SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Discovery Sampling
The BCP process
Blade Computer Architecture
Sampling Risk
2. A sampling technique where at least one exception is sought in a population
The 4-item focus of a Balanced Scorecard
Attribute Sampling
Discovery Sampling
IT Strategy
3. To measure organizational performance and effectiveness against strategic goals.
Application Layer protocols
A Sample Mean
Balanced Scorecard
The 5 types of Evidence that the auditor will collect during an audit.
4. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Vulnerability in the organization's PBX
Elements of the COBIT Framework
Six steps of the Release Management process
5. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Documentation and interview personnel
Power system controls
The Requirements
The Steering Committee
6. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Balanced Scorecard
Control Unit
Organizational culture and maturity
Sample Standard Deviation
7. An audit that combines an operational audit and a financial audit.
An Integrated Audit
Variable Sampling
A Problem
Categories of risk treatment
8. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Emergency Changes
Data Link Layer Standards
Buffers
Overall audit risk
9. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
The two Categories of Controls
Separate administrative accounts
Current and most up-to-date
10. PERT: shows the ______________ critical path.
Stratified Sampling
Current and most up-to-date
BCP Plans
Information systems access
11. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
An Operational Audit
Change management
Inform the auditee
Audit Methodologies
12. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
A Virtual Server
Service Continuity Management
Business impact analysis
Risk Management
13. An audit that is performed in support of an anticipated or active legal proceeding.
Service Continuity Management
Controls
The BCP process
A Forensic Audit
14. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Problem
A Virtual Server
Database primary key
Assess the maturity of its business processes
15. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
TCP/IP Transport Layer
Sampling Risk
A Service Provider audit
Examples of IT General Controls
16. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Expected Error Rate
Overall audit risk
Options for Risk Treatment
17. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
A Virtual Server
IT executives and the Board of Directors
An Integrated Audit
18. The maximum period of downtime for a process or application
Recovery time objective
The Requirements
Substantive Testing (test of transaction integrity)
IT executives and the Board of Directors
19. One of a database table's fields - whose value is unique.
The 5 types of Evidence that the auditor will collect during an audit.
Emergency Changes
OSI: Network Layer
Database primary key
20. The risk that an IS auditor will overlook errors or exceptions during an audit.
The typical Configuration Items in Configuration Management
Segregation of duties issue in a high value process
Detection Risk
Stratified Sampling
21. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Service Level Management
Formal waterfall
Expected Error Rate
General Controls
22. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Statistical Sampling
Audit logging
Substantive Testing (test of transaction integrity)
Frameworks
23. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Stratified Sampling
ITIL definition of CHANGE MANAGEMENT
Application Controls
The typical Configuration Items in Configuration Management
24. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Project Management Strategies
Overall audit risk
Criticality analysis
OSI Layer 6: Presentation
25. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
A Server Cluster
The Eight Types of Audits
Business Continuity
Sampling Risk
26. The first major task in a disaster recovery or business continuity planning project.
OSI: Physical Layer
Volumes of COSO framework
Business impact analysis
Security Awareness program
27. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Documentation and interview personnel
Information systems access
Stratified Sampling
Expected Error Rate
28. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
CPU
Cloud computing
Personnel involved in the requirements phase of a software development project
29. An alternate processing center that contains no information processing equipment.
A Virtual Server
Options for Risk Treatment
A Cold Site
Entire password for an encryption key
30. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Transport Layer Protocols
Business Continuity
Information security policy
31. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Segregation of duties issue in a high value process
ITIL - IT Infrastructure Library
IT standards are not being reviewed often enough
32. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Network Layer Protocols
Control Risk
Inherent Risk
33. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Input validation checking
The Business Process Life Cycle
Service Continuity Management
objective and unbiased
34. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
A Service Provider audit
OSI: Data Link Layer
Substantive Testing
35. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Audit logging
Types of sampling an auditor can perform.
IT Service Management
Buffers
36. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Information systems access
IT Services Financial Management
The two Categories of Controls
Structural fires and transportation accidents
37. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Types of sampling an auditor can perform.
Assess the maturity of its business processes
Substantive Testing (test of transaction integrity)
Tolerable Error Rate
38. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Segregation of duties issue in a high value process
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
More difficult to perform
WAN Protocols
39. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Documentation and interview personnel
Advantages of outsourcing
Power system controls
40. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
Compliance Testing
Options for Risk Treatment
Buffers
41. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
An IS audit
Network Layer Protocols
The 7 phases and their order in the SDLC
SDLC Phases
42. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Types of sampling an auditor can perform.
Sample Standard Deviation
Change management
43. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
OSI Layer 7: Application
Formal waterfall
Database primary key
44. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Annualized Loss Expectance (ALE)
Referential Integrity
A Virtual Server
Risk Management
45. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Service Level Management
Service Continuity Management
Six steps of the Release Management process
Elements of the COSO pyramid
46. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
The Eight Types of Audits
ISO 20000 Standard:
Documentation and interview personnel
47. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
OSI Layer 6: Presentation
Capability Maturity Model
Categories of risk treatment
Incident Management
48. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Documentation and interview personnel
The Software Program Library
Release management
Stay current with technology
49. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Criticality analysis
Separate administrative accounts
Input validation checking
The Software Program Library
50. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Transport Layer Protocols
Server cluster
Inform the auditee
COSO (Committee of Sponsoring Organizations of the Treadway Commission)