SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Security Awareness program
OSI Layer 7: Application
(1.) Polices (2.) Procedures (3.) Standards
Notify the Audit Committee
2. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Cloud computing
Service Continuity Management
A gate process
Insourcing
3. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
OSI Layer 7: Application
Audit logging
The 7 phases and their order in the SDLC
The typical Configuration Items in Configuration Management
4. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
A Service Provider audit
Controls
Incident Management
Variable Sampling
5. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sampling Risk
Organizational culture and maturity
Transport Layer Protocols
Sample Standard Deviation
6. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Transport Layer Protocols
OSI: Data Link Layer
Advantages of outsourcing
Testing activities
7. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Department Charters
Reduced sign-on
Insourcing
Expected Error Rate
8. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
TCP/IP Transport Layer packet delivery
Blade Computer Architecture
Disaster Recovery
OSI: Network Layer
9. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Inform the auditee
OSI: Network Layer
A Server Cluster
Disaster Recovery
10. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Department Charters
TCP/IP Link Layer
Registers
Business Realization
11. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Organizational culture and maturity
TCP/IP Link Layer
Controls
Input validation checking
12. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Formal waterfall
Current and most up-to-date
Application Layer protocols
BCP Plans
13. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
Application Controls
Control Risk
Change management
14. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Sampling Risk
Department Charters
Project change request
The Business Process Life Cycle
15. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
A Compliance audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
IT executives and the Board of Directors
16. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Capability Maturity Model
Separate administrative accounts
Expected Error Rate
17. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
The best approach for identifying high risk areas for an audit
Wet pipe fire sprinkler system
Prblem Management
18. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
OSI Layer 7: Application
Overall audit risk
Blade Computer Architecture
19. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Examples of Application Controls
Precision means
More difficult to perform
Tolerable Error Rate
20. (1.) Access controls (2.) Encryption (3.) Audit logging
Main types of Controls
Reduced sign-on
Blade Computer Architecture
Primary security features of relational databases
21. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
An Administrative
Application Layer protocols
Critical Path Methodology
22. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
OSI: Data Link Layer
Elements of the COBIT Framework
Critical Path Methodology
IT Strategy
23. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Entire password for an encryption key
objective and unbiased
Options for Risk Treatment
Stratified Sampling
24. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Tolerable Error Rate
An Integrated Audit
The Release process
Database primary key
25. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Security Awareness program
Formal waterfall
The best approach for identifying high risk areas for an audit
Service Continuity Management
26. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Formal waterfall
Inherent Risk
Six steps of the Release Management process
Elements of the COSO pyramid
27. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Transport Layer Protocols
Formal waterfall
Service Continuity Management
Stratified Sampling
28. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Statement of Impact
The Release process
Sampling Risk
Foreign Key
29. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Referential Integrity
Foreign Key
Incident Management
To identify the tasks that are responsible for project delays
30. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
OSI: Network Layer
OSI Layer 5: Session
Information security policy
31. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Rating Scale for Process Maturity
Foreign Key
ITIL definition of CHANGE MANAGEMENT
PERT Diagram?
32. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
A Service Provider audit
The Release process
Audit logging
Foreign Key
33. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Employee termination process
Stratified Sampling
A Service Provider audit
Change management
34. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Personnel involved in the requirements phase of a software development project
Antivirus software on the email servers
A Forensic Audit
Network Layer Protocols
35. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Balanced Scorecard
Confidence coefficient
Elements of the COBIT Framework
36. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Audit logging
A Server Cluster
ITIL definition of CHANGE MANAGEMENT
OSI: Data Link Layer
37. Delivery of packets from one station to another - on the same network or on different networks.
Expected Error Rate
TCP/IP Link Layer
The Internet Layer in the TCP/IP model
Volumes of COSO framework
38. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Data Link Layer Standards
Tolerable Error Rate
Assess the maturity of its business processes
Structural fires and transportation accidents
39. The sum of all samples divided by the number of samples.
The first step in a business impact analysis
Business Realization
Recovery time objective
A Sample Mean
40. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Types of sampling an auditor can perform.
Grid Computing
Business Realization
41. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Incident Management
The Eight Types of Audits
Emergency Changes
Substantive Testing
42. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Power system controls
OSI Layer 5: Session
Server cluster
IT Services Financial Management
43. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Lacks specific expertise or resources to conduct an internal audit
Business Continuity
The typical Configuration Items in Configuration Management
Substantive Testing (test of transaction integrity)
44. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The audit program
objective and unbiased
The appropriate role of an IS auditor in a control self-assessment
Examples of Application Controls
45. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Stratified Sampling
Inform the auditee
Dimensions of the COSO cube
46. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
OSI Layer 5: Session
WAN Protocols
A Problem
Hash
47. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
A Cold Site
IT executives and the Board of Directors
Judgmental sampling
WAN Protocols
48. Concerned with electrical and physical specifications for devices. No frames or packets involved.
To identify the tasks that are responsible for project delays
OSI: Physical Layer
Change management
Project Management Strategies
49. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Detection Risk
Segregation of duties issue in a high value process
Documentation and interview personnel
Buffers
50. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Risk Management
The Eight Types of Audits
Release management
Formal waterfall