SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
The 4-item focus of a Balanced Scorecard
The Software Program Library
PERT Diagram?
Grid Computing
2. (1.) Access controls (2.) Encryption (3.) Audit logging
Attribute Sampling
Sample Standard Deviation
Release management
Primary security features of relational databases
3. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Categories of risk treatment
Examples of IT General Controls
Deming Cycle
Control Unit
4. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Inform the auditee
The Business Process Life Cycle
Application Controls
Cloud computing
5. An audit of a third-party organization that provides services to other organizations.
Recovery time objective
Sample Standard Deviation
(1.) Man-made (2.) Natural
A Service Provider audit
6. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Change management
The Software Program Library
WAN Protocols
Concentrate on samples known to represent high risk
7. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Database primary key
ITIL definition of PROBLEM
Examples of IT General Controls
8. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Sampling Risk
Business Continuity
Documentation and interview personnel
9. Handle application processing
Advantages of outsourcing
The 7 phases and their order in the SDLC
Application Controls
An IS audit
10. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Disaster Recovery
The Release process
Gantt Chart
A Financial Audit
11. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Emergency Changes
Testing activities
More difficult to perform
12. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
List of systems examined
Testing activities
Controls
13. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
The 5 types of Evidence that the auditor will collect during an audit.
Business Realization
Blade Computer Architecture
14. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Business impact analysis
Separate administrative accounts
Wet pipe fire sprinkler system
Prblem Management
15. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
A Compliance audit
To identify the tasks that are responsible for project delays
(1.) Polices (2.) Procedures (3.) Standards
IT Services Financial Management
16. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Notify the Audit Committee
The first step in a business impact analysis
Audit Methodologies
Inherent Risk
17. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
The Business Process Life Cycle
Formal waterfall
The appropriate role of an IS auditor in a control self-assessment
18. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
TCP/IP Transport Layer packet delivery
Configuration Management
Sampling
A Sample Mean
19. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Application Controls
OSI Layer 7: Application
Formal waterfall
OSI: Data Link Layer
20. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Concentrate on samples known to represent high risk
The Eight Types of Audits
The Internet Layer in the TCP/IP model
Elements of the COBIT Framework
21. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Risk Management
Referential Integrity
Critical Path Methodology
Judgmental sampling
22. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
IT Strategy
Background checks performed
Advantages of outsourcing
General Controls
23. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Primary security features of relational databases
Disaster Recovery
A Compliance audit
SDLC Phases
24. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
ITIL definition of PROBLEM
Change management
An Operational Audit
TCP/IP Transport Layer
25. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Function Point Analysis
Entire password for an encryption key
The typical Configuration Items in Configuration Management
Inform the auditee
26. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
SDLC Phases
Confidence coefficient
The Software Program Library
Volumes of COSO framework
27. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Application Layer protocols
Transport Layer Protocols
Foreign Key
28. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Information systems access
Deming Cycle
Change management
The Requirements
29. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Registers
IT Strategy
Organizational culture and maturity
Power system controls
30. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Service Level Management
A Service Provider audit
Business Realization
Examples of IT General Controls
31. (1.) Physical (2.) Technical (4.) Administrative
Statistical Sampling
TCP/IP Transport Layer
Three Types of Controls
ITIL definition of CHANGE MANAGEMENT
32. PERT: shows the ______________ critical path.
Current and most up-to-date
The typical Configuration Items in Configuration Management
Cloud computing
Emergency Changes
33. Subjective sampling is used when the auditor wants to _________________________.
A gate process
Concentrate on samples known to represent high risk
Hash
Vulnerability in the organization's PBX
34. A sampling technique where at least one exception is sought in a population
Deming Cycle
The appropriate role of an IS auditor in a control self-assessment
Service Continuity Management
Discovery Sampling
35. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
Control Risk
Confidence coefficient
Notify the Audit Committee
36. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
The Release process
Stop-or-go Sampling
Recovery time objective
Transport Layer Protocols
37. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The appropriate role of an IS auditor in a control self-assessment
Grid Computing
Entire password for an encryption key
More difficult to perform
38. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
BCP Plans
Foreign Key
A Problem
39. Describes the effect on the business if a process is incapacitated for any appreciable time
Annualized Loss Expectance (ALE)
Statement of Impact
IT Strategy
Referential Integrity
40. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Substantive Testing (test of transaction integrity)
Options for Risk Treatment
Gantt Chart
The Release process
41. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
(1.) Man-made (2.) Natural
Entire password for an encryption key
ITIL - IT Infrastructure Library
To identify the tasks that are responsible for project delays
42. Gantt: used to display ______________.
Disaster Recovery
Resource details
A Sample Mean
Elements of the COBIT Framework
43. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
OSI: Transport Layer
Application Layer protocols
List of systems examined
The Software Program Library
44. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Personnel involved in the requirements phase of a software development project
Capability Maturity Model
An Administrative
45. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Cloud computing
Segregation of duties issue in a high value process
General Controls
46. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
The BCP process
Control Unit
A Virtual Server
47. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
The audit program
Annualized Loss Expectance (ALE)
The BCP process
Critical Path Methodology
48. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
The 4-item focus of a Balanced Scorecard
OSI: Network Layer
Audit logging
Primary security features of relational databases
49. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
An Administrative
Reduced sign-on
objective and unbiased
Six steps of the Release Management process
50. (1.) General (2.) Application
Background checks performed
The Requirements
Security Awareness program
Main types of Controls