SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Hash
Sampling
Main types of Controls
Categories of risk treatment
2. ITIL term used to describe the SDLC.
List of systems examined
Resource details
Recovery time objective
Release management
3. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
Resource details
The Internet Layer in the TCP/IP model
IT Services Financial Management
4. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Server cluster
Organizational culture and maturity
Volumes of COSO framework
A Problem
5. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Elements of the COBIT Framework
Balanced Scorecard
Employee termination process
Controls
6. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
A Cold Site
List of systems examined
TCP/IP Internet Layer
Sampling Risk
7. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Balanced Scorecard
Dimensions of the COSO cube
Audit logging
Application Controls
8. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Resource details
ISO 20000 Standard:
Sampling Risk
Volumes of COSO framework
9. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Balanced Scorecard
Options for Risk Treatment
TCP/IP Network Model
10. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
The Software Program Library
Split custody
The Steering Committee
11. An audit of an IS department's operations and systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Geographic location
Concentrate on samples known to represent high risk
An IS audit
12. The main hardware component of a computer system - which executes instructions in computer programs.
Discovery Sampling
CPU
Wet pipe fire sprinkler system
TCP/IP Transport Layer packet delivery
13. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
To identify the tasks that are responsible for project delays
A Service Provider audit
More difficult to perform
14. IT Service Management is defined in ___________________ framework.
OSI: Transport Layer
ITIL - IT Infrastructure Library
TCP/IP Internet Layer
Rating Scale for Process Maturity
15. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
IT Strategy
Vulnerability in the organization's PBX
The appropriate role of an IS auditor in a control self-assessment
Department Charters
16. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
objective and unbiased
Stay current with technology
Current and most up-to-date
A Service Provider audit
17. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
An Operational Audit
Business impact analysis
TCP/IP Transport Layer packet delivery
Options for Risk Treatment
18. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
(1.) Man-made (2.) Natural
The Software Program Library
Types of sampling an auditor can perform.
Examples of IT General Controls
19. An audit of a third-party organization that provides services to other organizations.
Categories of risk treatment
Hash
The BCP process
A Service Provider audit
20. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Capability Maturity Model Integration (CMMI)
Incident Management
A Compliance audit
TCP/IP Link Layer
21. Support the functioning of the application controls
Dimensions of the COSO cube
General Controls
ITIL - IT Infrastructure Library
A Sample Mean
22. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
IT standards are not being reviewed often enough
OSI: Transport Layer
IT Service Management
23. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A Service Provider audit
Attribute Sampling
Categories of risk treatment
24. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Notify the Audit Committee
Reduced sign-on
Cloud computing
25. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The Internet Layer in the TCP/IP model
To identify the tasks that are responsible for project delays
ISO 20000 Standard:
Business Continuity
26. Delivery of packets from one station to another - on the same network or on different networks.
(1.) Polices (2.) Procedures (3.) Standards
Advantages of outsourcing
The Internet Layer in the TCP/IP model
Current and most up-to-date
27. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Application Controls
A Server Cluster
A Sample Mean
The Software Program Library
28. A sampling technique where at least one exception is sought in a population
Lacks specific expertise or resources to conduct an internal audit
Discovery Sampling
TCP/IP Transport Layer packet delivery
The BCP process
29. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
IT Service Management
Sample Standard Deviation
A Sample Mean
30. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Security Awareness program
TCP/IP Link Layer
Structural fires and transportation accidents
A gate process
31. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Segregation of duties issue in a high value process
A Service Provider audit
The first step in a business impact analysis
32. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
IT Service Management
Balanced Scorecard
Rating Scale for Process Maturity
Sampling
33. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Power system controls
Segregation of duties issue in a high value process
Confidence coefficient
34. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Elements of the COBIT Framework
Hash
Variable Sampling
TCP/IP Internet Layer
35. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
The Internet Layer in the TCP/IP model
Registers
TCP/IP Internet Layer
Employees with excessive privileges
36. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Business impact analysis
SDLC Phases
Personnel involved in the requirements phase of a software development project
Background checks performed
37. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Control Risk
The best approach for identifying high risk areas for an audit
Elements of the COBIT Framework
Lacks specific expertise or resources to conduct an internal audit
38. Describes the effect on the business if a process is incapacitated for any appreciable time
The BCP process
Statement of Impact
Data Link Layer Standards
The availability of IT systems
39. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Power system controls
Compliance Testing
The availability of IT systems
Information systems access
40. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
PERT Diagram?
Service Continuity Management
Statistical Sampling
41. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
The Eight Types of Audits
Criticality analysis
Advantages of outsourcing
OSI Layer 5: Session
42. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
PERT Diagram?
The Business Process Life Cycle
Application Layer protocols
43. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Incident Management
Stop-or-go Sampling
The Release process
Business Realization
44. A collection of two or more servers that is designed to appear as a single server.
Resource details
Substantive Testing
Volumes of COSO framework
Server cluster
45. The risk that an IS auditor will overlook errors or exceptions during an audit.
Application Layer protocols
WAN Protocols
Detection Risk
Business Realization
46. Defines internal controls and provides guidance for assessing and improving internal control systems.
Entire password for an encryption key
Audit logging
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Main types of Controls
47. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Security Awareness program
An Operational Audit
OSI: Transport Layer
Elements of the COSO pyramid
48. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
OSI Layer 6: Presentation
Business Continuity
The Internet Layer in the TCP/IP model
Criticality analysis
49. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Separate administrative accounts
Lacks specific expertise or resources to conduct an internal audit
Emergency Changes
50. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Control Risk
The 7 phases and their order in the SDLC
PERT Diagram?
Insourcing
