SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To communication security policies - procedures - and other security-related information to an organization's employees.
WAN Protocols
Inherent Risk
TCP/IP Transport Layer
Security Awareness program
2. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Split custody
More difficult to perform
Structural fires and transportation accidents
Criticality analysis
3. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Examples of Application Controls
OSI: Physical Layer
Configuration Management
Personnel involved in the requirements phase of a software development project
4. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Frameworks
Blade Computer Architecture
Six steps of the Release Management process
The appropriate role of an IS auditor in a control self-assessment
5. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Network Layer Protocols
Formal waterfall
OSI: Network Layer
6. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Annualized Loss Expectance (ALE)
An Operational Audit
Entire password for an encryption key
Overall audit risk
7. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
A Server Cluster
Data Link Layer Standards
Project change request
8. The means by which management establishes and measures processes by which organizational objectives are achieved
Critical Path Methodology
Statistical Sampling
Controls
Split custody
9. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
CPU
Control Risk
The Eight Types of Audits
Personnel involved in the requirements phase of a software development project
10. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Business Continuity
The best approach for identifying high risk areas for an audit
OSI Layer 6: Presentation
Data Link Layer Standards
11. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
objective and unbiased
Categories of risk treatment
Inform the auditee
A Compliance audit
12. Gantt: used to display ______________.
Release management
Elements of the COBIT Framework
Resource details
A Sample Mean
13. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Primary security features of relational databases
A Cold Site
Network Layer Protocols
A Server Cluster
14. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Project change request
Function Point Analysis
Hash
Capability Maturity Model Integration (CMMI)
15. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Controls
A Service Provider audit
Control Unit
Function Point Analysis
16. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
TCP/IP Link Layer
A Forensic Audit
Gantt Chart
17. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Assess the maturity of its business processes
OSI Layer 7: Application
Risk Management
18. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
The first step in a business impact analysis
An Administrative
(1.) Polices (2.) Procedures (3.) Standards
19. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
OSI Layer 5: Session
Confidence coefficient
Server cluster
Split custody
20. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
The 5 types of Evidence that the auditor will collect during an audit.
A Virtual Server
More difficult to perform
21. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
WAN Protocols
The Eight Types of Audits
TCP/IP Transport Layer packet delivery
22. Handle application processing
Configuration Management
An Operational Audit
Application Controls
Background checks performed
23. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Sampling
ITIL definition of PROBLEM
Emergency Changes
24. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
ITIL definition of PROBLEM
Department Charters
Dimensions of the COSO cube
Organizational culture and maturity
25. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Personnel involved in the requirements phase of a software development project
Business Continuity
Application Controls
26. (1.) Link (2.) Internet (3.) Transport (4.) Application
The Steering Committee
TCP/IP Network Model
Documentation and interview personnel
Deming Cycle
27. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Advantages of outsourcing
Capability Maturity Model
Configuration Management
The Business Process Life Cycle
28. Support the functioning of the application controls
(1.) Man-made (2.) Natural
General Controls
A Server Cluster
Six steps of the Release Management process
29. Lowest layer. Delivers messages (frames) from one station to another vial local network.
OSI Layer 7: Application
Current and most up-to-date
TCP/IP Link Layer
TCP/IP Internet Layer
30. The risk that an IS auditor will overlook errors or exceptions during an audit.
The first step in a business impact analysis
Elements of the COSO pyramid
Detection Risk
Elements of the COBIT Framework
31. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Insourcing
ITIL definition of PROBLEM
Variable Sampling
Project Management Strategies
32. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Vulnerability in the organization's PBX
Notify the Audit Committee
Discovery Sampling
33. Delivery of packets from one station to another - on the same network or on different networks.
A Financial Audit
Dimensions of the COSO cube
The Internet Layer in the TCP/IP model
(1.) Polices (2.) Procedures (3.) Standards
34. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
The Requirements
The availability of IT systems
Department Charters
35. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Tolerable Error Rate
Statistical Sampling
Employee termination process
Background checks performed
36. A maturity model that represents the aggregations of other maturity models.
Information security policy
Capability Maturity Model Integration (CMMI)
Compliance Testing
Assess the maturity of its business processes
37. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
A Compliance audit
Audit Methodologies
Substantive Testing (test of transaction integrity)
38. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
IT standards are not being reviewed often enough
ITIL - IT Infrastructure Library
The best approach for identifying high risk areas for an audit
(1.) Man-made (2.) Natural
39. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Geographic location
Detection Risk
The 7 phases and their order in the SDLC
Sampling
40. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Substantive Testing (test of transaction integrity)
IT Strategy
IT Services Financial Management
objective and unbiased
41. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Primary security features of relational databases
Input validation checking
Prblem Management
42. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Sampling
The Business Process Life Cycle
Buffers
Power system controls
43. IT Service Management is defined in ___________________ framework.
Gantt Chart
ITIL - IT Infrastructure Library
The Steering Committee
WAN Protocols
44. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Business impact analysis
Disaster Recovery
The first step in a business impact analysis
OSI: Data Link Layer
45. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Application Controls
WAN Protocols
Emergency Changes
Business Realization
46. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Sampling
(1.) Polices (2.) Procedures (3.) Standards
Application Controls
Controls
47. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Release management
Segregation of duties issue in a high value process
less than 24 hours
The Release process
48. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Examples of Application Controls
Foreign Key
OSI: Physical Layer
The appropriate role of an IS auditor in a control self-assessment
49. What type of testing is performed to determine if control procedures have proper design and are operating properly?
TCP/IP Transport Layer packet delivery
Risk Management
Compliance Testing
Recovery time objective
50. Framework for auditing and measuring IT Service Management Processes.
The typical Configuration Items in Configuration Management
ISO 20000 Standard:
Sampling Risk
A Server Cluster