SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Documentation and interview personnel
Change management
Employee termination process
Rating Scale for Process Maturity
2. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
An Operational Audit
TCP/IP Transport Layer packet delivery
TCP/IP Network Model
The audit program
3. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Examples of Application Controls
Control Unit
Entire password for an encryption key
(1.) Man-made (2.) Natural
4. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Information systems access
Confidence coefficient
Employee termination process
The Requirements
5. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Personnel involved in the requirements phase of a software development project
Balanced Scorecard
Split custody
Entire password for an encryption key
6. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
TCP/IP Network Model
Elements of the COSO pyramid
Application Layer protocols
Geographic location
7. To measure organizational performance and effectiveness against strategic goals.
Tolerable Error Rate
Gantt Chart
Balanced Scorecard
IT executives and the Board of Directors
8. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Assess the maturity of its business processes
IT Service Management
Business Continuity
The Software Program Library
9. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Buffers
The audit program
A Virtual Server
Types of sampling an auditor can perform.
10. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
The 7 phases and their order in the SDLC
Stop-or-go Sampling
Buffers
11. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
Background checks performed
More difficult to perform
Examples of Application Controls
12. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
less than 24 hours
Split custody
Business Realization
13. One of a database table's fields - whose value is unique.
Types of sampling an auditor can perform.
Information systems access
Database primary key
OSI Layer 6: Presentation
14. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
TCP/IP Transport Layer packet delivery
Configuration Management
Lacks specific expertise or resources to conduct an internal audit
15. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
A Financial Audit
Critical Path Methodology
Substantive Testing (test of transaction integrity)
The appropriate role of an IS auditor in a control self-assessment
16. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Background checks performed
The best approach for identifying high risk areas for an audit
Sample Standard Deviation
Referential Integrity
17. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Data Link Layer Standards
Structural fires and transportation accidents
Formal waterfall
Employees with excessive privileges
18. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Examples of Application Controls
Testing activities
OSI: Transport Layer
19. A maturity model that represents the aggregations of other maturity models.
Business impact analysis
Capability Maturity Model Integration (CMMI)
Network Layer Protocols
Risk Management
20. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
The Requirements
TCP/IP Transport Layer
Six steps of the Release Management process
21. (1.) Objectives (2.) Components (3.) Business Units / Areas
Deming Cycle
Dimensions of the COSO cube
Referential Integrity
Types of sampling an auditor can perform.
22. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
less than 24 hours
The BCP process
IT Strategy
23. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
IT standards are not being reviewed often enough
Information security policy
The appropriate role of an IS auditor in a control self-assessment
ITIL definition of PROBLEM
24. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Annualized Loss Expectance (ALE)
The availability of IT systems
IT Service Management
To identify the tasks that are responsible for project delays
25. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Critical Path Methodology
Six steps of the Release Management process
Discovery Sampling
Service Level Management
26. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Employees with excessive privileges
Business Continuity
Expected Error Rate
27. (1.) Link (2.) Internet (3.) Transport (4.) Application
Sampling Risk
(1.) Polices (2.) Procedures (3.) Standards
TCP/IP Network Model
Assess the maturity of its business processes
28. Defines internal controls and provides guidance for assessing and improving internal control systems.
OSI: Transport Layer
Dimensions of the COSO cube
The first step in a business impact analysis
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
29. Used to estimate the effort required to develop a software program.
Risk Management
Function Point Analysis
Judgmental sampling
Employee termination process
30. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
The Steering Committee
BCP Plans
Emergency Changes
A Problem
31. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Types of sampling an auditor can perform.
Elements of the COSO pyramid
List of systems examined
Assess the maturity of its business processes
32. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Application Layer protocols
Overall audit risk
Examples of Application Controls
Dimensions of the COSO cube
33. The first major task in a disaster recovery or business continuity planning project.
Antivirus software on the email servers
Notify the Audit Committee
Control Unit
Business impact analysis
34. Guide program execution through organization of resources and development of clear project objectives.
Audit Methodologies
Project Management Strategies
A Service Provider audit
Primary security features of relational databases
35. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Information security policy
Network Layer Protocols
Annualized Loss Expectance (ALE)
Antivirus software on the email servers
36. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The typical Configuration Items in Configuration Management
OSI: Network Layer
More difficult to perform
Server cluster
37. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
TCP/IP Transport Layer packet delivery
A Forensic Audit
Department Charters
38. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
TCP/IP Internet Layer
To identify the tasks that are responsible for project delays
Discovery Sampling
39. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Insourcing
The Software Program Library
Transport Layer Protocols
ITIL - IT Infrastructure Library
40. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Referential Integrity
Gantt Chart
Precision means
Department Charters
41. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Blade Computer Architecture
Stop-or-go Sampling
Sampling Risk
42. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Audit Methodologies
Examples of IT General Controls
A Server Cluster
Stay current with technology
43. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The audit program
OSI: Transport Layer
The Release process
The typical Configuration Items in Configuration Management
44. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
IT Strategy
Structural fires and transportation accidents
Statistical Sampling
Buffers
45. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Examples of IT General Controls
A Problem
Buffers
TCP/IP Internet Layer
46. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
ITIL definition of CHANGE MANAGEMENT
Stop-or-go Sampling
Foreign Key
Data Link Layer Standards
47. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Service Level Management
Personnel involved in the requirements phase of a software development project
Compliance Testing
48. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Variable Sampling
The Steering Committee
49. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
The 4-item focus of a Balanced Scorecard
OSI: Data Link Layer
The Eight Types of Audits
An Operational Audit
50. The highest number of errors that can exist without a result being materially misstated.
ISO 20000 Standard:
Stop-or-go Sampling
Tolerable Error Rate
Change management
