SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
The 7 phases and their order in the SDLC
Attribute Sampling
The Release process
2. The risk that an IS auditor will overlook errors or exceptions during an audit.
Function Point Analysis
Blade Computer Architecture
OSI Layer 6: Presentation
Detection Risk
3. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Sample Standard Deviation
Critical Path Methodology
OSI: Physical Layer
Frameworks
4. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Stop-or-go Sampling
An IS audit
Personnel involved in the requirements phase of a software development project
5. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Notify the Audit Committee
Sampling
Inherent Risk
List of systems examined
6. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
The typical Configuration Items in Configuration Management
An Operational Audit
The Internet Layer in the TCP/IP model
7. (1.) Objectives (2.) Components (3.) Business Units / Areas
Critical Path Methodology
Split custody
Statement of Impact
Dimensions of the COSO cube
8. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Control Unit
Judgmental sampling
Advantages of outsourcing
Annualized Loss Expectance (ALE)
9. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
IT Services Financial Management
(1.) Polices (2.) Procedures (3.) Standards
Capability Maturity Model Integration (CMMI)
An IS audit
10. An audit that combines an operational audit and a financial audit.
IT Services Financial Management
Expected Error Rate
An Integrated Audit
Dimensions of the COSO cube
11. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Options for Risk Treatment
Business impact analysis
Sampling
12. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Buffers
Application Controls
TCP/IP Transport Layer packet delivery
Structural fires and transportation accidents
13. Defines internal controls and provides guidance for assessing and improving internal control systems.
TCP/IP Link Layer
Application Controls
Frameworks
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
14. An audit of an IS department's operations and systems.
IT Services Financial Management
OSI Layer 6: Presentation
Options for Risk Treatment
An IS audit
15. Guide program execution through organization of resources and development of clear project objectives.
BCP Plans
PERT Diagram?
Project Management Strategies
Entire password for an encryption key
16. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
BCP Plans
ITIL definition of PROBLEM
List of systems examined
Control Unit
17. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
The two Categories of Controls
Function Point Analysis
Sampling
18. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
TCP/IP Network Model
Control Unit
Main types of Controls
Risk Management
19. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
A Compliance audit
(1.) Man-made (2.) Natural
IT executives and the Board of Directors
The typical Configuration Items in Configuration Management
20. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Risk Management
Compliance Testing
Service Level Management
(1.) Man-made (2.) Natural
21. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
The 7 phases and their order in the SDLC
Power system controls
The 5 types of Evidence that the auditor will collect during an audit.
Application Controls
22. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Precision means
Capability Maturity Model Integration (CMMI)
Formal waterfall
Sampling Risk
23. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Assess the maturity of its business processes
Three Types of Controls
The typical Configuration Items in Configuration Management
24. PERT: shows the ______________ critical path.
PERT Diagram?
Criticality analysis
Current and most up-to-date
Statistical Sampling
25. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Audit logging
Notify the Audit Committee
The BCP process
Information security policy
26. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Insourcing
Compliance Testing
OSI: Data Link Layer
The first step in a business impact analysis
27. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Sampling
Overall audit risk
Lacks specific expertise or resources to conduct an internal audit
28. A sampling technique where at least one exception is sought in a population
Application Layer protocols
Change management
Elements of the COSO pyramid
Discovery Sampling
29. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
More difficult to perform
Application Controls
Statement of Impact
30. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Background checks performed
TCP/IP Link Layer
Frameworks
Audit Methodologies
31. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Disaster Recovery
A Problem
Split custody
Stay current with technology
32. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Reduced sign-on
Hash
Data Link Layer Standards
33. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Business impact analysis
Examples of Application Controls
Entire password for an encryption key
TCP/IP Transport Layer
34. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
A Service Provider audit
The best approach for identifying high risk areas for an audit
Function Point Analysis
35. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
An Integrated Audit
CPU
The audit program
36. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Deming Cycle
Documentation and interview personnel
Insourcing
Information systems access
37. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
The 5 types of Evidence that the auditor will collect during an audit.
Employees with excessive privileges
Substantive Testing
Annualized Loss Expectance (ALE)
38. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Detection Risk
Examples of IT General Controls
Employees with excessive privileges
OSI: Network Layer
39. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
A Problem
Audit logging
Recovery time objective
40. The means by which management establishes and measures processes by which organizational objectives are achieved
Audit logging
Controls
(1.) Man-made (2.) Natural
Business impact analysis
41. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Compliance Testing
Hash
Sampling Risk
42. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
The appropriate role of an IS auditor in a control self-assessment
Controls
Deming Cycle
SDLC Phases
43. One of a database table's fields - whose value is unique.
Business Continuity
Database primary key
Project Management Strategies
Stratified Sampling
44. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Six steps of the Release Management process
Detection Risk
Function Point Analysis
Volumes of COSO framework
45. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
A Compliance audit
BCP Plans
The Requirements
OSI: Transport Layer
46. (1.) Automatic (2.) Manual
The two Categories of Controls
Split custody
Service Level Management
Precision means
47. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Disaster Recovery
TCP/IP Link Layer
Release management
OSI Layer 5: Session
48. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Stay current with technology
Separate administrative accounts
Inherent Risk
OSI Layer 6: Presentation
49. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
OSI: Data Link Layer
Server cluster
Prblem Management
Rating Scale for Process Maturity
50. An audit of operational efficiency.
Notify the Audit Committee
The BCP process
Emergency Changes
An Administrative