SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Focuses on: post-event recovery and restoration of services
Business Continuity
A Cold Site
Disaster Recovery
Documentation and interview personnel
2. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Configuration Management
Information systems access
Dimensions of the COSO cube
ITIL definition of PROBLEM
3. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
Main types of Controls
Split custody
Criticality analysis
4. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
The two Categories of Controls
Resource details
Function Point Analysis
5. (1.) Objectives (2.) Components (3.) Business Units / Areas
Sampling
Sampling Risk
Dimensions of the COSO cube
TCP/IP Transport Layer packet delivery
6. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Stratified Sampling
Reduced sign-on
OSI: Physical Layer
7. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Foreign Key
List of systems examined
Gantt Chart
Discovery Sampling
8. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Compliance Testing
Configuration Management
Control Unit
Referential Integrity
9. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Three Types of Controls
(1.) Polices (2.) Procedures (3.) Standards
Organizational culture and maturity
Stay current with technology
10. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Buffers
Confidence coefficient
Network Layer Protocols
11. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Referential Integrity
Power system controls
A Sample Mean
12. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
The Release process
IT Strategy
OSI: Network Layer
A Financial Audit
13. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Split custody
BCP Plans
Inherent Risk
Judgmental sampling
14. The sum of all samples divided by the number of samples.
Configuration Management
TCP/IP Internet Layer
A Sample Mean
Stop-or-go Sampling
15. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
A Cold Site
IT Services Financial Management
OSI: Network Layer
Control Risk
16. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Statement of Impact
The BCP process
IT standards are not being reviewed often enough
TCP/IP Transport Layer packet delivery
17. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Volumes of COSO framework
The Eight Types of Audits
Employee termination process
18. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Categories of risk treatment
Examples of IT General Controls
Sampling Risk
19. To measure organizational performance and effectiveness against strategic goals.
Compliance Testing
An Integrated Audit
Lacks specific expertise or resources to conduct an internal audit
Balanced Scorecard
20. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Substantive Testing
Employees with excessive privileges
A Forensic Audit
Structural fires and transportation accidents
21. A representation of how closely a sample represents an entire population.
Precision means
The first step in a business impact analysis
Personnel involved in the requirements phase of a software development project
The audit program
22. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
WAN Protocols
OSI Layer 7: Application
An Operational Audit
Precision means
23. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
IT Services Financial Management
A Sample Mean
Application Layer protocols
24. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Risk Management
Types of sampling an auditor can perform.
Input validation checking
Employees with excessive privileges
25. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Network Layer Protocols
Control Risk
OSI Layer 5: Session
OSI: Network Layer
26. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Substantive Testing (test of transaction integrity)
CPU
Precision means
A Financial Audit
27. Used to estimate the effort required to develop a software program.
Main types of Controls
Power system controls
Function Point Analysis
Prblem Management
28. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
The BCP process
Input validation checking
Options for Risk Treatment
OSI Layer 7: Application
29. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Department Charters
The Release process
Personnel involved in the requirements phase of a software development project
30. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Precision means
The availability of IT systems
Database primary key
Employee termination process
31. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Sampling
OSI Layer 6: Presentation
To identify the tasks that are responsible for project delays
Blade Computer Architecture
32. ITIL term used to describe the SDLC.
Disaster Recovery
Concentrate on samples known to represent high risk
Release management
Service Level Management
33. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Geographic location
Three Types of Controls
Security Awareness program
34. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Current and most up-to-date
ITIL - IT Infrastructure Library
OSI: Physical Layer
Disaster Recovery
35. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
The two Categories of Controls
Balanced Scorecard
Substantive Testing (test of transaction integrity)
Risk Management
36. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Elements of the COSO pyramid
An Integrated Audit
Change management
The 5 types of Evidence that the auditor will collect during an audit.
37. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
An Administrative
(1.) Man-made (2.) Natural
OSI: Transport Layer
Sampling Risk
38. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
ITIL definition of PROBLEM
IT Services Financial Management
The 7 phases and their order in the SDLC
The 4-item focus of a Balanced Scorecard
39. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Discovery Sampling
Security Awareness program
Business Realization
A Compliance audit
40. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Change management
A Server Cluster
Lacks specific expertise or resources to conduct an internal audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
41. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
List of systems examined
Input validation checking
A Forensic Audit
Elements of the COBIT Framework
42. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
The Release process
Precision means
A Problem
43. Disasters are generally grouped in terms of type: ______________.
OSI: Physical Layer
(1.) Man-made (2.) Natural
Precision means
Emergency Changes
44. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
To identify the tasks that are responsible for project delays
The Internet Layer in the TCP/IP model
The first step in a business impact analysis
Sampling Risk
45. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Balanced Scorecard
Control Unit
Overall audit risk
The appropriate role of an IS auditor in a control self-assessment
46. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Department Charters
Emergency Changes
Categories of risk treatment
Employee termination process
47. The inventory of all in-scope business processes and systems
Split custody
Criticality analysis
Control Risk
The first step in a business impact analysis
48. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
OSI: Transport Layer
Confidence coefficient
Tolerable Error Rate
49. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
WAN Protocols
Data Link Layer Standards
Service Continuity Management
Discovery Sampling
50. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
Capability Maturity Model Integration (CMMI)
Control Risk
Assess the maturity of its business processes
