SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Employees with excessive privileges
Attribute Sampling
Advantages of outsourcing
Audit Methodologies
2. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Hash
Formal waterfall
The audit program
(1.) Man-made (2.) Natural
3. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
OSI: Physical Layer
Elements of the COSO pyramid
Attribute Sampling
Blade Computer Architecture
4. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The Business Process Life Cycle
A Virtual Server
Recovery time objective
The best approach for identifying high risk areas for an audit
5. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Geographic location
Inform the auditee
Elements of the COSO pyramid
Volumes of COSO framework
6. An alternate processing center that contains no information processing equipment.
The Requirements
IT standards are not being reviewed often enough
A Cold Site
A Financial Audit
7. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
A Virtual Server
Precision means
Input validation checking
Separate administrative accounts
8. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
OSI: Physical Layer
Information security policy
Data Link Layer Standards
9. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Business Continuity
A Sample Mean
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
10. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
IT standards are not being reviewed often enough
TCP/IP Network Model
Buffers
Input validation checking
11. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Separate administrative accounts
Balanced Scorecard
Information systems access
The availability of IT systems
12. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
A gate process
IT standards are not being reviewed often enough
Dimensions of the COSO cube
Segregation of duties issue in a high value process
13. Focuses on: post-event recovery and restoration of services
Business Realization
Disaster Recovery
Structural fires and transportation accidents
Annualized Loss Expectance (ALE)
14. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Application Layer protocols
Inform the auditee
Data Link Layer Standards
IT standards are not being reviewed often enough
15. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Substantive Testing (test of transaction integrity)
IT executives and the Board of Directors
The typical Configuration Items in Configuration Management
Gantt Chart
16. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
TCP/IP Link Layer
Categories of risk treatment
Detection Risk
Inform the auditee
17. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Annualized Loss Expectance (ALE)
Business impact analysis
Primary security features of relational databases
18. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
Foreign Key
Application Controls
Power system controls
19. Support the functioning of the application controls
Critical Path Methodology
Organizational culture and maturity
The BCP process
General Controls
20. What type of testing is performed to determine if control procedures have proper design and are operating properly?
OSI Layer 6: Presentation
Project change request
IT Services Financial Management
Compliance Testing
21. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Frameworks
Main types of Controls
Incident Management
Information systems access
22. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
TCP/IP Network Model
Blade Computer Architecture
OSI: Data Link Layer
Business impact analysis
23. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
Inform the auditee
BCP Plans
The 4-item focus of a Balanced Scorecard
24. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Foreign Key
IT Strategy
Employees with excessive privileges
Server cluster
25. (1.) TCP (2.) UDP
Sampling Risk
Split custody
Referential Integrity
Transport Layer Protocols
26. An audit of operational efficiency.
The Eight Types of Audits
Control Unit
Organizational culture and maturity
An Administrative
27. An audit that combines an operational audit and a financial audit.
IT standards are not being reviewed often enough
Hash
OSI: Physical Layer
An Integrated Audit
28. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Testing activities
Information systems access
Project Management Strategies
29. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
IT Services Financial Management
Main types of Controls
A Problem
30. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Change management
Reduced sign-on
SDLC Phases
TCP/IP Transport Layer packet delivery
31. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Sampling Risk
The Requirements
Configuration Management
32. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Six steps of the Release Management process
Control Risk
Separate administrative accounts
Discovery Sampling
33. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Controls
Six steps of the Release Management process
ITIL definition of PROBLEM
A Virtual Server
34. The first major task in a disaster recovery or business continuity planning project.
IT Strategy
Testing activities
Business impact analysis
ITIL definition of CHANGE MANAGEMENT
35. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
The best approach for identifying high risk areas for an audit
A Forensic Audit
Stratified Sampling
The 7 phases and their order in the SDLC
36. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Substantive Testing (test of transaction integrity)
Service Continuity Management
WAN Protocols
Audit Methodologies
37. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Disaster Recovery
Criticality analysis
Configuration Management
A Financial Audit
38. Used to estimate the effort required to develop a software program.
Gantt Chart
The best approach for identifying high risk areas for an audit
Employee termination process
Function Point Analysis
39. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Foreign Key
Precision means
Substantive Testing
An Operational Audit
40. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Power system controls
Discovery Sampling
Overall audit risk
Segregation of duties issue in a high value process
41. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Geographic location
The Eight Types of Audits
Examples of Application Controls
Balanced Scorecard
42. The risk that an IS auditor will overlook errors or exceptions during an audit.
Business Realization
Detection Risk
OSI Layer 5: Session
Employees with excessive privileges
43. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Change management
Three Types of Controls
Expected Error Rate
Discovery Sampling
44. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Database primary key
TCP/IP Transport Layer
A gate process
Gantt Chart
45. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Examples of Application Controls
OSI: Data Link Layer
Network Layer Protocols
46. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Variable Sampling
List of systems examined
Service Level Management
Entire password for an encryption key
47. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Control Risk
A Problem
Examples of IT General Controls
Geographic location
48. Subjective sampling is used when the auditor wants to _________________________.
Prblem Management
TCP/IP Internet Layer
Concentrate on samples known to represent high risk
The 5 types of Evidence that the auditor will collect during an audit.
49. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Notify the Audit Committee
Server cluster
Substantive Testing (test of transaction integrity)
50. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
OSI Layer 5: Session
IT executives and the Board of Directors
TCP/IP Transport Layer packet delivery
Categories of risk treatment
