SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Release management
Stop-or-go Sampling
ITIL definition of PROBLEM
OSI Layer 5: Session
2. 1.) Executive Support (2.) Well-defined roles and responsibilities.
OSI: Network Layer
Cloud computing
Information security policy
A Forensic Audit
3. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Configuration Management
Rating Scale for Process Maturity
Foreign Key
4. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Control Risk
Critical Path Methodology
Blade Computer Architecture
Vulnerability in the organization's PBX
5. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Information systems access
Judgmental sampling
IT Services Financial Management
Geographic location
6. (1.) Access controls (2.) Encryption (3.) Audit logging
A Sample Mean
Primary security features of relational databases
Emergency Changes
Stop-or-go Sampling
7. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
BCP Plans
A Virtual Server
A Server Cluster
Foreign Key
8. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Tolerable Error Rate
Statistical Sampling
A Cold Site
9. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Business impact analysis
Grid Computing
Inform the auditee
Transport Layer Protocols
10. (1.) General (2.) Application
Entire password for an encryption key
A Cold Site
Dimensions of the COSO cube
Main types of Controls
11. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Judgmental sampling
Categories of risk treatment
Entire password for an encryption key
12. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
Overall audit risk
Configuration Management
Database primary key
13. A maturity model that represents the aggregations of other maturity models.
ITIL - IT Infrastructure Library
TCP/IP Link Layer
Referential Integrity
Capability Maturity Model Integration (CMMI)
14. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
The Requirements
Elements of the COSO pyramid
Project change request
A Sample Mean
15. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Hash
PERT Diagram?
Lacks specific expertise or resources to conduct an internal audit
(1.) Polices (2.) Procedures (3.) Standards
16. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Project change request
ITIL definition of PROBLEM
Judgmental sampling
WAN Protocols
17. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
The 4-item focus of a Balanced Scorecard
Elements of the COSO pyramid
(1.) Polices (2.) Procedures (3.) Standards
IT standards are not being reviewed often enough
18. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
WAN Protocols
Geographic location
Sample Standard Deviation
19. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Lacks specific expertise or resources to conduct an internal audit
Precision means
Confidence coefficient
IT standards are not being reviewed often enough
20. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Department Charters
Documentation and interview personnel
Security Awareness program
Categories of risk treatment
21. The maximum period of downtime for a process or application
Recovery time objective
Employees with excessive privileges
Referential Integrity
The appropriate role of an IS auditor in a control self-assessment
22. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Stop-or-go Sampling
The Steering Committee
Separate administrative accounts
23. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Recovery time objective
Hash
Data Link Layer Standards
24. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
An Administrative
Vulnerability in the organization's PBX
Sampling Risk
25. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Inform the auditee
Application Layer protocols
Antivirus software on the email servers
26. An audit that combines an operational audit and a financial audit.
Control Risk
Three Types of Controls
Precision means
An Integrated Audit
27. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Discovery Sampling
Gantt Chart
Stay current with technology
Main types of Controls
28. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
An Operational Audit
Documentation and interview personnel
TCP/IP Transport Layer
Database primary key
29. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Criticality analysis
Stay current with technology
Hash
The Release process
30. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
OSI Layer 5: Session
Examples of Application Controls
Compliance Testing
ITIL - IT Infrastructure Library
31. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Blade Computer Architecture
Annualized Loss Expectance (ALE)
Rating Scale for Process Maturity
OSI: Transport Layer
32. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
OSI Layer 5: Session
TCP/IP Link Layer
TCP/IP Transport Layer packet delivery
Control Risk
33. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
To identify the tasks that are responsible for project delays
Deming Cycle
Buffers
34. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Six steps of the Release Management process
Incident Management
Substantive Testing
Segregation of duties issue in a high value process
35. Describes the effect on the business if a process is incapacitated for any appreciable time
(1.) Polices (2.) Procedures (3.) Standards
Statement of Impact
Deming Cycle
The typical Configuration Items in Configuration Management
36. (1.) Link (2.) Internet (3.) Transport (4.) Application
Controls
TCP/IP Network Model
Database primary key
Split custody
37. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
IT standards are not being reviewed often enough
less than 24 hours
Risk Management
38. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Compliance Testing
(1.) Man-made (2.) Natural
Sample Standard Deviation
39. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
(1.) Polices (2.) Procedures (3.) Standards
TCP/IP Transport Layer
Input validation checking
40. (1.) TCP (2.) UDP
Overall audit risk
Separate administrative accounts
Transport Layer Protocols
A Compliance audit
41. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
IT executives and the Board of Directors
Blade Computer Architecture
Substantive Testing (test of transaction integrity)
Separate administrative accounts
42. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
Stop-or-go Sampling
Overall audit risk
An Integrated Audit
43. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Statement of Impact
Application Layer protocols
OSI: Data Link Layer
Gantt Chart
44. Used to determine which business processes are the most critical - by ranking them in order of criticality
Foreign Key
Criticality analysis
Organizational culture and maturity
Volumes of COSO framework
45. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
ITIL definition of PROBLEM
Buffers
Geographic location
Elements of the COBIT Framework
46. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
TCP/IP Transport Layer packet delivery
Inherent Risk
Prblem Management
Variable Sampling
47. The sum of all samples divided by the number of samples.
A Sample Mean
Six steps of the Release Management process
Sampling Risk
Primary security features of relational databases
48. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Sampling Risk
A gate process
Security Awareness program
Sampling Risk
49. Disasters are generally grouped in terms of type: ______________.
A Server Cluster
ISO 20000 Standard:
(1.) Man-made (2.) Natural
Variable Sampling
50. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
The audit program
OSI Layer 6: Presentation
A Service Provider audit
Overall audit risk
