SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Compliance Testing
A Compliance audit
Service Level Management
OSI: Physical Layer
2. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Buffers
The typical Configuration Items in Configuration Management
Foreign Key
The availability of IT systems
3. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Substantive Testing
List of systems examined
The typical Configuration Items in Configuration Management
SDLC Phases
4. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Emergency Changes
BCP Plans
The 5 types of Evidence that the auditor will collect during an audit.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
5. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Control Risk
The Eight Types of Audits
Inform the auditee
Personnel involved in the requirements phase of a software development project
6. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Employee termination process
Inform the auditee
Geographic location
7. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
A Server Cluster
Control Risk
Network Layer Protocols
8. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Service Continuity Management
The typical Configuration Items in Configuration Management
Risk Management
9. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
A Sample Mean
Prblem Management
TCP/IP Network Model
Lacks specific expertise or resources to conduct an internal audit
10. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
TCP/IP Transport Layer packet delivery
Business Continuity
Examples of IT General Controls
Confidence coefficient
11. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Documentation and interview personnel
Capability Maturity Model Integration (CMMI)
Server cluster
12. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Volumes of COSO framework
The availability of IT systems
The first step in a business impact analysis
13. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Dimensions of the COSO cube
(1.) Polices (2.) Procedures (3.) Standards
Power system controls
Sampling
14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Types of sampling an auditor can perform.
Critical Path Methodology
Rating Scale for Process Maturity
OSI Layer 5: Session
15. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
The Business Process Life Cycle
Split custody
Structural fires and transportation accidents
Six steps of the Release Management process
16. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Application Controls
Stay current with technology
The 7 phases and their order in the SDLC
17. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI Layer 7: Application
Frameworks
OSI: Physical Layer
Information security policy
18. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Categories of risk treatment
Examples of IT General Controls
(1.) Polices (2.) Procedures (3.) Standards
Split custody
19. An audit that is performed in support of an anticipated or active legal proceeding.
Separate administrative accounts
Discovery Sampling
PERT Diagram?
A Forensic Audit
20. A sampling technique where at least one exception is sought in a population
The best approach for identifying high risk areas for an audit
Frameworks
Discovery Sampling
An Administrative
21. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
The typical Configuration Items in Configuration Management
Risk Management
The first step in a business impact analysis
22. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Examples of Application Controls
CPU
The best approach for identifying high risk areas for an audit
Database primary key
23. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Balanced Scorecard
Personnel involved in the requirements phase of a software development project
IT Service Management
Vulnerability in the organization's PBX
24. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Discovery Sampling
Substantive Testing (test of transaction integrity)
Precision means
Controls
25. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Confidence coefficient
Expected Error Rate
The best approach for identifying high risk areas for an audit
26. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Network Layer Protocols
Dimensions of the COSO cube
Six steps of the Release Management process
27. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Annualized Loss Expectance (ALE)
objective and unbiased
Function Point Analysis
28. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Separate administrative accounts
To identify the tasks that are responsible for project delays
Emergency Changes
Entire password for an encryption key
29. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
less than 24 hours
Stay current with technology
Business Realization
30. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Compliance Testing
The 7 phases and their order in the SDLC
Six steps of the Release Management process
Service Continuity Management
31. A representation of how closely a sample represents an entire population.
Structural fires and transportation accidents
Information security policy
Formal waterfall
Precision means
32. Framework for auditing and measuring IT Service Management Processes.
IT Strategy
objective and unbiased
PERT Diagram?
ISO 20000 Standard:
33. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
A Service Provider audit
Statistical Sampling
Employees with excessive privileges
Release management
34. (1.) Automatic (2.) Manual
An Administrative
Function Point Analysis
Sampling Risk
The two Categories of Controls
35. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Audit Methodologies
Compliance Testing
IT standards are not being reviewed often enough
36. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Overall audit risk
Main types of Controls
The 7 phases and their order in the SDLC
Risk Management
37. Focuses on: post-event recovery and restoration of services
The BCP process
Network Layer Protocols
Change management
Disaster Recovery
38. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
A Financial Audit
Stay current with technology
Overall audit risk
IT executives and the Board of Directors
39. ITIL term used to describe the SDLC.
IT standards are not being reviewed often enough
The appropriate role of an IS auditor in a control self-assessment
Release management
Precision means
40. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Substantive Testing
Business Continuity
The BCP process
Input validation checking
41. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Reduced sign-on
Split custody
SDLC Phases
The appropriate role of an IS auditor in a control self-assessment
42. An alternate processing center that contains no information processing equipment.
The appropriate role of an IS auditor in a control self-assessment
A Cold Site
Confidence coefficient
Gantt Chart
43. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
A Sample Mean
Confidence coefficient
Annualized Loss Expectance (ALE)
Capability Maturity Model
44. (1.) Objectives (2.) Components (3.) Business Units / Areas
The best approach for identifying high risk areas for an audit
Attribute Sampling
A Virtual Server
Dimensions of the COSO cube
45. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
OSI: Transport Layer
Power system controls
objective and unbiased
Risk Management
46. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Detection Risk
A Virtual Server
WAN Protocols
A gate process
47. (1.) General (2.) Application
TCP/IP Internet Layer
Sampling Risk
Reduced sign-on
Main types of Controls
48. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Power system controls
Rating Scale for Process Maturity
Geographic location
Gantt Chart
49. Defines internal controls and provides guidance for assessing and improving internal control systems.
A Service Provider audit
Overall audit risk
Sampling
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
50. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
OSI: Physical Layer
Project change request
More difficult to perform
Risk Management
