SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Handle application processing
Application Controls
Compliance Testing
Controls
Elements of the COBIT Framework
2. Used to estimate the effort required to develop a software program.
Annualized Loss Expectance (ALE)
An Operational Audit
Function Point Analysis
Balanced Scorecard
3. An audit of a third-party organization that provides services to other organizations.
Formal waterfall
A Service Provider audit
Capability Maturity Model
objective and unbiased
4. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
OSI: Transport Layer
Elements of the COBIT Framework
IT Service Management
Sampling Risk
5. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Capability Maturity Model Integration (CMMI)
The availability of IT systems
Compliance Testing
Foreign Key
6. Used to translate or transform data from lower layers into formats that the application layer can work with.
Geographic location
OSI Layer 6: Presentation
Application Controls
Risk Management
7. The main hardware component of a computer system - which executes instructions in computer programs.
Substantive Testing
CPU
OSI Layer 5: Session
A Financial Audit
8. To communication security policies - procedures - and other security-related information to an organization's employees.
Capability Maturity Model
The audit program
Configuration Management
Security Awareness program
9. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Function Point Analysis
A Sample Mean
Testing activities
10. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
An IS audit
Foreign Key
Substantive Testing
11. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
OSI: Transport Layer
Overall audit risk
Control Unit
12. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Three Types of Controls
Split custody
Blade Computer Architecture
13. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Elements of the COBIT Framework
Documentation and interview personnel
Hash
Judgmental sampling
14. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
TCP/IP Network Model
Business impact analysis
less than 24 hours
Tolerable Error Rate
15. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Separate administrative accounts
Attribute Sampling
Formal waterfall
The 7 phases and their order in the SDLC
16. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
IT Services Financial Management
Hash
Power system controls
17. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Function Point Analysis
Server cluster
Risk Management
The best approach for identifying high risk areas for an audit
18. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Security Awareness program
Volumes of COSO framework
The 5 types of Evidence that the auditor will collect during an audit.
A Cold Site
19. Subjective sampling is used when the auditor wants to _________________________.
OSI: Data Link Layer
The 5 types of Evidence that the auditor will collect during an audit.
Personnel involved in the requirements phase of a software development project
Concentrate on samples known to represent high risk
20. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Rating Scale for Process Maturity
Expected Error Rate
A Service Provider audit
Business Continuity
21. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Referential Integrity
Substantive Testing (test of transaction integrity)
Wet pipe fire sprinkler system
Sampling
22. A representation of how closely a sample represents an entire population.
Precision means
Network Layer Protocols
Variable Sampling
Split custody
23. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
The appropriate role of an IS auditor in a control self-assessment
Testing activities
Change management
A Financial Audit
24. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
OSI Layer 5: Session
ITIL definition of CHANGE MANAGEMENT
A Compliance audit
Release management
25. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Sampling Risk
TCP/IP Network Model
Assess the maturity of its business processes
OSI Layer 5: Session
26. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Compliance Testing
Elements of the COBIT Framework
PERT Diagram?
27. Concerned with electrical and physical specifications for devices. No frames or packets involved.
An Integrated Audit
OSI: Physical Layer
The best approach for identifying high risk areas for an audit
Sampling
28. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
(1.) Man-made (2.) Natural
Confidence coefficient
A Sample Mean
Audit logging
29. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Main types of Controls
Referential Integrity
Business Continuity
30. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
The Steering Committee
Testing activities
IT standards are not being reviewed often enough
Assess the maturity of its business processes
31. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Insourcing
Service Level Management
Prblem Management
Risk Management
32. An audit of operational efficiency.
An Administrative
Risk Management
A Forensic Audit
Overall audit risk
33. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Control Risk
OSI: Data Link Layer
Primary security features of relational databases
The 7 phases and their order in the SDLC
34. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
Transport Layer Protocols
Detection Risk
Application Controls
35. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Project change request
Capability Maturity Model
The 4-item focus of a Balanced Scorecard
Structural fires and transportation accidents
36. Used to determine which business processes are the most critical - by ranking them in order of criticality
Segregation of duties issue in a high value process
Criticality analysis
The availability of IT systems
Stay current with technology
37. The first major task in a disaster recovery or business continuity planning project.
Reduced sign-on
The best approach for identifying high risk areas for an audit
A Sample Mean
Business impact analysis
38. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
ITIL definition of PROBLEM
Data Link Layer Standards
Capability Maturity Model
39. (1.) Objectives (2.) Components (3.) Business Units / Areas
(1.) Polices (2.) Procedures (3.) Standards
Substantive Testing
Network Layer Protocols
Dimensions of the COSO cube
40. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Dimensions of the COSO cube
Prblem Management
Server cluster
41. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Application Layer protocols
Network Layer Protocols
A Virtual Server
Rating Scale for Process Maturity
42. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
OSI Layer 6: Presentation
Cloud computing
Advantages of outsourcing
WAN Protocols
43. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Compliance Testing
OSI Layer 6: Presentation
Information security policy
44. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Input validation checking
Application Controls
A gate process
Dimensions of the COSO cube
45. Used to measure the relative maturity of an organization and its processes.
Discovery Sampling
Elements of the COSO pyramid
A Server Cluster
Capability Maturity Model
46. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
A Financial Audit
Reduced sign-on
The availability of IT systems
Recovery time objective
47. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Geographic location
Balanced Scorecard
The audit program
48. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
OSI Layer 5: Session
Inherent Risk
Dimensions of the COSO cube
Examples of IT General Controls
49. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Business impact analysis
The best approach for identifying high risk areas for an audit
Expected Error Rate
50. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Insourcing
objective and unbiased
Geographic location
Examples of Application Controls
