Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Reduced sign-on
TCP/IP Network Model
The availability of IT systems

2. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Configuration Management
Expected Error Rate
Formal waterfall
An IS audit

3. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Service Level Management
Vulnerability in the organization's PBX
Project change request
A Cold Site

4. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Detection Risk
Sampling Risk
Input validation checking
OSI: Physical Layer

5. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
Application Controls
Capability Maturity Model Integration (CMMI)
(1.) Polices (2.) Procedures (3.) Standards

6. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Overall audit risk
The Requirements
PERT Diagram?
Inherent Risk

7. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Sampling
Department Charters
A Problem

8. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Concentrate on samples known to represent high risk
Split custody
Network Layer Protocols
Cloud computing

9. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Information systems access
An IS audit
Types of sampling an auditor can perform.
Compliance Testing

10. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Discovery Sampling
OSI: Transport Layer
Categories of risk treatment
Types of sampling an auditor can perform.

11. The maximum period of downtime for a process or application
Configuration Management
Substantive Testing
Recovery time objective
OSI Layer 7: Application

12. Contains programs that communicate directly with the end user.
Resource details
Sampling
Power system controls
OSI Layer 7: Application

13. (1.) TCP (2.) UDP
Compliance Testing
The appropriate role of an IS auditor in a control self-assessment
Transport Layer Protocols
A Cold Site

14. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
The 7 phases and their order in the SDLC
Stratified Sampling
The two Categories of Controls
Notify the Audit Committee

15. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
Configuration Management
A Server Cluster
Capability Maturity Model

16. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Security Awareness program
Input validation checking
Sampling Risk
Capability Maturity Model

17. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Project Management Strategies
less than 24 hours
OSI: Transport Layer
Annualized Loss Expectance (ALE)

18. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Assess the maturity of its business processes
Detection Risk
The typical Configuration Items in Configuration Management
Elements of the COSO pyramid

19. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Security Awareness program
Function Point Analysis
Sampling

20. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Overall audit risk
Risk Management
The Eight Types of Audits
Capability Maturity Model

21. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The BCP process
Data Link Layer Standards
The Eight Types of Audits
Judgmental sampling

22. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Inform the auditee
Advantages of outsourcing
Cloud computing
Examples of IT General Controls

23. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Deming Cycle
A Financial Audit
Variable Sampling
The Software Program Library

24. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Critical Path Methodology
The 7 phases and their order in the SDLC
Confidence coefficient
The Internet Layer in the TCP/IP model

25. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
TCP/IP Transport Layer packet delivery
Stop-or-go Sampling
Project Management Strategies

26. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Information security policy
ITIL definition of PROBLEM
Assess the maturity of its business processes
Application Controls

27. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
An Operational Audit
Substantive Testing
Audit Methodologies
OSI Layer 5: Session

28. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Gantt Chart
TCP/IP Internet Layer
Referential Integrity
Database primary key

29. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Gantt Chart
Referential Integrity
ISO 20000 Standard:

30. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Split custody
BCP Plans
Capability Maturity Model
A Compliance audit

31. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
To identify the tasks that are responsible for project delays
Capability Maturity Model Integration (CMMI)
Inform the auditee
TCP/IP Transport Layer packet delivery

32. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Gantt Chart
Controls
Variable Sampling

33. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Balanced Scorecard
IT Service Management
TCP/IP Transport Layer
IT Strategy

34. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
TCP/IP Internet Layer
Blade Computer Architecture
WAN Protocols

35. Framework for auditing and measuring IT Service Management Processes.
TCP/IP Transport Layer packet delivery
Examples of Application Controls
Organizational culture and maturity
ISO 20000 Standard:

36. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
An IS audit
A Compliance audit
Antivirus software on the email servers

37. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
ITIL definition of PROBLEM
Criticality analysis
Employee termination process
Department Charters

38. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
The availability of IT systems
Main types of Controls
Service Continuity Management

39. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Prblem Management
SDLC Phases
Blade Computer Architecture
OSI: Physical Layer

40. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Grid Computing
Geographic location
Precision means
A Compliance audit

41. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Release management
Reduced sign-on
Judgmental sampling
BCP Plans

42. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Elements of the COSO pyramid
OSI: Transport Layer
Statement of Impact
Split custody

43. (1.) Objectives (2.) Components (3.) Business Units / Areas
IT standards are not being reviewed often enough
Dimensions of the COSO cube
less than 24 hours
The Eight Types of Audits

44. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Annualized Loss Expectance (ALE)
The BCP process
Discovery Sampling
Gantt Chart

45. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
An Administrative
More difficult to perform
The best approach for identifying high risk areas for an audit
Database primary key

46. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Current and most up-to-date
Discovery Sampling
A gate process
Documentation and interview personnel

47. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
OSI: Transport Layer
Project Management Strategies
Attribute Sampling

48. The first major task in a disaster recovery or business continuity planning project.
Insourcing
The Eight Types of Audits
Business impact analysis
Current and most up-to-date

49. Handle application processing
Three Types of Controls
Application Controls
IT Services Financial Management
Testing activities

50. An audit of operational efficiency.
A Forensic Audit
Employees with excessive privileges
TCP/IP Network Model
An Administrative