SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Buffers
CPU
Documentation and interview personnel
Deming Cycle
2. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Options for Risk Treatment
Capability Maturity Model
Resource details
Gantt Chart
3. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
Registers
Primary security features of relational databases
Discovery Sampling
4. PERT: shows the ______________ critical path.
The appropriate role of an IS auditor in a control self-assessment
OSI: Physical Layer
Current and most up-to-date
Attribute Sampling
5. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
OSI: Physical Layer
Business impact analysis
A Sample Mean
Project change request
6. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
To identify the tasks that are responsible for project delays
List of systems examined
Discovery Sampling
IT Strategy
7. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Hash
Employee termination process
The Software Program Library
The audit program
8. (1.) General (2.) Application
Gantt Chart
Main types of Controls
Formal waterfall
A Server Cluster
9. What type of testing is performed to determine if control procedures have proper design and are operating properly?
An Administrative
Compliance Testing
Primary security features of relational databases
A Cold Site
10. (1.) Automatic (2.) Manual
Sample Standard Deviation
Entire password for an encryption key
Discovery Sampling
The two Categories of Controls
11. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Stay current with technology
Information systems access
Criticality analysis
Critical Path Methodology
12. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Options for Risk Treatment
Employees with excessive privileges
OSI Layer 5: Session
To identify the tasks that are responsible for project delays
13. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
IT Strategy
Insourcing
WAN Protocols
14. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Insourcing
Options for Risk Treatment
Incident Management
Risk Management
15. The main hardware component of a computer system - which executes instructions in computer programs.
Application Controls
PERT Diagram?
A gate process
CPU
16. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Discovery Sampling
The Requirements
Input validation checking
Categories of risk treatment
17. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
A Service Provider audit
Cloud computing
Control Unit
Sample Standard Deviation
18. The memory locations in the CPU where arithmetic values are stored.
Concentrate on samples known to represent high risk
Registers
Antivirus software on the email servers
Assess the maturity of its business processes
19. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
The Software Program Library
Formal waterfall
Confidence coefficient
20. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
OSI Layer 6: Presentation
Personnel involved in the requirements phase of a software development project
A Service Provider audit
The audit program
21. Framework for auditing and measuring IT Service Management Processes.
OSI: Network Layer
ITIL - IT Infrastructure Library
A Problem
ISO 20000 Standard:
22. An audit that is performed in support of an anticipated or active legal proceeding.
Assess the maturity of its business processes
Structural fires and transportation accidents
The best approach for identifying high risk areas for an audit
A Forensic Audit
23. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Project Management Strategies
Power system controls
The Requirements
24. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Power system controls
Reduced sign-on
WAN Protocols
Critical Path Methodology
25. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
TCP/IP Transport Layer
Examples of Application Controls
Department Charters
Service Continuity Management
26. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
The typical Configuration Items in Configuration Management
Function Point Analysis
The two Categories of Controls
Department Charters
27. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
ISO 20000 Standard:
Overall audit risk
Rating Scale for Process Maturity
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
28. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
SDLC Phases
The Requirements
Resource details
Overall audit risk
29. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Frameworks
Stay current with technology
Configuration Management
30. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Sample Standard Deviation
An Administrative
A Sample Mean
TCP/IP Link Layer
31. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
The two Categories of Controls
The Release process
Rating Scale for Process Maturity
The Requirements
32. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Structural fires and transportation accidents
Controls
Application Controls
33. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The availability of IT systems
Blade Computer Architecture
The best approach for identifying high risk areas for an audit
Business impact analysis
34. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Advantages of outsourcing
Employees with excessive privileges
Power system controls
Statement of Impact
35. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Power system controls
Notify the Audit Committee
Three Types of Controls
36. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Tolerable Error Rate
(1.) Man-made (2.) Natural
Incident Management
Six steps of the Release Management process
37. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
The best approach for identifying high risk areas for an audit
Frameworks
List of systems examined
Audit Methodologies
38. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Expected Error Rate
Antivirus software on the email servers
An IS audit
IT Strategy
39. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Reduced sign-on
Categories of risk treatment
IT Service Management
Background checks performed
40. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
Employees with excessive privileges
Emergency Changes
Current and most up-to-date
41. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Variable Sampling
Blade Computer Architecture
Release management
The BCP process
42. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Organizational culture and maturity
Segregation of duties issue in a high value process
Inform the auditee
Foreign Key
43. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Elements of the COSO pyramid
Detection Risk
A Forensic Audit
Employee termination process
44. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Volumes of COSO framework
Buffers
To identify the tasks that are responsible for project delays
Security Awareness program
45. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
More difficult to perform
The typical Configuration Items in Configuration Management
Wet pipe fire sprinkler system
ISO 20000 Standard:
46. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
The Eight Types of Audits
Configuration Management
Expected Error Rate
47. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Control Risk
Balanced Scorecard
The first step in a business impact analysis
48. Used to determine which business processes are the most critical - by ranking them in order of criticality
The BCP process
Criticality analysis
Assess the maturity of its business processes
Documentation and interview personnel
49. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
ITIL - IT Infrastructure Library
TCP/IP Transport Layer packet delivery
A Forensic Audit
An IS audit
50. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Blade Computer Architecture
The typical Configuration Items in Configuration Management
Substantive Testing (test of transaction integrity)
objective and unbiased