SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Stay current with technology
The first step in a business impact analysis
Control Unit
2. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Business impact analysis
OSI: Transport Layer
Antivirus software on the email servers
3. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
A Problem
The BCP process
The Software Program Library
4. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Antivirus software on the email servers
To identify the tasks that are responsible for project delays
Rating Scale for Process Maturity
Prblem Management
5. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Sampling Risk
Tolerable Error Rate
OSI: Network Layer
Control Risk
6. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
OSI Layer 7: Application
Categories of risk treatment
Project change request
ITIL definition of CHANGE MANAGEMENT
7. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Statement of Impact
Types of sampling an auditor can perform.
Employees with excessive privileges
Organizational culture and maturity
8. An audit of operational efficiency.
Capability Maturity Model
An Administrative
A Service Provider audit
Security Awareness program
9. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
IT Service Management
Advantages of outsourcing
A Compliance audit
10. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Business impact analysis
Current and most up-to-date
Sampling
The Eight Types of Audits
11. Guide program execution through organization of resources and development of clear project objectives.
The best approach for identifying high risk areas for an audit
Vulnerability in the organization's PBX
Project Management Strategies
TCP/IP Transport Layer
12. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
The Internet Layer in the TCP/IP model
The availability of IT systems
Formal waterfall
13. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Dimensions of the COSO cube
Disaster Recovery
The Requirements
14. IT Governance is most concerned with ________.
IT Strategy
Substantive Testing (test of transaction integrity)
Capability Maturity Model Integration (CMMI)
The audit program
15. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
The Release process
Variable Sampling
Antivirus software on the email servers
Concentrate on samples known to represent high risk
16. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Wet pipe fire sprinkler system
Power system controls
Statistical Sampling
Business Continuity
17. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
The 5 types of Evidence that the auditor will collect during an audit.
IT Services Financial Management
Critical Path Methodology
18. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Rating Scale for Process Maturity
Formal waterfall
Insourcing
ITIL definition of CHANGE MANAGEMENT
19. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Compliance Testing
ITIL definition of PROBLEM
Sampling Risk
Substantive Testing (test of transaction integrity)
20. A maturity model that represents the aggregations of other maturity models.
TCP/IP Internet Layer
Capability Maturity Model Integration (CMMI)
Cloud computing
Foreign Key
21. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Inherent Risk
Reduced sign-on
Substantive Testing (test of transaction integrity)
22. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
Change management
Categories of risk treatment
An Integrated Audit
23. Support the functioning of the application controls
A Financial Audit
General Controls
Structural fires and transportation accidents
The appropriate role of an IS auditor in a control self-assessment
24. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
less than 24 hours
Judgmental sampling
Notify the Audit Committee
Vulnerability in the organization's PBX
25. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
A gate process
Employee termination process
Examples of IT General Controls
(1.) Man-made (2.) Natural
26. Used to estimate the effort required to develop a software program.
OSI: Data Link Layer
Judgmental sampling
Function Point Analysis
Criticality analysis
27. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
To identify the tasks that are responsible for project delays
Recovery time objective
Grid Computing
Examples of Application Controls
28. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
A Compliance audit
Foreign Key
Expected Error Rate
Options for Risk Treatment
29. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
less than 24 hours
TCP/IP Network Model
The Internet Layer in the TCP/IP model
30. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Sampling Risk
Stay current with technology
Application Controls
31. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Antivirus software on the email servers
Deming Cycle
Substantive Testing (test of transaction integrity)
32. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
The Software Program Library
Structural fires and transportation accidents
Stop-or-go Sampling
Background checks performed
33. To communication security policies - procedures - and other security-related information to an organization's employees.
Information systems access
Cloud computing
Security Awareness program
Structural fires and transportation accidents
34. Collections of Controls that work together to achieve an entire range of an organization's objectives.
The availability of IT systems
A Forensic Audit
Frameworks
Grid Computing
35. Gantt: used to display ______________.
Resource details
Wet pipe fire sprinkler system
General Controls
Buffers
36. Focuses on: post-event recovery and restoration of services
Buffers
Three Types of Controls
Disaster Recovery
The Release process
37. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Registers
Expected Error Rate
The typical Configuration Items in Configuration Management
Current and most up-to-date
38. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Six steps of the Release Management process
objective and unbiased
Detection Risk
39. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Frameworks
Network Layer Protocols
Annualized Loss Expectance (ALE)
The 7 phases and their order in the SDLC
40. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Foreign Key
Application Layer protocols
Security Awareness program
Expected Error Rate
41. (1.) Physical (2.) Technical (4.) Administrative
objective and unbiased
Foreign Key
Three Types of Controls
The Release process
42. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Three Types of Controls
Types of sampling an auditor can perform.
OSI: Transport Layer
Control Unit
43. The memory locations in the CPU where arithmetic values are stored.
Registers
Wet pipe fire sprinkler system
Attribute Sampling
More difficult to perform
44. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
The Eight Types of Audits
IT standards are not being reviewed often enough
TCP/IP Transport Layer packet delivery
A Server Cluster
45. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
A Service Provider audit
Sample Standard Deviation
Structural fires and transportation accidents
OSI: Data Link Layer
46. Lowest layer. Delivers messages (frames) from one station to another vial local network.
OSI Layer 7: Application
Service Level Management
The typical Configuration Items in Configuration Management
TCP/IP Link Layer
47. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
less than 24 hours
The Business Process Life Cycle
The 4-item focus of a Balanced Scorecard
Discovery Sampling
48. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Six steps of the Release Management process
Current and most up-to-date
The Release process
Documentation and interview personnel
49. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Three Types of Controls
Documentation and interview personnel
Separate administrative accounts
Sample Standard Deviation
50. A representation of how closely a sample represents an entire population.
ITIL definition of CHANGE MANAGEMENT
Precision means
objective and unbiased
Organizational culture and maturity