SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Stratified Sampling
Transport Layer Protocols
Advantages of outsourcing
Information security policy
2. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Recovery time objective
Substantive Testing
Categories of risk treatment
Control Risk
3. (1.) Objectives (2.) Components (3.) Business Units / Areas
Business impact analysis
Dimensions of the COSO cube
Audit Methodologies
Formal waterfall
4. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
Business Continuity
Resource details
Elements of the COSO pyramid
5. One of a database table's fields - whose value is unique.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Transport Layer Protocols
Formal waterfall
Database primary key
6. The highest number of errors that can exist without a result being materially misstated.
A gate process
OSI: Physical Layer
Inherent Risk
Tolerable Error Rate
7. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Business Continuity
General Controls
OSI Layer 7: Application
Incident Management
8. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Rating Scale for Process Maturity
TCP/IP Transport Layer
Prblem Management
9. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
OSI Layer 6: Presentation
Data Link Layer Standards
TCP/IP Link Layer
Sampling Risk
10. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Notify the Audit Committee
TCP/IP Internet Layer
Rating Scale for Process Maturity
The 5 types of Evidence that the auditor will collect during an audit.
11. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
A Compliance audit
IT Strategy
Change management
Network Layer Protocols
12. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Recovery time objective
Data Link Layer Standards
The Steering Committee
TCP/IP Internet Layer
13. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
TCP/IP Internet Layer
IT standards are not being reviewed often enough
Security Awareness program
Blade Computer Architecture
14. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
ITIL definition of PROBLEM
Configuration Management
Types of sampling an auditor can perform.
15. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Business Realization
ITIL definition of CHANGE MANAGEMENT
Frameworks
(1.) Man-made (2.) Natural
16. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
A gate process
To identify the tasks that are responsible for project delays
The 5 types of Evidence that the auditor will collect during an audit.
17. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
The Software Program Library
The Business Process Life Cycle
Current and most up-to-date
18. Handle application processing
Application Controls
Project Management Strategies
objective and unbiased
Judgmental sampling
19. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
A Cold Site
The best approach for identifying high risk areas for an audit
Background checks performed
To identify the tasks that are responsible for project delays
20. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Organizational culture and maturity
IT Services Financial Management
Buffers
A Virtual Server
21. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Gantt Chart
BCP Plans
The Release process
Cloud computing
22. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
General Controls
Volumes of COSO framework
Sampling
Grid Computing
23. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Compliance Testing
The appropriate role of an IS auditor in a control self-assessment
A Virtual Server
A gate process
24. Delivery of packets from one station to another - on the same network or on different networks.
Capability Maturity Model Integration (CMMI)
The best approach for identifying high risk areas for an audit
The Internet Layer in the TCP/IP model
OSI: Data Link Layer
25. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Categories of risk treatment
Configuration Management
List of systems examined
26. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Release management
Project change request
The Steering Committee
27. Support the functioning of the application controls
General Controls
Reduced sign-on
Wet pipe fire sprinkler system
Change management
28. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
An Administrative
A Server Cluster
Application Layer protocols
Documentation and interview personnel
29. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Network Layer Protocols
Prblem Management
Concentrate on samples known to represent high risk
30. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
The typical Configuration Items in Configuration Management
Examples of IT General Controls
Business Realization
Department Charters
31. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
TCP/IP Internet Layer
The availability of IT systems
Incident Management
Examples of Application Controls
32. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Structural fires and transportation accidents
Types of sampling an auditor can perform.
Criticality analysis
33. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Risk Management
Concentrate on samples known to represent high risk
Server cluster
Sampling Risk
34. A sampling technique where at least one exception is sought in a population
The Business Process Life Cycle
A Forensic Audit
Information systems access
Discovery Sampling
35. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Emergency Changes
Options for Risk Treatment
Project Management Strategies
36. To measure organizational performance and effectiveness against strategic goals.
Notify the Audit Committee
Balanced Scorecard
IT Service Management
Statement of Impact
37. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Foreign Key
Audit logging
The audit program
More difficult to perform
38. (1.) Access controls (2.) Encryption (3.) Audit logging
The two Categories of Controls
Sampling
Primary security features of relational databases
Elements of the COSO pyramid
39. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
OSI: Network Layer
Precision means
TCP/IP Transport Layer packet delivery
The Software Program Library
40. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
A Cold Site
Sampling Risk
To identify the tasks that are responsible for project delays
Stratified Sampling
41. (1.) General (2.) Application
The BCP process
Structural fires and transportation accidents
Main types of Controls
The Software Program Library
42. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
The Eight Types of Audits
TCP/IP Network Model
Antivirus software on the email servers
Organizational culture and maturity
43. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
Tolerable Error Rate
Prblem Management
Application Layer protocols
44. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Configuration Management
ITIL definition of PROBLEM
Expected Error Rate
Structural fires and transportation accidents
45. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
BCP Plans
ITIL definition of PROBLEM
Main types of Controls
46. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Network Layer Protocols
An Administrative
Wet pipe fire sprinkler system
Separate administrative accounts
47. (1.) Physical (2.) Technical (4.) Administrative
Input validation checking
Three Types of Controls
Options for Risk Treatment
Statement of Impact
48. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
TCP/IP Link Layer
Application Controls
Statistical Sampling
Emergency Changes
49. Used to estimate the effort required to develop a software program.
Dimensions of the COSO cube
Reduced sign-on
Sampling Risk
Function Point Analysis
50. Used to measure the relative maturity of an organization and its processes.
Personnel involved in the requirements phase of a software development project
Sample Standard Deviation
Capability Maturity Model
Stratified Sampling