SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The memory locations in the CPU where arithmetic values are stored.
OSI: Physical Layer
Overall audit risk
The appropriate role of an IS auditor in a control self-assessment
Registers
2. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Service Level Management
More difficult to perform
OSI: Transport Layer
Sampling Risk
3. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Judgmental sampling
Emergency Changes
IT Strategy
4. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Tolerable Error Rate
Capability Maturity Model Integration (CMMI)
Change management
Separate administrative accounts
5. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
IT executives and the Board of Directors
Employees with excessive privileges
The Eight Types of Audits
6. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Project Management Strategies
Stop-or-go Sampling
Entire password for an encryption key
7. An audit of operational efficiency.
To identify the tasks that are responsible for project delays
A Server Cluster
Stratified Sampling
An Administrative
8. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
PERT Diagram?
Audit Methodologies
Organizational culture and maturity
Control Unit
9. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Primary security features of relational databases
A Cold Site
IT Services Financial Management
Risk Management
10. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Control Unit
PERT Diagram?
Substantive Testing (test of transaction integrity)
General Controls
11. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
An Integrated Audit
Emergency Changes
An Operational Audit
SDLC Phases
12. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Structural fires and transportation accidents
Attribute Sampling
ISO 20000 Standard:
An IS audit
13. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
The Internet Layer in the TCP/IP model
Control Risk
The first step in a business impact analysis
Inherent Risk
14. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Service Level Management
A Sample Mean
SDLC Phases
15. (1.) Access controls (2.) Encryption (3.) Audit logging
A Forensic Audit
WAN Protocols
Primary security features of relational databases
The availability of IT systems
16. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Precision means
Incident Management
Annualized Loss Expectance (ALE)
17. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
The Internet Layer in the TCP/IP model
ITIL definition of PROBLEM
List of systems examined
18. A representation of how closely a sample represents an entire population.
The two Categories of Controls
Three Types of Controls
Precision means
Referential Integrity
19. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Insourcing
Employees with excessive privileges
Elements of the COBIT Framework
OSI Layer 6: Presentation
20. An audit that combines an operational audit and a financial audit.
Business Continuity
Current and most up-to-date
An Integrated Audit
Frameworks
21. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Assess the maturity of its business processes
IT Services Financial Management
Information security policy
Input validation checking
22. Delivery of packets from one station to another - on the same network or on different networks.
Discovery Sampling
A Financial Audit
The Internet Layer in the TCP/IP model
(1.) Man-made (2.) Natural
23. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Detection Risk
Antivirus software on the email servers
Blade Computer Architecture
24. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Controls
Power system controls
A Service Provider audit
Background checks performed
25. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Formal waterfall
Separate administrative accounts
Service Level Management
less than 24 hours
26. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
The first step in a business impact analysis
Capability Maturity Model Integration (CMMI)
Structural fires and transportation accidents
An IS audit
27. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Detection Risk
List of systems examined
Antivirus software on the email servers
A Virtual Server
28. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Business Continuity
Critical Path Methodology
The first step in a business impact analysis
IT Service Management
29. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
The 5 types of Evidence that the auditor will collect during an audit.
The first step in a business impact analysis
The availability of IT systems
30. An audit of a third-party organization that provides services to other organizations.
Overall audit risk
ISO 20000 Standard:
A Service Provider audit
Disaster Recovery
31. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
A Cold Site
Segregation of duties issue in a high value process
WAN Protocols
Capability Maturity Model Integration (CMMI)
32. An audit that is performed in support of an anticipated or active legal proceeding.
OSI: Transport Layer
A Forensic Audit
Function Point Analysis
Resource details
33. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Transport Layer Protocols
OSI Layer 5: Session
ISO 20000 Standard:
Insourcing
34. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Confidence coefficient
Options for Risk Treatment
The appropriate role of an IS auditor in a control self-assessment
35. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Buffers
Sampling Risk
less than 24 hours
36. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
OSI: Transport Layer
Rating Scale for Process Maturity
A Sample Mean
TCP/IP Internet Layer
37. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Personnel involved in the requirements phase of a software development project
OSI: Physical Layer
BCP Plans
Cloud computing
38. (1.) TCP (2.) UDP
The Business Process Life Cycle
List of systems examined
Detection Risk
Transport Layer Protocols
39. To communication security policies - procedures - and other security-related information to an organization's employees.
Sampling Risk
Security Awareness program
Cloud computing
BCP Plans
40. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Sampling Risk
Emergency Changes
Examples of Application Controls
41. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Split custody
General Controls
Substantive Testing
Rating Scale for Process Maturity
42. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
Tolerable Error Rate
Entire password for an encryption key
The 5 types of Evidence that the auditor will collect during an audit.
43. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
The BCP process
Incident Management
Elements of the COSO pyramid
Confidence coefficient
44. Disasters are generally grouped in terms of type: ______________.
BCP Plans
The two Categories of Controls
The BCP process
(1.) Man-made (2.) Natural
45. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
less than 24 hours
Incident Management
Precision means
46. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
More difficult to perform
The Business Process Life Cycle
Overall audit risk
IT standards are not being reviewed often enough
47. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Stratified Sampling
Testing activities
A Forensic Audit
Annualized Loss Expectance (ALE)
48. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Criticality analysis
Detection Risk
Referential Integrity
49. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
The appropriate role of an IS auditor in a control self-assessment
Project Management Strategies
Project change request
The availability of IT systems
50. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Information security policy
IT standards are not being reviewed often enough
Insourcing
