SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The means by which management establishes and measures processes by which organizational objectives are achieved
Employees with excessive privileges
Current and most up-to-date
Criticality analysis
Controls
2. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
A Virtual Server
Substantive Testing
Elements of the COBIT Framework
3. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Input validation checking
The best approach for identifying high risk areas for an audit
OSI: Transport Layer
Deming Cycle
4. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
Emergency Changes
Control Unit
Balanced Scorecard
5. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
The two Categories of Controls
Judgmental sampling
Types of sampling an auditor can perform.
Application Layer protocols
6. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
PERT Diagram?
List of systems examined
Confidence coefficient
An Administrative
7. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Geographic location
Balanced Scorecard
Grid Computing
Split custody
8. A maturity model that represents the aggregations of other maturity models.
Personnel involved in the requirements phase of a software development project
A Server Cluster
Capability Maturity Model Integration (CMMI)
Entire password for an encryption key
9. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Documentation and interview personnel
Recovery time objective
OSI Layer 5: Session
The Requirements
10. (1.) Automatic (2.) Manual
Notify the Audit Committee
OSI Layer 6: Presentation
The two Categories of Controls
Tolerable Error Rate
11. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Criticality analysis
A Service Provider audit
An IS audit
Antivirus software on the email servers
12. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Lacks specific expertise or resources to conduct an internal audit
Tolerable Error Rate
BCP Plans
Employees with excessive privileges
13. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
OSI: Network Layer
OSI Layer 5: Session
BCP Plans
OSI: Data Link Layer
14. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Employee termination process
Buffers
Controls
A Problem
15. ITIL term used to describe the SDLC.
Release management
IT executives and the Board of Directors
The Release process
Stratified Sampling
16. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Information security policy
WAN Protocols
An Operational Audit
The appropriate role of an IS auditor in a control self-assessment
17. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Employees with excessive privileges
Compliance Testing
Information security policy
18. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Balanced Scorecard
Emergency Changes
OSI Layer 7: Application
Data Link Layer Standards
19. (1.) TCP (2.) UDP
Substantive Testing
Transport Layer Protocols
A Forensic Audit
objective and unbiased
20. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
More difficult to perform
The Software Program Library
Control Risk
Inherent Risk
21. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Data Link Layer Standards
The typical Configuration Items in Configuration Management
Database primary key
Release management
22. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Application Layer protocols
Inherent Risk
Expected Error Rate
IT standards are not being reviewed often enough
23. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
The Steering Committee
An Integrated Audit
Emergency Changes
Main types of Controls
24. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Control Unit
Judgmental sampling
A Virtual Server
25. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Examples of IT General Controls
Business Continuity
The best approach for identifying high risk areas for an audit
26. Guide program execution through organization of resources and development of clear project objectives.
Referential Integrity
Assess the maturity of its business processes
Project Management Strategies
ISO 20000 Standard:
27. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
IT executives and the Board of Directors
Application Layer protocols
More difficult to perform
Business Continuity
28. An audit that combines an operational audit and a financial audit.
Foreign Key
Business impact analysis
Incident Management
An Integrated Audit
29. The sum of all samples divided by the number of samples.
The two Categories of Controls
Capability Maturity Model Integration (CMMI)
A Sample Mean
Referential Integrity
30. (1.) Physical (2.) Technical (4.) Administrative
The first step in a business impact analysis
OSI Layer 6: Presentation
OSI: Network Layer
Three Types of Controls
31. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
The 7 phases and their order in the SDLC
The two Categories of Controls
A Server Cluster
Substantive Testing (test of transaction integrity)
32. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
List of systems examined
OSI: Transport Layer
IT Service Management
Volumes of COSO framework
33. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Cloud computing
Inform the auditee
The Steering Committee
To identify the tasks that are responsible for project delays
34. Used to determine which business processes are the most critical - by ranking them in order of criticality
A Forensic Audit
OSI Layer 5: Session
IT executives and the Board of Directors
Criticality analysis
35. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
The 4-item focus of a Balanced Scorecard
The availability of IT systems
Sample Standard Deviation
Transport Layer Protocols
36. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
A Compliance audit
Emergency Changes
Reduced sign-on
Frameworks
37. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
List of systems examined
A Cold Site
Three Types of Controls
The Requirements
38. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
OSI Layer 7: Application
Prblem Management
Frameworks
Lacks specific expertise or resources to conduct an internal audit
39. Gantt: used to display ______________.
Antivirus software on the email servers
Hash
Resource details
Split custody
40. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Overall audit risk
Input validation checking
Configuration Management
Employee termination process
41. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Sampling Risk
Prblem Management
IT Services Financial Management
The Release process
42. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Precision means
Audit logging
An Integrated Audit
Statistical Sampling
43. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Examples of IT General Controls
Organizational culture and maturity
OSI: Transport Layer
44. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Blade Computer Architecture
TCP/IP Internet Layer
Lacks specific expertise or resources to conduct an internal audit
45. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
The two Categories of Controls
Cloud computing
Change management
Information systems access
46. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Critical Path Methodology
Entire password for an encryption key
Annualized Loss Expectance (ALE)
(1.) Man-made (2.) Natural
47. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Discovery Sampling
A Virtual Server
Cloud computing
48. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Server cluster
The BCP process
Substantive Testing (test of transaction integrity)
Business Realization
49. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Service Level Management
Employees with excessive privileges
Compliance Testing
TCP/IP Internet Layer
50. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Categories of risk treatment
IT standards are not being reviewed often enough
Segregation of duties issue in a high value process
Tolerable Error Rate