SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Registers
ITIL - IT Infrastructure Library
Current and most up-to-date
2. Framework for auditing and measuring IT Service Management Processes.
Split custody
ISO 20000 Standard:
Project Management Strategies
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
3. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
Tolerable Error Rate
A Server Cluster
The best approach for identifying high risk areas for an audit
4. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Confidence coefficient
Variable Sampling
Elements of the COBIT Framework
Sample Standard Deviation
5. Used to estimate the effort required to develop a software program.
Function Point Analysis
ISO 20000 Standard:
Stay current with technology
Background checks performed
6. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
A Sample Mean
Control Unit
Department Charters
Confidence coefficient
7. A representation of how closely a sample represents an entire population.
Judgmental sampling
Stay current with technology
OSI: Physical Layer
Precision means
8. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Expected Error Rate
Confidence coefficient
The availability of IT systems
The appropriate role of an IS auditor in a control self-assessment
9. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Stay current with technology
Options for Risk Treatment
Notify the Audit Committee
Audit Methodologies
10. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
Insourcing
Primary security features of relational databases
Judgmental sampling
11. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
objective and unbiased
OSI Layer 7: Application
Gantt Chart
Structural fires and transportation accidents
12. An audit of a third-party organization that provides services to other organizations.
Project Management Strategies
Project change request
Notify the Audit Committee
A Service Provider audit
13. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
TCP/IP Transport Layer packet delivery
Expected Error Rate
ITIL definition of CHANGE MANAGEMENT
14. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
The BCP process
Employee termination process
The 4-item focus of a Balanced Scorecard
15. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Controls
The Eight Types of Audits
A gate process
Control Risk
16. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Service Continuity Management
Stratified Sampling
IT Service Management
17. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
objective and unbiased
Prblem Management
Service Continuity Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
18. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Change management
Stratified Sampling
Elements of the COBIT Framework
19. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
Configuration Management
Discovery Sampling
Function Point Analysis
20. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Stay current with technology
Notify the Audit Committee
Lacks specific expertise or resources to conduct an internal audit
The first step in a business impact analysis
21. IT Governance is most concerned with ________.
Primary security features of relational databases
Deming Cycle
PERT Diagram?
IT Strategy
22. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
TCP/IP Internet Layer
Department Charters
Options for Risk Treatment
Background checks performed
23. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The 4-item focus of a Balanced Scorecard
Blade Computer Architecture
The availability of IT systems
Wet pipe fire sprinkler system
24. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
A Sample Mean
Sampling Risk
An Operational Audit
More difficult to perform
25. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Change management
Project change request
Department Charters
Capability Maturity Model Integration (CMMI)
26. The main hardware component of a computer system - which executes instructions in computer programs.
A Compliance audit
Stop-or-go Sampling
CPU
Inform the auditee
27. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
The 5 types of Evidence that the auditor will collect during an audit.
Assess the maturity of its business processes
Security Awareness program
Data Link Layer Standards
28. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
List of systems examined
OSI Layer 6: Presentation
TCP/IP Internet Layer
Configuration Management
29. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Types of sampling an auditor can perform.
The first step in a business impact analysis
WAN Protocols
Change management
30. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Stratified Sampling
Rating Scale for Process Maturity
ISO 20000 Standard:
Foreign Key
31. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
A Virtual Server
Compliance Testing
Expected Error Rate
32. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
TCP/IP Transport Layer
Elements of the COBIT Framework
TCP/IP Link Layer
SDLC Phases
33. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Information systems access
A Service Provider audit
Information security policy
34. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Segregation of duties issue in a high value process
Statement of Impact
Types of sampling an auditor can perform.
35. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
An Operational Audit
Security Awareness program
Geographic location
Configuration Management
36. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
List of systems examined
The Business Process Life Cycle
ITIL definition of PROBLEM
Antivirus software on the email servers
37. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Statement of Impact
Types of sampling an auditor can perform.
A Sample Mean
More difficult to perform
38. The sum of all samples divided by the number of samples.
Substantive Testing
Control Risk
ISO 20000 Standard:
A Sample Mean
39. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Project change request
Recovery time objective
Hash
Compliance Testing
40. A sampling technique where at least one exception is sought in a population
A Compliance audit
Judgmental sampling
Discovery Sampling
Recovery time objective
41. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Background checks performed
Disaster Recovery
IT Strategy
42. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Deming Cycle
Vulnerability in the organization's PBX
A Forensic Audit
IT Services Financial Management
43. IT Service Management is defined in ___________________ framework.
Employees with excessive privileges
OSI Layer 6: Presentation
Criticality analysis
ITIL - IT Infrastructure Library
44. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
OSI: Physical Layer
Network Layer Protocols
A Financial Audit
The Software Program Library
45. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Emergency Changes
Release management
A Cold Site
46. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
The availability of IT systems
Vulnerability in the organization's PBX
OSI: Data Link Layer
Data Link Layer Standards
47. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
The Business Process Life Cycle
OSI Layer 7: Application
ITIL definition of CHANGE MANAGEMENT
Inherent Risk
48. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Release management
OSI: Transport Layer
PERT Diagram?
Notify the Audit Committee
49. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
OSI Layer 7: Application
Blade Computer Architecture
TCP/IP Network Model
50. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Emergency Changes
Organizational culture and maturity
Assess the maturity of its business processes
