SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Database primary key
Background checks performed
Segregation of duties issue in a high value process
Business Realization
2. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Capability Maturity Model Integration (CMMI)
SDLC Phases
Elements of the COBIT Framework
Inherent Risk
3. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Critical Path Methodology
Vulnerability in the organization's PBX
Attribute Sampling
Prblem Management
4. An audit of a third-party organization that provides services to other organizations.
The appropriate role of an IS auditor in a control self-assessment
TCP/IP Transport Layer
Personnel involved in the requirements phase of a software development project
A Service Provider audit
5. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Hash
BCP Plans
Six steps of the Release Management process
Control Risk
6. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
OSI: Transport Layer
Elements of the COBIT Framework
Prblem Management
Assess the maturity of its business processes
7. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Current and most up-to-date
Examples of Application Controls
TCP/IP Internet Layer
8. 1.) Executive Support (2.) Well-defined roles and responsibilities.
A Compliance audit
A Financial Audit
Information security policy
Geographic location
9. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Referential Integrity
Three Types of Controls
Input validation checking
Network Layer Protocols
10. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
PERT Diagram?
Application Controls
Server cluster
Sampling Risk
11. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Volumes of COSO framework
Compliance Testing
IT Service Management
ITIL - IT Infrastructure Library
12. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Buffers
Business impact analysis
Emergency Changes
13. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Emergency Changes
BCP Plans
ISO 20000 Standard:
Background checks performed
14. An audit that is performed in support of an anticipated or active legal proceeding.
Testing activities
Segregation of duties issue in a high value process
less than 24 hours
A Forensic Audit
15. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
A Server Cluster
The BCP process
The 7 phases and their order in the SDLC
Control Unit
16. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Network Layer Protocols
Audit Methodologies
Employees with excessive privileges
17. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
SDLC Phases
Insourcing
The appropriate role of an IS auditor in a control self-assessment
OSI: Transport Layer
18. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
CPU
OSI: Network Layer
Risk Management
TCP/IP Internet Layer
19. IT Governance is most concerned with ________.
Incident Management
The 7 phases and their order in the SDLC
IT Strategy
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
20. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Background checks performed
Insourcing
Antivirus software on the email servers
Resource details
21. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Tolerable Error Rate
Testing activities
A gate process
The 4-item focus of a Balanced Scorecard
22. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
The BCP process
Service Continuity Management
Grid Computing
An Integrated Audit
23. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
ISO 20000 Standard:
The availability of IT systems
Inherent Risk
The Steering Committee
24. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
IT Services Financial Management
Vulnerability in the organization's PBX
The Release process
25. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Application Controls
Examples of IT General Controls
IT executives and the Board of Directors
TCP/IP Network Model
26. To measure organizational performance and effectiveness against strategic goals.
Service Continuity Management
Balanced Scorecard
Current and most up-to-date
Geographic location
27. Defines internal controls and provides guidance for assessing and improving internal control systems.
Control Risk
Separate administrative accounts
Employee termination process
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
28. PERT: shows the ______________ critical path.
(1.) Man-made (2.) Natural
Dimensions of the COSO cube
Employees with excessive privileges
Current and most up-to-date
29. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Prblem Management
Recovery time objective
Hash
Stratified Sampling
30. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
A Service Provider audit
The Eight Types of Audits
Deming Cycle
Geographic location
31. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Incident Management
Sampling Risk
Service Level Management
Business Continuity
32. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Sampling Risk
The Internet Layer in the TCP/IP model
The audit program
Employees with excessive privileges
33. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
A Problem
Employee termination process
ITIL definition of PROBLEM
Annualized Loss Expectance (ALE)
34. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Control Risk
OSI: Physical Layer
List of systems examined
Information systems access
35. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Compliance Testing
Configuration Management
Data Link Layer Standards
The 4-item focus of a Balanced Scorecard
36. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
(1.) Polices (2.) Procedures (3.) Standards
OSI Layer 5: Session
Inform the auditee
SDLC Phases
37. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Control Risk
Discovery Sampling
Release management
38. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Power system controls
An Operational Audit
Project Management Strategies
Tolerable Error Rate
39. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
less than 24 hours
Volumes of COSO framework
Organizational culture and maturity
OSI: Transport Layer
40. The memory locations in the CPU where arithmetic values are stored.
Judgmental sampling
Registers
WAN Protocols
The Business Process Life Cycle
41. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Blade Computer Architecture
Statistical Sampling
IT standards are not being reviewed often enough
Expected Error Rate
42. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
The Release process
Formal waterfall
A Compliance audit
IT executives and the Board of Directors
43. The highest number of errors that can exist without a result being materially misstated.
Overall audit risk
Tolerable Error Rate
The Requirements
Current and most up-to-date
44. (1.) Access controls (2.) Encryption (3.) Audit logging
Stay current with technology
Project change request
Database primary key
Primary security features of relational databases
45. Framework for auditing and measuring IT Service Management Processes.
Balanced Scorecard
Database primary key
ISO 20000 Standard:
To identify the tasks that are responsible for project delays
46. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Advantages of outsourcing
SDLC Phases
Sampling Risk
The Release process
47. Describes the effect on the business if a process is incapacitated for any appreciable time
Geographic location
Statement of Impact
Power system controls
Resource details
48. To communication security policies - procedures - and other security-related information to an organization's employees.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Security Awareness program
An Administrative
Annualized Loss Expectance (ALE)
49. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Audit logging
The availability of IT systems
OSI: Transport Layer
The best approach for identifying high risk areas for an audit
50. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
A Service Provider audit
Audit logging
Sampling
An Administrative
