SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
The BCP process
The Requirements
Background checks performed
Formal waterfall
2. IT Governance is most concerned with ________.
The Release process
IT Services Financial Management
A Forensic Audit
IT Strategy
3. PERT: shows the ______________ critical path.
Six steps of the Release Management process
ITIL definition of CHANGE MANAGEMENT
Current and most up-to-date
Tolerable Error Rate
4. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Deming Cycle
Geographic location
Audit Methodologies
Separate administrative accounts
5. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
less than 24 hours
Structural fires and transportation accidents
Categories of risk treatment
6. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
IT Strategy
Three Types of Controls
Notify the Audit Committee
Application Controls
7. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Wet pipe fire sprinkler system
Sampling Risk
Split custody
Formal waterfall
8. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
The audit program
(1.) Man-made (2.) Natural
Critical Path Methodology
9. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Insourcing
OSI: Network Layer
Vulnerability in the organization's PBX
10. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Function Point Analysis
Volumes of COSO framework
An Integrated Audit
Structural fires and transportation accidents
11. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Sampling Risk
Critical Path Methodology
Balanced Scorecard
Statistical Sampling
12. To measure organizational performance and effectiveness against strategic goals.
Information security policy
Employee termination process
Documentation and interview personnel
Balanced Scorecard
13. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Insourcing
The 5 types of Evidence that the auditor will collect during an audit.
A Sample Mean
14. An audit that is performed in support of an anticipated or active legal proceeding.
Configuration Management
ITIL - IT Infrastructure Library
A Forensic Audit
Disaster Recovery
15. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
OSI Layer 5: Session
Six steps of the Release Management process
The Eight Types of Audits
16. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
IT Services Financial Management
Entire password for an encryption key
A gate process
17. (1.) Access controls (2.) Encryption (3.) Audit logging
Disaster Recovery
Application Controls
Variable Sampling
Primary security features of relational databases
18. Handle application processing
Application Layer protocols
Application Controls
Organizational culture and maturity
BCP Plans
19. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
A Server Cluster
Substantive Testing
BCP Plans
20. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
ITIL definition of PROBLEM
(1.) Polices (2.) Procedures (3.) Standards
Inform the auditee
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
21. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Judgmental sampling
Structural fires and transportation accidents
Inherent Risk
Attribute Sampling
22. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Annualized Loss Expectance (ALE)
Sampling
An Operational Audit
23. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Statistical Sampling
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Business Continuity
SDLC Phases
24. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
More difficult to perform
Capability Maturity Model
A Sample Mean
The 4-item focus of a Balanced Scorecard
25. Used to measure the relative maturity of an organization and its processes.
Audit Methodologies
Volumes of COSO framework
To identify the tasks that are responsible for project delays
Capability Maturity Model
26. A maturity model that represents the aggregations of other maturity models.
Blade Computer Architecture
Resource details
Capability Maturity Model Integration (CMMI)
Sampling
27. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Inherent Risk
A Server Cluster
The 7 phases and their order in the SDLC
Audit logging
28. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
TCP/IP Transport Layer packet delivery
Substantive Testing
Control Risk
OSI Layer 6: Presentation
29. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Substantive Testing
SDLC Phases
Buffers
Power system controls
30. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Server cluster
The Software Program Library
IT standards are not being reviewed often enough
IT Services Financial Management
31. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Deming Cycle
Sampling
ITIL definition of PROBLEM
The typical Configuration Items in Configuration Management
32. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
The 4-item focus of a Balanced Scorecard
Structural fires and transportation accidents
Judgmental sampling
Dimensions of the COSO cube
33. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Prblem Management
Statistical Sampling
Balanced Scorecard
Stratified Sampling
34. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Expected Error Rate
Service Continuity Management
The Release process
OSI Layer 7: Application
35. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
The Business Process Life Cycle
Gantt Chart
Geographic location
Sampling Risk
36. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Prblem Management
Grid Computing
Cloud computing
Employee termination process
37. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
An Integrated Audit
A Compliance audit
Audit logging
38. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
OSI: Data Link Layer
Entire password for an encryption key
TCP/IP Link Layer
39. Guide program execution through organization of resources and development of clear project objectives.
Expected Error Rate
Current and most up-to-date
Project Management Strategies
Criticality analysis
40. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Project change request
The availability of IT systems
Transport Layer Protocols
Control Risk
41. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Volumes of COSO framework
OSI Layer 6: Presentation
Incident Management
The typical Configuration Items in Configuration Management
42. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Input validation checking
Overall audit risk
Three Types of Controls
A Compliance audit
43. (1.) Physical (2.) Technical (4.) Administrative
A Service Provider audit
Input validation checking
Geographic location
Three Types of Controls
44. Subjective sampling is used when the auditor wants to _________________________.
OSI Layer 6: Presentation
Documentation and interview personnel
Confidence coefficient
Concentrate on samples known to represent high risk
45. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Information systems access
An Operational Audit
The audit program
BCP Plans
46. The highest number of errors that can exist without a result being materially misstated.
A Sample Mean
Tolerable Error Rate
Concentrate on samples known to represent high risk
Hash
47. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Assess the maturity of its business processes
Controls
Audit logging
Transport Layer Protocols
48. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Capability Maturity Model
Annualized Loss Expectance (ALE)
Split custody
49. (1.) TCP (2.) UDP
Substantive Testing (test of transaction integrity)
Transport Layer Protocols
Sampling Risk
Information systems access
50. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Main types of Controls
The best approach for identifying high risk areas for an audit
Risk Management
Compliance Testing