SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Primary security features of relational databases
Change management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Business Process Life Cycle
2. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Overall audit risk
Dimensions of the COSO cube
OSI: Data Link Layer
Separate administrative accounts
3. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Personnel involved in the requirements phase of a software development project
Sampling Risk
The best approach for identifying high risk areas for an audit
OSI: Network Layer
4. An audit that is performed in support of an anticipated or active legal proceeding.
Concentrate on samples known to represent high risk
Criticality analysis
Lacks specific expertise or resources to conduct an internal audit
A Forensic Audit
5. Used to determine which business processes are the most critical - by ranking them in order of criticality
OSI: Data Link Layer
Criticality analysis
OSI Layer 6: Presentation
Input validation checking
6. Used to measure the relative maturity of an organization and its processes.
Segregation of duties issue in a high value process
Capability Maturity Model
Concentrate on samples known to represent high risk
Formal waterfall
7. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
TCP/IP Network Model
Separate administrative accounts
Sampling Risk
Three Types of Controls
8. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
A Problem
Background checks performed
Variable Sampling
Referential Integrity
9. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
TCP/IP Transport Layer packet delivery
Critical Path Methodology
The audit program
10. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
More difficult to perform
Buffers
Testing activities
Foreign Key
11. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Organizational culture and maturity
A Service Provider audit
Three Types of Controls
A Virtual Server
12. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Stop-or-go Sampling
Six steps of the Release Management process
Testing activities
A Forensic Audit
13. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Grid Computing
Overall audit risk
Information security policy
Risk Management
14. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
A Sample Mean
TCP/IP Internet Layer
Annualized Loss Expectance (ALE)
Confidence coefficient
15. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
The 5 types of Evidence that the auditor will collect during an audit.
The Release process
Employees with excessive privileges
ITIL definition of CHANGE MANAGEMENT
16. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
Application Controls
The Business Process Life Cycle
Background checks performed
17. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Critical Path Methodology
Business Realization
Substantive Testing (test of transaction integrity)
The 4-item focus of a Balanced Scorecard
18. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Categories of risk treatment
less than 24 hours
Confidence coefficient
The typical Configuration Items in Configuration Management
19. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
The typical Configuration Items in Configuration Management
Disaster Recovery
Lacks specific expertise or resources to conduct an internal audit
20. An alternate processing center that contains no information processing equipment.
List of systems examined
Examples of Application Controls
ITIL definition of CHANGE MANAGEMENT
A Cold Site
21. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Substantive Testing (test of transaction integrity)
Deming Cycle
OSI: Network Layer
The availability of IT systems
22. Framework for auditing and measuring IT Service Management Processes.
OSI Layer 7: Application
ISO 20000 Standard:
Business Continuity
A Service Provider audit
23. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Notify the Audit Committee
Release management
Resource details
24. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Database primary key
Categories of risk treatment
objective and unbiased
TCP/IP Transport Layer packet delivery
25. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Discovery Sampling
Current and most up-to-date
ITIL - IT Infrastructure Library
IT Service Management
26. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
A Service Provider audit
Types of sampling an auditor can perform.
The best approach for identifying high risk areas for an audit
Compliance Testing
27. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
The 5 types of Evidence that the auditor will collect during an audit.
Configuration Management
Referential Integrity
OSI Layer 6: Presentation
28. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Project change request
Control Risk
General Controls
29. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
TCP/IP Transport Layer
Critical Path Methodology
OSI: Transport Layer
Deming Cycle
30. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
31. A maturity model that represents the aggregations of other maturity models.
Function Point Analysis
Capability Maturity Model Integration (CMMI)
Buffers
Configuration Management
32. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Service Continuity Management
Organizational culture and maturity
IT executives and the Board of Directors
Annualized Loss Expectance (ALE)
33. ITIL term used to describe the SDLC.
Release management
Structural fires and transportation accidents
Elements of the COBIT Framework
IT Service Management
34. The memory locations in the CPU where arithmetic values are stored.
Security Awareness program
The 5 types of Evidence that the auditor will collect during an audit.
Project Management Strategies
Registers
35. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Geographic location
Elements of the COSO pyramid
Controls
36. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
CPU
Reduced sign-on
TCP/IP Link Layer
less than 24 hours
37. The sum of all samples divided by the number of samples.
IT Services Financial Management
(1.) Polices (2.) Procedures (3.) Standards
Configuration Management
A Sample Mean
38. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
Sampling Risk
Examples of IT General Controls
To identify the tasks that are responsible for project delays
39. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Rating Scale for Process Maturity
Advantages of outsourcing
(1.) Man-made (2.) Natural
40. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
Types of sampling an auditor can perform.
Lacks specific expertise or resources to conduct an internal audit
The appropriate role of an IS auditor in a control self-assessment
41. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Options for Risk Treatment
Grid Computing
Tolerable Error Rate
A Forensic Audit
42. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Overall audit risk
Primary security features of relational databases
The 4-item focus of a Balanced Scorecard
Grid Computing
43. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
General Controls
Categories of risk treatment
A Financial Audit
Power system controls
44. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Server Cluster
OSI: Data Link Layer
Network Layer Protocols
A Problem
45. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
Project Management Strategies
Emergency Changes
Insourcing
46. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
A Financial Audit
General Controls
The appropriate role of an IS auditor in a control self-assessment
(1.) Man-made (2.) Natural
47. The maximum period of downtime for a process or application
The 4-item focus of a Balanced Scorecard
Judgmental sampling
Recovery time objective
The Steering Committee
48. Handle application processing
A Server Cluster
Entire password for an encryption key
Application Controls
A Financial Audit
49. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
PERT Diagram?
IT executives and the Board of Directors
Emergency Changes
The 7 phases and their order in the SDLC
50. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
TCP/IP Link Layer
A Compliance audit
OSI Layer 7: Application
Sample Standard Deviation