SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Stay current with technology
Release management
General Controls
OSI: Transport Layer
2. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Expected Error Rate
ISO 20000 Standard:
Input validation checking
Transport Layer Protocols
3. (1.) Physical (2.) Technical (4.) Administrative
Data Link Layer Standards
Vulnerability in the organization's PBX
Three Types of Controls
(1.) Polices (2.) Procedures (3.) Standards
4. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Inform the auditee
An Operational Audit
Sample Standard Deviation
TCP/IP Internet Layer
5. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Sampling Risk
An Operational Audit
Organizational culture and maturity
TCP/IP Transport Layer packet delivery
6. An alternate processing center that contains no information processing equipment.
Critical Path Methodology
A Cold Site
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Current and most up-to-date
7. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Sample Standard Deviation
Release management
Critical Path Methodology
Information security policy
8. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Hash
Resource details
The 4-item focus of a Balanced Scorecard
Stratified Sampling
9. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Sampling
BCP Plans
The Steering Committee
The best approach for identifying high risk areas for an audit
10. Defines internal controls and provides guidance for assessing and improving internal control systems.
Types of sampling an auditor can perform.
Function Point Analysis
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Critical Path Methodology
11. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Variable Sampling
Annualized Loss Expectance (ALE)
OSI: Physical Layer
12. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
A Forensic Audit
Substantive Testing (test of transaction integrity)
Transport Layer Protocols
Segregation of duties issue in a high value process
13. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
A Cold Site
Referential Integrity
Business Realization
14. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Expected Error Rate
SDLC Phases
Notify the Audit Committee
TCP/IP Transport Layer packet delivery
15. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Expected Error Rate
Six steps of the Release Management process
ITIL definition of CHANGE MANAGEMENT
16. The sum of all samples divided by the number of samples.
Gantt Chart
Recovery time objective
A Sample Mean
Change management
17. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Organizational culture and maturity
Inform the auditee
Reduced sign-on
Lacks specific expertise or resources to conduct an internal audit
18. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Recovery time objective
Notify the Audit Committee
A Cold Site
19. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Six steps of the Release Management process
OSI: Physical Layer
less than 24 hours
20. (1.) Link (2.) Internet (3.) Transport (4.) Application
IT executives and the Board of Directors
TCP/IP Network Model
BCP Plans
Wet pipe fire sprinkler system
21. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Controls
Buffers
The 7 phases and their order in the SDLC
SDLC Phases
22. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Referential Integrity
The Steering Committee
Service Level Management
23. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Hash
Structural fires and transportation accidents
Main types of Controls
Inform the auditee
24. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
ISO 20000 Standard:
The Software Program Library
objective and unbiased
A Service Provider audit
25. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
More difficult to perform
ITIL definition of PROBLEM
Balanced Scorecard
26. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Discovery Sampling
Service Level Management
The two Categories of Controls
The Internet Layer in the TCP/IP model
27. Used to translate or transform data from lower layers into formats that the application layer can work with.
Prblem Management
OSI Layer 6: Presentation
Controls
Insourcing
28. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Sampling Risk
Options for Risk Treatment
Substantive Testing
29. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Structural fires and transportation accidents
OSI: Network Layer
less than 24 hours
Elements of the COBIT Framework
30. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
Sampling
OSI Layer 7: Application
OSI: Transport Layer
31. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Function Point Analysis
Data Link Layer Standards
Stratified Sampling
A Sample Mean
32. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
An Integrated Audit
Confidence coefficient
Rating Scale for Process Maturity
33. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
A Service Provider audit
Rating Scale for Process Maturity
Information security policy
34. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Annualized Loss Expectance (ALE)
IT executives and the Board of Directors
ITIL definition of CHANGE MANAGEMENT
Segregation of duties issue in a high value process
35. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
IT executives and the Board of Directors
Blade Computer Architecture
Gantt Chart
Overall audit risk
36. To measure organizational performance and effectiveness against strategic goals.
Types of sampling an auditor can perform.
Entire password for an encryption key
Balanced Scorecard
A Service Provider audit
37. IT Service Management is defined in ___________________ framework.
IT standards are not being reviewed often enough
IT Strategy
TCP/IP Transport Layer
ITIL - IT Infrastructure Library
38. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Sample Standard Deviation
Critical Path Methodology
Blade Computer Architecture
The BCP process
39. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
Volumes of COSO framework
Sampling Risk
Substantive Testing (test of transaction integrity)
40. The means by which management establishes and measures processes by which organizational objectives are achieved
The 7 phases and their order in the SDLC
Elements of the COBIT Framework
Controls
Department Charters
41. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Confidence coefficient
Sample Standard Deviation
Stop-or-go Sampling
A Virtual Server
42. Concerned with electrical and physical specifications for devices. No frames or packets involved.
ISO 20000 Standard:
OSI: Physical Layer
Hash
Antivirus software on the email servers
43. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Concentrate on samples known to represent high risk
The BCP process
Sampling Risk
Input validation checking
44. The memory locations in the CPU where arithmetic values are stored.
Capability Maturity Model Integration (CMMI)
Separate administrative accounts
Registers
Grid Computing
45. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Tolerable Error Rate
Referential Integrity
OSI: Network Layer
An Administrative
46. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
TCP/IP Transport Layer packet delivery
Database primary key
TCP/IP Network Model
47. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Stop-or-go Sampling
Grid Computing
Change management
48. An audit of operational efficiency.
BCP Plans
TCP/IP Transport Layer packet delivery
An Administrative
OSI: Physical Layer
49. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
PERT Diagram?
The two Categories of Controls
Inherent Risk
The Internet Layer in the TCP/IP model
50. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Prblem Management
Substantive Testing
Stop-or-go Sampling
