SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Elements of the COBIT Framework
Volumes of COSO framework
Department Charters
Geographic location
2. Contains programs that communicate directly with the end user.
A gate process
OSI Layer 7: Application
The audit program
Foreign Key
3. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
The 7 phases and their order in the SDLC
TCP/IP Transport Layer packet delivery
Elements of the COSO pyramid
The first step in a business impact analysis
4. (1.) Physical (2.) Technical (4.) Administrative
Detection Risk
WAN Protocols
Incident Management
Three Types of Controls
5. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
Deming Cycle
The Requirements
Compliance Testing
6. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Statistical Sampling
An IS audit
Examples of Application Controls
Project Management Strategies
7. (1.) TCP (2.) UDP
Notify the Audit Committee
Expected Error Rate
Detection Risk
Transport Layer Protocols
8. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
General Controls
Entire password for an encryption key
To identify the tasks that are responsible for project delays
Criticality analysis
9. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
IT Strategy
Application Layer protocols
Resource details
10. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
A Server Cluster
A Service Provider audit
A Virtual Server
11. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
(1.) Polices (2.) Procedures (3.) Standards
Assess the maturity of its business processes
The 7 phases and their order in the SDLC
12. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Variable Sampling
The Requirements
Project change request
Organizational culture and maturity
13. An audit of an IS department's operations and systems.
An IS audit
Examples of IT General Controls
Examples of Application Controls
BCP Plans
14. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Notify the Audit Committee
Sampling Risk
Release management
Wet pipe fire sprinkler system
15. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
BCP Plans
Elements of the COBIT Framework
Volumes of COSO framework
An IS audit
16. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Entire password for an encryption key
The Release process
Audit Methodologies
Input validation checking
17. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Employees with excessive privileges
The best approach for identifying high risk areas for an audit
Network Layer Protocols
Service Level Management
18. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Elements of the COSO pyramid
Expected Error Rate
Transport Layer Protocols
Business Realization
19. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
OSI: Network Layer
The 4-item focus of a Balanced Scorecard
Deming Cycle
TCP/IP Network Model
20. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
CPU
Documentation and interview personnel
TCP/IP Transport Layer
21. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Six steps of the Release Management process
The BCP process
Documentation and interview personnel
Advantages of outsourcing
22. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Entire password for an encryption key
The appropriate role of an IS auditor in a control self-assessment
OSI: Data Link Layer
Detection Risk
23. IT Governance is most concerned with ________.
IT Strategy
The typical Configuration Items in Configuration Management
Configuration Management
Foreign Key
24. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Deming Cycle
Options for Risk Treatment
Gantt Chart
The Steering Committee
25. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The Steering Committee
An IS audit
The BCP process
The first step in a business impact analysis
26. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Advantages of outsourcing
A gate process
Organizational culture and maturity
Service Continuity Management
27. Gantt: used to display ______________.
Resource details
A gate process
Types of sampling an auditor can perform.
Expected Error Rate
28. An audit that is performed in support of an anticipated or active legal proceeding.
Elements of the COBIT Framework
A Forensic Audit
A gate process
Formal waterfall
29. Support the functioning of the application controls
General Controls
Database primary key
Confidence coefficient
Hash
30. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
An Operational Audit
The Steering Committee
TCP/IP Transport Layer
The Business Process Life Cycle
31. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
Change management
Detection Risk
Security Awareness program
32. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Resource details
Emergency Changes
IT Strategy
Configuration Management
33. IT Service Management is defined in ___________________ framework.
Application Layer protocols
Insourcing
ITIL - IT Infrastructure Library
Notify the Audit Committee
34. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Documentation and interview personnel
Control Risk
An Operational Audit
Inform the auditee
35. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Capability Maturity Model Integration (CMMI)
An IS audit
Variable Sampling
OSI Layer 5: Session
36. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Balanced Scorecard
The two Categories of Controls
The Software Program Library
Sampling Risk
37. A collection of two or more servers that is designed to appear as a single server.
OSI Layer 7: Application
Frameworks
Server cluster
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
38. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
TCP/IP Link Layer
Vulnerability in the organization's PBX
Emergency Changes
Service Continuity Management
39. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Substantive Testing
Input validation checking
Hash
Sample Standard Deviation
40. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Sampling
OSI Layer 5: Session
The Requirements
41. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Variable Sampling
The Software Program Library
Disaster Recovery
42. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Elements of the COBIT Framework
Deming Cycle
The 5 types of Evidence that the auditor will collect during an audit.
Insourcing
43. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Documentation and interview personnel
An IS audit
The 5 types of Evidence that the auditor will collect during an audit.
44. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Information systems access
Controls
OSI: Network Layer
The Release process
45. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Server cluster
Judgmental sampling
A Server Cluster
Annualized Loss Expectance (ALE)
46. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
Examples of IT General Controls
Deming Cycle
Project change request
47. An alternate processing center that contains no information processing equipment.
Service Continuity Management
Categories of risk treatment
Deming Cycle
A Cold Site
48. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
TCP/IP Transport Layer packet delivery
Prblem Management
Split custody
Main types of Controls
49. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
BCP Plans
IT Service Management
Segregation of duties issue in a high value process
Notify the Audit Committee
50. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Capability Maturity Model
Inherent Risk
(1.) Man-made (2.) Natural
Documentation and interview personnel