SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
The two Categories of Controls
Categories of risk treatment
Frameworks
Control Risk
2. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Documentation and interview personnel
Examples of Application Controls
IT Service Management
3. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT standards are not being reviewed often enough
Attribute Sampling
IT executives and the Board of Directors
Split custody
4. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Judgmental sampling
Deming Cycle
The 5 types of Evidence that the auditor will collect during an audit.
Insourcing
5. Describes the effect on the business if a process is incapacitated for any appreciable time
Compliance Testing
Statement of Impact
ITIL definition of PROBLEM
IT Service Management
6. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Substantive Testing (test of transaction integrity)
Expected Error Rate
Registers
Antivirus software on the email servers
7. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Primary security features of relational databases
Substantive Testing (test of transaction integrity)
OSI: Physical Layer
Segregation of duties issue in a high value process
8. Defines internal controls and provides guidance for assessing and improving internal control systems.
Tolerable Error Rate
Advantages of outsourcing
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Inform the auditee
9. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Attribute Sampling
A gate process
Critical Path Methodology
Vulnerability in the organization's PBX
10. An alternate processing center that contains no information processing equipment.
Precision means
Overall audit risk
Database primary key
A Cold Site
11. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Background checks performed
Categories of risk treatment
Business Continuity
12. IT Service Management is defined in ___________________ framework.
Vulnerability in the organization's PBX
Split custody
ITIL - IT Infrastructure Library
Capability Maturity Model
13. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The Internet Layer in the TCP/IP model
Elements of the COBIT Framework
Emergency Changes
Variable Sampling
14. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Emergency Changes
IT Service Management
Options for Risk Treatment
15. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
less than 24 hours
Business Realization
To identify the tasks that are responsible for project delays
The Eight Types of Audits
16. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
Documentation and interview personnel
A Compliance audit
The first step in a business impact analysis
17. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Input validation checking
Grid Computing
OSI Layer 6: Presentation
18. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Examples of Application Controls
The Business Process Life Cycle
The Requirements
19. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
PERT Diagram?
The appropriate role of an IS auditor in a control self-assessment
Assess the maturity of its business processes
Sampling Risk
20. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Judgmental sampling
Stop-or-go Sampling
Overall audit risk
A Forensic Audit
21. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Cloud computing
Data Link Layer Standards
Incident Management
Attribute Sampling
22. (1.) Link (2.) Internet (3.) Transport (4.) Application
PERT Diagram?
Main types of Controls
TCP/IP Network Model
Primary security features of relational databases
23. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
IT Strategy
Capability Maturity Model Integration (CMMI)
Criticality analysis
Testing activities
24. To communication security policies - procedures - and other security-related information to an organization's employees.
Documentation and interview personnel
Security Awareness program
Advantages of outsourcing
Configuration Management
25. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
The availability of IT systems
Volumes of COSO framework
Sampling Risk
26. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
The Release process
Input validation checking
The Steering Committee
ITIL definition of PROBLEM
27. (1.) Automatic (2.) Manual
Service Continuity Management
A Sample Mean
The two Categories of Controls
BCP Plans
28. One of a database table's fields - whose value is unique.
OSI: Physical Layer
Database primary key
Inform the auditee
Volumes of COSO framework
29. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Substantive Testing (test of transaction integrity)
To identify the tasks that are responsible for project delays
Separate administrative accounts
Split custody
30. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
The typical Configuration Items in Configuration Management
objective and unbiased
Information security policy
A Service Provider audit
31. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
List of systems examined
Volumes of COSO framework
The Eight Types of Audits
The audit program
32. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Concentrate on samples known to represent high risk
The appropriate role of an IS auditor in a control self-assessment
Buffers
Substantive Testing (test of transaction integrity)
33. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
The Internet Layer in the TCP/IP model
Elements of the COSO pyramid
Prblem Management
An IS audit
34. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Buffers
Sampling Risk
(1.) Polices (2.) Procedures (3.) Standards
Dimensions of the COSO cube
35. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
A Problem
Types of sampling an auditor can perform.
Registers
36. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Hash
Dimensions of the COSO cube
Precision means
Sampling Risk
37. The means by which management establishes and measures processes by which organizational objectives are achieved
A Problem
Security Awareness program
Controls
Capability Maturity Model Integration (CMMI)
38. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Project change request
General Controls
Notify the Audit Committee
ITIL definition of CHANGE MANAGEMENT
39. (1.) General (2.) Application
Separate administrative accounts
The Release process
Main types of Controls
OSI: Network Layer
40. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Deming Cycle
Substantive Testing
WAN Protocols
Sampling Risk
41. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Elements of the COBIT Framework
Geographic location
Primary security features of relational databases
Balanced Scorecard
42. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Database primary key
A Service Provider audit
Gantt Chart
Criticality analysis
43. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Advantages of outsourcing
Business Continuity
Judgmental sampling
A gate process
44. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
IT Service Management
Assess the maturity of its business processes
Formal waterfall
Sampling
45. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
A Service Provider audit
The 4-item focus of a Balanced Scorecard
Control Risk
46. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
The 7 phases and their order in the SDLC
Separate administrative accounts
OSI: Transport Layer
Overall audit risk
47. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
A Virtual Server
TCP/IP Transport Layer packet delivery
The availability of IT systems
Balanced Scorecard
48. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
OSI Layer 7: Application
Stay current with technology
Entire password for an encryption key
ITIL - IT Infrastructure Library
49. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Documentation and interview personnel
Service Level Management
BCP Plans
A Service Provider audit
50. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Overall audit risk
TCP/IP Link Layer
Categories of risk treatment
To identify the tasks that are responsible for project delays