SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to determine which business processes are the most critical - by ranking them in order of criticality
SDLC Phases
Input validation checking
The Internet Layer in the TCP/IP model
Criticality analysis
2. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Foreign Key
TCP/IP Network Model
Audit logging
Personnel involved in the requirements phase of a software development project
3. Framework for auditing and measuring IT Service Management Processes.
Expected Error Rate
Application Layer protocols
ISO 20000 Standard:
Detection Risk
4. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Substantive Testing (test of transaction integrity)
Dimensions of the COSO cube
Organizational culture and maturity
Separate administrative accounts
5. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Project Management Strategies
Vulnerability in the organization's PBX
Discovery Sampling
Structural fires and transportation accidents
6. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Rating Scale for Process Maturity
(1.) Man-made (2.) Natural
Data Link Layer Standards
OSI: Network Layer
7. The first major task in a disaster recovery or business continuity planning project.
Blade Computer Architecture
Information security policy
Controls
Business impact analysis
8. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
TCP/IP Link Layer
Inform the auditee
Business impact analysis
WAN Protocols
9. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
BCP Plans
Stay current with technology
Service Level Management
An Operational Audit
10. (1.) Automatic (2.) Manual
PERT Diagram?
A Virtual Server
objective and unbiased
The two Categories of Controls
11. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Segregation of duties issue in a high value process
Referential Integrity
Resource details
Stratified Sampling
12. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Foreign Key
Frameworks
Cloud computing
List of systems examined
13. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
The 4-item focus of a Balanced Scorecard
Substantive Testing (test of transaction integrity)
Business Realization
ITIL definition of CHANGE MANAGEMENT
14. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Controls
Examples of IT General Controls
An Integrated Audit
15. Describes the effect on the business if a process is incapacitated for any appreciable time
A Virtual Server
Grid Computing
To identify the tasks that are responsible for project delays
Statement of Impact
16. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Entire password for an encryption key
Capability Maturity Model Integration (CMMI)
ITIL definition of PROBLEM
17. Disasters are generally grouped in terms of type: ______________.
Business impact analysis
The BCP process
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
(1.) Man-made (2.) Natural
18. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
OSI: Network Layer
IT executives and the Board of Directors
Examples of IT General Controls
Geographic location
19. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
TCP/IP Transport Layer
Attribute Sampling
Frameworks
PERT Diagram?
20. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Registers
The availability of IT systems
Service Continuity Management
21. IT Governance is most concerned with ________.
Foreign Key
Discovery Sampling
IT Strategy
A Virtual Server
22. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
Grid Computing
Function Point Analysis
Variable Sampling
23. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Project change request
The Release process
Business Continuity
Three Types of Controls
24. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Function Point Analysis
The 7 phases and their order in the SDLC
A Sample Mean
Reduced sign-on
25. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
Substantive Testing (test of transaction integrity)
Balanced Scorecard
The best approach for identifying high risk areas for an audit
26. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
Gantt Chart
Separate administrative accounts
Substantive Testing
27. The main hardware component of a computer system - which executes instructions in computer programs.
Frameworks
CPU
Wet pipe fire sprinkler system
Business Continuity
28. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
TCP/IP Internet Layer
Advantages of outsourcing
Sampling Risk
Capability Maturity Model
29. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Frameworks
Vulnerability in the organization's PBX
Confidence coefficient
A Virtual Server
30. The sum of all samples divided by the number of samples.
Judgmental sampling
A Sample Mean
The best approach for identifying high risk areas for an audit
Segregation of duties issue in a high value process
31. Handle application processing
Application Controls
Business Realization
Testing activities
A gate process
32. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Transport Layer Protocols
Registers
Options for Risk Treatment
List of systems examined
33. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Sampling Risk
Power system controls
Notify the Audit Committee
34. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Grid Computing
The first step in a business impact analysis
Incident Management
35. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Assess the maturity of its business processes
Frameworks
The 7 phases and their order in the SDLC
Examples of IT General Controls
36. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Transport Layer Protocols
TCP/IP Transport Layer packet delivery
Entire password for an encryption key
37. To communication security policies - procedures - and other security-related information to an organization's employees.
Configuration Management
ITIL definition of PROBLEM
BCP Plans
Security Awareness program
38. (1.) TCP (2.) UDP
Antivirus software on the email servers
Types of sampling an auditor can perform.
Application Controls
Transport Layer Protocols
39. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
The Eight Types of Audits
The Software Program Library
Emergency Changes
Sampling Risk
40. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Three Types of Controls
(1.) Man-made (2.) Natural
Lacks specific expertise or resources to conduct an internal audit
Controls
41. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Insourcing
Documentation and interview personnel
Wet pipe fire sprinkler system
Inherent Risk
42. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Grid Computing
IT standards are not being reviewed often enough
Wet pipe fire sprinkler system
Attribute Sampling
43. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
Stratified Sampling
Background checks performed
Structural fires and transportation accidents
44. Contains programs that communicate directly with the end user.
The Release process
Application Layer protocols
Critical Path Methodology
OSI Layer 7: Application
45. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
OSI: Data Link Layer
Gantt Chart
The Internet Layer in the TCP/IP model
ISO 20000 Standard:
46. Used to measure the relative maturity of an organization and its processes.
Information security policy
Capability Maturity Model
Current and most up-to-date
Organizational culture and maturity
47. The maximum period of downtime for a process or application
Recovery time objective
Risk Management
Current and most up-to-date
ITIL definition of CHANGE MANAGEMENT
48. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Audit logging
A Server Cluster
ITIL - IT Infrastructure Library
Gantt Chart
49. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Transport Layer Protocols
A Compliance audit
OSI Layer 5: Session
The typical Configuration Items in Configuration Management
50. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Audit Methodologies
TCP/IP Internet Layer
The Requirements
Change management