SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Tolerable Error Rate
Employee termination process
Elements of the COSO pyramid
A Financial Audit
2. IT Governance is most concerned with ________.
IT Strategy
(1.) Polices (2.) Procedures (3.) Standards
objective and unbiased
Overall audit risk
3. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Tolerable Error Rate
The first step in a business impact analysis
TCP/IP Internet Layer
objective and unbiased
4. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Reduced sign-on
less than 24 hours
A Service Provider audit
TCP/IP Network Model
5. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Application Layer protocols
OSI Layer 5: Session
Annualized Loss Expectance (ALE)
Employees with excessive privileges
6. Framework for auditing and measuring IT Service Management Processes.
Stay current with technology
ITIL definition of CHANGE MANAGEMENT
List of systems examined
ISO 20000 Standard:
7. A representation of how closely a sample represents an entire population.
Wet pipe fire sprinkler system
Discovery Sampling
Precision means
objective and unbiased
8. (1.) General (2.) Application
Personnel involved in the requirements phase of a software development project
Server cluster
Main types of Controls
An Operational Audit
9. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
SDLC Phases
Incident Management
To identify the tasks that are responsible for project delays
10. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Confidence coefficient
Security Awareness program
BCP Plans
Vulnerability in the organization's PBX
11. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Six steps of the Release Management process
A Problem
TCP/IP Transport Layer packet delivery
Network Layer Protocols
12. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
CPU
Discovery Sampling
OSI: Physical Layer
Stratified Sampling
13. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Risk Management
Project change request
Emergency Changes
A gate process
14. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Types of sampling an auditor can perform.
Business Continuity
ISO 20000 Standard:
15. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Insourcing
Buffers
Options for Risk Treatment
Service Continuity Management
16. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
The Requirements
Annualized Loss Expectance (ALE)
Sampling Risk
IT Services Financial Management
17. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Primary security features of relational databases
An IS audit
Six steps of the Release Management process
Segregation of duties issue in a high value process
18. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
ITIL definition of CHANGE MANAGEMENT
Notify the Audit Committee
Overall audit risk
Background checks performed
19. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
Wet pipe fire sprinkler system
ITIL definition of PROBLEM
CPU
20. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Six steps of the Release Management process
Business Continuity
IT standards are not being reviewed often enough
Types of sampling an auditor can perform.
21. The inventory of all in-scope business processes and systems
Service Continuity Management
A Compliance audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The first step in a business impact analysis
22. ITIL term used to describe the SDLC.
Release management
The appropriate role of an IS auditor in a control self-assessment
Information systems access
Sampling Risk
23. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Business Continuity
Volumes of COSO framework
The typical Configuration Items in Configuration Management
The Business Process Life Cycle
24. An audit of operational efficiency.
Frameworks
An Administrative
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Three Types of Controls
25. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
PERT Diagram?
The appropriate role of an IS auditor in a control self-assessment
Examples of Application Controls
26. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Buffers
To identify the tasks that are responsible for project delays
Function Point Analysis
Sampling
27. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Frameworks
Business Continuity
Three Types of Controls
The 7 phases and their order in the SDLC
28. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Configuration Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
List of systems examined
Variable Sampling
29. The main hardware component of a computer system - which executes instructions in computer programs.
Service Continuity Management
Sampling
(1.) Man-made (2.) Natural
CPU
30. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
TCP/IP Transport Layer
Split custody
Risk Management
Annualized Loss Expectance (ALE)
31. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Background checks performed
Sampling Risk
Cloud computing
OSI: Network Layer
32. The sum of all samples divided by the number of samples.
A Sample Mean
Antivirus software on the email servers
Stop-or-go Sampling
Organizational culture and maturity
33. Subjective sampling is used when the auditor wants to _________________________.
Detection Risk
Inform the auditee
Control Risk
Concentrate on samples known to represent high risk
34. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
A Forensic Audit
A Server Cluster
IT executives and the Board of Directors
35. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
Function Point Analysis
Detection Risk
Discovery Sampling
36. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The audit program
The best approach for identifying high risk areas for an audit
Elements of the COSO pyramid
The 4-item focus of a Balanced Scorecard
37. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Power system controls
Transport Layer Protocols
Examples of IT General Controls
The Release process
38. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Business Continuity
A Problem
Inherent Risk
Data Link Layer Standards
39. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Notify the Audit Committee
TCP/IP Internet Layer
The two Categories of Controls
40. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Entire password for an encryption key
IT executives and the Board of Directors
Attribute Sampling
TCP/IP Transport Layer packet delivery
41. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Documentation and interview personnel
Service Continuity Management
Stay current with technology
42. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
Registers
An IS audit
Options for Risk Treatment
43. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Options for Risk Treatment
General Controls
Split custody
Statistical Sampling
44. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Examples of Application Controls
Dimensions of the COSO cube
Service Continuity Management
Compliance Testing
45. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Primary security features of relational databases
IT executives and the Board of Directors
Advantages of outsourcing
More difficult to perform
46. (1.) Objectives (2.) Components (3.) Business Units / Areas
Compliance Testing
Dimensions of the COSO cube
Substantive Testing
The Eight Types of Audits
47. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The two Categories of Controls
Sampling Risk
A Server Cluster
The audit program
48. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Service Level Management
ITIL definition of PROBLEM
Referential Integrity
Wet pipe fire sprinkler system
49. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Options for Risk Treatment
Balanced Scorecard
WAN Protocols
Power system controls
50. Consists of two main packet transport protocols: TCP and UDP.
Sample Standard Deviation
TCP/IP Transport Layer
Categories of risk treatment
A Sample Mean
