Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
List of systems examined
Primary security features of relational databases
Expected Error Rate
Attribute Sampling

2. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Controls
The BCP process
Employees with excessive privileges
Personnel involved in the requirements phase of a software development project

3. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Information systems access
Wet pipe fire sprinkler system
Gantt Chart
Rating Scale for Process Maturity

4. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Capability Maturity Model Integration (CMMI)
Network Layer Protocols
Capability Maturity Model
Elements of the COSO pyramid

5. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Examples of Application Controls
Six steps of the Release Management process
Inform the auditee
OSI Layer 7: Application

6. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
A Server Cluster
Recovery time objective
Examples of IT General Controls
Department Charters

7. IT Governance is most concerned with ________.
The BCP process
A Problem
ITIL definition of CHANGE MANAGEMENT
IT Strategy

8. Handle application processing
SDLC Phases
Insourcing
Application Controls
A Sample Mean

9. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Geographic location
Categories of risk treatment
ISO 20000 Standard:
IT Service Management

10. The sum of all samples divided by the number of samples.
Application Controls
A Sample Mean
BCP Plans
Deming Cycle

11. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Disaster Recovery
Risk Management
Buffers
WAN Protocols

12. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Primary security features of relational databases
A Service Provider audit
IT Services Financial Management
Discovery Sampling

13. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
IT Service Management
Configuration Management
Database primary key
Sample Standard Deviation

14. Support the functioning of the application controls
General Controls
An IS audit
Blade Computer Architecture
Stay current with technology

15. To measure organizational performance and effectiveness against strategic goals.
Emergency Changes
The 5 types of Evidence that the auditor will collect during an audit.
Testing activities
Balanced Scorecard

16. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Function Point Analysis
Deming Cycle
A gate process
A Cold Site

17. A maturity model that represents the aggregations of other maturity models.
WAN Protocols
Capability Maturity Model Integration (CMMI)
Stay current with technology
IT Strategy

18. Delivery of packets from one station to another - on the same network or on different networks.
Data Link Layer Standards
Statement of Impact
Variable Sampling
The Internet Layer in the TCP/IP model

19. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
The Software Program Library
Controls
Stratified Sampling
Lacks specific expertise or resources to conduct an internal audit

20. Contains programs that communicate directly with the end user.
The Steering Committee
Categories of risk treatment
OSI Layer 6: Presentation
OSI Layer 7: Application

21. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Structural fires and transportation accidents
Precision means
The audit program

22. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Foreign Key
Buffers
Confidence coefficient
Transport Layer Protocols

23. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
Judgmental sampling
Server cluster
Deming Cycle

24. The means by which management establishes and measures processes by which organizational objectives are achieved
Current and most up-to-date
Sampling Risk
Controls
Grid Computing

25. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
TCP/IP Link Layer
Types of sampling an auditor can perform.
The best approach for identifying high risk areas for an audit
Audit Methodologies

26. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Main types of Controls
OSI: Physical Layer
Information security policy

27. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Business Continuity
Frameworks
The typical Configuration Items in Configuration Management
A Sample Mean

28. ITIL term used to describe the SDLC.
Overall audit risk
Release management
Server cluster
Information systems access

29. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The audit program
Primary security features of relational databases
SDLC Phases
The availability of IT systems

30. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Cloud computing
Reduced sign-on
IT Services Financial Management

31. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Tolerable Error Rate
Capability Maturity Model
(1.) Man-made (2.) Natural

32. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
List of systems examined
Stratified Sampling
Entire password for an encryption key
CPU

33. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Inherent Risk
Documentation and interview personnel
An Administrative
Employee termination process

34. (1.) Access controls (2.) Encryption (3.) Audit logging
List of systems examined
OSI: Data Link Layer
Primary security features of relational databases
WAN Protocols

35. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Employee termination process
Incident Management
Data Link Layer Standards

36. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
Project change request
IT standards are not being reviewed often enough
Structural fires and transportation accidents

37. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Information security policy
Six steps of the Release Management process
Sampling Risk
Change management

38. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Main types of Controls
Transport Layer Protocols
Information security policy

39. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
OSI: Physical Layer
Examples of Application Controls
Foreign Key
The BCP process

40. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Release process
Tolerable Error Rate
The Business Process Life Cycle
ITIL definition of CHANGE MANAGEMENT

41. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Gantt Chart
Change management
A Virtual Server
Data Link Layer Standards

42. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Background checks performed
An IS audit
Elements of the COSO pyramid

43. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Configuration Management
General Controls
Gantt Chart
Volumes of COSO framework

44. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
The 4-item focus of a Balanced Scorecard
Application Layer protocols
OSI: Network Layer
ITIL definition of PROBLEM

45. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
To identify the tasks that are responsible for project delays
Emergency Changes
Current and most up-to-date
Project change request

46. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Buffers
Testing activities
Prblem Management
The Software Program Library

47. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Criticality analysis
Business impact analysis
Grid Computing
Attribute Sampling

48. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Six steps of the Release Management process
Service Continuity Management
Judgmental sampling
Control Unit

49. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Formal waterfall
PERT Diagram?
Registers
Split custody

50. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Separate administrative accounts
Inform the auditee
Split custody
Antivirus software on the email servers