SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Types of sampling an auditor can perform.
Application Layer protocols
Controls
2. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
The Internet Layer in the TCP/IP model
Entire password for an encryption key
Department Charters
The appropriate role of an IS auditor in a control self-assessment
3. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
The Internet Layer in the TCP/IP model
Power system controls
Business Realization
A Virtual Server
4. IT Governance is most concerned with ________.
Foreign Key
Organizational culture and maturity
Application Layer protocols
IT Strategy
5. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Database primary key
Controls
Project Management Strategies
6. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
IT executives and the Board of Directors
The typical Configuration Items in Configuration Management
Audit Methodologies
7. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Split custody
Volumes of COSO framework
A Financial Audit
OSI: Network Layer
8. Framework for auditing and measuring IT Service Management Processes.
A Problem
Transport Layer Protocols
ISO 20000 Standard:
Employees with excessive privileges
9. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
ISO 20000 Standard:
OSI Layer 6: Presentation
A gate process
10. Used to translate or transform data from lower layers into formats that the application layer can work with.
Inform the auditee
(1.) Man-made (2.) Natural
PERT Diagram?
OSI Layer 6: Presentation
11. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Configuration Management
The availability of IT systems
OSI: Transport Layer
objective and unbiased
12. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
OSI: Data Link Layer
Three Types of Controls
List of systems examined
The best approach for identifying high risk areas for an audit
13. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Variable Sampling
A Server Cluster
OSI Layer 7: Application
14. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Cloud computing
Statement of Impact
Grid Computing
OSI: Data Link Layer
15. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Entire password for an encryption key
(1.) Polices (2.) Procedures (3.) Standards
Business Realization
OSI: Network Layer
16. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
IT Services Financial Management
TCP/IP Link Layer
The 4-item focus of a Balanced Scorecard
Documentation and interview personnel
17. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
The two Categories of Controls
Geographic location
A Sample Mean
A Virtual Server
18. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Precision means
Business impact analysis
IT executives and the Board of Directors
OSI: Physical Layer
19. An audit of operational efficiency.
Reduced sign-on
The appropriate role of an IS auditor in a control self-assessment
An Administrative
Judgmental sampling
20. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
Department Charters
Substantive Testing
The 4-item focus of a Balanced Scorecard
21. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
The appropriate role of an IS auditor in a control self-assessment
Gantt Chart
Tolerable Error Rate
Types of sampling an auditor can perform.
22. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Examples of IT General Controls
TCP/IP Internet Layer
The Eight Types of Audits
Elements of the COSO pyramid
23. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
OSI Layer 6: Presentation
Tolerable Error Rate
Insourcing
24. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Transport Layer Protocols
Lacks specific expertise or resources to conduct an internal audit
Security Awareness program
25. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Controls
Function Point Analysis
The Requirements
Advantages of outsourcing
26. To communication security policies - procedures - and other security-related information to an organization's employees.
(1.) Man-made (2.) Natural
The best approach for identifying high risk areas for an audit
Security Awareness program
OSI Layer 5: Session
27. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
OSI: Physical Layer
The 5 types of Evidence that the auditor will collect during an audit.
Split custody
The BCP process
28. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
OSI Layer 6: Presentation
TCP/IP Link Layer
The 7 phases and their order in the SDLC
Service Level Management
29. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Risk Management
Recovery time objective
Business Continuity
Disaster Recovery
30. A sampling technique where at least one exception is sought in a population
The Business Process Life Cycle
Service Level Management
Discovery Sampling
Audit Methodologies
31. Guide program execution through organization of resources and development of clear project objectives.
OSI: Physical Layer
ITIL - IT Infrastructure Library
Project Management Strategies
To identify the tasks that are responsible for project delays
32. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Hash
Segregation of duties issue in a high value process
Emergency Changes
BCP Plans
33. Consists of two main packet transport protocols: TCP and UDP.
Recovery time objective
TCP/IP Transport Layer
Inherent Risk
List of systems examined
34. (1.) Physical (2.) Technical (4.) Administrative
More difficult to perform
Frameworks
Substantive Testing (test of transaction integrity)
Three Types of Controls
35. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
The Release process
Business Realization
Documentation and interview personnel
Examples of IT General Controls
36. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Buffers
The audit program
Stay current with technology
37. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Primary security features of relational databases
Examples of Application Controls
ITIL definition of PROBLEM
38. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Blade Computer Architecture
OSI: Transport Layer
Wet pipe fire sprinkler system
The 4-item focus of a Balanced Scorecard
39. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Formal waterfall
Capability Maturity Model Integration (CMMI)
ITIL - IT Infrastructure Library
40. An audit that combines an operational audit and a financial audit.
Controls
An Integrated Audit
The availability of IT systems
Formal waterfall
41. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
More difficult to perform
Input validation checking
Precision means
42. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Hash
Power system controls
WAN Protocols
Resource details
43. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
A Virtual Server
A Financial Audit
Network Layer Protocols
44. Support the functioning of the application controls
less than 24 hours
General Controls
Formal waterfall
Registers
45. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Transport Layer Protocols
Judgmental sampling
Network Layer Protocols
IT Service Management
46. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Three Types of Controls
Stay current with technology
Business Realization
Audit Methodologies
47. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
Control Risk
Deming Cycle
OSI: Network Layer
48. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Advantages of outsourcing
Annualized Loss Expectance (ALE)
Documentation and interview personnel
IT standards are not being reviewed often enough
49. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Segregation of duties issue in a high value process
Dimensions of the COSO cube
Information systems access
Statistical Sampling
50. One of a database table's fields - whose value is unique.
The appropriate role of an IS auditor in a control self-assessment
The audit program
OSI: Transport Layer
Database primary key