Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The maximum period of downtime for a process or application
TCP/IP Transport Layer packet delivery
Capability Maturity Model Integration (CMMI)
Recovery time objective
Separate administrative accounts

2. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
TCP/IP Transport Layer packet delivery
Critical Path Methodology
Criticality analysis
OSI Layer 5: Session

3. The highest number of errors that can exist without a result being materially misstated.
IT Strategy
Notify the Audit Committee
Gantt Chart
Tolerable Error Rate

4. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
TCP/IP Network Model
Registers
The Steering Committee

5. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Stay current with technology
A gate process
IT executives and the Board of Directors
A Compliance audit

6. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
OSI: Data Link Layer
Sampling
The first step in a business impact analysis

7. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Assess the maturity of its business processes
Power system controls
An IS audit
Advantages of outsourcing

8. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Elements of the COBIT Framework
Tolerable Error Rate
Substantive Testing (test of transaction integrity)
BCP Plans

9. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Elements of the COSO pyramid
Notify the Audit Committee
Deming Cycle
Cloud computing

10. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Tolerable Error Rate
Gantt Chart
Options for Risk Treatment
Concentrate on samples known to represent high risk

11. One of a database table's fields - whose value is unique.
Department Charters
Database primary key
Configuration Management
Controls

12. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Sampling Risk
Discovery Sampling
Testing activities
Configuration Management

13. IT Service Management is defined in ___________________ framework.
Stay current with technology
Control Unit
ITIL - IT Infrastructure Library
Business Realization

14. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Sampling
Assess the maturity of its business processes
The 7 phases and their order in the SDLC
Sampling Risk

15. Used to estimate the effort required to develop a software program.
OSI: Data Link Layer
Primary security features of relational databases
Function Point Analysis
Statement of Impact

16. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
An Integrated Audit
Rating Scale for Process Maturity
TCP/IP Internet Layer
Sampling

17. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Precision means
Formal waterfall
Criticality analysis

18. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Advantages of outsourcing
A gate process
Foreign Key
OSI: Data Link Layer

19. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Buffers
A Financial Audit
The typical Configuration Items in Configuration Management

20. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Organizational culture and maturity
OSI Layer 6: Presentation
IT executives and the Board of Directors

21. Guide program execution through organization of resources and development of clear project objectives.
The appropriate role of an IS auditor in a control self-assessment
A Virtual Server
Project Management Strategies
An Administrative

22. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
SDLC Phases
Attribute Sampling
Rating Scale for Process Maturity

23. Disasters are generally grouped in terms of type: ______________.
An Integrated Audit
(1.) Man-made (2.) Natural
Registers
Entire password for an encryption key

24. (1.) Link (2.) Internet (3.) Transport (4.) Application
Database primary key
Sampling
The first step in a business impact analysis
TCP/IP Network Model

25. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
A Problem
Notify the Audit Committee
Grid Computing
Incident Management

26. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
TCP/IP Transport Layer
Concentrate on samples known to represent high risk
The Software Program Library
Transport Layer Protocols

27. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Deming Cycle
IT Service Management
The Release process
Change management

28. ITIL term used to describe the SDLC.
Release management
Configuration Management
Foreign Key
IT standards are not being reviewed often enough

29. (1.) Automatic (2.) Manual
IT Services Financial Management
The two Categories of Controls
TCP/IP Link Layer
Separate administrative accounts

30. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Sampling Risk
Prblem Management
Assess the maturity of its business processes
Stratified Sampling

31. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
An Administrative
Statement of Impact
Inform the auditee
Entire password for an encryption key

32. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
A Virtual Server
Statistical Sampling
Stop-or-go Sampling
Segregation of duties issue in a high value process

33. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Database primary key
Control Unit
Business Continuity
Lacks specific expertise or resources to conduct an internal audit

34. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Audit logging
Geographic location
objective and unbiased
Sampling Risk

35. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Project change request
OSI: Data Link Layer
An Operational Audit
Entire password for an encryption key

36. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
OSI: Data Link Layer
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Application Controls
Hash

37. The sum of all samples divided by the number of samples.
Lacks specific expertise or resources to conduct an internal audit
A Sample Mean
IT executives and the Board of Directors
Insourcing

38. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Vulnerability in the organization's PBX
Business Continuity
Categories of risk treatment
Hash

39. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
A gate process
Incident Management
Sampling
Sampling Risk

40. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
An Integrated Audit
To identify the tasks that are responsible for project delays
Employees with excessive privileges
Prblem Management

41. An audit of an IS department's operations and systems.
Risk Management
objective and unbiased
An IS audit
Capability Maturity Model

42. An audit that combines an operational audit and a financial audit.
Application Controls
Capability Maturity Model Integration (CMMI)
An Integrated Audit
The Steering Committee

43. Gantt: used to display ______________.
Resource details
Employee termination process
Referential Integrity
IT Service Management

44. An alternate processing center that contains no information processing equipment.
IT standards are not being reviewed often enough
Separate administrative accounts
A Cold Site
Emergency Changes

45. Used to translate or transform data from lower layers into formats that the application layer can work with.
A Service Provider audit
Options for Risk Treatment
Service Level Management
OSI Layer 6: Presentation

46. Contains programs that communicate directly with the end user.
Testing activities
OSI Layer 7: Application
Variable Sampling
Application Controls

47. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Project change request
Six steps of the Release Management process
The appropriate role of an IS auditor in a control self-assessment
Information systems access

48. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
A gate process
TCP/IP Internet Layer
Critical Path Methodology

49. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Documentation and interview personnel
Advantages of outsourcing
Sampling
Server cluster

50. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Primary security features of relational databases
Sampling
Sampling Risk
Detection Risk