SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
A gate process
PERT Diagram?
Inform the auditee
Main types of Controls
2. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
The 5 types of Evidence that the auditor will collect during an audit.
Stay current with technology
Audit logging
A Cold Site
3. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
OSI: Transport Layer
TCP/IP Network Model
Organizational culture and maturity
4. Consists of two main packet transport protocols: TCP and UDP.
The 4-item focus of a Balanced Scorecard
Department Charters
A Server Cluster
TCP/IP Transport Layer
5. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Primary security features of relational databases
Overall audit risk
ITIL definition of PROBLEM
Structural fires and transportation accidents
6. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Judgmental sampling
Power system controls
Audit Methodologies
The typical Configuration Items in Configuration Management
7. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
less than 24 hours
The Software Program Library
A gate process
List of systems examined
8. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
(1.) Man-made (2.) Natural
Prblem Management
The 4-item focus of a Balanced Scorecard
The Steering Committee
9. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
TCP/IP Link Layer
SDLC Phases
The Steering Committee
10. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
The best approach for identifying high risk areas for an audit
The appropriate role of an IS auditor in a control self-assessment
Personnel involved in the requirements phase of a software development project
The first step in a business impact analysis
11. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
ISO 20000 Standard:
Personnel involved in the requirements phase of a software development project
A Cold Site
Variable Sampling
12. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
A Problem
Frameworks
Balanced Scorecard
Gantt Chart
13. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
OSI Layer 6: Presentation
Gantt Chart
Buffers
Expected Error Rate
14. An audit that is performed in support of an anticipated or active legal proceeding.
Capability Maturity Model
Concentrate on samples known to represent high risk
Emergency Changes
A Forensic Audit
15. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
The Steering Committee
CPU
Separate administrative accounts
OSI Layer 7: Application
16. An audit of operational efficiency.
Database primary key
Examples of Application Controls
An Administrative
Emergency Changes
17. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Emergency Changes
Application Layer protocols
Organizational culture and maturity
Six steps of the Release Management process
18. Describes the effect on the business if a process is incapacitated for any appreciable time
Database primary key
Sampling
Statistical Sampling
Statement of Impact
19. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Sample Standard Deviation
Six steps of the Release Management process
IT Service Management
20. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
The Internet Layer in the TCP/IP model
Balanced Scorecard
Incident Management
Input validation checking
21. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Project change request
Confidence coefficient
WAN Protocols
The 5 types of Evidence that the auditor will collect during an audit.
22. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Audit logging
Types of sampling an auditor can perform.
Criticality analysis
A Virtual Server
23. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Formal waterfall
Advantages of outsourcing
Network Layer Protocols
The 4-item focus of a Balanced Scorecard
24. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
The Release process
Gantt Chart
Testing activities
25. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
A Compliance audit
IT Strategy
Attribute Sampling
More difficult to perform
26. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
Vulnerability in the organization's PBX
Information systems access
Annualized Loss Expectance (ALE)
27. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Business Continuity
Grid Computing
Rating Scale for Process Maturity
List of systems examined
28. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
General Controls
The 7 phases and their order in the SDLC
Rating Scale for Process Maturity
29. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Notify the Audit Committee
Referential Integrity
Business impact analysis
General Controls
30. The highest number of errors that can exist without a result being materially misstated.
Background checks performed
Tolerable Error Rate
SDLC Phases
ISO 20000 Standard:
31. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Emergency Changes
Audit logging
Sample Standard Deviation
The BCP process
32. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
PERT Diagram?
Stop-or-go Sampling
A Forensic Audit
33. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Formal waterfall
The 4-item focus of a Balanced Scorecard
Volumes of COSO framework
Frameworks
34. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Entire password for an encryption key
Data Link Layer Standards
The Release process
35. An audit that combines an operational audit and a financial audit.
Business impact analysis
Structural fires and transportation accidents
Buffers
An Integrated Audit
36. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Sample Standard Deviation
OSI Layer 5: Session
Change management
The Requirements
37. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Concentrate on samples known to represent high risk
Sample Standard Deviation
Entire password for an encryption key
Sampling
38. The means by which management establishes and measures processes by which organizational objectives are achieved
To identify the tasks that are responsible for project delays
Testing activities
Controls
Confidence coefficient
39. Framework for auditing and measuring IT Service Management Processes.
The typical Configuration Items in Configuration Management
ISO 20000 Standard:
IT standards are not being reviewed often enough
Input validation checking
40. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
An Operational Audit
Stratified Sampling
More difficult to perform
Options for Risk Treatment
41. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
TCP/IP Link Layer
The BCP process
Risk Management
42. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
CPU
The Internet Layer in the TCP/IP model
Statistical Sampling
Application Layer protocols
43. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
An IS audit
Critical Path Methodology
A Virtual Server
IT standards are not being reviewed often enough
44. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
(1.) Polices (2.) Procedures (3.) Standards
OSI: Network Layer
The Eight Types of Audits
OSI: Data Link Layer
45. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
General Controls
Categories of risk treatment
(1.) Polices (2.) Procedures (3.) Standards
A Forensic Audit
46. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
The 4-item focus of a Balanced Scorecard
ISO 20000 Standard:
OSI: Data Link Layer
Employee termination process
47. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Compliance Testing
Sampling Risk
The 7 phases and their order in the SDLC
Reduced sign-on
48. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
IT Strategy
Assess the maturity of its business processes
Concentrate on samples known to represent high risk
A Problem
49. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Compliance Testing
Sample Standard Deviation
An Operational Audit
Configuration Management
50. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
Variable Sampling
Antivirus software on the email servers
Service Continuity Management