SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
TCP/IP Transport Layer packet delivery
List of systems examined
Documentation and interview personnel
Wet pipe fire sprinkler system
2. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Split custody
Sample Standard Deviation
Wet pipe fire sprinkler system
Compliance Testing
3. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Discovery Sampling
Examples of IT General Controls
Sampling Risk
Testing activities
4. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
A Financial Audit
More difficult to perform
Information systems access
Balanced Scorecard
5. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
PERT Diagram?
(1.) Man-made (2.) Natural
TCP/IP Network Model
A Problem
6. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Frameworks
IT standards are not being reviewed often enough
Server cluster
7. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Database primary key
Stop-or-go Sampling
List of systems examined
WAN Protocols
8. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Software Program Library
The appropriate role of an IS auditor in a control self-assessment
The Business Process Life Cycle
An Integrated Audit
9. Describes the effect on the business if a process is incapacitated for any appreciable time
Three Types of Controls
IT Strategy
List of systems examined
Statement of Impact
10. Gantt: used to display ______________.
Controls
Audit Methodologies
Discovery Sampling
Resource details
11. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
The 4-item focus of a Balanced Scorecard
Primary security features of relational databases
Lacks specific expertise or resources to conduct an internal audit
Expected Error Rate
12. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Substantive Testing
Discovery Sampling
The BCP process
Overall audit risk
13. The risk that an IS auditor will overlook errors or exceptions during an audit.
A Financial Audit
Options for Risk Treatment
Sampling
Detection Risk
14. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Prblem Management
The Eight Types of Audits
TCP/IP Transport Layer packet delivery
Database primary key
15. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
IT Services Financial Management
Substantive Testing
Deming Cycle
16. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Formal waterfall
Department Charters
Three Types of Controls
Registers
17. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Data Link Layer Standards
Examples of IT General Controls
Volumes of COSO framework
Rating Scale for Process Maturity
18. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
A Problem
Blade Computer Architecture
The 4-item focus of a Balanced Scorecard
19. Consists of two main packet transport protocols: TCP and UDP.
BCP Plans
TCP/IP Transport Layer
A Server Cluster
Notify the Audit Committee
20. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Business Realization
A Service Provider audit
Examples of IT General Controls
21. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
A Forensic Audit
Entire password for an encryption key
Antivirus software on the email servers
Department Charters
22. ITIL term used to describe the SDLC.
Foreign Key
General Controls
Configuration Management
Release management
23. The means by which management establishes and measures processes by which organizational objectives are achieved
Rating Scale for Process Maturity
A gate process
A Sample Mean
Controls
24. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Information security policy
A Compliance audit
Control Unit
25. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Vulnerability in the organization's PBX
An IS audit
To identify the tasks that are responsible for project delays
ITIL definition of PROBLEM
26. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Six steps of the Release Management process
OSI: Data Link Layer
Compliance Testing
27. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
Judgmental sampling
Inform the auditee
Reduced sign-on
28. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Business impact analysis
Service Level Management
Business Continuity
less than 24 hours
29. An alternate processing center that contains no information processing equipment.
Function Point Analysis
A Service Provider audit
A Cold Site
Business Realization
30. Used to translate or transform data from lower layers into formats that the application layer can work with.
Judgmental sampling
Gantt Chart
WAN Protocols
OSI Layer 6: Presentation
31. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The Internet Layer in the TCP/IP model
Hash
Referential Integrity
Project change request
32. IT Governance is most concerned with ________.
IT Strategy
The best approach for identifying high risk areas for an audit
IT Services Financial Management
Project Management Strategies
33. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Detection Risk
Primary security features of relational databases
Controls
The BCP process
34. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Controls
(1.) Man-made (2.) Natural
Attribute Sampling
A gate process
35. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Structural fires and transportation accidents
IT Service Management
Expected Error Rate
Categories of risk treatment
36. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Transport Layer Protocols
Stop-or-go Sampling
Categories of risk treatment
Rating Scale for Process Maturity
37. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
The 7 phases and their order in the SDLC
Balanced Scorecard
Documentation and interview personnel
38. Handle application processing
Elements of the COSO pyramid
Application Controls
An Administrative
Structural fires and transportation accidents
39. To communication security policies - procedures - and other security-related information to an organization's employees.
The Internet Layer in the TCP/IP model
Frameworks
CPU
Security Awareness program
40. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
OSI: Transport Layer
General Controls
Six steps of the Release Management process
IT Services Financial Management
41. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
An Integrated Audit
Frameworks
Resource details
42. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Insourcing
Information security policy
Incident Management
Audit Methodologies
43. The sum of all samples divided by the number of samples.
Control Unit
A Sample Mean
ITIL - IT Infrastructure Library
Examples of Application Controls
44. Disasters are generally grouped in terms of type: ______________.
OSI Layer 5: Session
IT executives and the Board of Directors
Controls
(1.) Man-made (2.) Natural
45. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
Audit logging
Frameworks
Formal waterfall
46. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Assess the maturity of its business processes
OSI: Physical Layer
Employee termination process
Attribute Sampling
47. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Resource details
Incident Management
Background checks performed
Foreign Key
48. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
General Controls
OSI Layer 5: Session
Organizational culture and maturity
TCP/IP Network Model
49. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Project Management Strategies
Information security policy
Sample Standard Deviation
Sampling Risk
50. One of a database table's fields - whose value is unique.
The 5 types of Evidence that the auditor will collect during an audit.
The BCP process
Database primary key
Control Risk