SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Physical (2.) Technical (4.) Administrative
The best approach for identifying high risk areas for an audit
Three Types of Controls
An Integrated Audit
A Service Provider audit
2. The first major task in a disaster recovery or business continuity planning project.
The 5 types of Evidence that the auditor will collect during an audit.
General Controls
Business impact analysis
Wet pipe fire sprinkler system
3. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
(1.) Polices (2.) Procedures (3.) Standards
Elements of the COBIT Framework
Wet pipe fire sprinkler system
OSI: Network Layer
4. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
A Virtual Server
(1.) Polices (2.) Procedures (3.) Standards
Control Risk
5. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Input validation checking
Attribute Sampling
The Eight Types of Audits
6. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
The Software Program Library
Prblem Management
Antivirus software on the email servers
Overall audit risk
7. A representation of how closely a sample represents an entire population.
The availability of IT systems
Precision means
Frameworks
Testing activities
8. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The Internet Layer in the TCP/IP model
A Compliance audit
Information security policy
The typical Configuration Items in Configuration Management
9. A collection of two or more servers that is designed to appear as a single server.
Server cluster
OSI: Physical Layer
Recovery time objective
Foreign Key
10. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 5 types of Evidence that the auditor will collect during an audit.
Reduced sign-on
Stay current with technology
The 4-item focus of a Balanced Scorecard
11. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Split custody
Notify the Audit Committee
The appropriate role of an IS auditor in a control self-assessment
IT Service Management
12. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
A Financial Audit
The availability of IT systems
A Forensic Audit
The best approach for identifying high risk areas for an audit
13. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
TCP/IP Internet Layer
An Administrative
Referential Integrity
Emergency Changes
14. PERT: shows the ______________ critical path.
The Internet Layer in the TCP/IP model
Configuration Management
WAN Protocols
Current and most up-to-date
15. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Disaster Recovery
Dimensions of the COSO cube
Advantages of outsourcing
An IS audit
16. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Background checks performed
IT standards are not being reviewed often enough
The Internet Layer in the TCP/IP model
Project change request
17. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
The typical Configuration Items in Configuration Management
Stop-or-go Sampling
A Cold Site
Inform the auditee
18. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Stratified Sampling
A Virtual Server
Sampling
Background checks performed
19. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
objective and unbiased
Current and most up-to-date
Personnel involved in the requirements phase of a software development project
20. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Antivirus software on the email servers
Criticality analysis
Service Continuity Management
Database primary key
21. Focuses on: post-event recovery and restoration of services
Entire password for an encryption key
Disaster Recovery
The Requirements
Advantages of outsourcing
22. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Disaster Recovery
TCP/IP Transport Layer packet delivery
Resource details
Types of sampling an auditor can perform.
23. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Change management
IT Services Financial Management
Reduced sign-on
Database primary key
24. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
An Administrative
ITIL definition of CHANGE MANAGEMENT
Statement of Impact
Stay current with technology
25. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Notify the Audit Committee
Sample Standard Deviation
Capability Maturity Model
26. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The typical Configuration Items in Configuration Management
The 4-item focus of a Balanced Scorecard
Sampling Risk
The 5 types of Evidence that the auditor will collect during an audit.
27. An audit that is performed in support of an anticipated or active legal proceeding.
Buffers
A Forensic Audit
Concentrate on samples known to represent high risk
Change management
28. Used to determine which business processes are the most critical - by ranking them in order of criticality
Elements of the COBIT Framework
Criticality analysis
Testing activities
Input validation checking
29. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Stay current with technology
Rating Scale for Process Maturity
(1.) Polices (2.) Procedures (3.) Standards
30. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Release management
An IS audit
OSI: Data Link Layer
Control Unit
31. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Change management
SDLC Phases
Inherent Risk
32. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
OSI: Transport Layer
Business Realization
Controls
A Forensic Audit
33. (1.) Link (2.) Internet (3.) Transport (4.) Application
Transport Layer Protocols
Expected Error Rate
TCP/IP Network Model
A Forensic Audit
34. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
A Server Cluster
Employees with excessive privileges
Recovery time objective
The best approach for identifying high risk areas for an audit
35. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Referential Integrity
The Business Process Life Cycle
Incident Management
Disaster Recovery
36. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Input validation checking
Application Layer protocols
TCP/IP Internet Layer
A Compliance audit
37. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Antivirus software on the email servers
Statistical Sampling
Dimensions of the COSO cube
Confidence coefficient
38. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Primary security features of relational databases
Server cluster
Resource details
Prblem Management
39. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
OSI: Data Link Layer
Database primary key
Information systems access
Sampling
40. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Function Point Analysis
Server cluster
ITIL definition of PROBLEM
Compliance Testing
41. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
TCP/IP Transport Layer packet delivery
Deming Cycle
The two Categories of Controls
Attribute Sampling
42. One of a database table's fields - whose value is unique.
Rating Scale for Process Maturity
Database primary key
Control Risk
Advantages of outsourcing
43. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Precision means
Categories of risk treatment
less than 24 hours
Control Risk
44. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Employee termination process
Geographic location
Application Layer protocols
Critical Path Methodology
45. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Notify the Audit Committee
TCP/IP Transport Layer
A Problem
OSI: Network Layer
46. Support the functioning of the application controls
General Controls
Rating Scale for Process Maturity
Wet pipe fire sprinkler system
The Eight Types of Audits
47. Framework for auditing and measuring IT Service Management Processes.
OSI: Transport Layer
Structural fires and transportation accidents
ISO 20000 Standard:
Variable Sampling
48. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Release management
Critical Path Methodology
TCP/IP Transport Layer
Grid Computing
49. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
ITIL definition of CHANGE MANAGEMENT
Configuration Management
Six steps of the Release Management process
Vulnerability in the organization's PBX
50. The highest number of errors that can exist without a result being materially misstated.
Capability Maturity Model
Assess the maturity of its business processes
Tolerable Error Rate
The 4-item focus of a Balanced Scorecard
