SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Examples of IT General Controls
Service Level Management
Network Layer Protocols
The Requirements
2. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
The availability of IT systems
Audit Methodologies
The audit program
3. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Judgmental sampling
Referential Integrity
The appropriate role of an IS auditor in a control self-assessment
Department Charters
4. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Business impact analysis
IT Service Management
An Operational Audit
The Internet Layer in the TCP/IP model
5. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Frameworks
The appropriate role of an IS auditor in a control self-assessment
Control Unit
Stop-or-go Sampling
6. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Business Continuity
Notify the Audit Committee
Control Unit
Network Layer Protocols
7. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Tolerable Error Rate
Cloud computing
The typical Configuration Items in Configuration Management
The Business Process Life Cycle
8. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Geographic location
Network Layer Protocols
The Business Process Life Cycle
9. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
IT standards are not being reviewed often enough
Sample Standard Deviation
The appropriate role of an IS auditor in a control self-assessment
ISO 20000 Standard:
10. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Disaster Recovery
Annualized Loss Expectance (ALE)
Audit logging
Inherent Risk
11. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Resource details
Stop-or-go Sampling
Variable Sampling
Structural fires and transportation accidents
12. A maturity model that represents the aggregations of other maturity models.
Criticality analysis
Grid Computing
Statistical Sampling
Capability Maturity Model Integration (CMMI)
13. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Notify the Audit Committee
Blade Computer Architecture
Foreign Key
14. An alternate processing center that contains no information processing equipment.
The typical Configuration Items in Configuration Management
A Sample Mean
Function Point Analysis
A Cold Site
15. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Sampling
Personnel involved in the requirements phase of a software development project
Hash
(1.) Polices (2.) Procedures (3.) Standards
16. One of a database table's fields - whose value is unique.
Audit Methodologies
Structural fires and transportation accidents
Categories of risk treatment
Database primary key
17. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Vulnerability in the organization's PBX
OSI: Transport Layer
SDLC Phases
18. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Grid Computing
An IS audit
Project Management Strategies
Entire password for an encryption key
19. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Change management
Reduced sign-on
IT standards are not being reviewed often enough
Detection Risk
20. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
The 7 phases and their order in the SDLC
Audit logging
TCP/IP Transport Layer packet delivery
21. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Geographic location
TCP/IP Transport Layer
Notify the Audit Committee
Service Level Management
22. The memory locations in the CPU where arithmetic values are stored.
Gantt Chart
Registers
Database primary key
Sampling Risk
23. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Personnel involved in the requirements phase of a software development project
Advantages of outsourcing
objective and unbiased
Separate administrative accounts
24. An audit of operational efficiency.
An Administrative
Capability Maturity Model
Examples of IT General Controls
Application Layer protocols
25. To measure organizational performance and effectiveness against strategic goals.
Stratified Sampling
The audit program
Balanced Scorecard
Confidence coefficient
26. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Cold Site
Split custody
Information security policy
A Problem
27. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Gantt Chart
Elements of the COSO pyramid
Six steps of the Release Management process
Notify the Audit Committee
28. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
TCP/IP Transport Layer
Capability Maturity Model Integration (CMMI)
Detection Risk
29. The maximum period of downtime for a process or application
Service Level Management
Recovery time objective
Advantages of outsourcing
More difficult to perform
30. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
A Service Provider audit
Input validation checking
The BCP process
less than 24 hours
31. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
The Requirements
Reduced sign-on
Dimensions of the COSO cube
Elements of the COBIT Framework
32. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Configuration Management
Information security policy
Sampling Risk
WAN Protocols
33. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Separate administrative accounts
Deming Cycle
Prblem Management
The first step in a business impact analysis
34. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Information security policy
Security Awareness program
TCP/IP Link Layer
Inherent Risk
35. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Resource details
Security Awareness program
A Server Cluster
A Virtual Server
36. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Tolerable Error Rate
Risk Management
Volumes of COSO framework
A Compliance audit
37. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Audit Methodologies
Sampling Risk
The Steering Committee
SDLC Phases
38. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Resource details
Service Level Management
Inform the auditee
less than 24 hours
39. (1.) Link (2.) Internet (3.) Transport (4.) Application
Assess the maturity of its business processes
Business Realization
Control Risk
TCP/IP Network Model
40. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
An Administrative
Business Realization
Incident Management
ITIL definition of PROBLEM
41. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Release management
Hash
OSI: Physical Layer
Employees with excessive privileges
42. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Background checks performed
Control Unit
TCP/IP Internet Layer
Audit logging
43. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
The BCP process
Current and most up-to-date
Configuration Management
Power system controls
44. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
Detection Risk
Rating Scale for Process Maturity
The Release process
45. The inventory of all in-scope business processes and systems
Examples of IT General Controls
Risk Management
OSI Layer 5: Session
The first step in a business impact analysis
46. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Employee termination process
List of systems examined
Inherent Risk
Lacks specific expertise or resources to conduct an internal audit
47. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Service Provider audit
Concentrate on samples known to represent high risk
Data Link Layer Standards
A Financial Audit
48. A collection of two or more servers that is designed to appear as a single server.
Server cluster
OSI Layer 7: Application
Release management
Statement of Impact
49. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
A Compliance audit
Options for Risk Treatment
OSI Layer 5: Session
Business Realization
50. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Types of sampling an auditor can perform.
Background checks performed
A gate process
