SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Network Layer Protocols
The Business Process Life Cycle
Employee termination process
2. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
OSI: Physical Layer
A Financial Audit
Testing activities
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
3. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Formal waterfall
Background checks performed
Split custody
The audit program
4. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Split custody
IT Strategy
Audit logging
Grid Computing
5. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Data Link Layer Standards
Precision means
Sampling Risk
Business Continuity
6. Used to determine which business processes are the most critical - by ranking them in order of criticality
Balanced Scorecard
Criticality analysis
Stay current with technology
Statement of Impact
7. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
Control Unit
Discovery Sampling
Change management
8. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Examples of Application Controls
Controls
Business Realization
9. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
OSI Layer 6: Presentation
Split custody
Overall audit risk
Judgmental sampling
10. Handle application processing
Application Controls
Six steps of the Release Management process
Capability Maturity Model
OSI: Data Link Layer
11. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Business impact analysis
Security Awareness program
Application Layer protocols
12. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Gantt Chart
Audit logging
(1.) Man-made (2.) Natural
List of systems examined
13. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Employee termination process
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Controls
14. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
The 5 types of Evidence that the auditor will collect during an audit.
Segregation of duties issue in a high value process
Inherent Risk
Split custody
15. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
The availability of IT systems
Stay current with technology
Volumes of COSO framework
Blade Computer Architecture
16. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Foreign Key
ISO 20000 Standard:
The audit program
17. Used to translate or transform data from lower layers into formats that the application layer can work with.
The 7 phases and their order in the SDLC
OSI Layer 6: Presentation
Audit Methodologies
The Software Program Library
18. Gantt: used to display ______________.
TCP/IP Link Layer
Sample Standard Deviation
The BCP process
Resource details
19. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
An IS audit
Critical Path Methodology
An Operational Audit
20. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
TCP/IP Internet Layer
The Business Process Life Cycle
Tolerable Error Rate
Testing activities
21. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Control Risk
Six steps of the Release Management process
Substantive Testing (test of transaction integrity)
22. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI Layer 7: Application
Dimensions of the COSO cube
A Forensic Audit
OSI: Network Layer
23. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Precision means
ITIL definition of CHANGE MANAGEMENT
Confidence coefficient
Incident Management
24. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Segregation of duties issue in a high value process
Capability Maturity Model Integration (CMMI)
OSI Layer 7: Application
25. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
OSI Layer 7: Application
Assess the maturity of its business processes
A Compliance audit
The BCP process
26. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Prblem Management
less than 24 hours
Business Continuity
The Software Program Library
27. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
The best approach for identifying high risk areas for an audit
An Integrated Audit
Buffers
A Compliance audit
28. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
OSI: Physical Layer
A Financial Audit
IT Services Financial Management
The 7 phases and their order in the SDLC
29. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
An Integrated Audit
List of systems examined
Audit Methodologies
30. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
The appropriate role of an IS auditor in a control self-assessment
SDLC Phases
List of systems examined
31. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Sampling Risk
Function Point Analysis
Risk Management
32. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
BCP Plans
Split custody
Examples of IT General Controls
33. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Rating Scale for Process Maturity
Network Layer Protocols
A Virtual Server
Registers
34. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
Judgmental sampling
Capability Maturity Model
Department Charters
35. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
To identify the tasks that are responsible for project delays
A Problem
OSI: Physical Layer
Documentation and interview personnel
36. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Software Program Library
IT standards are not being reviewed often enough
Rating Scale for Process Maturity
37. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Configuration Management
Lacks specific expertise or resources to conduct an internal audit
SDLC Phases
Prblem Management
38. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
PERT Diagram?
Six steps of the Release Management process
Segregation of duties issue in a high value process
39. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Variable Sampling
A Virtual Server
Insourcing
Overall audit risk
40. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
TCP/IP Transport Layer
BCP Plans
Examples of Application Controls
TCP/IP Internet Layer
41. Contains programs that communicate directly with the end user.
Variable Sampling
Referential Integrity
OSI Layer 7: Application
Testing activities
42. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
A Forensic Audit
A Cold Site
Employees with excessive privileges
ITIL definition of PROBLEM
43. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Compliance Testing
Business impact analysis
Detection Risk
The availability of IT systems
44. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Examples of Application Controls
List of systems examined
Substantive Testing (test of transaction integrity)
Elements of the COBIT Framework
45. (1.) Access controls (2.) Encryption (3.) Audit logging
less than 24 hours
Primary security features of relational databases
Sampling Risk
The 4-item focus of a Balanced Scorecard
46. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
Inherent Risk
Primary security features of relational databases
A Server Cluster
47. IT Service Management is defined in ___________________ framework.
Recovery time objective
Geographic location
ITIL - IT Infrastructure Library
The two Categories of Controls
48. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
An Administrative
The 4-item focus of a Balanced Scorecard
Segregation of duties issue in a high value process
Inherent Risk
49. The main hardware component of a computer system - which executes instructions in computer programs.
Current and most up-to-date
CPU
Frameworks
Judgmental sampling
50. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Server cluster
TCP/IP Transport Layer packet delivery
OSI Layer 5: Session
Elements of the COSO pyramid
