SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
A Financial Audit
Lacks specific expertise or resources to conduct an internal audit
Annualized Loss Expectance (ALE)
2. An audit that combines an operational audit and a financial audit.
TCP/IP Network Model
Sample Standard Deviation
An Integrated Audit
Gantt Chart
3. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Judgmental sampling
Emergency Changes
IT executives and the Board of Directors
4. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Emergency Changes
Network Layer Protocols
An Administrative
Referential Integrity
5. To communication security policies - procedures - and other security-related information to an organization's employees.
Segregation of duties issue in a high value process
Security Awareness program
Documentation and interview personnel
A Sample Mean
6. Used to determine which business processes are the most critical - by ranking them in order of criticality
A Virtual Server
The Eight Types of Audits
Criticality analysis
To identify the tasks that are responsible for project delays
7. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Current and most up-to-date
Expected Error Rate
Risk Management
8. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
OSI: Transport Layer
Statistical Sampling
Attribute Sampling
Segregation of duties issue in a high value process
9. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Entire password for an encryption key
Business Continuity
Assess the maturity of its business processes
The 5 types of Evidence that the auditor will collect during an audit.
10. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
WAN Protocols
The availability of IT systems
Six steps of the Release Management process
11. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
ITIL definition of CHANGE MANAGEMENT
Confidence coefficient
Volumes of COSO framework
OSI: Physical Layer
12. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
TCP/IP Network Model
Referential Integrity
Application Layer protocols
IT standards are not being reviewed often enough
13. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
less than 24 hours
Precision means
Six steps of the Release Management process
Organizational culture and maturity
14. Guide program execution through organization of resources and development of clear project objectives.
The Steering Committee
TCP/IP Internet Layer
Discovery Sampling
Project Management Strategies
15. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
Sampling Risk
Wet pipe fire sprinkler system
A Sample Mean
16. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Employee termination process
The Steering Committee
The 7 phases and their order in the SDLC
Database primary key
17. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Change management
The Business Process Life Cycle
Examples of Application Controls
18. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Assess the maturity of its business processes
Function Point Analysis
The Business Process Life Cycle
Confidence coefficient
19. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Sampling Risk
IT standards are not being reviewed often enough
Department Charters
Lacks specific expertise or resources to conduct an internal audit
20. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Critical Path Methodology
Concentrate on samples known to represent high risk
A Financial Audit
Employees with excessive privileges
21. One of a database table's fields - whose value is unique.
Background checks performed
Business Realization
Database primary key
Buffers
22. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Business Realization
Risk Management
ITIL - IT Infrastructure Library
The Business Process Life Cycle
23. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
The typical Configuration Items in Configuration Management
Separate administrative accounts
Project Management Strategies
24. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Assess the maturity of its business processes
The availability of IT systems
IT standards are not being reviewed often enough
Blade Computer Architecture
25. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Change management
Inform the auditee
A Financial Audit
Personnel involved in the requirements phase of a software development project
26. (1.) Access controls (2.) Encryption (3.) Audit logging
Audit Methodologies
SDLC Phases
Antivirus software on the email servers
Primary security features of relational databases
27. A maturity model that represents the aggregations of other maturity models.
Current and most up-to-date
Three Types of Controls
Capability Maturity Model Integration (CMMI)
A Virtual Server
28. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Lacks specific expertise or resources to conduct an internal audit
Documentation and interview personnel
WAN Protocols
Power system controls
29. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Recovery time objective
Network Layer Protocols
OSI Layer 5: Session
Background checks performed
30. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Network Layer Protocols
The Release process
An Operational Audit
General Controls
31. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Emergency Changes
Department Charters
Geographic location
Information systems access
32. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Primary security features of relational databases
Project Management Strategies
IT executives and the Board of Directors
33. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Critical Path Methodology
Buffers
Gantt Chart
Configuration Management
34. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Control Risk
Balanced Scorecard
Dimensions of the COSO cube
35. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
An Integrated Audit
Examples of IT General Controls
Stratified Sampling
IT executives and the Board of Directors
36. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
More difficult to perform
Background checks performed
Overall audit risk
37. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Wet pipe fire sprinkler system
The availability of IT systems
A gate process
IT Service Management
38. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Inherent Risk
Sampling Risk
Substantive Testing (test of transaction integrity)
39. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Buffers
Change management
Configuration Management
40. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Resource details
Notify the Audit Committee
Sampling
Security Awareness program
41. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Assess the maturity of its business processes
Frameworks
Substantive Testing
Inherent Risk
42. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Capability Maturity Model Integration (CMMI)
A Virtual Server
(1.) Polices (2.) Procedures (3.) Standards
Service Continuity Management
43. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Sampling Risk
A Sample Mean
BCP Plans
Current and most up-to-date
44. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
IT Service Management
Annualized Loss Expectance (ALE)
A Virtual Server
45. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Substantive Testing
Examples of Application Controls
Antivirus software on the email servers
ITIL definition of CHANGE MANAGEMENT
46. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Compliance Testing
Antivirus software on the email servers
Cloud computing
Configuration Management
47. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Personnel involved in the requirements phase of a software development project
A Service Provider audit
Incident Management
48. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
CPU
Confidence coefficient
Grid Computing
49. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
A Sample Mean
OSI: Data Link Layer
The 4-item focus of a Balanced Scorecard
Incident Management
50. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
Network Layer Protocols
A Problem
Sampling
