SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
An Operational Audit
Configuration Management
IT executives and the Board of Directors
Stay current with technology
2. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Types of sampling an auditor can perform.
ITIL definition of CHANGE MANAGEMENT
The 5 types of Evidence that the auditor will collect during an audit.
3. Disasters are generally grouped in terms of type: ______________.
Substantive Testing
(1.) Man-made (2.) Natural
More difficult to perform
Resource details
4. The means by which management establishes and measures processes by which organizational objectives are achieved
Background checks performed
TCP/IP Link Layer
Controls
Audit logging
5. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Network Layer Protocols
Examples of IT General Controls
Server cluster
Annualized Loss Expectance (ALE)
6. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Data Link Layer Standards
Notify the Audit Committee
A gate process
Sampling Risk
7. To communication security policies - procedures - and other security-related information to an organization's employees.
Reduced sign-on
To identify the tasks that are responsible for project delays
SDLC Phases
Security Awareness program
8. Support the functioning of the application controls
OSI: Transport Layer
General Controls
Vulnerability in the organization's PBX
Statement of Impact
9. (1.) Physical (2.) Technical (4.) Administrative
Server cluster
Rating Scale for Process Maturity
The first step in a business impact analysis
Three Types of Controls
10. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
An IS audit
Six steps of the Release Management process
Inherent Risk
Background checks performed
11. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Insourcing
Change management
OSI: Physical Layer
12. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Application Controls
SDLC Phases
Gantt Chart
13. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Sampling Risk
Current and most up-to-date
Inform the auditee
Cloud computing
14. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Deming Cycle
PERT Diagram?
Business Continuity
15. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
TCP/IP Network Model
ISO 20000 Standard:
Critical Path Methodology
WAN Protocols
16. PERT: shows the ______________ critical path.
Recovery time objective
SDLC Phases
Current and most up-to-date
Organizational culture and maturity
17. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Balanced Scorecard
Stay current with technology
Geographic location
Control Unit
18. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Change management
Separate administrative accounts
WAN Protocols
Assess the maturity of its business processes
19. The memory locations in the CPU where arithmetic values are stored.
Employees with excessive privileges
Function Point Analysis
Registers
OSI: Data Link Layer
20. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Business Realization
Categories of risk treatment
Business impact analysis
Stop-or-go Sampling
21. Defines internal controls and provides guidance for assessing and improving internal control systems.
Blade Computer Architecture
Configuration Management
objective and unbiased
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
22. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Organizational culture and maturity
To identify the tasks that are responsible for project delays
Business Realization
Judgmental sampling
23. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Criticality analysis
IT Service Management
OSI: Network Layer
Categories of risk treatment
24. IT Governance is most concerned with ________.
Application Controls
OSI: Transport Layer
IT Strategy
BCP Plans
25. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Antivirus software on the email servers
The Eight Types of Audits
Critical Path Methodology
26. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
OSI: Transport Layer
ITIL definition of PROBLEM
Primary security features of relational databases
Service Level Management
27. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Substantive Testing
Capability Maturity Model
Employee termination process
Database primary key
28. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Categories of risk treatment
Organizational culture and maturity
CPU
Detection Risk
29. The highest number of errors that can exist without a result being materially misstated.
Disaster Recovery
Tolerable Error Rate
A Forensic Audit
Function Point Analysis
30. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
OSI: Physical Layer
IT Strategy
The appropriate role of an IS auditor in a control self-assessment
Confidence coefficient
31. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
The best approach for identifying high risk areas for an audit
OSI: Data Link Layer
OSI Layer 6: Presentation
32. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
Critical Path Methodology
Examples of Application Controls
The BCP process
33. A collection of two or more servers that is designed to appear as a single server.
Background checks performed
OSI: Data Link Layer
Server cluster
Controls
34. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
A Virtual Server
Judgmental sampling
Inform the auditee
35. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Formal waterfall
Confidence coefficient
Application Layer protocols
objective and unbiased
36. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
Resource details
Server cluster
Types of sampling an auditor can perform.
37. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
The 4-item focus of a Balanced Scorecard
Capability Maturity Model Integration (CMMI)
A Problem
38. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Assess the maturity of its business processes
OSI: Physical Layer
Business Realization
Overall audit risk
39. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Project change request
Reduced sign-on
Emergency Changes
40. (1.) Automatic (2.) Manual
The two Categories of Controls
Network Layer Protocols
Business Realization
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
41. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Background checks performed
Sampling
A Server Cluster
Stay current with technology
42. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Substantive Testing (test of transaction integrity)
IT Strategy
An Operational Audit
43. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
List of systems examined
(1.) Man-made (2.) Natural
Six steps of the Release Management process
44. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Expected Error Rate
The appropriate role of an IS auditor in a control self-assessment
Recovery time objective
PERT Diagram?
45. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
ITIL definition of CHANGE MANAGEMENT
The Eight Types of Audits
The 4-item focus of a Balanced Scorecard
IT Services Financial Management
46. Subjective sampling is used when the auditor wants to _________________________.
A Service Provider audit
Concentrate on samples known to represent high risk
The Requirements
Expected Error Rate
47. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Database primary key
Substantive Testing
Concentrate on samples known to represent high risk
Categories of risk treatment
48. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
The two Categories of Controls
General Controls
Blade Computer Architecture
Information systems access
49. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Disaster Recovery
Control Risk
ITIL - IT Infrastructure Library
Sampling
50. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The Requirements
Cloud computing
The 7 phases and their order in the SDLC
Security Awareness program