SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Control Unit
The 4-item focus of a Balanced Scorecard
The BCP process
Split custody
2. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Criticality analysis
Background checks performed
Assess the maturity of its business processes
The appropriate role of an IS auditor in a control self-assessment
3. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Registers
Vulnerability in the organization's PBX
Lacks specific expertise or resources to conduct an internal audit
IT standards are not being reviewed often enough
4. Used to determine which business processes are the most critical - by ranking them in order of criticality
The 7 phases and their order in the SDLC
The audit program
Criticality analysis
A Cold Site
5. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
To identify the tasks that are responsible for project delays
Personnel involved in the requirements phase of a software development project
The Software Program Library
A Virtual Server
6. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Judgmental sampling
IT standards are not being reviewed often enough
ITIL definition of PROBLEM
IT executives and the Board of Directors
7. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
The audit program
OSI Layer 6: Presentation
IT Strategy
8. ITIL term used to describe the SDLC.
Resource details
Release management
Network Layer Protocols
Discovery Sampling
9. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
Attribute Sampling
Frameworks
OSI Layer 5: Session
10. Support the functioning of the application controls
Input validation checking
General Controls
Database primary key
Assess the maturity of its business processes
11. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Foreign Key
Elements of the COBIT Framework
The Release process
12. The first major task in a disaster recovery or business continuity planning project.
Data Link Layer Standards
IT Strategy
A Cold Site
Business impact analysis
13. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Detection Risk
Examples of IT General Controls
Organizational culture and maturity
TCP/IP Network Model
14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Types of sampling an auditor can perform.
Compliance Testing
Disaster Recovery
OSI Layer 5: Session
15. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Overall audit risk
An Operational Audit
OSI: Transport Layer
Recovery time objective
16. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
An Administrative
Control Risk
Stratified Sampling
Frameworks
17. Describes the effect on the business if a process is incapacitated for any appreciable time
Annualized Loss Expectance (ALE)
The 4-item focus of a Balanced Scorecard
Statement of Impact
Options for Risk Treatment
18. The sum of all samples divided by the number of samples.
ITIL definition of CHANGE MANAGEMENT
A Sample Mean
A Forensic Audit
objective and unbiased
19. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Formal waterfall
An Integrated Audit
Sampling Risk
Discovery Sampling
20. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
BCP Plans
Segregation of duties issue in a high value process
Statement of Impact
Substantive Testing
21. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Six steps of the Release Management process
A gate process
A Server Cluster
22. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
TCP/IP Network Model
Personnel involved in the requirements phase of a software development project
Sample Standard Deviation
23. Guide program execution through organization of resources and development of clear project objectives.
Stop-or-go Sampling
Project Management Strategies
Detection Risk
An Operational Audit
24. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Lacks specific expertise or resources to conduct an internal audit
More difficult to perform
Stratified Sampling
25. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Employees with excessive privileges
Foreign Key
Entire password for an encryption key
The Business Process Life Cycle
26. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Entire password for an encryption key
List of systems examined
Inherent Risk
Main types of Controls
27. An audit that combines an operational audit and a financial audit.
An IS audit
Risk Management
Application Controls
An Integrated Audit
28. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Options for Risk Treatment
Business impact analysis
ITIL definition of PROBLEM
The Release process
29. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
List of systems examined
The best approach for identifying high risk areas for an audit
Testing activities
30. PERT: shows the ______________ critical path.
A Sample Mean
Project Management Strategies
Current and most up-to-date
Risk Management
31. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Primary security features of relational databases
The availability of IT systems
Six steps of the Release Management process
Notify the Audit Committee
32. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
IT executives and the Board of Directors
Incident Management
Reduced sign-on
OSI: Physical Layer
33. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Blade Computer Architecture
Configuration Management
Expected Error Rate
34. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Stop-or-go Sampling
Criticality analysis
The two Categories of Controls
Substantive Testing (test of transaction integrity)
35. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Department Charters
PERT Diagram?
The Eight Types of Audits
Primary security features of relational databases
36. A maturity model that represents the aggregations of other maturity models.
Tolerable Error Rate
Sample Standard Deviation
An Operational Audit
Capability Maturity Model Integration (CMMI)
37. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Organizational culture and maturity
An IS audit
The 5 types of Evidence that the auditor will collect during an audit.
Testing activities
38. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Inform the auditee
Grid Computing
OSI: Network Layer
Capability Maturity Model
39. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Structural fires and transportation accidents
A Sample Mean
Volumes of COSO framework
The appropriate role of an IS auditor in a control self-assessment
40. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Business Process Life Cycle
Judgmental sampling
The Steering Committee
Criticality analysis
41. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Attribute Sampling
Buffers
Compliance Testing
More difficult to perform
42. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
The Software Program Library
Emergency Changes
Network Layer Protocols
Elements of the COSO pyramid
43. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Main types of Controls
Change management
Incident Management
44. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
The Eight Types of Audits
Examples of IT General Controls
The Requirements
45. The maximum period of downtime for a process or application
Audit Methodologies
Recovery time objective
Primary security features of relational databases
Three Types of Controls
46. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
A Service Provider audit
TCP/IP Transport Layer packet delivery
Three Types of Controls
47. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
PERT Diagram?
Controls
Information systems access
48. The memory locations in the CPU where arithmetic values are stored.
Registers
TCP/IP Internet Layer
The appropriate role of an IS auditor in a control self-assessment
Inherent Risk
49. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Confidence coefficient
Employee termination process
Stay current with technology
The Eight Types of Audits
50. Focuses on: post-event recovery and restoration of services
Disaster Recovery
An Integrated Audit
Sample Standard Deviation
Precision means
