SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Variable Sampling
Sampling Risk
Input validation checking
Incident Management
2. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
Security Awareness program
Types of sampling an auditor can perform.
Substantive Testing (test of transaction integrity)
3. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Variable Sampling
TCP/IP Internet Layer
List of systems examined
WAN Protocols
4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
A Virtual Server
Judgmental sampling
Criticality analysis
The Internet Layer in the TCP/IP model
5. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Foreign Key
IT standards are not being reviewed often enough
objective and unbiased
The Release process
6. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
A Sample Mean
Application Controls
The typical Configuration Items in Configuration Management
More difficult to perform
7. The means by which management establishes and measures processes by which organizational objectives are achieved
(1.) Polices (2.) Procedures (3.) Standards
Controls
ISO 20000 Standard:
General Controls
8. PERT: shows the ______________ critical path.
Current and most up-to-date
Examples of IT General Controls
Sample Standard Deviation
Function Point Analysis
9. Contains programs that communicate directly with the end user.
Judgmental sampling
OSI Layer 7: Application
To identify the tasks that are responsible for project delays
Separate administrative accounts
10. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Problem
A Compliance audit
WAN Protocols
Volumes of COSO framework
11. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Testing activities
ISO 20000 Standard:
Documentation and interview personnel
12. Focuses on: post-event recovery and restoration of services
TCP/IP Link Layer
Disaster Recovery
A Service Provider audit
ITIL definition of PROBLEM
13. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Incident Management
OSI: Network Layer
CPU
Split custody
14. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
CPU
SDLC Phases
An Operational Audit
15. One of a database table's fields - whose value is unique.
(1.) Man-made (2.) Natural
objective and unbiased
Database primary key
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
16. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Assess the maturity of its business processes
Elements of the COBIT Framework
Sampling Risk
TCP/IP Link Layer
17. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Tolerable Error Rate
General Controls
Cloud computing
18. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
A Server Cluster
Stop-or-go Sampling
Structural fires and transportation accidents
Configuration Management
19. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Primary security features of relational databases
An Administrative
Project change request
Sampling Risk
20. (1.) TCP (2.) UDP
ITIL - IT Infrastructure Library
Three Types of Controls
Transport Layer Protocols
Input validation checking
21. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Entire password for an encryption key
The Eight Types of Audits
Split custody
The Internet Layer in the TCP/IP model
22. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Department Charters
OSI Layer 7: Application
Audit Methodologies
The BCP process
23. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Employees with excessive privileges
Business Realization
Server cluster
24. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Insourcing
Background checks performed
Categories of risk treatment
The Steering Committee
25. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Reduced sign-on
CPU
More difficult to perform
Hash
26. A representation of how closely a sample represents an entire population.
Disaster Recovery
Precision means
IT Strategy
Release management
27. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Judgmental sampling
Project Management Strategies
The Requirements
Organizational culture and maturity
28. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Categories of risk treatment
Attribute Sampling
Project change request
IT Service Management
29. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
IT standards are not being reviewed often enough
The Software Program Library
Main types of Controls
30. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
To identify the tasks that are responsible for project delays
The Software Program Library
An Operational Audit
The BCP process
31. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Sample Standard Deviation
Segregation of duties issue in a high value process
To identify the tasks that are responsible for project delays
Inherent Risk
32. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
Project change request
(1.) Man-made (2.) Natural
To identify the tasks that are responsible for project delays
33. Lowest layer. Delivers messages (frames) from one station to another vial local network.
The best approach for identifying high risk areas for an audit
Stay current with technology
OSI: Physical Layer
TCP/IP Link Layer
34. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Organizational culture and maturity
Segregation of duties issue in a high value process
Precision means
OSI: Network Layer
35. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Substantive Testing
Stay current with technology
Controls
Entire password for an encryption key
36. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
A Financial Audit
List of systems examined
A Forensic Audit
Department Charters
37. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Recovery time objective
Balanced Scorecard
The Release process
Stop-or-go Sampling
38. The memory locations in the CPU where arithmetic values are stored.
Buffers
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Registers
Release management
39. Used to measure the relative maturity of an organization and its processes.
Database primary key
Substantive Testing (test of transaction integrity)
Split custody
Capability Maturity Model
40. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Sampling
Recovery time objective
OSI: Network Layer
41. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Buffers
Disaster Recovery
objective and unbiased
Judgmental sampling
42. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Detection Risk
An Operational Audit
Assess the maturity of its business processes
Wet pipe fire sprinkler system
43. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Balanced Scorecard
BCP Plans
Business Continuity
44. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Discovery Sampling
Overall audit risk
A Virtual Server
Variable Sampling
45. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
TCP/IP Internet Layer
Transport Layer Protocols
Substantive Testing
Inform the auditee
46. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
The Requirements
Split custody
Examples of Application Controls
47. Guide program execution through organization of resources and development of clear project objectives.
Stay current with technology
Examples of IT General Controls
Project Management Strategies
Sampling
48. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Input validation checking
Insourcing
Compliance Testing
49. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
A Problem
ITIL definition of CHANGE MANAGEMENT
Configuration Management
Deming Cycle
50. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Stratified Sampling
PERT Diagram?
The Business Process Life Cycle
Gantt Chart
