SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Judgmental sampling
WAN Protocols
List of systems examined
A Problem
2. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Sampling Risk
Security Awareness program
IT Services Financial Management
Configuration Management
3. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
OSI: Transport Layer
Service Level Management
A Server Cluster
Foreign Key
4. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Control Unit
The two Categories of Controls
TCP/IP Transport Layer packet delivery
IT standards are not being reviewed often enough
5. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Sampling
A Cold Site
PERT Diagram?
6. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Discovery Sampling
CPU
An IS audit
Insourcing
7. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
OSI: Physical Layer
Incident Management
Frameworks
8. Used to measure the relative maturity of an organization and its processes.
A Compliance audit
Capability Maturity Model
Cloud computing
Compliance Testing
9. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Sampling Risk
Control Risk
The 5 types of Evidence that the auditor will collect during an audit.
10. (1.) TCP (2.) UDP
Incident Management
Transport Layer Protocols
An Administrative
Cloud computing
11. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
General Controls
The Business Process Life Cycle
Judgmental sampling
Vulnerability in the organization's PBX
12. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
A Service Provider audit
Foreign Key
Wet pipe fire sprinkler system
Business Continuity
13. (1.) Access controls (2.) Encryption (3.) Audit logging
Sampling
A gate process
Primary security features of relational databases
IT Strategy
14. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
The appropriate role of an IS auditor in a control self-assessment
Foreign Key
Audit Methodologies
15. An audit that combines an operational audit and a financial audit.
TCP/IP Network Model
Business impact analysis
An Integrated Audit
An IS audit
16. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
Application Layer protocols
Examples of Application Controls
Concentrate on samples known to represent high risk
17. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Assess the maturity of its business processes
IT Services Financial Management
Notify the Audit Committee
Geographic location
18. A maturity model that represents the aggregations of other maturity models.
Database primary key
A Service Provider audit
The two Categories of Controls
Capability Maturity Model Integration (CMMI)
19. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Split custody
The Business Process Life Cycle
The appropriate role of an IS auditor in a control self-assessment
Project change request
20. Gantt: used to display ______________.
A Service Provider audit
Personnel involved in the requirements phase of a software development project
Resource details
Business Realization
21. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Precision means
Compliance Testing
Geographic location
22. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
The Release process
WAN Protocols
Overall audit risk
A Compliance audit
23. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Employees with excessive privileges
Examples of IT General Controls
IT Services Financial Management
A Virtual Server
24. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Overall audit risk
Six steps of the Release Management process
The 4-item focus of a Balanced Scorecard
ITIL definition of CHANGE MANAGEMENT
25. To measure organizational performance and effectiveness against strategic goals.
The Release process
Stratified Sampling
IT executives and the Board of Directors
Balanced Scorecard
26. A sampling technique where at least one exception is sought in a population
Resource details
Insourcing
Overall audit risk
Discovery Sampling
27. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Business Realization
Gantt Chart
Employees with excessive privileges
Examples of Application Controls
28. An audit of a third-party organization that provides services to other organizations.
(1.) Polices (2.) Procedures (3.) Standards
Rating Scale for Process Maturity
Change management
A Service Provider audit
29. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Insourcing
Criticality analysis
Disaster Recovery
TCP/IP Internet Layer
30. The means by which management establishes and measures processes by which organizational objectives are achieved
ITIL definition of PROBLEM
Options for Risk Treatment
Capability Maturity Model
Controls
31. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Discovery Sampling
TCP/IP Network Model
Wet pipe fire sprinkler system
32. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Examples of IT General Controls
Employees with excessive privileges
The 7 phases and their order in the SDLC
A Sample Mean
33. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
The Eight Types of Audits
Database primary key
A Compliance audit
34. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
The first step in a business impact analysis
The two Categories of Controls
(1.) Polices (2.) Procedures (3.) Standards
Annualized Loss Expectance (ALE)
35. To communication security policies - procedures - and other security-related information to an organization's employees.
Confidence coefficient
Security Awareness program
The Eight Types of Audits
Configuration Management
36. Framework for auditing and measuring IT Service Management Processes.
General Controls
The Software Program Library
ISO 20000 Standard:
Segregation of duties issue in a high value process
37. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
Controls
Three Types of Controls
Testing activities
38. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
objective and unbiased
The 4-item focus of a Balanced Scorecard
Balanced Scorecard
Buffers
39. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
An Operational Audit
objective and unbiased
ITIL definition of CHANGE MANAGEMENT
Network Layer Protocols
40. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Geographic location
Documentation and interview personnel
Separate administrative accounts
The Internet Layer in the TCP/IP model
41. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Expected Error Rate
Sampling Risk
OSI: Transport Layer
Inform the auditee
42. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Change management
OSI: Transport Layer
TCP/IP Internet Layer
Segregation of duties issue in a high value process
43. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The two Categories of Controls
The Eight Types of Audits
Incident Management
Audit Methodologies
44. Disasters are generally grouped in terms of type: ______________.
Advantages of outsourcing
(1.) Man-made (2.) Natural
Notify the Audit Committee
Stop-or-go Sampling
45. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
Volumes of COSO framework
Change management
Service Continuity Management
46. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
The Steering Committee
Segregation of duties issue in a high value process
Business impact analysis
47. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Frameworks
IT executives and the Board of Directors
More difficult to perform
Stay current with technology
48. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Project change request
Entire password for an encryption key
Service Continuity Management
Audit logging
49. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Inherent Risk
SDLC Phases
Prblem Management
Information security policy
50. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
General Controls
Annualized Loss Expectance (ALE)
The Internet Layer in the TCP/IP model
