SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Automatic (2.) Manual
Function Point Analysis
The two Categories of Controls
Options for Risk Treatment
The Release process
2. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
The appropriate role of an IS auditor in a control self-assessment
A Problem
The 7 phases and their order in the SDLC
3. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The Requirements
The audit program
Variable Sampling
Registers
4. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Buffers
Controls
Security Awareness program
Confidence coefficient
5. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Categories of risk treatment
A Financial Audit
Risk Management
Vulnerability in the organization's PBX
6. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
objective and unbiased
Input validation checking
Control Risk
Deming Cycle
7. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Dimensions of the COSO cube
Stratified Sampling
Substantive Testing
Grid Computing
8. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Network Layer Protocols
General Controls
Advantages of outsourcing
The audit program
9. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Transport Layer Protocols
IT Service Management
Annualized Loss Expectance (ALE)
10. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Lacks specific expertise or resources to conduct an internal audit
Organizational culture and maturity
Information systems access
IT Service Management
11. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Judgmental sampling
Overall audit risk
Elements of the COSO pyramid
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
12. Used to estimate the effort required to develop a software program.
A Service Provider audit
Function Point Analysis
ITIL definition of CHANGE MANAGEMENT
Cloud computing
13. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Emergency Changes
OSI: Transport Layer
The appropriate role of an IS auditor in a control self-assessment
Sample Standard Deviation
14. Focuses on: post-event recovery and restoration of services
The Requirements
Disaster Recovery
Detection Risk
A Sample Mean
15. Used to measure the relative maturity of an organization and its processes.
Substantive Testing (test of transaction integrity)
Information systems access
A Cold Site
Capability Maturity Model
16. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
An IS audit
Organizational culture and maturity
The typical Configuration Items in Configuration Management
OSI Layer 5: Session
17. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Elements of the COSO pyramid
WAN Protocols
Grid Computing
Lacks specific expertise or resources to conduct an internal audit
18. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Criticality analysis
Critical Path Methodology
OSI Layer 5: Session
IT Service Management
19. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
A Financial Audit
Attribute Sampling
Elements of the COBIT Framework
20. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Sampling Risk
General Controls
Foreign Key
21. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
Dimensions of the COSO cube
Application Layer protocols
Examples of IT General Controls
22. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Antivirus software on the email servers
The 7 phases and their order in the SDLC
Background checks performed
TCP/IP Network Model
23. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Cold Site
Attribute Sampling
A Server Cluster
Inform the auditee
24. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Inherent Risk
Audit logging
OSI Layer 5: Session
Elements of the COSO pyramid
25. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
Sample Standard Deviation
Project Management Strategies
Hash
26. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
A Problem
TCP/IP Transport Layer packet delivery
An Administrative
27. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Background checks performed
Wet pipe fire sprinkler system
Concentrate on samples known to represent high risk
Formal waterfall
28. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Prblem Management
Lacks specific expertise or resources to conduct an internal audit
Examples of IT General Controls
Power system controls
29. The highest number of errors that can exist without a result being materially misstated.
TCP/IP Internet Layer
Tolerable Error Rate
Business Continuity
Application Controls
30. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Sampling Risk
OSI Layer 5: Session
The first step in a business impact analysis
Options for Risk Treatment
31. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Statistical Sampling
More difficult to perform
A Service Provider audit
List of systems examined
32. The means by which management establishes and measures processes by which organizational objectives are achieved
Inform the auditee
Controls
Cloud computing
The Steering Committee
33. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
TCP/IP Transport Layer packet delivery
The audit program
Capability Maturity Model Integration (CMMI)
Advantages of outsourcing
34. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
The Eight Types of Audits
OSI: Physical Layer
Options for Risk Treatment
35. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Structural fires and transportation accidents
(1.) Polices (2.) Procedures (3.) Standards
Buffers
36. Used to determine which business processes are the most critical - by ranking them in order of criticality
SDLC Phases
Criticality analysis
Substantive Testing (test of transaction integrity)
Examples of Application Controls
37. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Annualized Loss Expectance (ALE)
Sampling Risk
The 7 phases and their order in the SDLC
The Release process
38. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Annualized Loss Expectance (ALE)
Deming Cycle
IT Services Financial Management
The Steering Committee
39. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
Cloud computing
Input validation checking
OSI Layer 6: Presentation
40. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
The 5 types of Evidence that the auditor will collect during an audit.
TCP/IP Link Layer
A Server Cluster
Examples of IT General Controls
41. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Audit logging
The best approach for identifying high risk areas for an audit
Documentation and interview personnel
The Steering Committee
42. A representation of how closely a sample represents an entire population.
The 4-item focus of a Balanced Scorecard
Precision means
Criticality analysis
Stop-or-go Sampling
43. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Employees with excessive privileges
Service Continuity Management
Confidence coefficient
Stay current with technology
44. IT Governance is most concerned with ________.
Six steps of the Release Management process
Grid Computing
IT Strategy
IT Service Management
45. Lowest layer. Delivers messages (frames) from one station to another vial local network.
The appropriate role of an IS auditor in a control self-assessment
Application Layer protocols
A Service Provider audit
TCP/IP Link Layer
46. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
objective and unbiased
Variable Sampling
A Forensic Audit
Buffers
47. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
A Server Cluster
IT Services Financial Management
Network Layer Protocols
Sampling Risk
48. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
A Server Cluster
Three Types of Controls
The first step in a business impact analysis
Configuration Management
49. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The BCP process
The Requirements
Emergency Changes
Judgmental sampling
50. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Network Layer Protocols
A Virtual Server
Three Types of Controls
