SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
(1.) Polices (2.) Procedures (3.) Standards
Variable Sampling
Referential Integrity
2. Contains programs that communicate directly with the end user.
Elements of the COSO pyramid
Resource details
OSI Layer 7: Application
Data Link Layer Standards
3. The risk that an IS auditor will overlook errors or exceptions during an audit.
OSI: Data Link Layer
More difficult to perform
Detection Risk
Reduced sign-on
4. Consists of two main packet transport protocols: TCP and UDP.
OSI: Network Layer
Split custody
TCP/IP Transport Layer
An IS audit
5. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Blade Computer Architecture
Deming Cycle
Business impact analysis
The BCP process
6. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
A Forensic Audit
Network Layer Protocols
Attribute Sampling
A gate process
7. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
A Server Cluster
ISO 20000 Standard:
Structural fires and transportation accidents
8. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
PERT Diagram?
Elements of the COSO pyramid
Main types of Controls
9. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Primary security features of relational databases
OSI Layer 7: Application
Current and most up-to-date
Background checks performed
10. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Function Point Analysis
A Service Provider audit
Business Continuity
Dimensions of the COSO cube
11. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
The Steering Committee
Sample Standard Deviation
Detection Risk
less than 24 hours
12. IT Governance is most concerned with ________.
Emergency Changes
A Financial Audit
An Integrated Audit
IT Strategy
13. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Service Level Management
To identify the tasks that are responsible for project delays
Options for Risk Treatment
14. (1.) Link (2.) Internet (3.) Transport (4.) Application
Stratified Sampling
Sampling Risk
TCP/IP Network Model
OSI: Physical Layer
15. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
Detection Risk
Inherent Risk
Control Unit
16. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Insourcing
(1.) Polices (2.) Procedures (3.) Standards
Referential Integrity
Inherent Risk
17. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
An Administrative
(1.) Polices (2.) Procedures (3.) Standards
Current and most up-to-date
18. Lowest layer. Delivers messages (frames) from one station to another vial local network.
A Problem
Concentrate on samples known to represent high risk
Audit logging
TCP/IP Link Layer
19. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
TCP/IP Network Model
Documentation and interview personnel
Elements of the COSO pyramid
20. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Six steps of the Release Management process
OSI: Physical Layer
Primary security features of relational databases
Sample Standard Deviation
21. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Referential Integrity
Annualized Loss Expectance (ALE)
OSI: Transport Layer
Incident Management
22. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Inherent Risk
TCP/IP Network Model
SDLC Phases
Incident Management
23. Focuses on: post-event recovery and restoration of services
IT executives and the Board of Directors
Disaster Recovery
ITIL definition of CHANGE MANAGEMENT
Function Point Analysis
24. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Split custody
Documentation and interview personnel
The Eight Types of Audits
Information security policy
25. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Security Awareness program
Substantive Testing
Blade Computer Architecture
Employee termination process
26. (1.) Objectives (2.) Components (3.) Business Units / Areas
OSI: Transport Layer
An Operational Audit
Dimensions of the COSO cube
Grid Computing
27. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Documentation and interview personnel
Stay current with technology
OSI Layer 6: Presentation
objective and unbiased
28. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
TCP/IP Transport Layer packet delivery
Split custody
Stratified Sampling
Personnel involved in the requirements phase of a software development project
29. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Controls
A Financial Audit
Statement of Impact
less than 24 hours
30. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
A Problem
Structural fires and transportation accidents
Information systems access
Organizational culture and maturity
31. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
A Sample Mean
Types of sampling an auditor can perform.
The Release process
Notify the Audit Committee
32. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
TCP/IP Transport Layer packet delivery
The Steering Committee
Advantages of outsourcing
CPU
33. An audit of an IS department's operations and systems.
Recovery time objective
Capability Maturity Model Integration (CMMI)
An IS audit
Application Controls
34. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
ITIL definition of CHANGE MANAGEMENT
Grid Computing
Statistical Sampling
Risk Management
35. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Advantages of outsourcing
List of systems examined
Information security policy
Release management
36. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Stay current with technology
Overall audit risk
Current and most up-to-date
A gate process
37. A sampling technique where at least one exception is sought in a population
A Financial Audit
Discovery Sampling
Function Point Analysis
Entire password for an encryption key
38. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
OSI Layer 6: Presentation
Grid Computing
Control Unit
Formal waterfall
39. To communication security policies - procedures - and other security-related information to an organization's employees.
Power system controls
Three Types of Controls
Lacks specific expertise or resources to conduct an internal audit
Security Awareness program
40. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Stop-or-go Sampling
Grid Computing
IT Service Management
A Compliance audit
41. The highest number of errors that can exist without a result being materially misstated.
Sample Standard Deviation
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Business impact analysis
Tolerable Error Rate
42. Framework for auditing and measuring IT Service Management Processes.
Configuration Management
objective and unbiased
ISO 20000 Standard:
Tolerable Error Rate
43. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Business Realization
Department Charters
Blade Computer Architecture
Sampling
44. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Employees with excessive privileges
Insourcing
The 5 types of Evidence that the auditor will collect during an audit.
Business Realization
45. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Vulnerability in the organization's PBX
Service Level Management
Substantive Testing (test of transaction integrity)
Advantages of outsourcing
46. Support the functioning of the application controls
General Controls
Critical Path Methodology
Information security policy
To identify the tasks that are responsible for project delays
47. A collection of two or more servers that is designed to appear as a single server.
Balanced Scorecard
ISO 20000 Standard:
CPU
Server cluster
48. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
49. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Personnel involved in the requirements phase of a software development project
Prblem Management
Statistical Sampling
50. The first major task in a disaster recovery or business continuity planning project.
Six steps of the Release Management process
Substantive Testing (test of transaction integrity)
Business impact analysis
Disaster Recovery