SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
IT standards are not being reviewed often enough
Main types of Controls
Project change request
Precision means
2. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
To identify the tasks that are responsible for project delays
Department Charters
Prblem Management
Sampling
3. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Overall audit risk
(1.) Polices (2.) Procedures (3.) Standards
The BCP process
4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Emergency Changes
Elements of the COBIT Framework
Judgmental sampling
An Administrative
5. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The Eight Types of Audits
Structural fires and transportation accidents
The 7 phases and their order in the SDLC
A Forensic Audit
6. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
(1.) Polices (2.) Procedures (3.) Standards
Structural fires and transportation accidents
List of systems examined
OSI: Physical Layer
7. The memory locations in the CPU where arithmetic values are stored.
WAN Protocols
The appropriate role of an IS auditor in a control self-assessment
OSI: Transport Layer
Registers
8. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
Risk Management
OSI: Network Layer
Reduced sign-on
9. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
(1.) Man-made (2.) Natural
Control Unit
The Steering Committee
Registers
10. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Elements of the COBIT Framework
Judgmental sampling
Inherent Risk
Confidence coefficient
11. Support the functioning of the application controls
General Controls
BCP Plans
IT Services Financial Management
Stay current with technology
12. Disasters are generally grouped in terms of type: ______________.
TCP/IP Link Layer
(1.) Man-made (2.) Natural
Documentation and interview personnel
The 4-item focus of a Balanced Scorecard
13. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
TCP/IP Network Model
Current and most up-to-date
Expected Error Rate
14. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Business impact analysis
Release management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Options for Risk Treatment
15. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Gantt Chart
Business impact analysis
Grid Computing
A gate process
16. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
The availability of IT systems
Lacks specific expertise or resources to conduct an internal audit
A Server Cluster
17. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
The audit program
Assess the maturity of its business processes
Information systems access
The Internet Layer in the TCP/IP model
18. Lowest layer. Delivers messages (frames) from one station to another vial local network.
IT Service Management
TCP/IP Link Layer
Split custody
Three Types of Controls
19. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
The Business Process Life Cycle
Overall audit risk
Geographic location
Personnel involved in the requirements phase of a software development project
20. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
CPU
The typical Configuration Items in Configuration Management
Project Management Strategies
The Internet Layer in the TCP/IP model
21. The sum of all samples divided by the number of samples.
The Steering Committee
SDLC Phases
Rating Scale for Process Maturity
A Sample Mean
22. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
The availability of IT systems
Service Level Management
Audit logging
Inform the auditee
23. Gantt: used to display ______________.
A Virtual Server
Resource details
Attribute Sampling
less than 24 hours
24. (1.) Automatic (2.) Manual
Overall audit risk
The two Categories of Controls
A Compliance audit
A Service Provider audit
25. An audit of operational efficiency.
An Administrative
IT Service Management
Network Layer Protocols
Detection Risk
26. IT Governance is most concerned with ________.
A Forensic Audit
An IS audit
Elements of the COBIT Framework
IT Strategy
27. The risk that an IS auditor will overlook errors or exceptions during an audit.
Stratified Sampling
TCP/IP Link Layer
Detection Risk
IT Service Management
28. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Substantive Testing
OSI: Transport Layer
Lacks specific expertise or resources to conduct an internal audit
IT Service Management
29. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Network Layer Protocols
Risk Management
Examples of IT General Controls
Stay current with technology
30. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Discovery Sampling
Volumes of COSO framework
Sampling Risk
31. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Audit Methodologies
Hash
Annualized Loss Expectance (ALE)
Employee termination process
32. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
less than 24 hours
Geographic location
Stop-or-go Sampling
33. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Testing activities
Background checks performed
PERT Diagram?
Reduced sign-on
34. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
ISO 20000 Standard:
The availability of IT systems
Service Level Management
35. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
IT executives and the Board of Directors
Documentation and interview personnel
Power system controls
Separate administrative accounts
36. Used to determine which business processes are the most critical - by ranking them in order of criticality
Annualized Loss Expectance (ALE)
Criticality analysis
Main types of Controls
Concentrate on samples known to represent high risk
37. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
The Internet Layer in the TCP/IP model
Risk Management
Structural fires and transportation accidents
Capability Maturity Model
38. Describes the effect on the business if a process is incapacitated for any appreciable time
The 7 phases and their order in the SDLC
Discovery Sampling
Buffers
Statement of Impact
39. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
The 4-item focus of a Balanced Scorecard
Advantages of outsourcing
Three Types of Controls
OSI: Transport Layer
40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The Steering Committee
Variable Sampling
Vulnerability in the organization's PBX
Foreign Key
41. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Audit logging
TCP/IP Internet Layer
To identify the tasks that are responsible for project delays
42. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Sample Standard Deviation
The two Categories of Controls
ITIL definition of PROBLEM
Emergency Changes
43. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
Criticality analysis
Capability Maturity Model Integration (CMMI)
Detection Risk
44. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
SDLC Phases
Wet pipe fire sprinkler system
Assess the maturity of its business processes
Formal waterfall
45. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Sample Standard Deviation
An Integrated Audit
Change management
Cloud computing
46. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Database primary key
Examples of IT General Controls
The Business Process Life Cycle
47. The inventory of all in-scope business processes and systems
Examples of IT General Controls
The Eight Types of Audits
The first step in a business impact analysis
Judgmental sampling
48. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Examples of IT General Controls
ISO 20000 Standard:
Expected Error Rate
Notify the Audit Committee
49. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Discovery Sampling
Assess the maturity of its business processes
Gantt Chart
50. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Concentrate on samples known to represent high risk
Examples of Application Controls
Lacks specific expertise or resources to conduct an internal audit
Volumes of COSO framework