SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Referential Integrity
TCP/IP Internet Layer
Stratified Sampling
Gantt Chart
2. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
A Forensic Audit
TCP/IP Network Model
The Release process
3. To measure organizational performance and effectiveness against strategic goals.
Main types of Controls
Balanced Scorecard
Gantt Chart
Statement of Impact
4. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
objective and unbiased
Security Awareness program
A Problem
More difficult to perform
5. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Control Unit
The Software Program Library
Service Continuity Management
Recovery time objective
6. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
The availability of IT systems
IT Strategy
Precision means
7. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Business Realization
Insourcing
Volumes of COSO framework
An Administrative
8. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Foreign Key
An Integrated Audit
Resource details
A Server Cluster
9. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
The BCP process
Types of sampling an auditor can perform.
PERT Diagram?
10. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Discovery Sampling
Critical Path Methodology
(1.) Polices (2.) Procedures (3.) Standards
11. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
TCP/IP Link Layer
Buffers
Three Types of Controls
Sample Standard Deviation
12. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Audit logging
Split custody
A Problem
13. (1.) Objectives (2.) Components (3.) Business Units / Areas
Attribute Sampling
Dimensions of the COSO cube
Wet pipe fire sprinkler system
Controls
14. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Variable Sampling
Entire password for an encryption key
Types of sampling an auditor can perform.
Assess the maturity of its business processes
15. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
OSI: Physical Layer
Notify the Audit Committee
The Business Process Life Cycle
The availability of IT systems
16. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Control Risk
The typical Configuration Items in Configuration Management
Advantages of outsourcing
Confidence coefficient
17. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Stratified Sampling
Employee termination process
Confidence coefficient
18. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Server cluster
OSI: Data Link Layer
Assess the maturity of its business processes
19. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Security Awareness program
Resource details
Lacks specific expertise or resources to conduct an internal audit
20. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Security Awareness program
Project Management Strategies
Vulnerability in the organization's PBX
21. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The 5 types of Evidence that the auditor will collect during an audit.
Current and most up-to-date
The appropriate role of an IS auditor in a control self-assessment
ISO 20000 Standard:
22. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
Disaster Recovery
The two Categories of Controls
Insourcing
23. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Resource details
Stop-or-go Sampling
Hash
24. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Sampling
Reduced sign-on
The Business Process Life Cycle
25. The risk that an IS auditor will overlook errors or exceptions during an audit.
Personnel involved in the requirements phase of a software development project
Precision means
Detection Risk
Compliance Testing
26. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Disaster Recovery
IT Services Financial Management
A Financial Audit
The Steering Committee
27. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The appropriate role of an IS auditor in a control self-assessment
The Eight Types of Audits
Department Charters
Split custody
28. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Sampling
The 4-item focus of a Balanced Scorecard
PERT Diagram?
29. Subjective sampling is used when the auditor wants to _________________________.
A Service Provider audit
ITIL definition of CHANGE MANAGEMENT
Concentrate on samples known to represent high risk
IT Strategy
30. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Application Controls
Audit logging
Antivirus software on the email servers
Split custody
31. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
A Compliance audit
Attribute Sampling
Expected Error Rate
Critical Path Methodology
32. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
OSI: Transport Layer
Advantages of outsourcing
Tolerable Error Rate
A gate process
33. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
The appropriate role of an IS auditor in a control self-assessment
Formal waterfall
Service Level Management
Segregation of duties issue in a high value process
34. PERT: shows the ______________ critical path.
Recovery time objective
Disaster Recovery
Current and most up-to-date
The typical Configuration Items in Configuration Management
35. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
SDLC Phases
Sampling Risk
Overall audit risk
Control Risk
36. Describes the effect on the business if a process is incapacitated for any appreciable time
Business impact analysis
Geographic location
Statement of Impact
Foreign Key
37. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Assess the maturity of its business processes
The BCP process
Inherent Risk
Detection Risk
38. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The best approach for identifying high risk areas for an audit
Grid Computing
The first step in a business impact analysis
Audit Methodologies
39. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
ITIL - IT Infrastructure Library
Information systems access
The BCP process
Control Unit
40. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
TCP/IP Internet Layer
List of systems examined
Input validation checking
OSI: Physical Layer
41. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Precision means
Attribute Sampling
Volumes of COSO framework
Buffers
42. The inventory of all in-scope business processes and systems
Primary security features of relational databases
The first step in a business impact analysis
Elements of the COBIT Framework
A Server Cluster
43. An audit of an IS department's operations and systems.
An IS audit
Six steps of the Release Management process
The BCP process
Business impact analysis
44. Used to estimate the effort required to develop a software program.
Function Point Analysis
Assess the maturity of its business processes
To identify the tasks that are responsible for project delays
Audit Methodologies
45. (1.) Automatic (2.) Manual
The two Categories of Controls
Release management
The Steering Committee
IT Service Management
46. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
less than 24 hours
Buffers
To identify the tasks that are responsible for project delays
Entire password for an encryption key
47. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
TCP/IP Network Model
Structural fires and transportation accidents
Substantive Testing (test of transaction integrity)
48. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Personnel involved in the requirements phase of a software development project
OSI: Physical Layer
Prblem Management
Main types of Controls
49. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
A Forensic Audit
Organizational culture and maturity
OSI Layer 7: Application
50. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Blade Computer Architecture
Organizational culture and maturity
Advantages of outsourcing
OSI: Physical Layer