SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A maturity model that represents the aggregations of other maturity models.
More difficult to perform
Capability Maturity Model Integration (CMMI)
The appropriate role of an IS auditor in a control self-assessment
Frameworks
2. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
ITIL - IT Infrastructure Library
Reduced sign-on
An Integrated Audit
Employee termination process
3. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
BCP Plans
Criticality analysis
Main types of Controls
4. ITIL term used to describe the SDLC.
Release management
The Business Process Life Cycle
The best approach for identifying high risk areas for an audit
BCP Plans
5. Used to determine which business processes are the most critical - by ranking them in order of criticality
ITIL - IT Infrastructure Library
Criticality analysis
Control Risk
Overall audit risk
6. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
ISO 20000 Standard:
A Server Cluster
Concentrate on samples known to represent high risk
OSI Layer 5: Session
7. IT Governance is most concerned with ________.
Substantive Testing (test of transaction integrity)
IT Strategy
The first step in a business impact analysis
Personnel involved in the requirements phase of a software development project
8. To measure organizational performance and effectiveness against strategic goals.
Business impact analysis
Balanced Scorecard
Insourcing
The 7 phases and their order in the SDLC
9. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Audit Methodologies
Sampling Risk
Stop-or-go Sampling
10. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
An Operational Audit
Power system controls
OSI: Data Link Layer
ITIL definition of CHANGE MANAGEMENT
11. IT Service Management is defined in ___________________ framework.
Emergency Changes
ITIL - IT Infrastructure Library
A Cold Site
OSI Layer 6: Presentation
12. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Structural fires and transportation accidents
Hash
Concentrate on samples known to represent high risk
13. Focuses on: post-event recovery and restoration of services
Server cluster
Disaster Recovery
Sampling Risk
Buffers
14. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
More difficult to perform
Project Management Strategies
Discovery Sampling
15. The sum of all samples divided by the number of samples.
Formal waterfall
Organizational culture and maturity
Segregation of duties issue in a high value process
A Sample Mean
16. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Capability Maturity Model
Documentation and interview personnel
The appropriate role of an IS auditor in a control self-assessment
17. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Inherent Risk
Frameworks
Statement of Impact
18. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Expected Error Rate
Control Unit
Department Charters
Disaster Recovery
19. (1.) TCP (2.) UDP
Transport Layer Protocols
Structural fires and transportation accidents
Change management
Control Unit
20. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
An Administrative
objective and unbiased
Rating Scale for Process Maturity
Examples of IT General Controls
21. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
IT Service Management
A Virtual Server
Sampling Risk
OSI: Transport Layer
22. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Confidence coefficient
To identify the tasks that are responsible for project delays
Concentrate on samples known to represent high risk
23. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Frameworks
Application Layer protocols
Hash
Reduced sign-on
24. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The 5 types of Evidence that the auditor will collect during an audit.
The Software Program Library
Discovery Sampling
The Eight Types of Audits
25. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
TCP/IP Transport Layer
Background checks performed
(1.) Man-made (2.) Natural
Business Realization
26. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
Employee termination process
ITIL definition of PROBLEM
Stratified Sampling
27. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Cloud computing
Business impact analysis
The typical Configuration Items in Configuration Management
Business Realization
28. (1.) General (2.) Application
Geographic location
Substantive Testing (test of transaction integrity)
Stratified Sampling
Main types of Controls
29. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
OSI Layer 5: Session
Annualized Loss Expectance (ALE)
Balanced Scorecard
TCP/IP Transport Layer packet delivery
30. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Lacks specific expertise or resources to conduct an internal audit
Foreign Key
Volumes of COSO framework
An Operational Audit
31. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The availability of IT systems
Network Layer Protocols
The 4-item focus of a Balanced Scorecard
List of systems examined
32. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
Sampling Risk
Function Point Analysis
Variable Sampling
33. An audit of a third-party organization that provides services to other organizations.
Sampling
A Service Provider audit
Current and most up-to-date
The Requirements
34. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Server cluster
Inform the auditee
Project Management Strategies
Wet pipe fire sprinkler system
35. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Documentation and interview personnel
A Cold Site
The 4-item focus of a Balanced Scorecard
36. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
TCP/IP Link Layer
The Software Program Library
Cloud computing
37. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Main types of Controls
Inform the auditee
Inherent Risk
Sampling
38. Framework for auditing and measuring IT Service Management Processes.
Attribute Sampling
WAN Protocols
Six steps of the Release Management process
ISO 20000 Standard:
39. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Release management
The typical Configuration Items in Configuration Management
Separate administrative accounts
40. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Insourcing
Service Level Management
Capability Maturity Model Integration (CMMI)
To identify the tasks that are responsible for project delays
41. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Variable Sampling
Deming Cycle
The Software Program Library
Resource details
42. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Configuration Management
The audit program
A Financial Audit
IT executives and the Board of Directors
43. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Business impact analysis
OSI: Physical Layer
Judgmental sampling
44. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Lacks specific expertise or resources to conduct an internal audit
Database primary key
Capability Maturity Model
45. Gantt: used to display ______________.
Balanced Scorecard
Resource details
Network Layer Protocols
Rating Scale for Process Maturity
46. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
The two Categories of Controls
To identify the tasks that are responsible for project delays
Gantt Chart
TCP/IP Transport Layer packet delivery
47. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Project change request
Entire password for an encryption key
Audit logging
Confidence coefficient
48. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Variable Sampling
Cloud computing
Split custody
Categories of risk treatment
49. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Notify the Audit Committee
Security Awareness program
BCP Plans
50. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Insourcing
Network Layer Protocols
List of systems examined
Annualized Loss Expectance (ALE)