SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Power system controls
Background checks performed
A Financial Audit
Stop-or-go Sampling
2. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Inform the auditee
OSI: Data Link Layer
Insourcing
OSI: Transport Layer
3. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
ITIL definition of CHANGE MANAGEMENT
Employees with excessive privileges
Application Layer protocols
A Server Cluster
4. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
The first step in a business impact analysis
Background checks performed
Variable Sampling
5. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Current and most up-to-date
Split custody
The Eight Types of Audits
OSI: Data Link Layer
6. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Types of sampling an auditor can perform.
Volumes of COSO framework
Inherent Risk
Service Continuity Management
7. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
IT standards are not being reviewed often enough
Audit logging
The best approach for identifying high risk areas for an audit
List of systems examined
8. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
The 5 types of Evidence that the auditor will collect during an audit.
An IS audit
IT standards are not being reviewed often enough
Three Types of Controls
9. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
IT executives and the Board of Directors
Server cluster
Organizational culture and maturity
10. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
CPU
Control Unit
Examples of IT General Controls
Risk Management
11. The maximum period of downtime for a process or application
Hash
Rating Scale for Process Maturity
A Cold Site
Recovery time objective
12. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Background checks performed
Detection Risk
Substantive Testing (test of transaction integrity)
An Operational Audit
13. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Business impact analysis
OSI: Physical Layer
Emergency Changes
14. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Notify the Audit Committee
Frameworks
Employee termination process
More difficult to perform
15. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Stay current with technology
Vulnerability in the organization's PBX
IT executives and the Board of Directors
Gantt Chart
16. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Database primary key
IT Service Management
Structural fires and transportation accidents
The typical Configuration Items in Configuration Management
17. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Service Level Management
To identify the tasks that are responsible for project delays
Main types of Controls
Split custody
18. An alternate processing center that contains no information processing equipment.
TCP/IP Transport Layer
Critical Path Methodology
A Cold Site
IT Service Management
19. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Gantt Chart
IT executives and the Board of Directors
Sampling
20. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
The first step in a business impact analysis
Disaster Recovery
Assess the maturity of its business processes
OSI Layer 5: Session
21. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Server cluster
Hash
Elements of the COBIT Framework
Transport Layer Protocols
22. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
The appropriate role of an IS auditor in a control self-assessment
OSI Layer 7: Application
Statistical Sampling
Critical Path Methodology
23. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Background checks performed
Control Risk
Sampling Risk
24. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
OSI: Transport Layer
General Controls
A Compliance audit
25. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
OSI: Network Layer
Incident Management
(1.) Polices (2.) Procedures (3.) Standards
Testing activities
26. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Tolerable Error Rate
The Eight Types of Audits
More difficult to perform
TCP/IP Link Layer
27. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Service Continuity Management
Lacks specific expertise or resources to conduct an internal audit
Primary security features of relational databases
Insourcing
28. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Release management
IT Strategy
Control Unit
29. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The Steering Committee
The 7 phases and their order in the SDLC
Criticality analysis
Notify the Audit Committee
30. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
More difficult to perform
ISO 20000 Standard:
Frameworks
31. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
A Sample Mean
An Administrative
Elements of the COBIT Framework
Personnel involved in the requirements phase of a software development project
32. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
List of systems examined
OSI: Network Layer
Network Layer Protocols
Control Unit
33. Used to estimate the effort required to develop a software program.
Confidence coefficient
ITIL definition of CHANGE MANAGEMENT
Function Point Analysis
IT executives and the Board of Directors
34. The inventory of all in-scope business processes and systems
The 5 types of Evidence that the auditor will collect during an audit.
The first step in a business impact analysis
Confidence coefficient
Disaster Recovery
35. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
(1.) Polices (2.) Procedures (3.) Standards
IT Service Management
Annualized Loss Expectance (ALE)
36. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Capability Maturity Model
Geographic location
objective and unbiased
37. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Cloud computing
Emergency Changes
Department Charters
PERT Diagram?
38. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Release process
Vulnerability in the organization's PBX
The Requirements
Transport Layer Protocols
39. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Referential Integrity
Audit logging
A Financial Audit
IT Services Financial Management
40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Lacks specific expertise or resources to conduct an internal audit
Capability Maturity Model
Sampling
Variable Sampling
41. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Control Risk
Capability Maturity Model Integration (CMMI)
IT Strategy
42. Describes the effect on the business if a process is incapacitated for any appreciable time
Concentrate on samples known to represent high risk
Statement of Impact
A Financial Audit
Transport Layer Protocols
43. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
To identify the tasks that are responsible for project delays
Stratified Sampling
WAN Protocols
Sampling Risk
44. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Control Risk
TCP/IP Transport Layer packet delivery
An Administrative
Rating Scale for Process Maturity
45. (1.) TCP (2.) UDP
Transport Layer Protocols
Statistical Sampling
The two Categories of Controls
Balanced Scorecard
46. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Inherent Risk
Testing activities
Data Link Layer Standards
47. The sum of all samples divided by the number of samples.
OSI Layer 6: Presentation
The Requirements
Confidence coefficient
A Sample Mean
48. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
A Server Cluster
Separate administrative accounts
Configuration Management
Power system controls
49. A representation of how closely a sample represents an entire population.
The 5 types of Evidence that the auditor will collect during an audit.
Precision means
(1.) Man-made (2.) Natural
IT standards are not being reviewed often enough
50. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Lacks specific expertise or resources to conduct an internal audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Service Level Management
