SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) General (2.) Application
Network Layer Protocols
Main types of Controls
Frameworks
OSI Layer 7: Application
2. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Sampling Risk
Insourcing
Separate administrative accounts
Categories of risk treatment
3. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Three Types of Controls
A Virtual Server
Emergency Changes
Sampling Risk
4. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Service Continuity Management
Recovery time objective
Examples of IT General Controls
The 4-item focus of a Balanced Scorecard
5. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
The availability of IT systems
IT executives and the Board of Directors
Database primary key
Statement of Impact
6. IT Service Management is defined in ___________________ framework.
Elements of the COBIT Framework
ITIL - IT Infrastructure Library
Antivirus software on the email servers
Department Charters
7. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Categories of risk treatment
Advantages of outsourcing
OSI: Network Layer
Recovery time objective
8. (1.) Link (2.) Internet (3.) Transport (4.) Application
Assess the maturity of its business processes
The 5 types of Evidence that the auditor will collect during an audit.
The Steering Committee
TCP/IP Network Model
9. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
SDLC Phases
Audit logging
Examples of IT General Controls
less than 24 hours
10. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Reduced sign-on
The Steering Committee
OSI: Transport Layer
Employee termination process
11. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Background checks performed
Stay current with technology
Structural fires and transportation accidents
Department Charters
12. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
SDLC Phases
An Integrated Audit
Employee termination process
Six steps of the Release Management process
13. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
less than 24 hours
A Problem
Employee termination process
Sample Standard Deviation
14. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Resource details
Transport Layer Protocols
Gantt Chart
Split custody
15. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Employees with excessive privileges
The two Categories of Controls
The Software Program Library
16. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
The Internet Layer in the TCP/IP model
objective and unbiased
Precision means
An Operational Audit
17. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
(1.) Man-made (2.) Natural
Department Charters
Sample Standard Deviation
18. IT Governance is most concerned with ________.
Transport Layer Protocols
Variable Sampling
IT Strategy
Wet pipe fire sprinkler system
19. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Control Risk
(1.) Polices (2.) Procedures (3.) Standards
Lacks specific expertise or resources to conduct an internal audit
Audit logging
20. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
Substantive Testing (test of transaction integrity)
WAN Protocols
The Software Program Library
21. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Configuration Management
Project Management Strategies
Stay current with technology
Control Risk
22. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
OSI Layer 7: Application
Data Link Layer Standards
Gantt Chart
Capability Maturity Model
23. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Confidence coefficient
Tolerable Error Rate
OSI Layer 5: Session
24. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
Split custody
Entire password for an encryption key
Hash
25. One of a database table's fields - whose value is unique.
Notify the Audit Committee
Three Types of Controls
Database primary key
Project change request
26. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Examples of Application Controls
ITIL definition of CHANGE MANAGEMENT
Function Point Analysis
Inform the auditee
27. A representation of how closely a sample represents an entire population.
PERT Diagram?
Precision means
Geographic location
Variable Sampling
28. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Input validation checking
An Integrated Audit
Business impact analysis
Power system controls
29. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Categories of risk treatment
Stop-or-go Sampling
Attribute Sampling
Entire password for an encryption key
30. The memory locations in the CPU where arithmetic values are stored.
The 5 types of Evidence that the auditor will collect during an audit.
The audit program
Registers
Notify the Audit Committee
31. Lowest layer. Delivers messages (frames) from one station to another vial local network.
A gate process
TCP/IP Link Layer
Department Charters
Geographic location
32. Collections of Controls that work together to achieve an entire range of an organization's objectives.
TCP/IP Network Model
The Software Program Library
Frameworks
A Problem
33. The inventory of all in-scope business processes and systems
Referential Integrity
List of systems examined
To identify the tasks that are responsible for project delays
The first step in a business impact analysis
34. (1.) TCP (2.) UDP
Transport Layer Protocols
General Controls
Sampling Risk
Statistical Sampling
35. Handle application processing
CPU
Information security policy
Application Controls
Compliance Testing
36. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Elements of the COBIT Framework
The Software Program Library
The Steering Committee
37. To measure organizational performance and effectiveness against strategic goals.
Service Continuity Management
Balanced Scorecard
The best approach for identifying high risk areas for an audit
Controls
38. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
Database primary key
Six steps of the Release Management process
IT executives and the Board of Directors
39. (1.) Access controls (2.) Encryption (3.) Audit logging
Geographic location
Primary security features of relational databases
Power system controls
Statistical Sampling
40. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
OSI Layer 7: Application
The 7 phases and their order in the SDLC
Buffers
Critical Path Methodology
41. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
ISO 20000 Standard:
Entire password for an encryption key
Business Continuity
A Compliance audit
42. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Tolerable Error Rate
Insourcing
A Compliance audit
Buffers
43. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Background checks performed
Statement of Impact
Segregation of duties issue in a high value process
44. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Risk Management
The audit program
Tolerable Error Rate
List of systems examined
45. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Vulnerability in the organization's PBX
TCP/IP Transport Layer packet delivery
Configuration Management
46. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Resource details
The Software Program Library
The Eight Types of Audits
47. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Buffers
Employees with excessive privileges
Geographic location
OSI Layer 5: Session
48. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Six steps of the Release Management process
Options for Risk Treatment
TCP/IP Link Layer
49. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inform the auditee
objective and unbiased
Inherent Risk
Server cluster
50. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Options for Risk Treatment
Control Risk
Background checks performed
A Virtual Server