SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The sum of all samples divided by the number of samples.
OSI: Data Link Layer
A Sample Mean
Organizational culture and maturity
A Financial Audit
2. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
A Server Cluster
Three Types of Controls
Assess the maturity of its business processes
Project change request
3. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
CPU
A Sample Mean
The 5 types of Evidence that the auditor will collect during an audit.
Sampling Risk
4. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Wet pipe fire sprinkler system
Statement of Impact
The Software Program Library
Confidence coefficient
5. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
A Service Provider audit
Data Link Layer Standards
Split custody
The Software Program Library
6. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
The 7 phases and their order in the SDLC
TCP/IP Transport Layer packet delivery
Gantt Chart
7. Framework for auditing and measuring IT Service Management Processes.
Confidence coefficient
ISO 20000 Standard:
BCP Plans
Inform the auditee
8. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Sampling Risk
The Steering Committee
Change management
Testing activities
9. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Stay current with technology
The two Categories of Controls
Three Types of Controls
10. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
ITIL definition of PROBLEM
OSI: Transport Layer
A Compliance audit
Primary security features of relational databases
11. The inventory of all in-scope business processes and systems
Inform the auditee
The first step in a business impact analysis
Dimensions of the COSO cube
OSI: Physical Layer
12. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Balanced Scorecard
Capability Maturity Model
Application Controls
13. A maturity model that represents the aggregations of other maturity models.
Server cluster
Capability Maturity Model Integration (CMMI)
Expected Error Rate
Application Controls
14. Used to measure the relative maturity of an organization and its processes.
Lacks specific expertise or resources to conduct an internal audit
Function Point Analysis
Substantive Testing
Capability Maturity Model
15. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Sampling Risk
Information systems access
Three Types of Controls
Documentation and interview personnel
16. The memory locations in the CPU where arithmetic values are stored.
Risk Management
Advantages of outsourcing
Registers
Application Layer protocols
17. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
A Forensic Audit
Entire password for an encryption key
TCP/IP Internet Layer
18. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
OSI Layer 7: Application
To identify the tasks that are responsible for project delays
Project change request
Sampling Risk
19. Gantt: used to display ______________.
Disaster Recovery
Resource details
Testing activities
The 5 types of Evidence that the auditor will collect during an audit.
20. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Compliance Testing
Service Continuity Management
Documentation and interview personnel
OSI Layer 7: Application
21. Describes the effect on the business if a process is incapacitated for any appreciable time
Variable Sampling
TCP/IP Network Model
Database primary key
Statement of Impact
22. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Testing activities
Examples of IT General Controls
The typical Configuration Items in Configuration Management
Substantive Testing
23. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
ITIL definition of PROBLEM
Segregation of duties issue in a high value process
The availability of IT systems
Balanced Scorecard
24. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Rating Scale for Process Maturity
Statement of Impact
More difficult to perform
The Release process
25. One of a database table's fields - whose value is unique.
Database primary key
TCP/IP Transport Layer
The Software Program Library
Department Charters
26. Consists of two main packet transport protocols: TCP and UDP.
Rating Scale for Process Maturity
Referential Integrity
TCP/IP Transport Layer
Hash
27. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Data Link Layer Standards
Advantages of outsourcing
A Sample Mean
Critical Path Methodology
28. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Business Continuity
A Virtual Server
Capability Maturity Model
Types of sampling an auditor can perform.
29. Delivery of packets from one station to another - on the same network or on different networks.
Blade Computer Architecture
Sampling
The Internet Layer in the TCP/IP model
Business Realization
30. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Three Types of Controls
Primary security features of relational databases
Release management
31. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
A Server Cluster
Employee termination process
Geographic location
32. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
The typical Configuration Items in Configuration Management
Insourcing
Data Link Layer Standards
Volumes of COSO framework
33. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Deming Cycle
Substantive Testing (test of transaction integrity)
Types of sampling an auditor can perform.
34. (1.) TCP (2.) UDP
Transport Layer Protocols
Project change request
Organizational culture and maturity
Main types of Controls
35. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Testing activities
Reduced sign-on
Volumes of COSO framework
objective and unbiased
36. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
OSI: Transport Layer
Elements of the COBIT Framework
The Release process
Overall audit risk
37. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Concentrate on samples known to represent high risk
Testing activities
WAN Protocols
The availability of IT systems
38. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
The appropriate role of an IS auditor in a control self-assessment
Prblem Management
Control Risk
39. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Testing activities
Sampling
Department Charters
OSI: Physical Layer
40. (1.) Automatic (2.) Manual
The two Categories of Controls
OSI Layer 6: Presentation
An Integrated Audit
OSI Layer 5: Session
41. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Employees with excessive privileges
Security Awareness program
Examples of IT General Controls
ISO 20000 Standard:
42. To measure organizational performance and effectiveness against strategic goals.
List of systems examined
Antivirus software on the email servers
Disaster Recovery
Balanced Scorecard
43. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Volumes of COSO framework
An Administrative
TCP/IP Link Layer
Elements of the COSO pyramid
44. Subjective sampling is used when the auditor wants to _________________________.
Sampling Risk
Business Realization
Concentrate on samples known to represent high risk
Grid Computing
45. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Cloud computing
The best approach for identifying high risk areas for an audit
PERT Diagram?
Department Charters
46. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
The Software Program Library
Control Risk
Stratified Sampling
Wet pipe fire sprinkler system
47. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
A Problem
Confidence coefficient
Control Risk
IT Services Financial Management
48. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Detection Risk
An Integrated Audit
A Server Cluster
49. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Tolerable Error Rate
Detection Risk
Segregation of duties issue in a high value process
50. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Registers
ITIL definition of PROBLEM
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
General Controls