14. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
WAN Protocols
Application Layer protocols
The appropriate role of an IS auditor in a control self-assessment
The two Categories of Controls
15. A maturity model that represents the aggregations of other maturity models.
OSI: Network Layer
Capability Maturity Model Integration (CMMI)
The Software Program Library
Primary security features of relational databases
16. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Business Continuity
Structural fires and transportation accidents
Service Continuity Management
17. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Volumes of COSO framework
An IS audit
Controls
Six steps of the Release Management process
18. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Resource details
The availability of IT systems
Control Risk
OSI: Network Layer
19. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Employees with excessive privileges
To identify the tasks that are responsible for project delays
Grid Computing
20. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
ISO 20000 Standard:
Employees with excessive privileges
Foreign Key
Main types of Controls
21. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Rating Scale for Process Maturity
Notify the Audit Committee
Sampling
Testing activities
22. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
The first step in a business impact analysis
Substantive Testing
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
23. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Capability Maturity Model Integration (CMMI)
Segregation of duties issue in a high value process
Deming Cycle
Expected Error Rate
24. PERT: shows the ______________ critical path.
Current and most up-to-date
The availability of IT systems
Project change request
Statistical Sampling
25. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
The Requirements
A Compliance audit
Assess the maturity of its business processes
Security Awareness program
26. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Server cluster
An IS audit
Buffers
Attribute Sampling
27. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
Stay current with technology
Server cluster
More difficult to perform
28. An audit of operational efficiency.
Expected Error Rate
An Administrative
Elements of the COBIT Framework
A Service Provider audit
29. A representation of how closely a sample represents an entire population.
Recovery time objective
Department Charters
The Eight Types of Audits
Precision means
30. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
The best approach for identifying high risk areas for an audit
A Sample Mean
Formal waterfall
31. Contains programs that communicate directly with the end user.
IT standards are not being reviewed often enough
Database primary key
Rating Scale for Process Maturity
OSI Layer 7: Application
32. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
Configuration Management
Options for Risk Treatment
Six steps of the Release Management process
33. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Power system controls
ITIL definition of CHANGE MANAGEMENT
Organizational culture and maturity
34. An audit of an IS department's operations and systems.
Application Layer protocols
Audit Methodologies
Employee termination process
An IS audit
35. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
A Sample Mean
IT Strategy
Information systems access
The Business Process Life Cycle
36. Support the functioning of the application controls
The Steering Committee
An IS audit
General Controls
Overall audit risk
37. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
Sample Standard Deviation
Function Point Analysis
Power system controls
38. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
A Server Cluster
CPU
The 7 phases and their order in the SDLC
39. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Split custody
Change management
The audit program
Stay current with technology
40. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Tolerable Error Rate
The Eight Types of Audits
List of systems examined
Capability Maturity Model
41. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
IT executives and the Board of Directors
Resource details
The Steering Committee
A Server Cluster
42. The sum of all samples divided by the number of samples.
Sampling
Inherent Risk
A Sample Mean
TCP/IP Transport Layer packet delivery
43. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Sampling Risk
The appropriate role of an IS auditor in a control self-assessment
The 4-item focus of a Balanced Scorecard
Concentrate on samples known to represent high risk
44. Gantt: used to display ______________.
Concentrate on samples known to represent high risk
Options for Risk Treatment
The availability of IT systems
Resource details
45. Focuses on: post-event recovery and restoration of services
Cloud computing
Business Continuity
Disaster Recovery
Stay current with technology
46. The means by which management establishes and measures processes by which organizational objectives are achieved
Types of sampling an auditor can perform.
Controls
Release management
Substantive Testing (test of transaction integrity)
47. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Power system controls
Structural fires and transportation accidents
Data Link Layer Standards
Application Controls
48. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
TCP/IP Link Layer
Data Link Layer Standards
The appropriate role of an IS auditor in a control self-assessment
Inform the auditee
49. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Sampling Risk
Frameworks
Documentation and interview personnel
A Financial Audit
50. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Reduced sign-on
Sample Standard Deviation
Security Awareness program
