Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Examples of IT General Controls
Sample Standard Deviation
Information security policy
OSI Layer 6: Presentation

2. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
IT Strategy
Information systems access
Reduced sign-on
Security Awareness program

3. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
A Financial Audit
Six steps of the Release Management process
Entire password for an encryption key
Substantive Testing (test of transaction integrity)

4. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Annualized Loss Expectance (ALE)
WAN Protocols
Inherent Risk
(1.) Polices (2.) Procedures (3.) Standards

5. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
The 4-item focus of a Balanced Scorecard
The best approach for identifying high risk areas for an audit
Advantages of outsourcing
Antivirus software on the email servers

6. (1.) TCP (2.) UDP
Overall audit risk
Concentrate on samples known to represent high risk
Transport Layer Protocols
The two Categories of Controls

7. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Detection Risk
Power system controls
IT Service Management
Variable Sampling

8. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Configuration Management
Primary security features of relational databases
IT standards are not being reviewed often enough
IT Service Management

9. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
TCP/IP Transport Layer packet delivery
Sampling
SDLC Phases
Detection Risk

10. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Insourcing
Confidence coefficient
less than 24 hours
Judgmental sampling

11. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Background checks performed
SDLC Phases
Criticality analysis

12. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Inherent Risk
Detection Risk
Lacks specific expertise or resources to conduct an internal audit
Capability Maturity Model Integration (CMMI)

13. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Service Level Management
Split custody
The 5 types of Evidence that the auditor will collect during an audit.

14. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
The 4-item focus of a Balanced Scorecard
The Release process
Testing activities
A Sample Mean

15. IT Service Management is defined in ___________________ framework.
Six steps of the Release Management process
Confidence coefficient
ITIL definition of PROBLEM
ITIL - IT Infrastructure Library

16. A maturity model that represents the aggregations of other maturity models.
OSI Layer 5: Session
Prblem Management
An Administrative
Capability Maturity Model Integration (CMMI)

17. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Capability Maturity Model Integration (CMMI)
Transport Layer Protocols
Frameworks
The 7 phases and their order in the SDLC

18. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
A Forensic Audit
Formal waterfall
ITIL - IT Infrastructure Library

19. Disasters are generally grouped in terms of type: ______________.
IT executives and the Board of Directors
A Service Provider audit
Sample Standard Deviation
(1.) Man-made (2.) Natural

20. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
The Business Process Life Cycle
OSI Layer 6: Presentation
A Server Cluster

21. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Elements of the COSO pyramid
An Integrated Audit
An Operational Audit
Sampling Risk

22. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
An Administrative
Personnel involved in the requirements phase of a software development project
Precision means

23. A collection of two or more servers that is designed to appear as a single server.
The Requirements
OSI: Physical Layer
Formal waterfall
Server cluster

24. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Service Level Management
Dimensions of the COSO cube
Project Management Strategies

25. Gantt: used to display ______________.
Resource details
Entire password for an encryption key
Business impact analysis
Six steps of the Release Management process

26. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
An Administrative
Segregation of duties issue in a high value process
A Sample Mean
OSI Layer 6: Presentation

27. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Risk Management
Wet pipe fire sprinkler system
To identify the tasks that are responsible for project delays
Buffers

28. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Server cluster
Inform the auditee
Tolerable Error Rate
Input validation checking

29. To measure organizational performance and effectiveness against strategic goals.
A Cold Site
Balanced Scorecard
List of systems examined
Current and most up-to-date

30. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Registers
The typical Configuration Items in Configuration Management
Detection Risk

31. A sampling technique where at least one exception is sought in a population
Expected Error Rate
Discovery Sampling
Judgmental sampling
Current and most up-to-date

32. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Statistical Sampling
Information systems access
The best approach for identifying high risk areas for an audit
A gate process

33. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
More difficult to perform
Emergency Changes
IT Services Financial Management
A Service Provider audit

34. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Function Point Analysis
Hash
The audit program
The Release process

35. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Security Awareness program
The Requirements
The best approach for identifying high risk areas for an audit
WAN Protocols

36. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Emergency Changes
Six steps of the Release Management process
Registers
Buffers

37. (1.) Link (2.) Internet (3.) Transport (4.) Application
Buffers
TCP/IP Network Model
A gate process
OSI Layer 6: Presentation

38. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Entire password for an encryption key
Current and most up-to-date
Confidence coefficient

39. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Three Types of Controls
A Financial Audit
Substantive Testing (test of transaction integrity)
Elements of the COSO pyramid

40. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
The Internet Layer in the TCP/IP model
Incident Management
(1.) Man-made (2.) Natural
Examples of IT General Controls

41. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Information systems access
Notify the Audit Committee
IT standards are not being reviewed often enough
Split custody

42. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
OSI: Data Link Layer
Geographic location
Notify the Audit Committee
Inform the auditee

43. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
objective and unbiased
Structural fires and transportation accidents
Overall audit risk

44. Handle application processing
The first step in a business impact analysis
Application Controls
An Integrated Audit
More difficult to perform

45. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Rating Scale for Process Maturity
The availability of IT systems
A Service Provider audit
SDLC Phases

46. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Audit logging
Options for Risk Treatment
Organizational culture and maturity
TCP/IP Transport Layer

47. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
CPU
Prblem Management
Assess the maturity of its business processes
Deming Cycle

48. The sum of all samples divided by the number of samples.
Transport Layer Protocols
Disaster Recovery
Examples of IT General Controls
A Sample Mean

49. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
The 7 phases and their order in the SDLC
(1.) Polices (2.) Procedures (3.) Standards
ITIL definition of CHANGE MANAGEMENT

50. PERT: shows the ______________ critical path.
Current and most up-to-date
Dimensions of the COSO cube
The Requirements
The Release process