SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
A Sample Mean
To identify the tasks that are responsible for project delays
PERT Diagram?
A Server Cluster
2. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Confidence coefficient
Stratified Sampling
Gantt Chart
Information systems access
3. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
OSI: Transport Layer
The Eight Types of Audits
Attribute Sampling
The Software Program Library
4. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
Inherent Risk
Inform the auditee
Variable Sampling
5. Used to estimate the effort required to develop a software program.
Function Point Analysis
An Administrative
The 7 phases and their order in the SDLC
(1.) Polices (2.) Procedures (3.) Standards
6. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Control Risk
OSI Layer 5: Session
Separate administrative accounts
Split custody
7. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Foreign Key
Variable Sampling
Inform the auditee
Rating Scale for Process Maturity
8. Defines internal controls and provides guidance for assessing and improving internal control systems.
To identify the tasks that are responsible for project delays
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Disaster Recovery
Current and most up-to-date
9. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
The 4-item focus of a Balanced Scorecard
Options for Risk Treatment
CPU
10. Consists of two main packet transport protocols: TCP and UDP.
To identify the tasks that are responsible for project delays
Power system controls
ITIL - IT Infrastructure Library
TCP/IP Transport Layer
11. An audit that combines an operational audit and a financial audit.
ITIL definition of CHANGE MANAGEMENT
Frameworks
An Integrated Audit
OSI: Physical Layer
12. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
The Business Process Life Cycle
Reduced sign-on
Power system controls
13. A representation of how closely a sample represents an entire population.
Business impact analysis
Current and most up-to-date
Precision means
General Controls
14. Handle application processing
To identify the tasks that are responsible for project delays
OSI Layer 6: Presentation
Application Controls
objective and unbiased
15. IT Service Management is defined in ___________________ framework.
ISO 20000 Standard:
CPU
ITIL - IT Infrastructure Library
An IS audit
16. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Application Layer protocols
Documentation and interview personnel
Database primary key
Categories of risk treatment
17. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
The two Categories of Controls
Segregation of duties issue in a high value process
Rating Scale for Process Maturity
18. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Inherent Risk
Options for Risk Treatment
Sampling
ITIL definition of CHANGE MANAGEMENT
19. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Frameworks
Documentation and interview personnel
Three Types of Controls
Hash
20. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
A Virtual Server
Separate administrative accounts
Application Controls
21. (1.) General (2.) Application
Business Realization
Balanced Scorecard
Change management
Main types of Controls
22. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
Structural fires and transportation accidents
Input validation checking
The Steering Committee
23. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Notify the Audit Committee
Options for Risk Treatment
Application Controls
CPU
24. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
WAN Protocols
Business Continuity
Entire password for an encryption key
Elements of the COSO pyramid
25. (1.) TCP (2.) UDP
Security Awareness program
OSI: Transport Layer
Prblem Management
Transport Layer Protocols
26. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Resource details
Grid Computing
An Integrated Audit
Referential Integrity
27. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Personnel involved in the requirements phase of a software development project
(1.) Polices (2.) Procedures (3.) Standards
Documentation and interview personnel
Assess the maturity of its business processes
28. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Geographic location
Sampling
Database primary key
PERT Diagram?
29. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Information security policy
Input validation checking
OSI Layer 5: Session
Grid Computing
30. An audit of operational efficiency.
An Administrative
Employees with excessive privileges
TCP/IP Transport Layer packet delivery
Hash
31. To communication security policies - procedures - and other security-related information to an organization's employees.
Documentation and interview personnel
Security Awareness program
Sampling
Statement of Impact
32. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Server cluster
Emergency Changes
Audit logging
Organizational culture and maturity
33. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Testing activities
The Internet Layer in the TCP/IP model
Control Risk
The BCP process
34. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Split custody
Application Layer protocols
The two Categories of Controls
A Service Provider audit
35. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
IT Service Management
Service Level Management
Overall audit risk
Risk Management
36. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
OSI: Network Layer
Organizational culture and maturity
A Cold Site
Control Risk
37. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Control Unit
Prblem Management
Antivirus software on the email servers
Deming Cycle
38. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
An Administrative
PERT Diagram?
OSI: Transport Layer
Dimensions of the COSO cube
39. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Grid Computing
Options for Risk Treatment
A Virtual Server
40. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
A Financial Audit
Balanced Scorecard
Critical Path Methodology
41. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
CPU
Expected Error Rate
Main types of Controls
42. Gantt: used to display ______________.
Emergency Changes
Resource details
An Integrated Audit
Elements of the COBIT Framework
43. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
Substantive Testing
Inform the auditee
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
44. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
ITIL definition of CHANGE MANAGEMENT
Precision means
Department Charters
Gantt Chart
45. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Application Controls
Input validation checking
List of systems examined
Reduced sign-on
46. Used to determine which business processes are the most critical - by ranking them in order of criticality
IT executives and the Board of Directors
OSI: Physical Layer
Criticality analysis
Control Risk
47. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Data Link Layer
IT Strategy
Three Types of Controls
The Eight Types of Audits
48. A sampling technique where at least one exception is sought in a population
The BCP process
Discovery Sampling
Sampling
Main types of Controls
49. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
A Financial Audit
Expected Error Rate
Input validation checking
Server cluster
50. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Elements of the COSO pyramid
OSI Layer 7: Application
Structural fires and transportation accidents
