SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
(1.) Polices (2.) Procedures (3.) Standards
Application Layer protocols
IT standards are not being reviewed often enough
Sampling
2. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Precision means
Prblem Management
More difficult to perform
Primary security features of relational databases
3. A collection of two or more servers that is designed to appear as a single server.
To identify the tasks that are responsible for project delays
The two Categories of Controls
Server cluster
Control Unit
4. Focuses on: post-event recovery and restoration of services
Cloud computing
Security Awareness program
Assess the maturity of its business processes
Disaster Recovery
5. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Inform the auditee
Input validation checking
Incident Management
IT Services Financial Management
6. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
ITIL definition of CHANGE MANAGEMENT
TCP/IP Network Model
Statistical Sampling
ITIL - IT Infrastructure Library
7. Contains programs that communicate directly with the end user.
Categories of risk treatment
OSI Layer 7: Application
Function Point Analysis
Capability Maturity Model Integration (CMMI)
8. PERT: shows the ______________ critical path.
Employees with excessive privileges
Current and most up-to-date
OSI Layer 6: Presentation
Expected Error Rate
9. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
Sampling
Elements of the COSO pyramid
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
10. Handle application processing
The Internet Layer in the TCP/IP model
Application Controls
Background checks performed
An IS audit
11. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
Transport Layer Protocols
Volumes of COSO framework
TCP/IP Link Layer
12. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Segregation of duties issue in a high value process
Stop-or-go Sampling
Risk Management
13. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Buffers
A Compliance audit
Elements of the COBIT Framework
Advantages of outsourcing
14. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Documentation and interview personnel
Gantt Chart
IT Strategy
less than 24 hours
15. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
The Requirements
Sampling Risk
Inform the auditee
Control Risk
16. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
IT executives and the Board of Directors
Control Risk
Inform the auditee
17. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
The 7 phases and their order in the SDLC
OSI: Data Link Layer
The Steering Committee
Controls
18. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
Tolerable Error Rate
An IS audit
Audit logging
19. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Antivirus software on the email servers
OSI: Physical Layer
The 5 types of Evidence that the auditor will collect during an audit.
The Internet Layer in the TCP/IP model
20. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
The 5 types of Evidence that the auditor will collect during an audit.
ITIL definition of CHANGE MANAGEMENT
Referential Integrity
21. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
Annualized Loss Expectance (ALE)
Business Continuity
The typical Configuration Items in Configuration Management
22. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
The Eight Types of Audits
Application Layer protocols
Judgmental sampling
23. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
The Business Process Life Cycle
The two Categories of Controls
Formal waterfall
24. IT Governance is most concerned with ________.
Personnel involved in the requirements phase of a software development project
Business Continuity
IT Strategy
Business impact analysis
25. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
TCP/IP Network Model
A Cold Site
Hash
26. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Antivirus software on the email servers
Referential Integrity
Data Link Layer Standards
General Controls
27. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Control Unit
Server cluster
Annualized Loss Expectance (ALE)
Sampling
28. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
The best approach for identifying high risk areas for an audit
Three Types of Controls
Balanced Scorecard
29. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Stop-or-go Sampling
Dimensions of the COSO cube
IT executives and the Board of Directors
30. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Lacks specific expertise or resources to conduct an internal audit
Confidence coefficient
Database primary key
IT Service Management
31. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
IT standards are not being reviewed often enough
Blade Computer Architecture
Audit logging
The 7 phases and their order in the SDLC
32. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Frameworks
Detection Risk
The appropriate role of an IS auditor in a control self-assessment
33. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Hash
Employee termination process
Substantive Testing (test of transaction integrity)
BCP Plans
34. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
The audit program
Project change request
Substantive Testing (test of transaction integrity)
35. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
A Virtual Server
Inherent Risk
Business Continuity
A Service Provider audit
36. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Recovery time objective
Critical Path Methodology
Incident Management
(1.) Man-made (2.) Natural
37. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
OSI: Data Link Layer
Sample Standard Deviation
The Steering Committee
Inherent Risk
38. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Transport Layer Protocols
The Release process
Segregation of duties issue in a high value process
Types of sampling an auditor can perform.
39. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Entire password for an encryption key
Judgmental sampling
Rating Scale for Process Maturity
40. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
A Cold Site
The appropriate role of an IS auditor in a control self-assessment
The first step in a business impact analysis
Criticality analysis
41. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Elements of the COBIT Framework
Configuration Management
The 4-item focus of a Balanced Scorecard
Inherent Risk
42. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Registers
OSI: Data Link Layer
Project change request
43. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Vulnerability in the organization's PBX
Reduced sign-on
Application Controls
CPU
44. (1.) Automatic (2.) Manual
(1.) Man-made (2.) Natural
The two Categories of Controls
More difficult to perform
Resource details
45. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
SDLC Phases
The BCP process
TCP/IP Network Model
Organizational culture and maturity
46. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
TCP/IP Link Layer
Employee termination process
Categories of risk treatment
47. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Business Realization
Documentation and interview personnel
The Eight Types of Audits
A Financial Audit
48. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
OSI: Physical Layer
Formal waterfall
IT Services Financial Management
49. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Foreign Key
Input validation checking
Database primary key
WAN Protocols
50. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Lacks specific expertise or resources to conduct an internal audit
Function Point Analysis
Stratified Sampling
The Release process
