SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Separate administrative accounts
Application Controls
The 4-item focus of a Balanced Scorecard
2. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Wet pipe fire sprinkler system
(1.) Polices (2.) Procedures (3.) Standards
ISO 20000 Standard:
OSI: Physical Layer
3. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Blade Computer Architecture
An Operational Audit
Organizational culture and maturity
4. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Stop-or-go Sampling
Documentation and interview personnel
Buffers
ITIL definition of CHANGE MANAGEMENT
5. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
A Forensic Audit
Attribute Sampling
A Problem
The best approach for identifying high risk areas for an audit
6. Used to estimate the effort required to develop a software program.
Overall audit risk
ITIL definition of CHANGE MANAGEMENT
Geographic location
Function Point Analysis
7. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Service Continuity Management
ITIL definition of CHANGE MANAGEMENT
Overall audit risk
ISO 20000 Standard:
8. (1.) Automatic (2.) Manual
Project Management Strategies
Registers
Stay current with technology
The two Categories of Controls
9. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Categories of risk treatment
Inform the auditee
OSI: Data Link Layer
Advantages of outsourcing
10. (1.) Access controls (2.) Encryption (3.) Audit logging
Transport Layer Protocols
Primary security features of relational databases
A Service Provider audit
Blade Computer Architecture
11. A representation of how closely a sample represents an entire population.
The 4-item focus of a Balanced Scorecard
Precision means
A Compliance audit
Release management
12. ITIL term used to describe the SDLC.
A Cold Site
Release management
IT Service Management
Judgmental sampling
13. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Annualized Loss Expectance (ALE)
A Financial Audit
Referential Integrity
Balanced Scorecard
14. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Assess the maturity of its business processes
Capability Maturity Model Integration (CMMI)
Sampling Risk
Grid Computing
15. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Examples of Application Controls
BCP Plans
IT Strategy
16. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Advantages of outsourcing
The Requirements
PERT Diagram?
Controls
17. To communication security policies - procedures - and other security-related information to an organization's employees.
Service Continuity Management
Security Awareness program
Detection Risk
Types of sampling an auditor can perform.
18. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Background checks performed
Separate administrative accounts
Input validation checking
Types of sampling an auditor can perform.
19. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Attribute Sampling
Reduced sign-on
Background checks performed
A Cold Site
20. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
IT Services Financial Management
More difficult to perform
Power system controls
21. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Cloud computing
Overall audit risk
objective and unbiased
22. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Control Risk
An Integrated Audit
Risk Management
Insourcing
23. Contains programs that communicate directly with the end user.
Service Continuity Management
IT standards are not being reviewed often enough
Compliance Testing
OSI Layer 7: Application
24. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Business impact analysis
General Controls
OSI: Data Link Layer
25. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The two Categories of Controls
(1.) Polices (2.) Procedures (3.) Standards
Hash
Personnel involved in the requirements phase of a software development project
26. Used to translate or transform data from lower layers into formats that the application layer can work with.
Project Management Strategies
Tolerable Error Rate
An IS audit
OSI Layer 6: Presentation
27. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Elements of the COBIT Framework
OSI Layer 5: Session
Prblem Management
28. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Attribute Sampling
IT standards are not being reviewed often enough
Detection Risk
Lacks specific expertise or resources to conduct an internal audit
29. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Elements of the COSO pyramid
Antivirus software on the email servers
The typical Configuration Items in Configuration Management
Security Awareness program
30. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Lacks specific expertise or resources to conduct an internal audit
Separate administrative accounts
The Release process
31. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
The 7 phases and their order in the SDLC
Rating Scale for Process Maturity
Six steps of the Release Management process
Function Point Analysis
32. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Examples of Application Controls
Options for Risk Treatment
Sampling Risk
Annualized Loss Expectance (ALE)
33. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
Data Link Layer Standards
Cloud computing
OSI Layer 5: Session
34. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Annualized Loss Expectance (ALE)
Entire password for an encryption key
Variable Sampling
Change management
35. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Risk Management
Department Charters
An Integrated Audit
Formal waterfall
36. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Main types of Controls
Reduced sign-on
IT Services Financial Management
Audit logging
37. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Risk Management
ITIL definition of CHANGE MANAGEMENT
Confidence coefficient
objective and unbiased
38. Focuses on: post-event recovery and restoration of services
The availability of IT systems
Insourcing
Entire password for an encryption key
Disaster Recovery
39. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Entire password for an encryption key
The Business Process Life Cycle
Audit Methodologies
40. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Data Link Layer Standards
Separate administrative accounts
Wet pipe fire sprinkler system
Inform the auditee
41. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
TCP/IP Transport Layer packet delivery
Security Awareness program
(1.) Man-made (2.) Natural
42. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Balanced Scorecard
Rating Scale for Process Maturity
A Server Cluster
Documentation and interview personnel
43. IT Governance is most concerned with ________.
The two Categories of Controls
The Software Program Library
IT Strategy
To identify the tasks that are responsible for project delays
44. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Cloud computing
A Cold Site
Resource details
IT executives and the Board of Directors
45. The highest number of errors that can exist without a result being materially misstated.
Frameworks
Tolerable Error Rate
Capability Maturity Model Integration (CMMI)
Vulnerability in the organization's PBX
46. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
TCP/IP Link Layer
Compliance Testing
The appropriate role of an IS auditor in a control self-assessment
47. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Capability Maturity Model Integration (CMMI)
Types of sampling an auditor can perform.
Cloud computing
Release management
48. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Audit logging
The two Categories of Controls
List of systems examined
A Problem
49. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
The Business Process Life Cycle
Organizational culture and maturity
The BCP process
Vulnerability in the organization's PBX
50. Subjective sampling is used when the auditor wants to _________________________.
Service Level Management
The 5 types of Evidence that the auditor will collect during an audit.
Concentrate on samples known to represent high risk
ITIL definition of PROBLEM
