SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit that is performed in support of an anticipated or active legal proceeding.
The audit program
Tolerable Error Rate
A Forensic Audit
A Sample Mean
2. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Release management
Confidence coefficient
The audit program
Elements of the COSO pyramid
3. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Employees with excessive privileges
Notify the Audit Committee
IT standards are not being reviewed often enough
Six steps of the Release Management process
4. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Capability Maturity Model
Testing activities
Confidence coefficient
Emergency Changes
5. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Critical Path Methodology
(1.) Polices (2.) Procedures (3.) Standards
Inherent Risk
OSI: Transport Layer
6. IT Service Management is defined in ___________________ framework.
Sampling
Current and most up-to-date
The 4-item focus of a Balanced Scorecard
ITIL - IT Infrastructure Library
7. Defines internal controls and provides guidance for assessing and improving internal control systems.
PERT Diagram?
OSI Layer 5: Session
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
General Controls
8. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Stay current with technology
Insourcing
A Forensic Audit
Hash
9. A collection of two or more servers that is designed to appear as a single server.
Registers
Antivirus software on the email servers
Server cluster
Sampling Risk
10. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
TCP/IP Transport Layer packet delivery
A Problem
Disaster Recovery
Inherent Risk
11. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Substantive Testing (test of transaction integrity)
Judgmental sampling
Detection Risk
The Software Program Library
12. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Variable Sampling
Resource details
Testing activities
TCP/IP Transport Layer packet delivery
13. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
Balanced Scorecard
Documentation and interview personnel
IT executives and the Board of Directors
14. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
The 7 phases and their order in the SDLC
The 4-item focus of a Balanced Scorecard
BCP Plans
Resource details
15. An alternate processing center that contains no information processing equipment.
Buffers
Confidence coefficient
Advantages of outsourcing
A Cold Site
16. The main hardware component of a computer system - which executes instructions in computer programs.
Critical Path Methodology
Statistical Sampling
OSI: Data Link Layer
CPU
17. One of a database table's fields - whose value is unique.
Discovery Sampling
Inherent Risk
Database primary key
Service Continuity Management
18. The means by which management establishes and measures processes by which organizational objectives are achieved
Security Awareness program
Current and most up-to-date
Controls
Application Controls
19. To communication security policies - procedures - and other security-related information to an organization's employees.
Statement of Impact
List of systems examined
Security Awareness program
Network Layer Protocols
20. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Sampling Risk
Annualized Loss Expectance (ALE)
(1.) Polices (2.) Procedures (3.) Standards
Notify the Audit Committee
21. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Sampling Risk
Variable Sampling
Criticality analysis
Project Management Strategies
22. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Prblem Management
ITIL definition of CHANGE MANAGEMENT
OSI: Data Link Layer
Project change request
23. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Department Charters
An Operational Audit
PERT Diagram?
OSI: Network Layer
24. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
The 7 phases and their order in the SDLC
IT standards are not being reviewed often enough
ITIL - IT Infrastructure Library
Primary security features of relational databases
25. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
A Cold Site
A Service Provider audit
ITIL definition of CHANGE MANAGEMENT
Security Awareness program
26. The inventory of all in-scope business processes and systems
ITIL definition of CHANGE MANAGEMENT
OSI Layer 7: Application
Segregation of duties issue in a high value process
The first step in a business impact analysis
27. ITIL term used to describe the SDLC.
Stratified Sampling
IT Services Financial Management
Release management
Rating Scale for Process Maturity
28. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Expected Error Rate
IT executives and the Board of Directors
Antivirus software on the email servers
29. An audit of operational efficiency.
Service Level Management
ISO 20000 Standard:
An Administrative
Capability Maturity Model
30. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Grid Computing
Segregation of duties issue in a high value process
An Integrated Audit
Inform the auditee
31. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Structural fires and transportation accidents
The 4-item focus of a Balanced Scorecard
Frameworks
Stay current with technology
32. (1.) Link (2.) Internet (3.) Transport (4.) Application
OSI Layer 6: Presentation
Dimensions of the COSO cube
An IS audit
TCP/IP Network Model
33. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
IT Service Management
Sampling Risk
Compliance Testing
34. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Audit Methodologies
Service Continuity Management
Function Point Analysis
Emergency Changes
35. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Substantive Testing
Wet pipe fire sprinkler system
Variable Sampling
Sample Standard Deviation
36. Guide program execution through organization of resources and development of clear project objectives.
The Steering Committee
The 7 phases and their order in the SDLC
Documentation and interview personnel
Project Management Strategies
37. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
CPU
Change management
Stratified Sampling
Sampling Risk
38. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The 5 types of Evidence that the auditor will collect during an audit.
Release management
To identify the tasks that are responsible for project delays
Sample Standard Deviation
39. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Critical Path Methodology
Control Risk
Substantive Testing
General Controls
40. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Sampling Risk
A gate process
Incident Management
41. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
Security Awareness program
Insourcing
Overall audit risk
42. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Application Layer protocols
Insourcing
Stratified Sampling
Sampling Risk
43. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
less than 24 hours
Hash
Transport Layer Protocols
The Steering Committee
44. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Separate administrative accounts
Volumes of COSO framework
PERT Diagram?
The Software Program Library
45. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
An IS audit
A Forensic Audit
Change management
OSI Layer 5: Session
46. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
The BCP process
Notify the Audit Committee
ITIL definition of PROBLEM
Business impact analysis
47. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
A Compliance audit
Audit Methodologies
Emergency Changes
Sampling
48. Delivery of packets from one station to another - on the same network or on different networks.
Information systems access
The Internet Layer in the TCP/IP model
Stop-or-go Sampling
Substantive Testing (test of transaction integrity)
49. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Incident Management
Statistical Sampling
SDLC Phases
Lacks specific expertise or resources to conduct an internal audit
50. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
A Server Cluster
WAN Protocols
(1.) Man-made (2.) Natural
Capability Maturity Model Integration (CMMI)
