SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
IT Strategy
Business impact analysis
Audit Methodologies
Sampling Risk
2. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Business Continuity
A Cold Site
Gantt Chart
Change management
3. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
less than 24 hours
Three Types of Controls
An Administrative
4. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
Change management
Judgmental sampling
Three Types of Controls
5. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Stay current with technology
Types of sampling an auditor can perform.
Reduced sign-on
Elements of the COSO pyramid
6. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
(1.) Man-made (2.) Natural
Service Level Management
Prblem Management
7. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Service Level Management
The audit program
Disaster Recovery
A Forensic Audit
8. 1.) Executive Support (2.) Well-defined roles and responsibilities.
A Sample Mean
Information security policy
CPU
Network Layer Protocols
9. (1.) General (2.) Application
Rating Scale for Process Maturity
The two Categories of Controls
Main types of Controls
Documentation and interview personnel
10. Concerned with electrical and physical specifications for devices. No frames or packets involved.
IT Strategy
Organizational culture and maturity
Recovery time objective
OSI: Physical Layer
11. The first major task in a disaster recovery or business continuity planning project.
The appropriate role of an IS auditor in a control self-assessment
Notify the Audit Committee
Business impact analysis
OSI Layer 6: Presentation
12. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
The availability of IT systems
Project change request
Elements of the COSO pyramid
Personnel involved in the requirements phase of a software development project
13. An audit of an IS department's operations and systems.
less than 24 hours
Elements of the COSO pyramid
An IS audit
WAN Protocols
14. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
A Financial Audit
OSI: Network Layer
ITIL definition of CHANGE MANAGEMENT
15. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
A Sample Mean
The 4-item focus of a Balanced Scorecard
IT Strategy
Compliance Testing
16. An audit of a third-party organization that provides services to other organizations.
ITIL definition of CHANGE MANAGEMENT
A Service Provider audit
Types of sampling an auditor can perform.
OSI Layer 6: Presentation
17. To communication security policies - procedures - and other security-related information to an organization's employees.
OSI Layer 7: Application
Security Awareness program
An Integrated Audit
ITIL definition of CHANGE MANAGEMENT
18. Framework for auditing and measuring IT Service Management Processes.
Separate administrative accounts
Wet pipe fire sprinkler system
ISO 20000 Standard:
More difficult to perform
19. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The 5 types of Evidence that the auditor will collect during an audit.
Vulnerability in the organization's PBX
The Requirements
The BCP process
20. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Inform the auditee
A Financial Audit
Change management
Deming Cycle
21. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Capability Maturity Model
Background checks performed
Sampling
Sample Standard Deviation
22. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Transport Layer Protocols
Application Controls
Risk Management
23. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Tolerable Error Rate
A Compliance audit
ITIL definition of CHANGE MANAGEMENT
24. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Criticality analysis
Elements of the COBIT Framework
Transport Layer Protocols
Stratified Sampling
25. One of a database table's fields - whose value is unique.
The audit program
Statement of Impact
Dimensions of the COSO cube
Database primary key
26. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Resource details
Balanced Scorecard
SDLC Phases
Transport Layer Protocols
27. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
ITIL definition of PROBLEM
(1.) Polices (2.) Procedures (3.) Standards
An Integrated Audit
28. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Concentrate on samples known to represent high risk
Service Level Management
Frameworks
Input validation checking
29. An alternate processing center that contains no information processing equipment.
A Cold Site
Sampling Risk
OSI Layer 6: Presentation
More difficult to perform
30. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
PERT Diagram?
Application Layer protocols
Judgmental sampling
Main types of Controls
31. Defines internal controls and provides guidance for assessing and improving internal control systems.
The 7 phases and their order in the SDLC
Categories of risk treatment
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
List of systems examined
32. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Attribute Sampling
IT Service Management
(1.) Man-made (2.) Natural
Formal waterfall
33. (1.) TCP (2.) UDP
The typical Configuration Items in Configuration Management
Judgmental sampling
Input validation checking
Transport Layer Protocols
34. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
IT executives and the Board of Directors
Risk Management
ITIL - IT Infrastructure Library
objective and unbiased
35. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Blade Computer Architecture
Inform the auditee
Substantive Testing
SDLC Phases
36. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Main types of Controls
Project Management Strategies
Sampling
Employees with excessive privileges
37. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Hash
Reduced sign-on
Organizational culture and maturity
Annualized Loss Expectance (ALE)
38. A sampling technique where at least one exception is sought in a population
Discovery Sampling
CPU
Main types of Controls
SDLC Phases
39. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Dimensions of the COSO cube
Service Continuity Management
Employee termination process
Background checks performed
40. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Vulnerability in the organization's PBX
Entire password for an encryption key
Expected Error Rate
Attribute Sampling
41. IT Governance is most concerned with ________.
Controls
Categories of risk treatment
IT Strategy
Detection Risk
42. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
OSI: Network Layer
Structural fires and transportation accidents
Attribute Sampling
The appropriate role of an IS auditor in a control self-assessment
43. A representation of how closely a sample represents an entire population.
objective and unbiased
A Problem
Precision means
Audit logging
44. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Business Realization
A gate process
Attribute Sampling
OSI Layer 6: Presentation
45. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Stay current with technology
Balanced Scorecard
Sample Standard Deviation
46. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Configuration Management
More difficult to perform
An IS audit
Assess the maturity of its business processes
47. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Audit Methodologies
Stratified Sampling
OSI: Physical Layer
Judgmental sampling
48. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Grid Computing
Expected Error Rate
Cloud computing
A Compliance audit
49. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
The 5 types of Evidence that the auditor will collect during an audit.
Employee termination process
An Operational Audit
objective and unbiased
50. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
List of systems examined
Emergency Changes
Recovery time objective