SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
OSI: Physical Layer
Wet pipe fire sprinkler system
To identify the tasks that are responsible for project delays
OSI Layer 6: Presentation
2. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Disaster Recovery
Capability Maturity Model Integration (CMMI)
Volumes of COSO framework
Expected Error Rate
3. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Function Point Analysis
SDLC Phases
Cloud computing
Control Unit
4. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
More difficult to perform
Substantive Testing (test of transaction integrity)
A Cold Site
Detection Risk
5. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Application Layer protocols
CPU
OSI: Transport Layer
Criticality analysis
6. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Disaster Recovery
Prblem Management
The Release process
The appropriate role of an IS auditor in a control self-assessment
7. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
Three Types of Controls
Personnel involved in the requirements phase of a software development project
Business impact analysis
8. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Advantages of outsourcing
The Software Program Library
The Requirements
9. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Wet pipe fire sprinkler system
More difficult to perform
Antivirus software on the email servers
Capability Maturity Model
10. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
A Compliance audit
Assess the maturity of its business processes
WAN Protocols
Incident Management
11. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
The Steering Committee
less than 24 hours
Rating Scale for Process Maturity
12. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
The Internet Layer in the TCP/IP model
Balanced Scorecard
Service Level Management
13. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Substantive Testing (test of transaction integrity)
Business Continuity
Risk Management
14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Capability Maturity Model Integration (CMMI)
OSI Layer 5: Session
Critical Path Methodology
Frameworks
15. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Employees with excessive privileges
Grid Computing
Compliance Testing
The Requirements
16. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
OSI: Data Link Layer
Formal waterfall
IT executives and the Board of Directors
17. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Insourcing
The Steering Committee
Formal waterfall
18. (1.) General (2.) Application
less than 24 hours
Dimensions of the COSO cube
Expected Error Rate
Main types of Controls
19. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Insourcing
Input validation checking
Inherent Risk
Transport Layer Protocols
20. IT Service Management is defined in ___________________ framework.
Emergency Changes
ITIL - IT Infrastructure Library
Application Controls
Business impact analysis
21. Delivery of packets from one station to another - on the same network or on different networks.
A gate process
Confidence coefficient
The Business Process Life Cycle
The Internet Layer in the TCP/IP model
22. PERT: shows the ______________ critical path.
ITIL definition of PROBLEM
The availability of IT systems
A Financial Audit
Current and most up-to-date
23. A maturity model that represents the aggregations of other maturity models.
OSI: Network Layer
Capability Maturity Model Integration (CMMI)
PERT Diagram?
Information security policy
24. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Hash
Sample Standard Deviation
Segregation of duties issue in a high value process
OSI Layer 5: Session
25. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Wet pipe fire sprinkler system
Testing activities
Frameworks
Project change request
26. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Personnel involved in the requirements phase of a software development project
A Virtual Server
Discovery Sampling
Foreign Key
27. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Confidence coefficient
Employees with excessive privileges
Examples of IT General Controls
IT Services Financial Management
28. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Service Continuity Management
The 7 phases and their order in the SDLC
The Business Process Life Cycle
Detection Risk
29. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Advantages of outsourcing
The 7 phases and their order in the SDLC
IT executives and the Board of Directors
Function Point Analysis
30. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
Function Point Analysis
Six steps of the Release Management process
OSI Layer 5: Session
31. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Structural fires and transportation accidents
Wet pipe fire sprinkler system
Prblem Management
Inform the auditee
32. An alternate processing center that contains no information processing equipment.
Sampling Risk
Business impact analysis
Disaster Recovery
A Cold Site
33. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Examples of Application Controls
Business Continuity
TCP/IP Transport Layer packet delivery
Elements of the COSO pyramid
34. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Advantages of outsourcing
To identify the tasks that are responsible for project delays
Controls
35. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Wet pipe fire sprinkler system
Organizational culture and maturity
IT executives and the Board of Directors
Advantages of outsourcing
36. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Variable Sampling
Structural fires and transportation accidents
Employees with excessive privileges
Change management
37. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Confidence coefficient
Application Controls
The Requirements
The 5 types of Evidence that the auditor will collect during an audit.
38. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Incident Management
Examples of Application Controls
Inherent Risk
39. (1.) Link (2.) Internet (3.) Transport (4.) Application
A Cold Site
CPU
Main types of Controls
TCP/IP Network Model
40. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Data Link Layer
Notify the Audit Committee
A Financial Audit
Primary security features of relational databases
41. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Control Unit
Volumes of COSO framework
Prblem Management
Power system controls
42. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
43. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
A Financial Audit
Hash
Types of sampling an auditor can perform.
Compliance Testing
44. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
An Integrated Audit
A Sample Mean
Control Unit
Notify the Audit Committee
45. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Current and most up-to-date
Disaster Recovery
IT Service Management
OSI: Transport Layer
46. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Grid Computing
(1.) Man-made (2.) Natural
Entire password for an encryption key
47. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
The BCP process
A gate process
Grid Computing
Database primary key
48. Defines internal controls and provides guidance for assessing and improving internal control systems.
Lacks specific expertise or resources to conduct an internal audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
(1.) Man-made (2.) Natural
Attribute Sampling
49. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Service Continuity Management
TCP/IP Transport Layer packet delivery
Stay current with technology
50. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Critical Path Methodology
List of systems examined
Sampling Risk
Rating Scale for Process Maturity
