Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
A Forensic Audit
(1.) Man-made (2.) Natural
Grid Computing

2. Describes the effect on the business if a process is incapacitated for any appreciable time
Sampling
Statement of Impact
Security Awareness program
Inherent Risk

3. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Confidence coefficient
A Financial Audit
Rating Scale for Process Maturity
TCP/IP Link Layer

4. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
OSI: Data Link Layer
Deming Cycle
The availability of IT systems
Organizational culture and maturity

5. PERT: shows the ______________ critical path.
Hash
Current and most up-to-date
ISO 20000 Standard:
COSO (Committee of Sponsoring Organizations of the Treadway Commission)

6. An audit of an IS department's operations and systems.
Sampling Risk
An IS audit
Data Link Layer Standards
A Sample Mean

7. (1.) Automatic (2.) Manual
Reduced sign-on
The Steering Committee
The two Categories of Controls
Referential Integrity

8. One of a database table's fields - whose value is unique.
(1.) Man-made (2.) Natural
Information security policy
Database primary key
Hash

9. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Substantive Testing
Cloud computing
Detection Risk

10. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Control Unit
WAN Protocols
OSI: Network Layer

11. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
The appropriate role of an IS auditor in a control self-assessment
Emergency Changes
Rating Scale for Process Maturity

12. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Employees with excessive privileges
Examples of IT General Controls
ITIL definition of CHANGE MANAGEMENT

13. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Volumes of COSO framework
Power system controls
OSI: Network Layer

14. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Rating Scale for Process Maturity
Tolerable Error Rate
Types of sampling an auditor can perform.
Volumes of COSO framework

15. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
List of systems examined
Assess the maturity of its business processes
An Administrative

16. Guide program execution through organization of resources and development of clear project objectives.
Inform the auditee
The Internet Layer in the TCP/IP model
Project Management Strategies
Change management

17. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Gantt Chart
TCP/IP Network Model
Server cluster
Statistical Sampling

18. An alternate processing center that contains no information processing equipment.
The availability of IT systems
A Cold Site
(1.) Man-made (2.) Natural
Geographic location

19. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
ITIL - IT Infrastructure Library
Employee termination process
The Internet Layer in the TCP/IP model
Lacks specific expertise or resources to conduct an internal audit

20. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
TCP/IP Link Layer
An Administrative
Business Realization
Elements of the COSO pyramid

21. The inventory of all in-scope business processes and systems
Wet pipe fire sprinkler system
IT Service Management
Substantive Testing
The first step in a business impact analysis

22. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Department Charters
An Integrated Audit
Stop-or-go Sampling

23. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Resource details
Lacks specific expertise or resources to conduct an internal audit
OSI Layer 5: Session
The first step in a business impact analysis

24. The highest number of errors that can exist without a result being materially misstated.
Control Risk
Critical Path Methodology
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Tolerable Error Rate

25. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Substantive Testing (test of transaction integrity)
(1.) Polices (2.) Procedures (3.) Standards
An Administrative
Sampling

26. An audit of a third-party organization that provides services to other organizations.
Annualized Loss Expectance (ALE)
A Service Provider audit
OSI: Data Link Layer
Project Management Strategies

27. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
Detection Risk
Employee termination process
WAN Protocols

28. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
List of systems examined
An Integrated Audit
A gate process
ITIL definition of CHANGE MANAGEMENT

29. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Business Continuity
OSI Layer 6: Presentation
Options for Risk Treatment
Recovery time objective

30. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Attribute Sampling
The Software Program Library
Security Awareness program

31. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
A Financial Audit
Blade Computer Architecture
Input validation checking
Balanced Scorecard

32. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Referential Integrity
IT Strategy
The Steering Committee
Stratified Sampling

33. The risk that an IS auditor will overlook errors or exceptions during an audit.
The 5 types of Evidence that the auditor will collect during an audit.
SDLC Phases
OSI: Physical Layer
Detection Risk

34. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
A Compliance audit
The typical Configuration Items in Configuration Management
The two Categories of Controls

35. An audit of operational efficiency.
Data Link Layer Standards
An Administrative
ITIL - IT Infrastructure Library
Personnel involved in the requirements phase of a software development project

36. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The 5 types of Evidence that the auditor will collect during an audit.
Variable Sampling
The Eight Types of Audits
The appropriate role of an IS auditor in a control self-assessment

37. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
The audit program
Employees with excessive privileges
Service Level Management
Criticality analysis

38. IT Service Management is defined in ___________________ framework.
Discovery Sampling
A Server Cluster
ITIL - IT Infrastructure Library
Risk Management

39. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Input validation checking
Control Unit
Emergency Changes
Risk Management

40. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
Capability Maturity Model Integration (CMMI)
Overall audit risk
Advantages of outsourcing

41. A maturity model that represents the aggregations of other maturity models.
An Integrated Audit
Control Risk
TCP/IP Internet Layer
Capability Maturity Model Integration (CMMI)

42. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
The BCP process
Substantive Testing (test of transaction integrity)
Main types of Controls
To identify the tasks that are responsible for project delays

43. An audit that is performed in support of an anticipated or active legal proceeding.
The Software Program Library
OSI Layer 6: Presentation
A Forensic Audit
Application Controls

44. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Discovery Sampling
Capability Maturity Model
To identify the tasks that are responsible for project delays
Change management

45. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Concentrate on samples known to represent high risk
ISO 20000 Standard:
Sample Standard Deviation
A Virtual Server

46. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Split custody
Attribute Sampling
A Service Provider audit

47. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
The 7 phases and their order in the SDLC
Volumes of COSO framework
Elements of the COSO pyramid

48. ITIL term used to describe the SDLC.
Personnel involved in the requirements phase of a software development project
Release management
Balanced Scorecard
Critical Path Methodology

49. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Insourcing
Dimensions of the COSO cube
Formal waterfall
Network Layer Protocols

50. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
Documentation and interview personnel
Sampling Risk
Control Unit