SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
OSI: Physical Layer
Hash
Geographic location
2. Used to measure the relative maturity of an organization and its processes.
Background checks performed
TCP/IP Transport Layer packet delivery
Capability Maturity Model
Concentrate on samples known to represent high risk
3. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Change management
Incident Management
Background checks performed
Rating Scale for Process Maturity
4. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Employees with excessive privileges
Advantages of outsourcing
Input validation checking
PERT Diagram?
5. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Grid Computing
Examples of Application Controls
Types of sampling an auditor can perform.
6. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Business Realization
Precision means
Detection Risk
7. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Antivirus software on the email servers
Notify the Audit Committee
A Problem
The 4-item focus of a Balanced Scorecard
8. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Critical Path Methodology
Substantive Testing (test of transaction integrity)
The typical Configuration Items in Configuration Management
The Steering Committee
9. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Service Continuity Management
Assess the maturity of its business processes
TCP/IP Transport Layer packet delivery
To identify the tasks that are responsible for project delays
10. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Geographic location
The availability of IT systems
ITIL definition of PROBLEM
The 5 types of Evidence that the auditor will collect during an audit.
11. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Assess the maturity of its business processes
Hash
Geographic location
A Service Provider audit
12. An alternate processing center that contains no information processing equipment.
TCP/IP Transport Layer
A Cold Site
Data Link Layer Standards
Information systems access
13. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
A gate process
Personnel involved in the requirements phase of a software development project
Frameworks
14. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Application Layer protocols
Separate administrative accounts
Compliance Testing
Business Continuity
15. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Advantages of outsourcing
Current and most up-to-date
Stay current with technology
16. The maximum period of downtime for a process or application
Recovery time objective
Inherent Risk
Project change request
ISO 20000 Standard:
17. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Structural fires and transportation accidents
Annualized Loss Expectance (ALE)
Geographic location
Overall audit risk
18. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Volumes of COSO framework
The Internet Layer in the TCP/IP model
Rating Scale for Process Maturity
19. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
The Internet Layer in the TCP/IP model
A gate process
General Controls
20. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Control Unit
Prblem Management
Substantive Testing
Business Realization
21. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Formal waterfall
Six steps of the Release Management process
Risk Management
Control Risk
22. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Reduced sign-on
Information systems access
ITIL definition of PROBLEM
Discovery Sampling
23. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Security Awareness program
Elements of the COSO pyramid
Documentation and interview personnel
Geographic location
24. The inventory of all in-scope business processes and systems
Entire password for an encryption key
The first step in a business impact analysis
Main types of Controls
Control Unit
25. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
An Integrated Audit
Network Layer Protocols
OSI: Data Link Layer
Segregation of duties issue in a high value process
26. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
Wet pipe fire sprinkler system
Information security policy
The first step in a business impact analysis
27. Used to translate or transform data from lower layers into formats that the application layer can work with.
Release management
A Problem
Sampling Risk
OSI Layer 6: Presentation
28. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
The 7 phases and their order in the SDLC
Sampling
A Forensic Audit
Inform the auditee
29. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Compliance Testing
Testing activities
The BCP process
Inherent Risk
30. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Judgmental sampling
The BCP process
Entire password for an encryption key
Main types of Controls
31. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
An Integrated Audit
Background checks performed
Stop-or-go Sampling
32. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Notify the Audit Committee
IT Services Financial Management
Prblem Management
33. A sampling technique where at least one exception is sought in a population
Reduced sign-on
An Administrative
Discovery Sampling
Configuration Management
34. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Disaster Recovery
Split custody
Deming Cycle
A gate process
35. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
A Compliance audit
IT Strategy
Capability Maturity Model Integration (CMMI)
36. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
Attribute Sampling
Change management
Discovery Sampling
37. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
A Financial Audit
Deming Cycle
Information systems access
38. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
CPU
Elements of the COSO pyramid
A Problem
Examples of Application Controls
39. Consists of two main packet transport protocols: TCP and UDP.
IT Service Management
TCP/IP Transport Layer
The Eight Types of Audits
An Administrative
40. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Gantt Chart
ITIL definition of CHANGE MANAGEMENT
Prblem Management
Formal waterfall
41. (1.) TCP (2.) UDP
BCP Plans
Transport Layer Protocols
The two Categories of Controls
Application Controls
42. A collection of two or more servers that is designed to appear as a single server.
Security Awareness program
Sampling Risk
Entire password for an encryption key
Server cluster
43. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
The Steering Committee
Statistical Sampling
Dimensions of the COSO cube
44. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
General Controls
Project change request
Elements of the COBIT Framework
45. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Wet pipe fire sprinkler system
The Eight Types of Audits
Split custody
Entire password for an encryption key
46. (1.) Access controls (2.) Encryption (3.) Audit logging
ISO 20000 Standard:
A Virtual Server
Primary security features of relational databases
Examples of Application Controls
47. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Discovery Sampling
A Problem
Categories of risk treatment
Service Level Management
48. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Configuration Management
SDLC Phases
49. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Information systems access
Background checks performed
Stay current with technology
Foreign Key
50. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
An Administrative
Buffers
Prblem Management
Expected Error Rate