SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IT Service Management is defined in ___________________ framework.
Types of sampling an auditor can perform.
ITIL - IT Infrastructure Library
Lacks specific expertise or resources to conduct an internal audit
Notify the Audit Committee
2. The sum of all samples divided by the number of samples.
Wet pipe fire sprinkler system
A Sample Mean
Gantt Chart
Annualized Loss Expectance (ALE)
3. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
General Controls
IT Service Management
Grid Computing
Main types of Controls
4. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
An IS audit
Department Charters
Separate administrative accounts
Compliance Testing
5. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
objective and unbiased
A gate process
The Requirements
Elements of the COSO pyramid
6. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
PERT Diagram?
ISO 20000 Standard:
TCP/IP Transport Layer packet delivery
7. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Function Point Analysis
Sampling Risk
Department Charters
The Internet Layer in the TCP/IP model
8. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
SDLC Phases
An IS audit
Cloud computing
Risk Management
9. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Application Controls
The Steering Committee
Service Level Management
10. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Stay current with technology
Blade Computer Architecture
Inform the auditee
The Software Program Library
11. (1.) Automatic (2.) Manual
Information security policy
Business Continuity
The Eight Types of Audits
The two Categories of Controls
12. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Gantt Chart
Deming Cycle
Incident Management
Data Link Layer Standards
13. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
ITIL definition of PROBLEM
OSI: Network Layer
The availability of IT systems
14. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Formal waterfall
Emergency Changes
A gate process
A Server Cluster
15. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Network Layer Protocols
Entire password for an encryption key
Rating Scale for Process Maturity
Volumes of COSO framework
16. The memory locations in the CPU where arithmetic values are stored.
The best approach for identifying high risk areas for an audit
Primary security features of relational databases
Registers
Application Controls
17. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
TCP/IP Transport Layer
Sampling Risk
Main types of Controls
18. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Input validation checking
The Software Program Library
Resource details
Judgmental sampling
19. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Information systems access
Judgmental sampling
An Operational Audit
Foreign Key
20. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The two Categories of Controls
The Release process
Audit logging
OSI Layer 7: Application
21. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Advantages of outsourcing
Main types of Controls
Reduced sign-on
Transport Layer Protocols
22. Describes the effect on the business if a process is incapacitated for any appreciable time
Variable Sampling
The Eight Types of Audits
Hash
Statement of Impact
23. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
Project change request
Gantt Chart
Criticality analysis
24. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Referential Integrity
Lacks specific expertise or resources to conduct an internal audit
Reduced sign-on
Separate administrative accounts
25. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI Layer 5: Session
Six steps of the Release Management process
OSI: Network Layer
Variable Sampling
26. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Organizational culture and maturity
Prblem Management
The appropriate role of an IS auditor in a control self-assessment
27. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Network Layer Protocols
Information systems access
ITIL - IT Infrastructure Library
Structural fires and transportation accidents
28. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
BCP Plans
Substantive Testing (test of transaction integrity)
Insourcing
29. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
The two Categories of Controls
The availability of IT systems
Sampling
An Operational Audit
30. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
A Sample Mean
General Controls
Concentrate on samples known to represent high risk
31. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Inform the auditee
A Virtual Server
The typical Configuration Items in Configuration Management
32. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Annualized Loss Expectance (ALE)
Data Link Layer Standards
Vulnerability in the organization's PBX
Application Layer protocols
33. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Server cluster
Categories of risk treatment
The BCP process
Sampling Risk
34. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Balanced Scorecard
The BCP process
Prblem Management
Sampling Risk
35. Disasters are generally grouped in terms of type: ______________.
OSI Layer 6: Presentation
Blade Computer Architecture
(1.) Man-made (2.) Natural
Assess the maturity of its business processes
36. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
CPU
Geographic location
The appropriate role of an IS auditor in a control self-assessment
A gate process
37. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Link Layer
Assess the maturity of its business processes
TCP/IP Transport Layer packet delivery
Power system controls
38. 1.) Executive Support (2.) Well-defined roles and responsibilities.
IT Service Management
TCP/IP Transport Layer
WAN Protocols
Information security policy
39. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Statistical Sampling
Input validation checking
Referential Integrity
The Release process
40. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
OSI: Data Link Layer
Insourcing
Audit logging
A Service Provider audit
41. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Employee termination process
IT Service Management
The 7 phases and their order in the SDLC
OSI Layer 6: Presentation
42. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Entire password for an encryption key
Lacks specific expertise or resources to conduct an internal audit
Gantt Chart
43. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Separate administrative accounts
Disaster Recovery
Background checks performed
TCP/IP Link Layer
44. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Balanced Scorecard
Risk Management
Precision means
An Operational Audit
45. Used to measure the relative maturity of an organization and its processes.
Structural fires and transportation accidents
Configuration Management
Capability Maturity Model
An IS audit
46. An audit of operational efficiency.
An Administrative
The first step in a business impact analysis
Network Layer Protocols
Control Unit
47. The risk that an IS auditor will overlook errors or exceptions during an audit.
Transport Layer Protocols
The audit program
Vulnerability in the organization's PBX
Detection Risk
48. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Project Management Strategies
Resource details
Inherent Risk
49. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Control Unit
Configuration Management
Stop-or-go Sampling
General Controls
50. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
A Forensic Audit
The 5 types of Evidence that the auditor will collect during an audit.
Recovery time objective
Assess the maturity of its business processes