SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. PERT: shows the ______________ critical path.
Current and most up-to-date
Control Risk
objective and unbiased
An Operational Audit
2. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Criticality analysis
Business impact analysis
Overall audit risk
3. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Personnel involved in the requirements phase of a software development project
Foreign Key
The Business Process Life Cycle
Information systems access
4. (1.) Automatic (2.) Manual
Information security policy
TCP/IP Internet Layer
Reduced sign-on
The two Categories of Controls
5. Contains programs that communicate directly with the end user.
To identify the tasks that are responsible for project delays
Buffers
Concentrate on samples known to represent high risk
OSI Layer 7: Application
6. A representation of how closely a sample represents an entire population.
A Cold Site
The Release process
Overall audit risk
Precision means
7. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Referential Integrity
OSI: Network Layer
Substantive Testing
Sampling Risk
8. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Controls
Attribute Sampling
Geographic location
Testing activities
9. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Separate administrative accounts
Variable Sampling
Emergency Changes
TCP/IP Network Model
10. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Information systems access
Three Types of Controls
The availability of IT systems
TCP/IP Transport Layer
11. Focuses on: post-event recovery and restoration of services
Documentation and interview personnel
Disaster Recovery
Power system controls
Precision means
12. Used to measure the relative maturity of an organization and its processes.
Balanced Scorecard
An Administrative
Capability Maturity Model
Sampling Risk
13. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Documentation and interview personnel
Frameworks
Substantive Testing
Organizational culture and maturity
14. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
OSI Layer 7: Application
Six steps of the Release Management process
Documentation and interview personnel
Substantive Testing
15. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Reduced sign-on
Prblem Management
BCP Plans
Control Risk
16. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Information systems access
Critical Path Methodology
Transport Layer Protocols
Employee termination process
17. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Internet Layer
less than 24 hours
Release management
TCP/IP Transport Layer
18. Used to estimate the effort required to develop a software program.
IT executives and the Board of Directors
Function Point Analysis
An IS audit
Six steps of the Release Management process
19. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Segregation of duties issue in a high value process
The 5 types of Evidence that the auditor will collect during an audit.
Variable Sampling
Network Layer Protocols
20. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Employees with excessive privileges
TCP/IP Internet Layer
Security Awareness program
A Virtual Server
21. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Sampling Risk
Incident Management
Frameworks
Business impact analysis
22. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
A Forensic Audit
Inform the auditee
Information security policy
Sample Standard Deviation
23. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Release management
Project change request
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
24. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Personnel involved in the requirements phase of a software development project
TCP/IP Transport Layer
Insourcing
Disaster Recovery
25. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Database primary key
The 7 phases and their order in the SDLC
Project change request
26. To measure organizational performance and effectiveness against strategic goals.
Blade Computer Architecture
Balanced Scorecard
OSI Layer 5: Session
IT Services Financial Management
27. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
The 7 phases and their order in the SDLC
Hash
Primary security features of relational databases
28. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
ITIL definition of CHANGE MANAGEMENT
Configuration Management
Blade Computer Architecture
The 4-item focus of a Balanced Scorecard
29. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
The first step in a business impact analysis
Variable Sampling
Server cluster
Sampling Risk
30. A collection of two or more servers that is designed to appear as a single server.
Concentrate on samples known to represent high risk
Resource details
A Forensic Audit
Server cluster
31. An alternate processing center that contains no information processing equipment.
A Cold Site
Change management
A Financial Audit
TCP/IP Transport Layer
32. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
OSI: Physical Layer
More difficult to perform
Judgmental sampling
Wet pipe fire sprinkler system
33. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Incident Management
The Steering Committee
Business Continuity
The BCP process
34. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Expected Error Rate
Stay current with technology
Business impact analysis
Tolerable Error Rate
35. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
The appropriate role of an IS auditor in a control self-assessment
Elements of the COSO pyramid
Gantt Chart
36. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
OSI: Transport Layer
Transport Layer Protocols
OSI: Physical Layer
A Problem
37. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
The Requirements
Input validation checking
ITIL definition of CHANGE MANAGEMENT
Incident Management
38. An audit that is performed in support of an anticipated or active legal proceeding.
TCP/IP Internet Layer
Statistical Sampling
A Forensic Audit
IT executives and the Board of Directors
39. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Formal waterfall
Emergency Changes
Configuration Management
Service Continuity Management
40. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Stratified Sampling
TCP/IP Network Model
TCP/IP Transport Layer packet delivery
Examples of Application Controls
41. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Service Level Management
Categories of risk treatment
A Cold Site
Annualized Loss Expectance (ALE)
42. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Control Unit
Documentation and interview personnel
Antivirus software on the email servers
Information security policy
43. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
The appropriate role of an IS auditor in a control self-assessment
Foreign Key
A Forensic Audit
ITIL - IT Infrastructure Library
44. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Employee termination process
Department Charters
Critical Path Methodology
Sample Standard Deviation
45. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Vulnerability in the organization's PBX
Confidence coefficient
Antivirus software on the email servers
Blade Computer Architecture
46. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Grid Computing
Primary security features of relational databases
WAN Protocols
47. Used to determine which business processes are the most critical - by ranking them in order of criticality
SDLC Phases
Business impact analysis
Change management
Criticality analysis
48. (1.) General (2.) Application
Antivirus software on the email servers
OSI Layer 6: Presentation
Main types of Controls
A Cold Site
49. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Elements of the COBIT Framework
Confidence coefficient
Buffers
Judgmental sampling
50. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
Transport Layer Protocols
OSI Layer 6: Presentation
Recovery time objective
