SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The highest number of errors that can exist without a result being materially misstated.
Input validation checking
Tolerable Error Rate
Sampling Risk
The 4-item focus of a Balanced Scorecard
2. Used to determine which business processes are the most critical - by ranking them in order of criticality
Annualized Loss Expectance (ALE)
Statement of Impact
Primary security features of relational databases
Criticality analysis
3. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
The Internet Layer in the TCP/IP model
Business impact analysis
Rating Scale for Process Maturity
Judgmental sampling
4. Gantt: used to display ______________.
Control Unit
Foreign Key
Resource details
General Controls
5. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Geographic location
Stay current with technology
Prblem Management
Volumes of COSO framework
6. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
OSI: Network Layer
Capability Maturity Model
The Business Process Life Cycle
7. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Discovery Sampling
Types of sampling an auditor can perform.
Sampling
The Requirements
8. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
The Release process
objective and unbiased
Controls
9. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Types of sampling an auditor can perform.
Deming Cycle
ISO 20000 Standard:
Release management
10. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Variable Sampling
Rating Scale for Process Maturity
Information systems access
Configuration Management
11. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Split custody
objective and unbiased
Assess the maturity of its business processes
12. An audit of an IS department's operations and systems.
Capability Maturity Model
ITIL - IT Infrastructure Library
Examples of IT General Controls
An IS audit
13. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Options for Risk Treatment
The best approach for identifying high risk areas for an audit
Emergency Changes
The appropriate role of an IS auditor in a control self-assessment
14. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
TCP/IP Link Layer
PERT Diagram?
A Sample Mean
The 7 phases and their order in the SDLC
15. Contains programs that communicate directly with the end user.
Security Awareness program
The Software Program Library
OSI Layer 7: Application
IT executives and the Board of Directors
16. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
(1.) Polices (2.) Procedures (3.) Standards
Compliance Testing
Background checks performed
Substantive Testing
17. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Sampling Risk
Separate administrative accounts
Options for Risk Treatment
OSI: Transport Layer
18. An audit of operational efficiency.
OSI Layer 7: Application
An Administrative
Insourcing
ITIL definition of CHANGE MANAGEMENT
19. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Personnel involved in the requirements phase of a software development project
A Financial Audit
The 5 types of Evidence that the auditor will collect during an audit.
TCP/IP Link Layer
20. The maximum period of downtime for a process or application
Formal waterfall
More difficult to perform
Recovery time objective
Change management
21. (1.) Link (2.) Internet (3.) Transport (4.) Application
Reduced sign-on
TCP/IP Network Model
A Cold Site
Main types of Controls
22. (1.) General (2.) Application
The typical Configuration Items in Configuration Management
Data Link Layer Standards
Examples of IT General Controls
Main types of Controls
23. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
The Requirements
Split custody
Disaster Recovery
OSI Layer 5: Session
24. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Service Level Management
Rating Scale for Process Maturity
Resource details
The BCP process
25. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Confidence coefficient
The Internet Layer in the TCP/IP model
Business Realization
Emergency Changes
26. Lowest layer. Delivers messages (frames) from one station to another vial local network.
An Administrative
Stop-or-go Sampling
Employee termination process
TCP/IP Link Layer
27. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Incident Management
A Financial Audit
Main types of Controls
SDLC Phases
28. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Inform the auditee
Expected Error Rate
Power system controls
Rating Scale for Process Maturity
29. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Expected Error Rate
Balanced Scorecard
Sampling
Gantt Chart
30. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Testing activities
The two Categories of Controls
Stop-or-go Sampling
A gate process
31. ITIL term used to describe the SDLC.
Balanced Scorecard
Geographic location
A Problem
Release management
32. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
objective and unbiased
Inform the auditee
The Release process
CPU
33. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Statement of Impact
IT executives and the Board of Directors
Insourcing
CPU
34. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
Judgmental sampling
Annualized Loss Expectance (ALE)
Business Continuity
35. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Stratified Sampling
Documentation and interview personnel
Change management
The 7 phases and their order in the SDLC
36. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Expected Error Rate
Blade Computer Architecture
Geographic location
37. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Risk Management
Current and most up-to-date
Split custody
Advantages of outsourcing
38. Focuses on: post-event recovery and restoration of services
List of systems examined
The appropriate role of an IS auditor in a control self-assessment
Disaster Recovery
Power system controls
39. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
ITIL - IT Infrastructure Library
Business impact analysis
To identify the tasks that are responsible for project delays
Inherent Risk
40. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Capability Maturity Model
Organizational culture and maturity
An Operational Audit
The appropriate role of an IS auditor in a control self-assessment
41. Defines internal controls and provides guidance for assessing and improving internal control systems.
A gate process
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI: Data Link Layer
Options for Risk Treatment
42. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Inform the auditee
Blade Computer Architecture
The typical Configuration Items in Configuration Management
Employee termination process
43. Concerned with electrical and physical specifications for devices. No frames or packets involved.
To identify the tasks that are responsible for project delays
Critical Path Methodology
Buffers
OSI: Physical Layer
44. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
A Virtual Server
Lacks specific expertise or resources to conduct an internal audit
Advantages of outsourcing
45. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
objective and unbiased
ITIL definition of PROBLEM
Discovery Sampling
Buffers
46. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Structural fires and transportation accidents
Insourcing
Organizational culture and maturity
Grid Computing
47. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Elements of the COBIT Framework
PERT Diagram?
Six steps of the Release Management process
48. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
The Internet Layer in the TCP/IP model
Reduced sign-on
Data Link Layer Standards
49. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Application Controls
Formal waterfall
Data Link Layer Standards
A Sample Mean
50. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Statement of Impact
Business Continuity
Risk Management
Elements of the COSO pyramid