SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Three Types of Controls
The two Categories of Controls
Elements of the COBIT Framework
SDLC Phases
2. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Hash
Employee termination process
Registers
Critical Path Methodology
3. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Gantt Chart
Configuration Management
Expected Error Rate
Critical Path Methodology
4. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Transport Layer Protocols
Employees with excessive privileges
Substantive Testing (test of transaction integrity)
TCP/IP Transport Layer packet delivery
5. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
(1.) Polices (2.) Procedures (3.) Standards
OSI: Physical Layer
Elements of the COSO pyramid
6. 1.) Executive Support (2.) Well-defined roles and responsibilities.
The availability of IT systems
Information security policy
To identify the tasks that are responsible for project delays
Power system controls
7. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Service Level Management
More difficult to perform
Buffers
Insourcing
8. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
A Service Provider audit
Elements of the COSO pyramid
Stop-or-go Sampling
Audit logging
9. The inventory of all in-scope business processes and systems
Annualized Loss Expectance (ALE)
The first step in a business impact analysis
The appropriate role of an IS auditor in a control self-assessment
Attribute Sampling
10. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The Software Program Library
The best approach for identifying high risk areas for an audit
BCP Plans
Grid Computing
11. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Input validation checking
Blade Computer Architecture
An Operational Audit
Separate administrative accounts
12. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
A Forensic Audit
Judgmental sampling
Primary security features of relational databases
The Software Program Library
13. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
An Administrative
Assess the maturity of its business processes
Blade Computer Architecture
14. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Sample Standard Deviation
Reduced sign-on
OSI: Network Layer
Gantt Chart
15. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
The Internet Layer in the TCP/IP model
Insourcing
The first step in a business impact analysis
Categories of risk treatment
16. The means by which management establishes and measures processes by which organizational objectives are achieved
Database primary key
Six steps of the Release Management process
Controls
Input validation checking
17. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
A gate process
Variable Sampling
Controls
Incident Management
18. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Registers
IT Service Management
Information systems access
The typical Configuration Items in Configuration Management
19. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Control Unit
PERT Diagram?
TCP/IP Transport Layer packet delivery
20. A collection of two or more servers that is designed to appear as a single server.
ITIL - IT Infrastructure Library
The Internet Layer in the TCP/IP model
A Sample Mean
Server cluster
21. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
An Integrated Audit
less than 24 hours
Deming Cycle
Application Controls
22. An audit that is performed in support of an anticipated or active legal proceeding.
Power system controls
A Forensic Audit
Function Point Analysis
OSI: Physical Layer
23. Used to estimate the effort required to develop a software program.
Criticality analysis
Types of sampling an auditor can perform.
Function Point Analysis
Categories of risk treatment
24. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
The typical Configuration Items in Configuration Management
Recovery time objective
Entire password for an encryption key
Separate administrative accounts
25. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
26. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Testing activities
Substantive Testing
Resource details
27. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Cloud computing
IT executives and the Board of Directors
Gantt Chart
28. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
OSI: Transport Layer
Statistical Sampling
A Forensic Audit
Types of sampling an auditor can perform.
29. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
OSI: Network Layer
List of systems examined
ISO 20000 Standard:
Segregation of duties issue in a high value process
30. Defines internal controls and provides guidance for assessing and improving internal control systems.
ISO 20000 Standard:
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Eight Types of Audits
objective and unbiased
31. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Dimensions of the COSO cube
A Financial Audit
Service Continuity Management
32. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
PERT Diagram?
Examples of IT General Controls
Inform the auditee
Gantt Chart
33. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Judgmental sampling
Function Point Analysis
The appropriate role of an IS auditor in a control self-assessment
34. Handle application processing
Application Controls
OSI Layer 7: Application
The Release process
Inform the auditee
35. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
A Problem
A Server Cluster
(1.) Man-made (2.) Natural
Cloud computing
36. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
List of systems examined
Function Point Analysis
Split custody
OSI: Data Link Layer
37. Subjective sampling is used when the auditor wants to _________________________.
TCP/IP Transport Layer packet delivery
Concentrate on samples known to represent high risk
Business Continuity
Documentation and interview personnel
38. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
WAN Protocols
Documentation and interview personnel
An Integrated Audit
39. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Lacks specific expertise or resources to conduct an internal audit
Elements of the COSO pyramid
Application Layer protocols
Information systems access
40. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Employees with excessive privileges
Concentrate on samples known to represent high risk
A Compliance audit
41. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Statistical Sampling
Testing activities
Inform the auditee
Elements of the COBIT Framework
42. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
Inform the auditee
Main types of Controls
ISO 20000 Standard:
43. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Discovery Sampling
Emergency Changes
The availability of IT systems
Concentrate on samples known to represent high risk
44. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Detection Risk
Inherent Risk
Statistical Sampling
Geographic location
45. ITIL term used to describe the SDLC.
Frameworks
Audit logging
Disaster Recovery
Release management
46. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Types of sampling an auditor can perform.
The appropriate role of an IS auditor in a control self-assessment
Formal waterfall
47. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Application Layer protocols
Business Continuity
Personnel involved in the requirements phase of a software development project
Dimensions of the COSO cube
48. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Capability Maturity Model
Formal waterfall
CPU
49. Support the functioning of the application controls
General Controls
Sampling Risk
Geographic location
Stop-or-go Sampling
50. The maximum period of downtime for a process or application
Recovery time objective
A gate process
Business Realization
Options for Risk Treatment
