SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) General (2.) Application
Change management
Main types of Controls
A Compliance audit
The 5 types of Evidence that the auditor will collect during an audit.
2. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
IT Strategy
IT Service Management
Documentation and interview personnel
OSI: Transport Layer
3. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
A Forensic Audit
An Operational Audit
WAN Protocols
Main types of Controls
4. Consists of two main packet transport protocols: TCP and UDP.
Configuration Management
Input validation checking
TCP/IP Transport Layer
Data Link Layer Standards
5. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Notify the Audit Committee
Stay current with technology
Controls
The 4-item focus of a Balanced Scorecard
6. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
Sample Standard Deviation
A Virtual Server
The best approach for identifying high risk areas for an audit
7. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Referential Integrity
Frameworks
ITIL - IT Infrastructure Library
8. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
The 4-item focus of a Balanced Scorecard
Stratified Sampling
Business impact analysis
The audit program
9. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
Stop-or-go Sampling
Judgmental sampling
Precision means
10. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Balanced Scorecard
OSI: Data Link Layer
The Requirements
Business Realization
11. A collection of two or more servers that is designed to appear as a single server.
Examples of IT General Controls
Criticality analysis
Application Controls
Server cluster
12. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Application Controls
An IS audit
Expected Error Rate
Split custody
13. Handle application processing
Capability Maturity Model
Cloud computing
A Compliance audit
Application Controls
14. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Audit Methodologies
The Software Program Library
Substantive Testing
Department Charters
15. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Foreign Key
Organizational culture and maturity
Detection Risk
IT Service Management
16. Describes the effect on the business if a process is incapacitated for any appreciable time
The 4-item focus of a Balanced Scorecard
Resource details
Statement of Impact
The best approach for identifying high risk areas for an audit
17. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
(1.) Polices (2.) Procedures (3.) Standards
Six steps of the Release Management process
General Controls
Inform the auditee
18. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
ISO 20000 Standard:
Discovery Sampling
General Controls
Advantages of outsourcing
19. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Options for Risk Treatment
Tolerable Error Rate
Three Types of Controls
20. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Formal waterfall
Examples of Application Controls
Elements of the COSO pyramid
Entire password for an encryption key
21. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Precision means
Antivirus software on the email servers
A Financial Audit
22. The memory locations in the CPU where arithmetic values are stored.
Assess the maturity of its business processes
Registers
Criticality analysis
Main types of Controls
23. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
(1.) Man-made (2.) Natural
Organizational culture and maturity
Function Point Analysis
24. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
The BCP process
Advantages of outsourcing
Detection Risk
Insourcing
25. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
IT standards are not being reviewed often enough
CPU
IT executives and the Board of Directors
26. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
PERT Diagram?
Separate administrative accounts
Change management
OSI: Network Layer
27. An alternate processing center that contains no information processing equipment.
Hash
IT Services Financial Management
A Cold Site
Criticality analysis
28. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Deming Cycle
The appropriate role of an IS auditor in a control self-assessment
Options for Risk Treatment
OSI Layer 6: Presentation
29. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Business Realization
Advantages of outsourcing
Project change request
30. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
Tolerable Error Rate
OSI Layer 5: Session
Judgmental sampling
31. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Critical Path Methodology
Variable Sampling
The Requirements
A Financial Audit
32. Used to determine which business processes are the most critical - by ranking them in order of criticality
Attribute Sampling
Types of sampling an auditor can perform.
Criticality analysis
Project change request
33. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Sampling Risk
TCP/IP Transport Layer packet delivery
A Service Provider audit
The Requirements
34. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Variable Sampling
Disaster Recovery
Audit Methodologies
The 5 types of Evidence that the auditor will collect during an audit.
35. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Network Layer Protocols
Control Risk
Notify the Audit Committee
List of systems examined
36. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
The Business Process Life Cycle
Audit Methodologies
Sampling Risk
Lacks specific expertise or resources to conduct an internal audit
37. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Reduced sign-on
Power system controls
A Financial Audit
Inform the auditee
38. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The two Categories of Controls
A gate process
The availability of IT systems
Notify the Audit Committee
39. PERT: shows the ______________ critical path.
Examples of IT General Controls
Critical Path Methodology
A Service Provider audit
Current and most up-to-date
40. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Buffers
Examples of Application Controls
Personnel involved in the requirements phase of a software development project
Lacks specific expertise or resources to conduct an internal audit
41. Used to measure the relative maturity of an organization and its processes.
The Business Process Life Cycle
An IS audit
Capability Maturity Model
Gantt Chart
42. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Inform the auditee
Control Unit
Input validation checking
OSI Layer 5: Session
43. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Blade Computer Architecture
Database primary key
IT Strategy
44. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
(1.) Polices (2.) Procedures (3.) Standards
OSI: Data Link Layer
Information security policy
Formal waterfall
45. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Transport Layer Protocols
Controls
To identify the tasks that are responsible for project delays
Examples of Application Controls
46. One of a database table's fields - whose value is unique.
Database primary key
Service Continuity Management
Three Types of Controls
Options for Risk Treatment
47. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Hash
An Operational Audit
Cloud computing
Audit Methodologies
48. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
TCP/IP Network Model
The best approach for identifying high risk areas for an audit
Audit logging
49. The highest number of errors that can exist without a result being materially misstated.
TCP/IP Transport Layer
TCP/IP Transport Layer packet delivery
TCP/IP Internet Layer
Tolerable Error Rate
50. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Recovery time objective
ITIL definition of CHANGE MANAGEMENT
Sampling Risk
The Internet Layer in the TCP/IP model
