SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Primary security features of relational databases
Statistical Sampling
Deming Cycle
2. ITIL term used to describe the SDLC.
The appropriate role of an IS auditor in a control self-assessment
OSI Layer 5: Session
Release management
An IS audit
3. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Examples of Application Controls
Sampling Risk
Dimensions of the COSO cube
IT standards are not being reviewed often enough
4. Lowest layer. Delivers messages (frames) from one station to another vial local network.
BCP Plans
Elements of the COBIT Framework
The Steering Committee
TCP/IP Link Layer
5. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Reduced sign-on
Sampling Risk
Judgmental sampling
6. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
IT Services Financial Management
An IS audit
ISO 20000 Standard:
The 7 phases and their order in the SDLC
7. Delivery of packets from one station to another - on the same network or on different networks.
TCP/IP Internet Layer
The Internet Layer in the TCP/IP model
OSI: Data Link Layer
IT Service Management
8. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Hash
Main types of Controls
IT Strategy
Formal waterfall
9. (1.) Access controls (2.) Encryption (3.) Audit logging
Deming Cycle
Current and most up-to-date
Primary security features of relational databases
Sampling Risk
10. An audit of operational efficiency.
The Release process
The typical Configuration Items in Configuration Management
An Administrative
Options for Risk Treatment
11. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Segregation of duties issue in a high value process
Insourcing
A Problem
Emergency Changes
12. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
The audit program
Service Level Management
Project change request
13. Focuses on: post-event recovery and restoration of services
ITIL definition of PROBLEM
Criticality analysis
Insourcing
Disaster Recovery
14. Used to estimate the effort required to develop a software program.
Function Point Analysis
Notify the Audit Committee
Antivirus software on the email servers
Frameworks
15. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Personnel involved in the requirements phase of a software development project
Sampling
OSI: Physical Layer
Data Link Layer Standards
16. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Documentation and interview personnel
Insourcing
Control Unit
17. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
The best approach for identifying high risk areas for an audit
Sampling Risk
Substantive Testing (test of transaction integrity)
Expected Error Rate
18. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Change management
TCP/IP Transport Layer
PERT Diagram?
Categories of risk treatment
19. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Business impact analysis
Split custody
The Steering Committee
Frameworks
20. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Employees with excessive privileges
Dimensions of the COSO cube
BCP Plans
The BCP process
21. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Structural fires and transportation accidents
Sampling Risk
Separate administrative accounts
Business Realization
22. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
The first step in a business impact analysis
ITIL - IT Infrastructure Library
Overall audit risk
Cloud computing
23. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Buffers
WAN Protocols
Sampling Risk
Wet pipe fire sprinkler system
24. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
The best approach for identifying high risk areas for an audit
Entire password for an encryption key
A Compliance audit
Input validation checking
25. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Inherent Risk
Attribute Sampling
Variable Sampling
Examples of Application Controls
26. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
TCP/IP Transport Layer packet delivery
Vulnerability in the organization's PBX
PERT Diagram?
27. Support the functioning of the application controls
Examples of Application Controls
Audit logging
General Controls
Balanced Scorecard
28. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Testing activities
SDLC Phases
OSI: Physical Layer
Application Layer protocols
29. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Stratified Sampling
A Sample Mean
Referential Integrity
30. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Blade Computer Architecture
BCP Plans
An Operational Audit
Reduced sign-on
31. Used to determine which business processes are the most critical - by ranking them in order of criticality
Cloud computing
Inherent Risk
The Software Program Library
Criticality analysis
32. The sum of all samples divided by the number of samples.
A Sample Mean
The best approach for identifying high risk areas for an audit
objective and unbiased
Disaster Recovery
33. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
OSI: Data Link Layer
OSI Layer 5: Session
Dimensions of the COSO cube
34. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
ITIL - IT Infrastructure Library
Compliance Testing
Department Charters
Documentation and interview personnel
35. (1.) Physical (2.) Technical (4.) Administrative
Statement of Impact
Power system controls
Three Types of Controls
Vulnerability in the organization's PBX
36. One of a database table's fields - whose value is unique.
Statement of Impact
Database primary key
SDLC Phases
Capability Maturity Model
37. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Examples of Application Controls
Six steps of the Release Management process
OSI Layer 5: Session
A Financial Audit
38. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
The Release process
IT standards are not being reviewed often enough
Segregation of duties issue in a high value process
39. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
less than 24 hours
More difficult to perform
The Business Process Life Cycle
40. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Notify the Audit Committee
Six steps of the Release Management process
OSI: Transport Layer
Inform the auditee
41. The highest number of errors that can exist without a result being materially misstated.
Sampling
BCP Plans
Tolerable Error Rate
Examples of IT General Controls
42. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Wet pipe fire sprinkler system
BCP Plans
Stop-or-go Sampling
Network Layer Protocols
43. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Critical Path Methodology
Change management
Judgmental sampling
Audit Methodologies
44. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
OSI: Transport Layer
A Service Provider audit
Registers
45. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
The 4-item focus of a Balanced Scorecard
ISO 20000 Standard:
Recovery time objective
Confidence coefficient
46. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Split custody
Statistical Sampling
General Controls
47. An audit that is performed in support of an anticipated or active legal proceeding.
The best approach for identifying high risk areas for an audit
Substantive Testing
A Forensic Audit
Elements of the COSO pyramid
48. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Business Continuity
A Sample Mean
Data Link Layer Standards
The availability of IT systems
49. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Configuration Management
Power system controls
Tolerable Error Rate
Segregation of duties issue in a high value process
50. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
A gate process
Options for Risk Treatment
The BCP process
Input validation checking