SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
TCP/IP Internet Layer
Formal waterfall
A Server Cluster
Advantages of outsourcing
2. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
ISO 20000 Standard:
Entire password for an encryption key
Rating Scale for Process Maturity
Six steps of the Release Management process
3. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Security Awareness program
IT Service Management
Control Unit
BCP Plans
4. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
TCP/IP Transport Layer
Blade Computer Architecture
Control Risk
Incident Management
5. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Annualized Loss Expectance (ALE)
ITIL definition of CHANGE MANAGEMENT
Hash
Elements of the COBIT Framework
6. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Expected Error Rate
Prblem Management
Structural fires and transportation accidents
7. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Stratified Sampling
Sampling Risk
TCP/IP Transport Layer packet delivery
An IS audit
8. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Elements of the COBIT Framework
Geographic location
Background checks performed
Substantive Testing (test of transaction integrity)
9. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Stop-or-go Sampling
Rating Scale for Process Maturity
Configuration Management
Sampling Risk
10. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Control Risk
Substantive Testing
Entire password for an encryption key
The Eight Types of Audits
11. The first major task in a disaster recovery or business continuity planning project.
Input validation checking
The Release process
Business impact analysis
The audit program
12. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Types of sampling an auditor can perform.
Deming Cycle
Six steps of the Release Management process
Antivirus software on the email servers
13. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
OSI: Transport Layer
OSI Layer 5: Session
Change management
A Service Provider audit
14. An audit that combines an operational audit and a financial audit.
Types of sampling an auditor can perform.
An Integrated Audit
Inform the auditee
Security Awareness program
15. The inventory of all in-scope business processes and systems
Statistical Sampling
The first step in a business impact analysis
Split custody
Types of sampling an auditor can perform.
16. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Segregation of duties issue in a high value process
TCP/IP Internet Layer
(1.) Polices (2.) Procedures (3.) Standards
The Steering Committee
17. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Compliance Testing
Incident Management
Stratified Sampling
Application Controls
18. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Database primary key
Notify the Audit Committee
Power system controls
Stratified Sampling
19. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Capability Maturity Model Integration (CMMI)
Control Risk
TCP/IP Transport Layer
20. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
The 5 types of Evidence that the auditor will collect during an audit.
Security Awareness program
Critical Path Methodology
21. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Examples of IT General Controls
Split custody
Background checks performed
Application Controls
22. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
A Financial Audit
Audit Methodologies
(1.) Man-made (2.) Natural
23. ITIL term used to describe the SDLC.
Database primary key
TCP/IP Transport Layer
IT executives and the Board of Directors
Release management
24. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Stratified Sampling
Background checks performed
The Business Process Life Cycle
List of systems examined
25. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Personnel involved in the requirements phase of a software development project
SDLC Phases
An Administrative
26. PERT: shows the ______________ critical path.
Application Controls
Documentation and interview personnel
Current and most up-to-date
Overall audit risk
27. To communication security policies - procedures - and other security-related information to an organization's employees.
Judgmental sampling
Foreign Key
Discovery Sampling
Security Awareness program
28. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Application Layer protocols
Information systems access
Referential Integrity
ISO 20000 Standard:
29. The sum of all samples divided by the number of samples.
Variable Sampling
Sampling Risk
A Sample Mean
Substantive Testing (test of transaction integrity)
30. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
IT Service Management
An IS audit
Variable Sampling
31. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Three Types of Controls
Substantive Testing
A Financial Audit
Department Charters
32. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Stop-or-go Sampling
Critical Path Methodology
Elements of the COBIT Framework
33. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Project Management Strategies
Dimensions of the COSO cube
Overall audit risk
Attribute Sampling
34. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
OSI: Transport Layer
Power system controls
An Integrated Audit
WAN Protocols
35. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
ISO 20000 Standard:
Compliance Testing
Background checks performed
36. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
Attribute Sampling
Discovery Sampling
Tolerable Error Rate
37. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
OSI Layer 5: Session
Structural fires and transportation accidents
OSI: Transport Layer
Substantive Testing
38. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Segregation of duties issue in a high value process
The Requirements
Annualized Loss Expectance (ALE)
Geographic location
39. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Segregation of duties issue in a high value process
Risk Management
The Software Program Library
More difficult to perform
40. Focuses on: post-event recovery and restoration of services
Six steps of the Release Management process
IT Services Financial Management
Disaster Recovery
Sampling
41. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Annualized Loss Expectance (ALE)
Wet pipe fire sprinkler system
Notify the Audit Committee
Volumes of COSO framework
42. Used to estimate the effort required to develop a software program.
An Operational Audit
Insourcing
Judgmental sampling
Function Point Analysis
43. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
Lacks specific expertise or resources to conduct an internal audit
OSI: Transport Layer
Stop-or-go Sampling
44. Collections of Controls that work together to achieve an entire range of an organization's objectives.
OSI: Data Link Layer
Configuration Management
Frameworks
ISO 20000 Standard:
45. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Types of sampling an auditor can perform.
Insourcing
(1.) Polices (2.) Procedures (3.) Standards
An Operational Audit
46. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Sample Standard Deviation
Options for Risk Treatment
Wet pipe fire sprinkler system
Lacks specific expertise or resources to conduct an internal audit
47. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Service Continuity Management
The first step in a business impact analysis
Primary security features of relational databases
Separate administrative accounts
48. Handle application processing
Vulnerability in the organization's PBX
Application Controls
Control Risk
Registers
49. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Statistical Sampling
IT Strategy
TCP/IP Internet Layer
Gantt Chart
50. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Resource details
Foreign Key
Elements of the COBIT Framework
Cloud computing