SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Types of sampling an auditor can perform.
IT executives and the Board of Directors
A Compliance audit
Server cluster
2. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Department Charters
Elements of the COBIT Framework
The Requirements
An Operational Audit
3. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
The 7 phases and their order in the SDLC
Application Controls
Documentation and interview personnel
A Server Cluster
4. (1.) Objectives (2.) Components (3.) Business Units / Areas
Overall audit risk
Foreign Key
Elements of the COBIT Framework
Dimensions of the COSO cube
5. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Volumes of COSO framework
Sample Standard Deviation
less than 24 hours
6. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
A Problem
Statistical Sampling
Compliance Testing
OSI Layer 5: Session
7. The inventory of all in-scope business processes and systems
Application Controls
Recovery time objective
The first step in a business impact analysis
Sampling Risk
8. (1.) Link (2.) Internet (3.) Transport (4.) Application
Insourcing
TCP/IP Network Model
Options for Risk Treatment
Application Layer protocols
9. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
IT Strategy
Controls
Business Continuity
An Operational Audit
10. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
A Server Cluster
Control Unit
Assess the maturity of its business processes
A Forensic Audit
11. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Substantive Testing (test of transaction integrity)
Assess the maturity of its business processes
Referential Integrity
The appropriate role of an IS auditor in a control self-assessment
12. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Referential Integrity
Hash
SDLC Phases
BCP Plans
13. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Project change request
Lacks specific expertise or resources to conduct an internal audit
A Virtual Server
Audit logging
14. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Stop-or-go Sampling
Notify the Audit Committee
Vulnerability in the organization's PBX
15. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Options for Risk Treatment
IT standards are not being reviewed often enough
ITIL definition of CHANGE MANAGEMENT
The 7 phases and their order in the SDLC
16. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Organizational culture and maturity
Application Layer protocols
The best approach for identifying high risk areas for an audit
Information security policy
17. The maximum period of downtime for a process or application
TCP/IP Network Model
TCP/IP Link Layer
Application Layer protocols
Recovery time objective
18. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Sampling
Balanced Scorecard
Referential Integrity
Control Unit
19. One of a database table's fields - whose value is unique.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Elements of the COSO pyramid
Database primary key
An Integrated Audit
20. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Database primary key
Attribute Sampling
A Financial Audit
(1.) Man-made (2.) Natural
21. Support the functioning of the application controls
A Compliance audit
Rating Scale for Process Maturity
General Controls
A Sample Mean
22. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
A Virtual Server
The Requirements
OSI: Data Link Layer
BCP Plans
23. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Information systems access
Employees with excessive privileges
Application Layer protocols
Advantages of outsourcing
24. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Control Unit
Sampling
TCP/IP Transport Layer packet delivery
Inherent Risk
25. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Capability Maturity Model
Confidence coefficient
An IS audit
A Financial Audit
26. A sampling technique where at least one exception is sought in a population
Advantages of outsourcing
Employee termination process
Application Controls
Discovery Sampling
27. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
The two Categories of Controls
Information systems access
IT standards are not being reviewed often enough
28. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Data Link Layer Standards
SDLC Phases
TCP/IP Link Layer
29. The sum of all samples divided by the number of samples.
Rating Scale for Process Maturity
A Sample Mean
An IS audit
Referential Integrity
30. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
The first step in a business impact analysis
less than 24 hours
An Operational Audit
Input validation checking
31. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
objective and unbiased
Blade Computer Architecture
IT standards are not being reviewed often enough
Background checks performed
32. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Reduced sign-on
A Server Cluster
Formal waterfall
A Forensic Audit
33. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Personnel involved in the requirements phase of a software development project
Tolerable Error Rate
A Sample Mean
A Server Cluster
34. Delivery of packets from one station to another - on the same network or on different networks.
(1.) Man-made (2.) Natural
The Internet Layer in the TCP/IP model
Employees with excessive privileges
Recovery time objective
35. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
IT Services Financial Management
Lacks specific expertise or resources to conduct an internal audit
SDLC Phases
Incident Management
36. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
ITIL definition of CHANGE MANAGEMENT
Employees with excessive privileges
Expected Error Rate
Organizational culture and maturity
37. A collection of two or more servers that is designed to appear as a single server.
To identify the tasks that are responsible for project delays
Application Controls
Server cluster
Dimensions of the COSO cube
38. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
OSI Layer 5: Session
BCP Plans
ISO 20000 Standard:
Stay current with technology
39. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Project Management Strategies
IT Service Management
Elements of the COBIT Framework
ITIL definition of PROBLEM
40. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Data Link Layer
An Administrative
ISO 20000 Standard:
A Cold Site
41. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Frameworks
Inform the auditee
Antivirus software on the email servers
Blade Computer Architecture
42. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Antivirus software on the email servers
OSI: Transport Layer
Employee termination process
OSI: Physical Layer
43. Consists of two main packet transport protocols: TCP and UDP.
Stay current with technology
TCP/IP Transport Layer
Confidence coefficient
SDLC Phases
44. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
OSI: Data Link Layer
Referential Integrity
Examples of Application Controls
45. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
A Server Cluster
Judgmental sampling
Business impact analysis
Reduced sign-on
46. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Balanced Scorecard
Precision means
The BCP process
Wet pipe fire sprinkler system
47. (1.) General (2.) Application
Main types of Controls
A Compliance audit
Personnel involved in the requirements phase of a software development project
The Software Program Library
48. (1.) Automatic (2.) Manual
The two Categories of Controls
Emergency Changes
Statement of Impact
Elements of the COBIT Framework
49. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
TCP/IP Link Layer
The Release process
Variable Sampling
ISO 20000 Standard:
50. The first major task in a disaster recovery or business continuity planning project.
Six steps of the Release Management process
Business impact analysis
Blade Computer Architecture
Substantive Testing (test of transaction integrity)
