SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
List of systems examined
Audit Methodologies
More difficult to perform
The best approach for identifying high risk areas for an audit
2. Used to determine which business processes are the most critical - by ranking them in order of criticality
The appropriate role of an IS auditor in a control self-assessment
Criticality analysis
(1.) Polices (2.) Procedures (3.) Standards
The audit program
3. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
IT Service Management
Background checks performed
ITIL - IT Infrastructure Library
4. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
OSI Layer 7: Application
The appropriate role of an IS auditor in a control self-assessment
Substantive Testing (test of transaction integrity)
Annualized Loss Expectance (ALE)
5. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
(1.) Man-made (2.) Natural
Variable Sampling
Reduced sign-on
Separate administrative accounts
6. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of CHANGE MANAGEMENT
Information security policy
ITIL definition of PROBLEM
A Sample Mean
7. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Employee termination process
Disaster Recovery
Personnel involved in the requirements phase of a software development project
8. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Incident Management
Six steps of the Release Management process
A Sample Mean
Split custody
9. The inventory of all in-scope business processes and systems
Prblem Management
The first step in a business impact analysis
Compliance Testing
Inform the auditee
10. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Emergency Changes
Risk Management
CPU
A Virtual Server
11. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Three Types of Controls
The Steering Committee
Project change request
TCP/IP Transport Layer
12. Support the functioning of the application controls
General Controls
A Sample Mean
Deming Cycle
Examples of Application Controls
13. An alternate processing center that contains no information processing equipment.
Business Realization
To identify the tasks that are responsible for project delays
A Cold Site
Department Charters
14. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Lacks specific expertise or resources to conduct an internal audit
An IS audit
Split custody
15. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
TCP/IP Transport Layer
(1.) Polices (2.) Procedures (3.) Standards
Antivirus software on the email servers
Split custody
16. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
The 5 types of Evidence that the auditor will collect during an audit.
Three Types of Controls
An IS audit
17. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Department Charters
Tolerable Error Rate
Geographic location
Annualized Loss Expectance (ALE)
18. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Sampling Risk
Notify the Audit Committee
The Steering Committee
Judgmental sampling
19. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
The first step in a business impact analysis
The BCP process
Insourcing
Current and most up-to-date
20. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Critical Path Methodology
Information systems access
IT executives and the Board of Directors
TCP/IP Transport Layer packet delivery
21. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
22. ITIL term used to describe the SDLC.
Security Awareness program
Substantive Testing (test of transaction integrity)
Release management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
23. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Elements of the COBIT Framework
A Compliance audit
Segregation of duties issue in a high value process
The Steering Committee
24. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
PERT Diagram?
TCP/IP Link Layer
Annualized Loss Expectance (ALE)
The 5 types of Evidence that the auditor will collect during an audit.
25. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
The Business Process Life Cycle
Sampling Risk
Formal waterfall
Split custody
26. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Six steps of the Release Management process
The availability of IT systems
Application Layer protocols
To identify the tasks that are responsible for project delays
27. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
OSI: Physical Layer
Security Awareness program
Input validation checking
The appropriate role of an IS auditor in a control self-assessment
28. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
A Server Cluster
Configuration Management
The appropriate role of an IS auditor in a control self-assessment
Current and most up-to-date
29. Framework for auditing and measuring IT Service Management Processes.
ITIL definition of PROBLEM
ISO 20000 Standard:
BCP Plans
Emergency Changes
30. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Input validation checking
Buffers
Incident Management
Resource details
31. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Buffers
Gantt Chart
A Financial Audit
Confidence coefficient
32. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
Server cluster
Registers
Transport Layer Protocols
33. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Annualized Loss Expectance (ALE)
Application Layer protocols
The Internet Layer in the TCP/IP model
Compliance Testing
34. The means by which management establishes and measures processes by which organizational objectives are achieved
The two Categories of Controls
Substantive Testing (test of transaction integrity)
IT Service Management
Controls
35. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
The BCP process
Configuration Management
Overall audit risk
Background checks performed
36. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Insourcing
Risk Management
Prblem Management
Geographic location
37. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Capability Maturity Model
Elements of the COSO pyramid
Types of sampling an auditor can perform.
Power system controls
38. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Application Controls
An Administrative
Grid Computing
Overall audit risk
39. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
ISO 20000 Standard:
Tolerable Error Rate
The Internet Layer in the TCP/IP model
40. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
An Operational Audit
Data Link Layer Standards
Sampling Risk
Documentation and interview personnel
41. A representation of how closely a sample represents an entire population.
A Sample Mean
Precision means
A gate process
Business impact analysis
42. Guide program execution through organization of resources and development of clear project objectives.
The Steering Committee
Project Management Strategies
Information security policy
Current and most up-to-date
43. The risk that an IS auditor will overlook errors or exceptions during an audit.
Input validation checking
Types of sampling an auditor can perform.
The first step in a business impact analysis
Detection Risk
44. An audit that is performed in support of an anticipated or active legal proceeding.
The two Categories of Controls
A Forensic Audit
A Server Cluster
Network Layer Protocols
45. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Categories of risk treatment
The Requirements
Statistical Sampling
46. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
(1.) Polices (2.) Procedures (3.) Standards
A Compliance audit
Employees with excessive privileges
Insourcing
47. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
General Controls
Employee termination process
IT standards are not being reviewed often enough
Compliance Testing
48. (1.) Automatic (2.) Manual
A Compliance audit
Deming Cycle
Primary security features of relational databases
The two Categories of Controls
49. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Reduced sign-on
Network Layer Protocols
OSI: Data Link Layer
Controls
50. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Dimensions of the COSO cube
Precision means
Vulnerability in the organization's PBX
Employees with excessive privileges
