Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Elements of the COBIT Framework
Recovery time objective
Prblem Management
A Forensic Audit

2. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
IT Strategy
The Internet Layer in the TCP/IP model
Server cluster
Attribute Sampling

3. Consists of two main packet transport protocols: TCP and UDP.
Background checks performed
TCP/IP Transport Layer
Business Realization
ITIL definition of CHANGE MANAGEMENT

4. An audit of an IS department's operations and systems.
An IS audit
Resource details
Compliance Testing
Vulnerability in the organization's PBX

5. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
Separate administrative accounts
A Virtual Server
Categories of risk treatment

6. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Server cluster
OSI Layer 5: Session
Critical Path Methodology
The 4-item focus of a Balanced Scorecard

7. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Business Continuity
Emergency Changes
Business impact analysis

8. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Project change request
less than 24 hours
Assess the maturity of its business processes
OSI: Physical Layer

9. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Segregation of duties issue in a high value process
OSI Layer 6: Presentation
Incident Management

10. (1.) Automatic (2.) Manual
Application Controls
The two Categories of Controls
Organizational culture and maturity
OSI Layer 5: Session

11. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
OSI Layer 6: Presentation
IT executives and the Board of Directors
Documentation and interview personnel

12. (1.) Physical (2.) Technical (4.) Administrative
Six steps of the Release Management process
The audit program
A Forensic Audit
Three Types of Controls

13. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Options for Risk Treatment
Lacks specific expertise or resources to conduct an internal audit
An Integrated Audit
Judgmental sampling

14. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Emergency Changes
BCP Plans
(1.) Polices (2.) Procedures (3.) Standards
A Compliance audit

15. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Inform the auditee
Variable Sampling
Overall audit risk
Examples of Application Controls

16. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Control Risk
IT Services Financial Management
Segregation of duties issue in a high value process
Primary security features of relational databases

17. The main hardware component of a computer system - which executes instructions in computer programs.
Audit logging
CPU
Options for Risk Treatment
TCP/IP Internet Layer

18. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
To identify the tasks that are responsible for project delays
Documentation and interview personnel
OSI: Data Link Layer
Wet pipe fire sprinkler system

19. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Detection Risk
OSI Layer 7: Application
The BCP process
The Business Process Life Cycle

20. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Judgmental sampling
Sampling Risk
Resource details
Balanced Scorecard

21. The memory locations in the CPU where arithmetic values are stored.
An Integrated Audit
Registers
Service Level Management
Stratified Sampling

22. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Frameworks
Hash
IT Strategy
List of systems examined

23. An audit that combines an operational audit and a financial audit.
Transport Layer Protocols
The Steering Committee
An Integrated Audit
Confidence coefficient

24. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Annualized Loss Expectance (ALE)
(1.) Polices (2.) Procedures (3.) Standards
Balanced Scorecard
Sampling

25. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Risk Management
Formal waterfall
The Release process

26. What type of testing is performed to determine if control procedures have proper design and are operating properly?
ITIL definition of CHANGE MANAGEMENT
TCP/IP Network Model
A Sample Mean
Compliance Testing

27. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Entire password for an encryption key
Audit Methodologies
OSI Layer 7: Application

28. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Lacks specific expertise or resources to conduct an internal audit
Substantive Testing (test of transaction integrity)
The Business Process Life Cycle
Annualized Loss Expectance (ALE)

29. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Formal waterfall
A Financial Audit
Registers
Database primary key

30. Concerned with electrical and physical specifications for devices. No frames or packets involved.
ISO 20000 Standard:
Configuration Management
OSI: Physical Layer
The Internet Layer in the TCP/IP model

31. To communication security policies - procedures - and other security-related information to an organization's employees.
ITIL definition of PROBLEM
Security Awareness program
OSI: Network Layer
TCP/IP Internet Layer

32. PERT: shows the ______________ critical path.
Stop-or-go Sampling
Current and most up-to-date
Main types of Controls
Testing activities

33. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Deming Cycle
Overall audit risk
Statistical Sampling
ITIL definition of CHANGE MANAGEMENT

34. The highest number of errors that can exist without a result being materially misstated.
A Cold Site
Volumes of COSO framework
Tolerable Error Rate
The Steering Committee

35. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Separate administrative accounts
Three Types of Controls
Substantive Testing

36. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Hash
IT Strategy
Audit Methodologies
Employee termination process

37. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
IT Strategy
Documentation and interview personnel
Three Types of Controls
Information security policy

38. Used to measure the relative maturity of an organization and its processes.
Elements of the COSO pyramid
Entire password for an encryption key
Capability Maturity Model
A Virtual Server

39. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Examples of IT General Controls
Rating Scale for Process Maturity
ITIL definition of PROBLEM
Attribute Sampling

40. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Information security policy
OSI: Network Layer
Testing activities
Entire password for an encryption key

41. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Volumes of COSO framework
Network Layer Protocols
The two Categories of Controls

42. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
The Requirements
Business Realization
Organizational culture and maturity
Six steps of the Release Management process

43. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
More difficult to perform
Stop-or-go Sampling
An IS audit
A Cold Site

44. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
The BCP process
Antivirus software on the email servers
A Forensic Audit
Elements of the COBIT Framework

45. (1.) Access controls (2.) Encryption (3.) Audit logging
Recovery time objective
Primary security features of relational databases
OSI: Transport Layer
Department Charters

46. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Buffers
Control Risk
Dimensions of the COSO cube

47. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Split custody
Emergency Changes
Hash
Confidence coefficient

48. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Attribute Sampling
Application Layer protocols
Notify the Audit Committee
Balanced Scorecard

49. One of a database table's fields - whose value is unique.
Database primary key
OSI: Physical Layer
Substantive Testing
Advantages of outsourcing

50. IT Governance is most concerned with ________.
Blade Computer Architecture
Controls
objective and unbiased
IT Strategy