SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit that combines an operational audit and a financial audit.
An Integrated Audit
Incident Management
Formal waterfall
General Controls
2. Support the functioning of the application controls
The two Categories of Controls
General Controls
A Compliance audit
The audit program
3. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
An Administrative
Transport Layer Protocols
The best approach for identifying high risk areas for an audit
4. One of a database table's fields - whose value is unique.
Formal waterfall
Variable Sampling
Database primary key
A Sample Mean
5. The memory locations in the CPU where arithmetic values are stored.
TCP/IP Transport Layer
Rating Scale for Process Maturity
An Integrated Audit
Registers
6. To communication security policies - procedures - and other security-related information to an organization's employees.
Tolerable Error Rate
Stratified Sampling
Notify the Audit Committee
Security Awareness program
7. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Referential Integrity
Grid Computing
Main types of Controls
Options for Risk Treatment
8. Framework for auditing and measuring IT Service Management Processes.
The BCP process
ISO 20000 Standard:
List of systems examined
Release management
9. (1.) Link (2.) Internet (3.) Transport (4.) Application
Dimensions of the COSO cube
TCP/IP Network Model
Three Types of Controls
Structural fires and transportation accidents
10. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
General Controls
Organizational culture and maturity
Blade Computer Architecture
11. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Change management
Testing activities
The Business Process Life Cycle
12. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Buffers
Service Level Management
Business impact analysis
Prblem Management
13. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
An IS audit
Advantages of outsourcing
Department Charters
OSI: Transport Layer
14. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
Employee termination process
IT Service Management
Risk Management
15. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
SDLC Phases
Service Level Management
A gate process
16. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
Types of sampling an auditor can perform.
Business impact analysis
Referential Integrity
17. Handle application processing
Application Controls
Entire password for an encryption key
Configuration Management
Personnel involved in the requirements phase of a software development project
18. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Dimensions of the COSO cube
Annualized Loss Expectance (ALE)
Main types of Controls
Configuration Management
19. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Elements of the COBIT Framework
TCP/IP Internet Layer
Wet pipe fire sprinkler system
Documentation and interview personnel
20. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Dimensions of the COSO cube
IT standards are not being reviewed often enough
Stay current with technology
Options for Risk Treatment
21. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The Requirements
The appropriate role of an IS auditor in a control self-assessment
Project Management Strategies
Examples of Application Controls
22. Consists of two main packet transport protocols: TCP and UDP.
Types of sampling an auditor can perform.
Stop-or-go Sampling
Control Unit
TCP/IP Transport Layer
23. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Capability Maturity Model
Rating Scale for Process Maturity
OSI Layer 6: Presentation
Segregation of duties issue in a high value process
24. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Incident Management
A Service Provider audit
The first step in a business impact analysis
25. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
To identify the tasks that are responsible for project delays
TCP/IP Link Layer
Information security policy
26. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Project change request
The 7 phases and their order in the SDLC
Statement of Impact
Service Continuity Management
27. Collections of Controls that work together to achieve an entire range of an organization's objectives.
The Business Process Life Cycle
Frameworks
Detection Risk
CPU
28. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Structural fires and transportation accidents
Stay current with technology
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
29. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Wet pipe fire sprinkler system
The Eight Types of Audits
Tolerable Error Rate
The Release process
30. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Organizational culture and maturity
Risk Management
Assess the maturity of its business processes
31. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
TCP/IP Link Layer
Stay current with technology
OSI: Network Layer
Foreign Key
32. (1.) Automatic (2.) Manual
Service Continuity Management
Audit Methodologies
Service Level Management
The two Categories of Controls
33. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Capability Maturity Model Integration (CMMI)
Control Unit
Balanced Scorecard
Geographic location
34. Defines internal controls and provides guidance for assessing and improving internal control systems.
A gate process
OSI: Transport Layer
Judgmental sampling
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
35. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
objective and unbiased
Overall audit risk
OSI: Transport Layer
Judgmental sampling
36. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Frameworks
General Controls
TCP/IP Link Layer
Employees with excessive privileges
37. An audit of operational efficiency.
Stop-or-go Sampling
Department Charters
The availability of IT systems
An Administrative
38. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
The audit program
less than 24 hours
objective and unbiased
More difficult to perform
39. Contains programs that communicate directly with the end user.
Six steps of the Release Management process
OSI Layer 7: Application
Types of sampling an auditor can perform.
Hash
40. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Service Level Management
A gate process
Judgmental sampling
Overall audit risk
41. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Application Layer protocols
Six steps of the Release Management process
ISO 20000 Standard:
42. Disasters are generally grouped in terms of type: ______________.
ITIL definition of CHANGE MANAGEMENT
(1.) Man-made (2.) Natural
Overall audit risk
Notify the Audit Committee
43. A collection of two or more servers that is designed to appear as a single server.
A Compliance audit
Project change request
Stay current with technology
Server cluster
44. A sampling technique where at least one exception is sought in a population
Prblem Management
Discovery Sampling
Resource details
Assess the maturity of its business processes
45. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
Examples of Application Controls
Blade Computer Architecture
Incident Management
46. An audit of an IS department's operations and systems.
An IS audit
Audit Methodologies
Insourcing
Rating Scale for Process Maturity
47. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Hash
Categories of risk treatment
Employee termination process
Server cluster
48. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Overall audit risk
Antivirus software on the email servers
Application Layer protocols
Primary security features of relational databases
49. 1.) Executive Support (2.) Well-defined roles and responsibilities.
IT standards are not being reviewed often enough
The first step in a business impact analysis
TCP/IP Transport Layer packet delivery
Information security policy
50. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Gantt Chart
Disaster Recovery
Business Realization