SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Entire password for an encryption key
An Operational Audit
Disaster Recovery
2. (1.) Automatic (2.) Manual
Audit logging
The two Categories of Controls
Inform the auditee
Sampling Risk
3. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
The 7 phases and their order in the SDLC
Segregation of duties issue in a high value process
TCP/IP Network Model
4. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Controls
Grid Computing
The 7 phases and their order in the SDLC
Department Charters
5. The maximum period of downtime for a process or application
The audit program
Critical Path Methodology
Recovery time objective
Confidence coefficient
6. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
SDLC Phases
Risk Management
Lacks specific expertise or resources to conduct an internal audit
Discovery Sampling
7. A sampling technique where at least one exception is sought in a population
Input validation checking
Discovery Sampling
Elements of the COSO pyramid
Segregation of duties issue in a high value process
8. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
A Problem
Elements of the COSO pyramid
OSI: Physical Layer
The first step in a business impact analysis
9. An audit of a third-party organization that provides services to other organizations.
Separate administrative accounts
A Service Provider audit
The 5 types of Evidence that the auditor will collect during an audit.
A Sample Mean
10. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Assess the maturity of its business processes
ITIL definition of PROBLEM
Detection Risk
(1.) Polices (2.) Procedures (3.) Standards
11. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Stay current with technology
A Financial Audit
OSI Layer 5: Session
12. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Database primary key
Elements of the COBIT Framework
Gantt Chart
Project change request
13. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Release management
Control Risk
Risk Management
14. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Tolerable Error Rate
Service Level Management
More difficult to perform
15. The means by which management establishes and measures processes by which organizational objectives are achieved
A Compliance audit
OSI: Data Link Layer
Controls
A Cold Site
16. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
A Server Cluster
Application Controls
ITIL definition of PROBLEM
17. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Resource details
Detection Risk
Attribute Sampling
18. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Link Layer
TCP/IP Transport Layer
Statement of Impact
Primary security features of relational databases
19. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
The typical Configuration Items in Configuration Management
IT Service Management
TCP/IP Link Layer
The Business Process Life Cycle
20. A representation of how closely a sample represents an entire population.
Precision means
Judgmental sampling
Examples of Application Controls
Compliance Testing
21. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
ITIL - IT Infrastructure Library
Reduced sign-on
Service Continuity Management
22. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Precision means
TCP/IP Transport Layer
ITIL definition of PROBLEM
The 5 types of Evidence that the auditor will collect during an audit.
23. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
The 7 phases and their order in the SDLC
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Power system controls
Expected Error Rate
24. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
A Virtual Server
Six steps of the Release Management process
IT Service Management
objective and unbiased
25. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
The Software Program Library
Power system controls
OSI Layer 7: Application
Emergency Changes
26. Contains programs that communicate directly with the end user.
BCP Plans
Separate administrative accounts
OSI Layer 7: Application
Frameworks
27. (1.) Objectives (2.) Components (3.) Business Units / Areas
Application Layer protocols
The BCP process
Dimensions of the COSO cube
Annualized Loss Expectance (ALE)
28. The sum of all samples divided by the number of samples.
Gantt Chart
Organizational culture and maturity
A Sample Mean
Prblem Management
29. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Control Unit
Elements of the COBIT Framework
Power system controls
TCP/IP Internet Layer
30. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
TCP/IP Network Model
Network Layer Protocols
objective and unbiased
31. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Prblem Management
WAN Protocols
Grid Computing
Advantages of outsourcing
32. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
A Financial Audit
Dimensions of the COSO cube
Service Level Management
Testing activities
33. Handle application processing
Application Controls
Cloud computing
Application Layer protocols
Geographic location
34. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
Options for Risk Treatment
OSI: Physical Layer
Primary security features of relational databases
35. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
IT executives and the Board of Directors
Antivirus software on the email servers
Inform the auditee
Documentation and interview personnel
36. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
A Compliance audit
The audit program
Information systems access
Volumes of COSO framework
37. Delivery of packets from one station to another - on the same network or on different networks.
IT Strategy
(1.) Man-made (2.) Natural
The Steering Committee
The Internet Layer in the TCP/IP model
38. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
OSI Layer 6: Presentation
Sampling Risk
Stop-or-go Sampling
Organizational culture and maturity
39. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Lacks specific expertise or resources to conduct an internal audit
Expected Error Rate
Assess the maturity of its business processes
TCP/IP Internet Layer
40. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Deming Cycle
A Financial Audit
TCP/IP Link Layer
Organizational culture and maturity
41. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Security Awareness program
Lacks specific expertise or resources to conduct an internal audit
Balanced Scorecard
objective and unbiased
42. The memory locations in the CPU where arithmetic values are stored.
Foreign Key
Compliance Testing
Substantive Testing (test of transaction integrity)
Registers
43. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Control Unit
The 4-item focus of a Balanced Scorecard
Application Controls
Audit Methodologies
44. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Configuration Management
TCP/IP Internet Layer
Application Controls
Structural fires and transportation accidents
45. Used to measure the relative maturity of an organization and its processes.
Types of sampling an auditor can perform.
Database primary key
Stay current with technology
Capability Maturity Model
46. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Volumes of COSO framework
To identify the tasks that are responsible for project delays
Antivirus software on the email servers
The 7 phases and their order in the SDLC
47. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Examples of Application Controls
Release management
The Eight Types of Audits
IT Service Management
48. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Examples of IT General Controls
Judgmental sampling
BCP Plans
Three Types of Controls
49. Used to estimate the effort required to develop a software program.
Prblem Management
A Financial Audit
IT Strategy
Function Point Analysis
50. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
The 5 types of Evidence that the auditor will collect during an audit.
Sampling Risk
Referential Integrity
IT Service Management