SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Recovery time objective
Transport Layer Protocols
IT Service Management
2. To measure organizational performance and effectiveness against strategic goals.
Registers
A Compliance audit
Service Continuity Management
Balanced Scorecard
3. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
TCP/IP Network Model
The typical Configuration Items in Configuration Management
Buffers
4. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Function Point Analysis
Capability Maturity Model Integration (CMMI)
OSI Layer 5: Session
5. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Deming Cycle
A Service Provider audit
Split custody
Control Risk
6. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
SDLC Phases
Audit logging
Expected Error Rate
The availability of IT systems
7. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Hash
Statistical Sampling
Segregation of duties issue in a high value process
General Controls
8. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Project change request
Grid Computing
Server cluster
A Service Provider audit
9. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Disaster Recovery
Separate administrative accounts
Business Continuity
Overall audit risk
10. One of a database table's fields - whose value is unique.
The first step in a business impact analysis
Database primary key
Referential Integrity
A Cold Site
11. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Advantages of outsourcing
Configuration Management
Inform the auditee
12. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
The audit program
IT executives and the Board of Directors
Release management
A Virtual Server
13. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Discovery Sampling
Precision means
Prblem Management
BCP Plans
14. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Release management
Elements of the COBIT Framework
Judgmental sampling
Business Realization
15. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
Balanced Scorecard
Release management
A Sample Mean
16. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Prblem Management
Balanced Scorecard
Frameworks
17. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
The Requirements
An Integrated Audit
Wet pipe fire sprinkler system
Prblem Management
18. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
Reduced sign-on
Control Unit
Current and most up-to-date
19. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
The Business Process Life Cycle
TCP/IP Link Layer
The best approach for identifying high risk areas for an audit
20. An audit that combines an operational audit and a financial audit.
An Integrated Audit
Notify the Audit Committee
Function Point Analysis
IT standards are not being reviewed often enough
21. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
OSI: Data Link Layer
Employees with excessive privileges
Control Risk
22. To communication security policies - procedures - and other security-related information to an organization's employees.
Concentrate on samples known to represent high risk
The two Categories of Controls
Security Awareness program
The BCP process
23. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Concentrate on samples known to represent high risk
Service Level Management
The Business Process Life Cycle
The Eight Types of Audits
24. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Insourcing
Options for Risk Treatment
Control Unit
25. ITIL term used to describe the SDLC.
Types of sampling an auditor can perform.
PERT Diagram?
IT Strategy
Release management
26. Describes the effect on the business if a process is incapacitated for any appreciable time
Antivirus software on the email servers
Tolerable Error Rate
Statement of Impact
Configuration Management
27. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Sampling Risk
Precision means
Examples of Application Controls
Current and most up-to-date
28. The means by which management establishes and measures processes by which organizational objectives are achieved
ITIL definition of PROBLEM
Inform the auditee
Controls
IT executives and the Board of Directors
29. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
The 5 types of Evidence that the auditor will collect during an audit.
Security Awareness program
Separate administrative accounts
More difficult to perform
30. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
CPU
Personnel involved in the requirements phase of a software development project
An Administrative
Types of sampling an auditor can perform.
31. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Data Link Layer Standards
Cloud computing
Information security policy
Control Risk
32. 1.) Executive Support (2.) Well-defined roles and responsibilities.
TCP/IP Internet Layer
Information security policy
A gate process
An IS audit
33. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
The Software Program Library
The two Categories of Controls
Geographic location
Judgmental sampling
34. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The Software Program Library
To identify the tasks that are responsible for project delays
The best approach for identifying high risk areas for an audit
Substantive Testing
35. (1.) Link (2.) Internet (3.) Transport (4.) Application
An IS audit
A Sample Mean
Project Management Strategies
TCP/IP Network Model
36. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Rating Scale for Process Maturity
objective and unbiased
OSI: Transport Layer
BCP Plans
37. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
A Forensic Audit
Options for Risk Treatment
Stratified Sampling
(1.) Polices (2.) Procedures (3.) Standards
38. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
A Forensic Audit
Examples of Application Controls
Risk Management
BCP Plans
39. The main hardware component of a computer system - which executes instructions in computer programs.
Control Risk
Vulnerability in the organization's PBX
Project Management Strategies
CPU
40. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
ISO 20000 Standard:
CPU
WAN Protocols
Sampling Risk
41. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Prblem Management
Inherent Risk
A Financial Audit
Rating Scale for Process Maturity
42. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Primary security features of relational databases
A Problem
TCP/IP Transport Layer packet delivery
43. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
TCP/IP Transport Layer packet delivery
The best approach for identifying high risk areas for an audit
Six steps of the Release Management process
A Cold Site
44. Delivery of packets from one station to another - on the same network or on different networks.
The Eight Types of Audits
ITIL definition of CHANGE MANAGEMENT
IT Services Financial Management
The Internet Layer in the TCP/IP model
45. Support the functioning of the application controls
List of systems examined
TCP/IP Internet Layer
Lacks specific expertise or resources to conduct an internal audit
General Controls
46. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
An Operational Audit
IT Service Management
Prblem Management
Elements of the COBIT Framework
47. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Service Level Management
OSI: Network Layer
The 4-item focus of a Balanced Scorecard
Incident Management
48. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Application Layer protocols
The Steering Committee
Geographic location
Testing activities
49. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
A Compliance audit
Expected Error Rate
A Problem
A Service Provider audit
50. (1.) Physical (2.) Technical (4.) Administrative
Segregation of duties issue in a high value process
Control Risk
Three Types of Controls
Examples of Application Controls
