SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Disaster Recovery
objective and unbiased
WAN Protocols
The availability of IT systems
2. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
ITIL definition of PROBLEM
Audit logging
BCP Plans
3. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Expected Error Rate
Sampling Risk
An Integrated Audit
Service Continuity Management
4. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Examples of Application Controls
The Release process
PERT Diagram?
5. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Current and most up-to-date
The appropriate role of an IS auditor in a control self-assessment
More difficult to perform
Attribute Sampling
6. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
Tolerable Error Rate
Server cluster
Configuration Management
7. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Database primary key
Prblem Management
Tolerable Error Rate
Balanced Scorecard
8. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Substantive Testing (test of transaction integrity)
Hash
Information security policy
Geographic location
9. One of a database table's fields - whose value is unique.
Database primary key
A Sample Mean
Separate administrative accounts
Wet pipe fire sprinkler system
10. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
The audit program
The Software Program Library
Wet pipe fire sprinkler system
The Release process
11. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
List of systems examined
Registers
Lacks specific expertise or resources to conduct an internal audit
Cloud computing
12. Delivery of packets from one station to another - on the same network or on different networks.
Background checks performed
Confidence coefficient
less than 24 hours
The Internet Layer in the TCP/IP model
13. The main hardware component of a computer system - which executes instructions in computer programs.
Lacks specific expertise or resources to conduct an internal audit
CPU
objective and unbiased
ITIL definition of PROBLEM
14. (1.) TCP (2.) UDP
Project Management Strategies
Current and most up-to-date
Transport Layer Protocols
Input validation checking
15. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employee termination process
Employees with excessive privileges
PERT Diagram?
less than 24 hours
16. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Risk Management
The Release process
Foreign Key
Employees with excessive privileges
17. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
An IS audit
The audit program
Insourcing
BCP Plans
18. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
Database primary key
Wet pipe fire sprinkler system
OSI: Network Layer
19. To measure organizational performance and effectiveness against strategic goals.
Grid Computing
An IS audit
Balanced Scorecard
Frameworks
20. An audit of an IS department's operations and systems.
An IS audit
Data Link Layer Standards
More difficult to perform
Categories of risk treatment
21. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Statistical Sampling
The Eight Types of Audits
Expected Error Rate
OSI: Physical Layer
22. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
A gate process
ITIL definition of CHANGE MANAGEMENT
Organizational culture and maturity
A Service Provider audit
23. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
PERT Diagram?
The Requirements
Capability Maturity Model Integration (CMMI)
Substantive Testing (test of transaction integrity)
24. An audit that combines an operational audit and a financial audit.
Background checks performed
An Integrated Audit
OSI: Network Layer
The Software Program Library
25. An audit of operational efficiency.
OSI Layer 5: Session
WAN Protocols
An Administrative
ISO 20000 Standard:
26. IT Service Management is defined in ___________________ framework.
Segregation of duties issue in a high value process
ITIL - IT Infrastructure Library
Resource details
IT Strategy
27. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Critical Path Methodology
Risk Management
Statement of Impact
28. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Structural fires and transportation accidents
A Problem
Elements of the COSO pyramid
29. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Split custody
The Steering Committee
OSI Layer 6: Presentation
30. (1.) Automatic (2.) Manual
The Internet Layer in the TCP/IP model
Configuration Management
Sampling
The two Categories of Controls
31. The inventory of all in-scope business processes and systems
Blade Computer Architecture
The first step in a business impact analysis
Cloud computing
A Cold Site
32. Defines internal controls and provides guidance for assessing and improving internal control systems.
Stop-or-go Sampling
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Elements of the COBIT Framework
PERT Diagram?
33. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Main types of Controls
Personnel involved in the requirements phase of a software development project
PERT Diagram?
IT executives and the Board of Directors
34. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
IT Services Financial Management
A Service Provider audit
Department Charters
objective and unbiased
35. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
Compliance Testing
Examples of Application Controls
Function Point Analysis
36. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Disaster Recovery
Formal waterfall
Sampling Risk
Sampling
37. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Variable Sampling
The 5 types of Evidence that the auditor will collect during an audit.
Statistical Sampling
General Controls
38. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Types of sampling an auditor can perform.
Antivirus software on the email servers
Recovery time objective
Sample Standard Deviation
39. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Service Continuity Management
A Cold Site
Types of sampling an auditor can perform.
40. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
An IS audit
Control Unit
A Problem
Service Level Management
41. IT Governance is most concerned with ________.
Split custody
Cloud computing
IT Strategy
Sample Standard Deviation
42. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer
Criticality analysis
TCP/IP Transport Layer packet delivery
A Financial Audit
43. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
less than 24 hours
Options for Risk Treatment
Structural fires and transportation accidents
Application Layer protocols
44. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Overall audit risk
Annualized Loss Expectance (ALE)
Input validation checking
45. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Substantive Testing (test of transaction integrity)
Buffers
Segregation of duties issue in a high value process
Capability Maturity Model
46. Handle application processing
Separate administrative accounts
Application Controls
Recovery time objective
Audit Methodologies
47. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
BCP Plans
An Administrative
Control Risk
Main types of Controls
48. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Detection Risk
A Server Cluster
More difficult to perform
IT Services Financial Management
49. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
A Financial Audit
Documentation and interview personnel
Split custody
50. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
The 4-item focus of a Balanced Scorecard
Emergency Changes
Capability Maturity Model Integration (CMMI)
Incident Management