SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To communication security policies - procedures - and other security-related information to an organization's employees.
Types of sampling an auditor can perform.
Service Level Management
OSI: Physical Layer
Security Awareness program
2. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Blade Computer Architecture
Critical Path Methodology
Capability Maturity Model Integration (CMMI)
Formal waterfall
3. Focuses on: post-event recovery and restoration of services
Capability Maturity Model
Employee termination process
Organizational culture and maturity
Disaster Recovery
4. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
OSI: Network Layer
Control Risk
Business Continuity
Service Level Management
5. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Transport Layer Protocols
Segregation of duties issue in a high value process
Reduced sign-on
An IS audit
6. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Project change request
Background checks performed
Resource details
7. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Examples of Application Controls
A Cold Site
Critical Path Methodology
Types of sampling an auditor can perform.
8. (1.) Physical (2.) Technical (4.) Administrative
(1.) Polices (2.) Procedures (3.) Standards
A Problem
Three Types of Controls
Sampling
9. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Audit logging
Capability Maturity Model
The two Categories of Controls
10. Used to translate or transform data from lower layers into formats that the application layer can work with.
The audit program
Elements of the COSO pyramid
Critical Path Methodology
OSI Layer 6: Presentation
11. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Insourcing
A Server Cluster
A Financial Audit
Personnel involved in the requirements phase of a software development project
12. The inventory of all in-scope business processes and systems
Rating Scale for Process Maturity
The first step in a business impact analysis
Business impact analysis
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
13. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
A Forensic Audit
Data Link Layer Standards
The Release process
Tolerable Error Rate
14. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Concentrate on samples known to represent high risk
Wet pipe fire sprinkler system
ITIL definition of PROBLEM
Lacks specific expertise or resources to conduct an internal audit
15. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Information security policy
Control Risk
Criticality analysis
Information systems access
16. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
ITIL definition of CHANGE MANAGEMENT
Structural fires and transportation accidents
More difficult to perform
Elements of the COSO pyramid
17. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Resource details
OSI Layer 6: Presentation
Network Layer Protocols
Sampling Risk
18. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Sample Standard Deviation
Criticality analysis
Incident Management
Primary security features of relational databases
19. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
To identify the tasks that are responsible for project delays
Power system controls
Disaster Recovery
The BCP process
20. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Personnel involved in the requirements phase of a software development project
Advantages of outsourcing
Power system controls
21. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The Steering Committee
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Business Process Life Cycle
Hash
22. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
Expected Error Rate
TCP/IP Link Layer
Cloud computing
23. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Variable Sampling
Service Continuity Management
Security Awareness program
IT Services Financial Management
24. Delivery of packets from one station to another - on the same network or on different networks.
Security Awareness program
The best approach for identifying high risk areas for an audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Internet Layer in the TCP/IP model
25. (1.) Access controls (2.) Encryption (3.) Audit logging
The audit program
Deming Cycle
An IS audit
Primary security features of relational databases
26. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
OSI Layer 6: Presentation
IT executives and the Board of Directors
Business Realization
ITIL definition of CHANGE MANAGEMENT
27. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Project Management Strategies
A Service Provider audit
Compliance Testing
28. (1.) TCP (2.) UDP
Transport Layer Protocols
Expected Error Rate
An Administrative
objective and unbiased
29. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
The Business Process Life Cycle
Volumes of COSO framework
Business Continuity
WAN Protocols
30. IT Service Management is defined in ___________________ framework.
IT executives and the Board of Directors
Elements of the COBIT Framework
List of systems examined
ITIL - IT Infrastructure Library
31. An alternate processing center that contains no information processing equipment.
A Cold Site
Statement of Impact
A Problem
Cloud computing
32. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Statistical Sampling
Stratified Sampling
Prblem Management
Grid Computing
33. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Foreign Key
Disaster Recovery
Employees with excessive privileges
WAN Protocols
34. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Change management
Notify the Audit Committee
The Requirements
Sample Standard Deviation
35. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Antivirus software on the email servers
The appropriate role of an IS auditor in a control self-assessment
Elements of the COBIT Framework
IT standards are not being reviewed often enough
36. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
More difficult to perform
Inherent Risk
Options for Risk Treatment
Critical Path Methodology
37. The first major task in a disaster recovery or business continuity planning project.
Antivirus software on the email servers
A Financial Audit
OSI Layer 7: Application
Business impact analysis
38. The risk that an IS auditor will overlook errors or exceptions during an audit.
Disaster Recovery
Deming Cycle
Detection Risk
Server cluster
39. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
The Business Process Life Cycle
(1.) Man-made (2.) Natural
Judgmental sampling
IT Service Management
40. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
OSI: Network Layer
Current and most up-to-date
BCP Plans
41. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Types of sampling an auditor can perform.
Discovery Sampling
Attribute Sampling
A Problem
42. Defines internal controls and provides guidance for assessing and improving internal control systems.
ITIL definition of PROBLEM
Elements of the COSO pyramid
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Judgmental sampling
43. To measure organizational performance and effectiveness against strategic goals.
ITIL - IT Infrastructure Library
Reduced sign-on
Balanced Scorecard
Resource details
44. Used to measure the relative maturity of an organization and its processes.
Antivirus software on the email servers
Capability Maturity Model
An Administrative
objective and unbiased
45. Handle application processing
Audit logging
Grid Computing
To identify the tasks that are responsible for project delays
Application Controls
46. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Employees with excessive privileges
Statistical Sampling
A Forensic Audit
OSI: Physical Layer
47. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Variable Sampling
Geographic location
Categories of risk treatment
48. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Inform the auditee
Criticality analysis
A Virtual Server
Sampling Risk
49. Used to determine which business processes are the most critical - by ranking them in order of criticality
Substantive Testing (test of transaction integrity)
Department Charters
Hash
Criticality analysis
50. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
The Release process
Information systems access
List of systems examined
A Compliance audit