SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
A Service Provider audit
Detection Risk
The best approach for identifying high risk areas for an audit
2. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Expected Error Rate
Configuration Management
Capability Maturity Model Integration (CMMI)
3. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Statement of Impact
Confidence coefficient
The Steering Committee
TCP/IP Network Model
4. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Variable Sampling
Blade Computer Architecture
Inform the auditee
Audit Methodologies
5. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Data Link Layer Standards
Overall audit risk
The 4-item focus of a Balanced Scorecard
6. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Network Layer Protocols
A Forensic Audit
A Compliance audit
The 7 phases and their order in the SDLC
7. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Sampling Risk
Service Level Management
IT standards are not being reviewed often enough
IT executives and the Board of Directors
8. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
IT Services Financial Management
Network Layer Protocols
Judgmental sampling
Sample Standard Deviation
9. An alternate processing center that contains no information processing equipment.
Hash
A Cold Site
Overall audit risk
The Software Program Library
10. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
TCP/IP Internet Layer
Advantages of outsourcing
The Requirements
Attribute Sampling
11. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
The 4-item focus of a Balanced Scorecard
Types of sampling an auditor can perform.
Precision means
Stay current with technology
12. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Discovery Sampling
Three Types of Controls
Capability Maturity Model
Structural fires and transportation accidents
13. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Control Risk
Current and most up-to-date
Transport Layer Protocols
14. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
ITIL definition of CHANGE MANAGEMENT
Overall audit risk
Recovery time objective
A gate process
15. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Insourcing
Overall audit risk
IT standards are not being reviewed often enough
Business Continuity
16. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
OSI Layer 7: Application
The 4-item focus of a Balanced Scorecard
Main types of Controls
17. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
WAN Protocols
Lacks specific expertise or resources to conduct an internal audit
Substantive Testing
18. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Stop-or-go Sampling
Inform the auditee
Balanced Scorecard
19. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Statement of Impact
To identify the tasks that are responsible for project delays
BCP Plans
Recovery time objective
20. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
Elements of the COBIT Framework
Project change request
Server cluster
21. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Statement of Impact
A Problem
Options for Risk Treatment
Attribute Sampling
22. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Incident Management
Gantt Chart
OSI Layer 7: Application
Segregation of duties issue in a high value process
23. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The Release process
Judgmental sampling
Hash
Expected Error Rate
24. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
The Internet Layer in the TCP/IP model
Foreign Key
Prblem Management
Information systems access
25. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Sampling Risk
Inform the auditee
A gate process
26. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Stay current with technology
Inform the auditee
IT Service Management
less than 24 hours
27. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
BCP Plans
Vulnerability in the organization's PBX
Project change request
28. To measure organizational performance and effectiveness against strategic goals.
ITIL definition of PROBLEM
Balanced Scorecard
TCP/IP Link Layer
IT executives and the Board of Directors
29. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Referential Integrity
Substantive Testing (test of transaction integrity)
Controls
30. The inventory of all in-scope business processes and systems
Stop-or-go Sampling
Registers
Reduced sign-on
The first step in a business impact analysis
31. Support the functioning of the application controls
General Controls
OSI Layer 6: Presentation
Sampling Risk
The audit program
32. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
SDLC Phases
Notify the Audit Committee
Stop-or-go Sampling
Advantages of outsourcing
33. IT Service Management is defined in ___________________ framework.
Split custody
ITIL - IT Infrastructure Library
Examples of Application Controls
The BCP process
34. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Data Link Layer
Vulnerability in the organization's PBX
Personnel involved in the requirements phase of a software development project
TCP/IP Network Model
35. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
Detection Risk
OSI: Transport Layer
TCP/IP Transport Layer packet delivery
36. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Gantt Chart
(1.) Man-made (2.) Natural
Emergency Changes
A Financial Audit
37. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
A Server Cluster
IT Service Management
TCP/IP Link Layer
Three Types of Controls
38. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Annualized Loss Expectance (ALE)
Primary security features of relational databases
Precision means
Audit logging
39. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Release management
Volumes of COSO framework
IT Strategy
40. ITIL term used to describe the SDLC.
BCP Plans
Precision means
A Sample Mean
Release management
41. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
The 4-item focus of a Balanced Scorecard
TCP/IP Network Model
Entire password for an encryption key
Antivirus software on the email servers
42. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
The availability of IT systems
Business Realization
The best approach for identifying high risk areas for an audit
Elements of the COBIT Framework
43. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
IT standards are not being reviewed often enough
Volumes of COSO framework
A gate process
An Administrative
44. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Cloud computing
Segregation of duties issue in a high value process
Registers
Insourcing
45. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Department Charters
A Problem
Function Point Analysis
46. Used to estimate the effort required to develop a software program.
ISO 20000 Standard:
Examples of Application Controls
A Virtual Server
Function Point Analysis
47. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Foreign Key
The two Categories of Controls
The appropriate role of an IS auditor in a control self-assessment
Control Unit
48. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
OSI Layer 6: Presentation
The Internet Layer in the TCP/IP model
Function Point Analysis
49. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Stop-or-go Sampling
Foreign Key
ISO 20000 Standard:
TCP/IP Link Layer
50. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Buffers
OSI: Transport Layer
A Forensic Audit
More difficult to perform
