SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Support the functioning of the application controls
Referential Integrity
General Controls
To identify the tasks that are responsible for project delays
Emergency Changes
2. To communication security policies - procedures - and other security-related information to an organization's employees.
Risk Management
TCP/IP Network Model
Security Awareness program
WAN Protocols
3. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Inherent Risk
Information systems access
Prblem Management
Service Continuity Management
4. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
An Administrative
A Service Provider audit
Split custody
Service Level Management
5. An audit of operational efficiency.
OSI Layer 7: Application
Audit Methodologies
Disaster Recovery
An Administrative
6. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Notify the Audit Committee
Tolerable Error Rate
Reduced sign-on
Sampling
7. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Inherent Risk
Information security policy
OSI: Physical Layer
Risk Management
8. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Overall audit risk
A Forensic Audit
Service Level Management
TCP/IP Internet Layer
9. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
A Financial Audit
Registers
OSI Layer 6: Presentation
10. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
An Operational Audit
More difficult to perform
The 7 phases and their order in the SDLC
Statistical Sampling
11. Used to determine which business processes are the most critical - by ranking them in order of criticality
Service Level Management
Inherent Risk
Variable Sampling
Criticality analysis
12. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The typical Configuration Items in Configuration Management
The best approach for identifying high risk areas for an audit
Risk Management
The 7 phases and their order in the SDLC
13. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
An IS audit
Expected Error Rate
Configuration Management
ITIL definition of CHANGE MANAGEMENT
14. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Three Types of Controls
TCP/IP Transport Layer packet delivery
The Release process
15. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
A Virtual Server
Deming Cycle
TCP/IP Network Model
Inform the auditee
16. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Formal waterfall
Dimensions of the COSO cube
TCP/IP Network Model
Categories of risk treatment
17. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Database primary key
Configuration Management
The first step in a business impact analysis
Input validation checking
18. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
Rating Scale for Process Maturity
TCP/IP Network Model
An Integrated Audit
19. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Stay current with technology
OSI: Physical Layer
A Service Provider audit
20. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Information systems access
Power system controls
Current and most up-to-date
21. Defines internal controls and provides guidance for assessing and improving internal control systems.
Sampling Risk
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Discovery Sampling
More difficult to perform
22. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Detection Risk
Examples of Application Controls
Testing activities
To identify the tasks that are responsible for project delays
23. The inventory of all in-scope business processes and systems
Critical Path Methodology
objective and unbiased
The first step in a business impact analysis
Entire password for an encryption key
24. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
ITIL - IT Infrastructure Library
Business impact analysis
ITIL definition of CHANGE MANAGEMENT
25. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Power system controls
CPU
OSI: Data Link Layer
Three Types of Controls
26. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Statistical Sampling
Types of sampling an auditor can perform.
Lacks specific expertise or resources to conduct an internal audit
Risk Management
27. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Capability Maturity Model Integration (CMMI)
Confidence coefficient
Foreign Key
Personnel involved in the requirements phase of a software development project
28. The risk that an IS auditor will overlook errors or exceptions during an audit.
Buffers
Separate administrative accounts
A Cold Site
Detection Risk
29. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Frameworks
Function Point Analysis
The BCP process
30. PERT: shows the ______________ critical path.
Sample Standard Deviation
The two Categories of Controls
Data Link Layer Standards
Current and most up-to-date
31. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
less than 24 hours
ITIL - IT Infrastructure Library
OSI: Physical Layer
32. An audit that is performed in support of an anticipated or active legal proceeding.
(1.) Polices (2.) Procedures (3.) Standards
A Forensic Audit
Judgmental sampling
Audit Methodologies
33. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
Precision means
Application Controls
Separate administrative accounts
34. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Inform the auditee
An IS audit
Power system controls
Employee termination process
35. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
CPU
Database primary key
Entire password for an encryption key
36. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Attribute Sampling
SDLC Phases
Formal waterfall
The BCP process
37. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Documentation and interview personnel
Six steps of the Release Management process
Data Link Layer Standards
Reduced sign-on
38. Gantt: used to display ______________.
The Steering Committee
Resource details
Volumes of COSO framework
Blade Computer Architecture
39. The maximum period of downtime for a process or application
The BCP process
Release management
Separate administrative accounts
Recovery time objective
40. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Sample Standard Deviation
ITIL - IT Infrastructure Library
Deming Cycle
WAN Protocols
41. The means by which management establishes and measures processes by which organizational objectives are achieved
A gate process
To identify the tasks that are responsible for project delays
Tolerable Error Rate
Controls
42. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Recovery time objective
Statistical Sampling
Stratified Sampling
The 5 types of Evidence that the auditor will collect during an audit.
43. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Audit Methodologies
Risk Management
The 4-item focus of a Balanced Scorecard
44. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Information systems access
Data Link Layer Standards
Business Continuity
Stay current with technology
45. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Formal waterfall
Control Risk
ITIL - IT Infrastructure Library
Insourcing
46. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Split custody
Overall audit risk
IT Strategy
OSI Layer 5: Session
47. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Service Continuity Management
Attribute Sampling
Judgmental sampling
Foreign Key
48. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Types of sampling an auditor can perform.
OSI Layer 7: Application
Cloud computing
49. IT Governance is most concerned with ________.
IT Strategy
A Financial Audit
Capability Maturity Model Integration (CMMI)
Segregation of duties issue in a high value process
50. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
Function Point Analysis
Wet pipe fire sprinkler system
The two Categories of Controls
