SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Notify the Audit Committee
Elements of the COSO pyramid
Information systems access
IT Service Management
2. The means by which management establishes and measures processes by which organizational objectives are achieved
Gantt Chart
Substantive Testing
Controls
Statement of Impact
3. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Segregation of duties issue in a high value process
Detection Risk
The Software Program Library
4. (1.) Objectives (2.) Components (3.) Business Units / Areas
An Operational Audit
Antivirus software on the email servers
IT Service Management
Dimensions of the COSO cube
5. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
TCP/IP Network Model
Service Level Management
Hash
Reduced sign-on
6. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Service Level Management
Deming Cycle
Sampling Risk
7. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Statistical Sampling
Application Controls
Confidence coefficient
8. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Insourcing
ITIL definition of CHANGE MANAGEMENT
The Eight Types of Audits
Primary security features of relational databases
9. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Geographic location
Segregation of duties issue in a high value process
Data Link Layer Standards
Precision means
10. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Testing activities
Cloud computing
Criticality analysis
Audit logging
11. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Business impact analysis
Input validation checking
Department Charters
Tolerable Error Rate
12. IT Service Management is defined in ___________________ framework.
Inherent Risk
Referential Integrity
ITIL - IT Infrastructure Library
Antivirus software on the email servers
13. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
PERT Diagram?
Configuration Management
Resource details
Annualized Loss Expectance (ALE)
14. The highest number of errors that can exist without a result being materially misstated.
The availability of IT systems
List of systems examined
IT Service Management
Tolerable Error Rate
15. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
OSI: Physical Layer
Risk Management
Concentrate on samples known to represent high risk
Project change request
16. An audit of operational efficiency.
Employees with excessive privileges
Three Types of Controls
An Administrative
Information systems access
17. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
Employees with excessive privileges
Segregation of duties issue in a high value process
A gate process
18. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Confidence coefficient
The first step in a business impact analysis
less than 24 hours
WAN Protocols
19. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Criticality analysis
IT executives and the Board of Directors
Statistical Sampling
Input validation checking
20. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Department Charters
Elements of the COBIT Framework
BCP Plans
An IS audit
21. The maximum period of downtime for a process or application
TCP/IP Internet Layer
Recovery time objective
WAN Protocols
An IS audit
22. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
ITIL definition of CHANGE MANAGEMENT
The 4-item focus of a Balanced Scorecard
CPU
objective and unbiased
23. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
ITIL definition of CHANGE MANAGEMENT
TCP/IP Transport Layer packet delivery
Expected Error Rate
Overall audit risk
24. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The typical Configuration Items in Configuration Management
Types of sampling an auditor can perform.
Employees with excessive privileges
To identify the tasks that are responsible for project delays
25. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
SDLC Phases
Formal waterfall
A Problem
Disaster Recovery
26. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Employees with excessive privileges
Inherent Risk
The two Categories of Controls
27. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Statement of Impact
An Operational Audit
Structural fires and transportation accidents
The appropriate role of an IS auditor in a control self-assessment
28. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Recovery time objective
Information systems access
An Administrative
Three Types of Controls
29. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Types of sampling an auditor can perform.
Examples of Application Controls
Stratified Sampling
BCP Plans
30. Gantt: used to display ______________.
Capability Maturity Model Integration (CMMI)
Resource details
Function Point Analysis
Elements of the COBIT Framework
31. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Options for Risk Treatment
More difficult to perform
Registers
32. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
The Eight Types of Audits
Controls
The audit program
Blade Computer Architecture
33. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
The Requirements
List of systems examined
Sampling
OSI Layer 5: Session
34. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Stratified Sampling
Variable Sampling
More difficult to perform
35. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Substantive Testing (test of transaction integrity)
Employee termination process
Server cluster
Three Types of Controls
36. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Database primary key
The Release process
A Compliance audit
More difficult to perform
37. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
The Release process
More difficult to perform
Resource details
38. An audit that is performed in support of an anticipated or active legal proceeding.
(1.) Polices (2.) Procedures (3.) Standards
A Forensic Audit
Reduced sign-on
Six steps of the Release Management process
39. Guide program execution through organization of resources and development of clear project objectives.
OSI: Network Layer
TCP/IP Transport Layer packet delivery
Attribute Sampling
Project Management Strategies
40. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Sample Standard Deviation
Transport Layer Protocols
Assess the maturity of its business processes
41. An audit of a third-party organization that provides services to other organizations.
Criticality analysis
Statistical Sampling
A Service Provider audit
The typical Configuration Items in Configuration Management
42. Disasters are generally grouped in terms of type: ______________.
Registers
(1.) Man-made (2.) Natural
ITIL definition of CHANGE MANAGEMENT
Entire password for an encryption key
43. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
less than 24 hours
Business Continuity
Recovery time objective
Inherent Risk
44. An alternate processing center that contains no information processing equipment.
Assess the maturity of its business processes
A Cold Site
The Internet Layer in the TCP/IP model
Application Controls
45. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
TCP/IP Internet Layer
ISO 20000 Standard:
IT executives and the Board of Directors
List of systems examined
46. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Organizational culture and maturity
The Software Program Library
Power system controls
Service Level Management
47. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Testing activities
Input validation checking
Options for Risk Treatment
WAN Protocols
48. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Examples of IT General Controls
Concentrate on samples known to represent high risk
Input validation checking
Wet pipe fire sprinkler system
49. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Registers
Critical Path Methodology
Resource details
Buffers
50. Framework for auditing and measuring IT Service Management Processes.
The 4-item focus of a Balanced Scorecard
ISO 20000 Standard:
Variable Sampling
Wet pipe fire sprinkler system