SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
A Problem
Service Level Management
Project Management Strategies
(1.) Man-made (2.) Natural
2. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Confidence coefficient
IT Service Management
More difficult to perform
Stop-or-go Sampling
3. IT Governance is most concerned with ________.
Business impact analysis
Sampling Risk
IT Strategy
ISO 20000 Standard:
4. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Department Charters
IT Services Financial Management
The two Categories of Controls
The Eight Types of Audits
5. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Precision means
Audit Methodologies
TCP/IP Transport Layer
6. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Change management
Configuration Management
A gate process
Rating Scale for Process Maturity
7. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
OSI Layer 7: Application
Testing activities
TCP/IP Internet Layer
less than 24 hours
8. Delivery of packets from one station to another - on the same network or on different networks.
Personnel involved in the requirements phase of a software development project
Network Layer Protocols
Deming Cycle
The Internet Layer in the TCP/IP model
9. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
A Problem
The 7 phases and their order in the SDLC
Hash
10. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Substantive Testing
IT Strategy
Database primary key
11. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
IT Strategy
Information security policy
Prblem Management
The 4-item focus of a Balanced Scorecard
12. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
An Operational Audit
A Compliance audit
(1.) Man-made (2.) Natural
13. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Judgmental sampling
Audit Methodologies
Frameworks
14. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
To identify the tasks that are responsible for project delays
Examples of Application Controls
Input validation checking
objective and unbiased
15. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
Emergency Changes
Recovery time objective
Server cluster
16. The highest number of errors that can exist without a result being materially misstated.
The Internet Layer in the TCP/IP model
Tolerable Error Rate
Stay current with technology
Judgmental sampling
17. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Frameworks
IT executives and the Board of Directors
Sampling Risk
Capability Maturity Model Integration (CMMI)
18. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Dimensions of the COSO cube
Types of sampling an auditor can perform.
Rating Scale for Process Maturity
19. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Service Continuity Management
Application Layer protocols
Hash
Resource details
20. Used to translate or transform data from lower layers into formats that the application layer can work with.
Business impact analysis
Information security policy
OSI Layer 6: Presentation
Sample Standard Deviation
21. What type of testing is performed to determine if control procedures have proper design and are operating properly?
The Requirements
OSI Layer 7: Application
Three Types of Controls
Compliance Testing
22. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Variable Sampling
Grid Computing
A Problem
The audit program
23. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
ITIL definition of PROBLEM
Reduced sign-on
TCP/IP Link Layer
24. A collection of two or more servers that is designed to appear as a single server.
Employees with excessive privileges
Data Link Layer Standards
Server cluster
The best approach for identifying high risk areas for an audit
25. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
The audit program
Deming Cycle
Stay current with technology
Three Types of Controls
26. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Segregation of duties issue in a high value process
Employee termination process
Risk Management
27. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Business impact analysis
Wet pipe fire sprinkler system
Lacks specific expertise or resources to conduct an internal audit
Disaster Recovery
28. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Risk Management
Detection Risk
Types of sampling an auditor can perform.
Grid Computing
29. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
The Eight Types of Audits
Attribute Sampling
Organizational culture and maturity
30. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
The 4-item focus of a Balanced Scorecard
Main types of Controls
OSI: Physical Layer
TCP/IP Transport Layer packet delivery
31. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
Variable Sampling
Structural fires and transportation accidents
TCP/IP Transport Layer packet delivery
32. Consists of two main packet transport protocols: TCP and UDP.
The Software Program Library
Dimensions of the COSO cube
TCP/IP Transport Layer
Buffers
33. Support the functioning of the application controls
IT standards are not being reviewed often enough
An Operational Audit
General Controls
WAN Protocols
34. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Hash
Application Layer protocols
Discovery Sampling
35. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Inherent Risk
Segregation of duties issue in a high value process
SDLC Phases
Three Types of Controls
36. An alternate processing center that contains no information processing equipment.
OSI: Network Layer
Emergency Changes
A Cold Site
Incident Management
37. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Options for Risk Treatment
Employees with excessive privileges
Business Continuity
To identify the tasks that are responsible for project delays
38. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Tolerable Error Rate
(1.) Polices (2.) Procedures (3.) Standards
Stay current with technology
39. Gantt: used to display ______________.
Resource details
Cloud computing
The 4-item focus of a Balanced Scorecard
Audit Methodologies
40. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Incident Management
A gate process
Elements of the COSO pyramid
Annualized Loss Expectance (ALE)
41. One of a database table's fields - whose value is unique.
Audit logging
BCP Plans
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Database primary key
42. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Judgmental sampling
Volumes of COSO framework
Testing activities
43. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Control Risk
A Server Cluster
TCP/IP Internet Layer
The Release process
44. (1.) Access controls (2.) Encryption (3.) Audit logging
Organizational culture and maturity
TCP/IP Link Layer
Primary security features of relational databases
Release management
45. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Documentation and interview personnel
Dimensions of the COSO cube
Employee termination process
OSI Layer 6: Presentation
46. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
WAN Protocols
Types of sampling an auditor can perform.
TCP/IP Transport Layer packet delivery
47. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Advantages of outsourcing
General Controls
The Requirements
TCP/IP Transport Layer
48. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Information security policy
Compliance Testing
Entire password for an encryption key
49. (1.) Physical (2.) Technical (4.) Administrative
The first step in a business impact analysis
Inherent Risk
Six steps of the Release Management process
Three Types of Controls
50. The first major task in a disaster recovery or business continuity planning project.
Sample Standard Deviation
Business impact analysis
A gate process
The Requirements