SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Segregation of duties issue in a high value process
Emergency Changes
Tolerable Error Rate
OSI: Network Layer
2. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Input validation checking
ITIL definition of CHANGE MANAGEMENT
SDLC Phases
3. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Function Point Analysis
Elements of the COBIT Framework
Service Level Management
4. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
The best approach for identifying high risk areas for an audit
Power system controls
Inherent Risk
Examples of IT General Controls
5. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
The 5 types of Evidence that the auditor will collect during an audit.
Inform the auditee
Inherent Risk
6. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Database primary key
Inherent Risk
The Steering Committee
The 5 types of Evidence that the auditor will collect during an audit.
7. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Dimensions of the COSO cube
Lacks specific expertise or resources to conduct an internal audit
Registers
Recovery time objective
8. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Business Realization
A Forensic Audit
Network Layer Protocols
Reduced sign-on
9. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
Emergency Changes
Risk Management
Options for Risk Treatment
10. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Information security policy
The best approach for identifying high risk areas for an audit
Project change request
CPU
11. The memory locations in the CPU where arithmetic values are stored.
Grid Computing
Criticality analysis
Registers
Server cluster
12. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Referential Integrity
Employees with excessive privileges
BCP Plans
Inform the auditee
13. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
The BCP process
Separate administrative accounts
An Integrated Audit
14. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Compliance Testing
Employees with excessive privileges
The best approach for identifying high risk areas for an audit
Documentation and interview personnel
15. A sampling technique where at least one exception is sought in a population
Information security policy
Discovery Sampling
Frameworks
The BCP process
16. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
The Requirements
Volumes of COSO framework
Risk Management
Rating Scale for Process Maturity
17. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Blade Computer Architecture
The Business Process Life Cycle
Criticality analysis
18. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Stop-or-go Sampling
A Sample Mean
Referential Integrity
19. Used to determine which business processes are the most critical - by ranking them in order of criticality
Entire password for an encryption key
Criticality analysis
Function Point Analysis
ITIL definition of CHANGE MANAGEMENT
20. (1.) TCP (2.) UDP
The 4-item focus of a Balanced Scorecard
Examples of Application Controls
Transport Layer Protocols
Six steps of the Release Management process
21. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Frameworks
TCP/IP Link Layer
Department Charters
A Compliance audit
22. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
CPU
Attribute Sampling
Network Layer Protocols
The audit program
23. An audit that is performed in support of an anticipated or active legal proceeding.
Examples of IT General Controls
Three Types of Controls
Audit logging
A Forensic Audit
24. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
A Problem
(1.) Polices (2.) Procedures (3.) Standards
ISO 20000 Standard:
25. Used to estimate the effort required to develop a software program.
OSI: Network Layer
Function Point Analysis
Critical Path Methodology
Hash
26. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Balanced Scorecard
The audit program
Documentation and interview personnel
Frameworks
27. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Power system controls
To identify the tasks that are responsible for project delays
Network Layer Protocols
IT standards are not being reviewed often enough
28. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Database primary key
Inherent Risk
Types of sampling an auditor can perform.
More difficult to perform
29. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
IT Strategy
less than 24 hours
Confidence coefficient
Notify the Audit Committee
30. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Data Link Layer Standards
Audit Methodologies
The availability of IT systems
The Eight Types of Audits
31. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
IT Strategy
Service Continuity Management
A Server Cluster
ITIL definition of CHANGE MANAGEMENT
32. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Precision means
Service Level Management
Substantive Testing (test of transaction integrity)
Statement of Impact
33. Gantt: used to display ______________.
A Sample Mean
Control Risk
Transport Layer Protocols
Resource details
34. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
TCP/IP Transport Layer
Categories of risk treatment
Database primary key
ITIL definition of PROBLEM
35. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Sample Standard Deviation
The two Categories of Controls
Sampling Risk
Annualized Loss Expectance (ALE)
36. The first major task in a disaster recovery or business continuity planning project.
Examples of IT General Controls
Business impact analysis
ITIL - IT Infrastructure Library
Function Point Analysis
37. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
An Operational Audit
Risk Management
A Service Provider audit
PERT Diagram?
38. IT Governance is most concerned with ________.
Function Point Analysis
Precision means
IT Strategy
Audit logging
39. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Segregation of duties issue in a high value process
Attribute Sampling
Vulnerability in the organization's PBX
Six steps of the Release Management process
40. (1.) Objectives (2.) Components (3.) Business Units / Areas
Formal waterfall
TCP/IP Link Layer
Cloud computing
Dimensions of the COSO cube
41. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
More difficult to perform
Stratified Sampling
TCP/IP Network Model
less than 24 hours
42. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
An Operational Audit
Antivirus software on the email servers
Application Layer protocols
Deming Cycle
43. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Power system controls
Information systems access
The Business Process Life Cycle
Statistical Sampling
44. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
OSI Layer 6: Presentation
Resource details
Business Realization
Categories of risk treatment
45. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
OSI Layer 7: Application
Project change request
Assess the maturity of its business processes
46. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Geographic location
Tolerable Error Rate
IT Services Financial Management
47. A representation of how closely a sample represents an entire population.
Precision means
BCP Plans
Vulnerability in the organization's PBX
Employees with excessive privileges
48. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Information systems access
CPU
A Virtual Server
49. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Testing activities
Prblem Management
Information systems access
Hash
50. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Three Types of Controls
Examples of Application Controls
Registers
Entire password for an encryption key