SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Service Level Management
Project change request
Main types of Controls
2. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Deming Cycle
Assess the maturity of its business processes
Detection Risk
Examples of Application Controls
3. The means by which management establishes and measures processes by which organizational objectives are achieved
Tolerable Error Rate
Controls
Control Risk
TCP/IP Link Layer
4. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Balanced Scorecard
The 4-item focus of a Balanced Scorecard
IT Service Management
5. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
The two Categories of Controls
Separate administrative accounts
Compliance Testing
6. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
OSI Layer 5: Session
Deming Cycle
Options for Risk Treatment
The Eight Types of Audits
7. Guide program execution through organization of resources and development of clear project objectives.
The 5 types of Evidence that the auditor will collect during an audit.
OSI Layer 7: Application
Project Management Strategies
Business Continuity
8. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
Service Level Management
Application Layer protocols
An IS audit
9. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Audit Methodologies
TCP/IP Internet Layer
Stratified Sampling
Segregation of duties issue in a high value process
10. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
OSI: Transport Layer
The best approach for identifying high risk areas for an audit
The Software Program Library
Background checks performed
11. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
The 7 phases and their order in the SDLC
Inform the auditee
Segregation of duties issue in a high value process
Prblem Management
12. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Examples of Application Controls
Business Realization
The Business Process Life Cycle
Organizational culture and maturity
13. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
Project change request
A Cold Site
IT Services Financial Management
14. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
Entire password for an encryption key
Personnel involved in the requirements phase of a software development project
Input validation checking
15. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
(1.) Man-made (2.) Natural
Documentation and interview personnel
Elements of the COBIT Framework
Tolerable Error Rate
16. The inventory of all in-scope business processes and systems
Business impact analysis
The first step in a business impact analysis
Notify the Audit Committee
OSI: Transport Layer
17. The sum of all samples divided by the number of samples.
The best approach for identifying high risk areas for an audit
A Sample Mean
Transport Layer Protocols
Function Point Analysis
18. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Statement of Impact
Split custody
less than 24 hours
19. (1.) Automatic (2.) Manual
Stay current with technology
The two Categories of Controls
PERT Diagram?
Assess the maturity of its business processes
20. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The Release process
Grid Computing
More difficult to perform
Audit Methodologies
21. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Sampling Risk
Notify the Audit Committee
Concentrate on samples known to represent high risk
22. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
The typical Configuration Items in Configuration Management
The availability of IT systems
Control Unit
23. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Hash
Prblem Management
Segregation of duties issue in a high value process
Configuration Management
24. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
less than 24 hours
Inherent Risk
Advantages of outsourcing
An Administrative
25. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Separate administrative accounts
Structural fires and transportation accidents
IT Service Management
Statement of Impact
26. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
objective and unbiased
The Steering Committee
Control Risk
Incident Management
27. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Control Unit
IT Service Management
Emergency Changes
Grid Computing
28. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Information systems access
Reduced sign-on
Service Level Management
29. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
An IS audit
less than 24 hours
The Software Program Library
Employees with excessive privileges
30. The memory locations in the CPU where arithmetic values are stored.
Registers
The appropriate role of an IS auditor in a control self-assessment
OSI Layer 6: Presentation
A Financial Audit
31. A maturity model that represents the aggregations of other maturity models.
Precision means
Controls
OSI Layer 5: Session
Capability Maturity Model Integration (CMMI)
32. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Frameworks
The typical Configuration Items in Configuration Management
ITIL definition of CHANGE MANAGEMENT
More difficult to perform
33. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
Expected Error Rate
A Compliance audit
Critical Path Methodology
34. The maximum period of downtime for a process or application
Overall audit risk
Split custody
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Recovery time objective
35. The highest number of errors that can exist without a result being materially misstated.
Vulnerability in the organization's PBX
OSI: Data Link Layer
Tolerable Error Rate
Structural fires and transportation accidents
36. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Types of sampling an auditor can perform.
(1.) Polices (2.) Procedures (3.) Standards
The first step in a business impact analysis
Examples of IT General Controls
37. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Sampling
Notify the Audit Committee
Split custody
Volumes of COSO framework
38. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Change management
An Integrated Audit
WAN Protocols
Transport Layer Protocols
39. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Six steps of the Release Management process
General Controls
Critical Path Methodology
40. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Business impact analysis
Criticality analysis
Audit logging
Application Layer protocols
41. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Primary security features of relational databases
Referential Integrity
To identify the tasks that are responsible for project delays
Lacks specific expertise or resources to conduct an internal audit
42. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Reduced sign-on
Substantive Testing (test of transaction integrity)
Control Unit
General Controls
43. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Elements of the COBIT Framework
Overall audit risk
The Eight Types of Audits
Judgmental sampling
44. An audit that combines an operational audit and a financial audit.
OSI Layer 5: Session
An Integrated Audit
Employee termination process
Split custody
45. PERT: shows the ______________ critical path.
Dimensions of the COSO cube
OSI Layer 5: Session
Current and most up-to-date
The 7 phases and their order in the SDLC
46. A representation of how closely a sample represents an entire population.
Input validation checking
The appropriate role of an IS auditor in a control self-assessment
(1.) Man-made (2.) Natural
Precision means
47. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Stratified Sampling
IT Service Management
Elements of the COSO pyramid
48. IT Governance is most concerned with ________.
Statistical Sampling
IT Strategy
Gantt Chart
CPU
49. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Database primary key
A Service Provider audit
PERT Diagram?
50. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Elements of the COBIT Framework
OSI: Physical Layer
Sample Standard Deviation
A gate process