SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
A Server Cluster
Elements of the COBIT Framework
Criticality analysis
2. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Recovery time objective
Substantive Testing
The availability of IT systems
Emergency Changes
3. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
The Software Program Library
Advantages of outsourcing
Application Controls
Substantive Testing (test of transaction integrity)
4. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Balanced Scorecard
The typical Configuration Items in Configuration Management
Organizational culture and maturity
The availability of IT systems
5. Used to determine which business processes are the most critical - by ranking them in order of criticality
Employee termination process
Criticality analysis
ITIL definition of PROBLEM
Release management
6. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
SDLC Phases
General Controls
Server cluster
The audit program
7. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Deming Cycle
Service Level Management
Frameworks
Change management
8. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Primary security features of relational databases
Entire password for an encryption key
The 5 types of Evidence that the auditor will collect during an audit.
OSI: Data Link Layer
9. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The Internet Layer in the TCP/IP model
Employees with excessive privileges
The BCP process
Service Level Management
10. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
11. Gantt: used to display ______________.
Categories of risk treatment
Resource details
The Software Program Library
Types of sampling an auditor can perform.
12. Contains programs that communicate directly with the end user.
Wet pipe fire sprinkler system
less than 24 hours
Resource details
OSI Layer 7: Application
13. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
OSI: Transport Layer
A Problem
Security Awareness program
14. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Capability Maturity Model Integration (CMMI)
The Internet Layer in the TCP/IP model
Control Risk
The audit program
15. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Information security policy
Application Controls
The first step in a business impact analysis
less than 24 hours
16. A collection of two or more servers that is designed to appear as a single server.
Split custody
Rating Scale for Process Maturity
Grid Computing
Server cluster
17. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
Security Awareness program
Rating Scale for Process Maturity
TCP/IP Transport Layer packet delivery
18. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
WAN Protocols
Rating Scale for Process Maturity
Advantages of outsourcing
19. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
(1.) Man-made (2.) Natural
Audit Methodologies
The availability of IT systems
The BCP process
20. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Precision means
An IS audit
Department Charters
Primary security features of relational databases
21. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
The two Categories of Controls
Split custody
Statement of Impact
22. An audit of operational efficiency.
Deming Cycle
The 5 types of Evidence that the auditor will collect during an audit.
Release management
An Administrative
23. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stay current with technology
Substantive Testing (test of transaction integrity)
Stratified Sampling
ITIL definition of CHANGE MANAGEMENT
24. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Capability Maturity Model
A Virtual Server
Function Point Analysis
OSI: Transport Layer
25. Focuses on: post-event recovery and restoration of services
Lacks specific expertise or resources to conduct an internal audit
Sampling Risk
Disaster Recovery
Stratified Sampling
26. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
TCP/IP Transport Layer
Disaster Recovery
Service Continuity Management
27. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Overall audit risk
Attribute Sampling
OSI: Data Link Layer
Blade Computer Architecture
28. To measure organizational performance and effectiveness against strategic goals.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Business Process Life Cycle
Separate administrative accounts
Balanced Scorecard
29. The sum of all samples divided by the number of samples.
Annualized Loss Expectance (ALE)
A Sample Mean
To identify the tasks that are responsible for project delays
Project change request
30. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Documentation and interview personnel
To identify the tasks that are responsible for project delays
ITIL definition of CHANGE MANAGEMENT
Annualized Loss Expectance (ALE)
31. Support the functioning of the application controls
Audit logging
CPU
OSI: Network Layer
General Controls
32. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Hash
A Problem
Control Unit
(1.) Polices (2.) Procedures (3.) Standards
33. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Formal waterfall
Wet pipe fire sprinkler system
Options for Risk Treatment
Critical Path Methodology
34. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
TCP/IP Link Layer
Audit logging
Critical Path Methodology
CPU
35. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Examples of Application Controls
Project change request
Expected Error Rate
Controls
36. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Three Types of Controls
The Internet Layer in the TCP/IP model
ITIL definition of PROBLEM
Compliance Testing
37. Defines internal controls and provides guidance for assessing and improving internal control systems.
Project Management Strategies
Personnel involved in the requirements phase of a software development project
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Six steps of the Release Management process
38. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
A Problem
The 4-item focus of a Balanced Scorecard
Background checks performed
Function Point Analysis
39. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Sampling Risk
BCP Plans
Foreign Key
More difficult to perform
40. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
BCP Plans
Entire password for an encryption key
objective and unbiased
41. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Antivirus software on the email servers
Registers
Deming Cycle
Entire password for an encryption key
42. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
Detection Risk
Application Layer protocols
Judgmental sampling
43. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Server cluster
objective and unbiased
Expected Error Rate
Personnel involved in the requirements phase of a software development project
44. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Buffers
Risk Management
Release management
Confidence coefficient
45. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Risk Management
The best approach for identifying high risk areas for an audit
Capability Maturity Model Integration (CMMI)
46. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Reduced sign-on
Application Layer protocols
Volumes of COSO framework
47. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Formal waterfall
The Software Program Library
Reduced sign-on
48. Delivery of packets from one station to another - on the same network or on different networks.
Six steps of the Release Management process
The Internet Layer in the TCP/IP model
List of systems examined
Business impact analysis
49. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
The Release process
TCP/IP Internet Layer
Current and most up-to-date
Substantive Testing (test of transaction integrity)
50. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
An Integrated Audit
The Release process
Judgmental sampling
Sample Standard Deviation