SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Inherent Risk
Buffers
Sampling
The two Categories of Controls
2. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
IT executives and the Board of Directors
Incident Management
Change management
3. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Information systems access
IT Services Financial Management
Stratified Sampling
Frameworks
4. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
ITIL - IT Infrastructure Library
Power system controls
The typical Configuration Items in Configuration Management
A Virtual Server
5. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
Vulnerability in the organization's PBX
Insourcing
Blade Computer Architecture
6. IT Service Management is defined in ___________________ framework.
Reduced sign-on
Stop-or-go Sampling
IT executives and the Board of Directors
ITIL - IT Infrastructure Library
7. Guide program execution through organization of resources and development of clear project objectives.
Cloud computing
Department Charters
Detection Risk
Project Management Strategies
8. An alternate processing center that contains no information processing equipment.
Elements of the COBIT Framework
Three Types of Controls
TCP/IP Internet Layer
A Cold Site
9. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Employee termination process
TCP/IP Internet Layer
Expected Error Rate
objective and unbiased
10. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Inherent Risk
A Problem
ITIL definition of CHANGE MANAGEMENT
11. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
BCP Plans
Transport Layer Protocols
Configuration Management
The 7 phases and their order in the SDLC
12. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
(1.) Man-made (2.) Natural
Release management
13. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
less than 24 hours
Audit Methodologies
The BCP process
Transport Layer Protocols
14. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Information systems access
The audit program
OSI: Network Layer
Hash
15. An audit that is performed in support of an anticipated or active legal proceeding.
Function Point Analysis
(1.) Man-made (2.) Natural
The audit program
A Forensic Audit
16. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
TCP/IP Transport Layer
Advantages of outsourcing
Lacks specific expertise or resources to conduct an internal audit
Database primary key
17. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Virtual Server
Antivirus software on the email servers
A Sample Mean
A Financial Audit
18. Framework for auditing and measuring IT Service Management Processes.
(1.) Polices (2.) Procedures (3.) Standards
ISO 20000 Standard:
Server cluster
Balanced Scorecard
19. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Disaster Recovery
Statement of Impact
less than 24 hours
Options for Risk Treatment
20. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Examples of IT General Controls
(1.) Man-made (2.) Natural
Insourcing
21. The maximum period of downtime for a process or application
Recovery time objective
Information systems access
Service Continuity Management
A gate process
22. To communication security policies - procedures - and other security-related information to an organization's employees.
Options for Risk Treatment
Overall audit risk
Stratified Sampling
Security Awareness program
23. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Employee termination process
Blade Computer Architecture
OSI Layer 5: Session
Lacks specific expertise or resources to conduct an internal audit
24. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Notify the Audit Committee
Deming Cycle
Dimensions of the COSO cube
Examples of Application Controls
25. The risk that an IS auditor will overlook errors or exceptions during an audit.
OSI Layer 5: Session
Inherent Risk
Detection Risk
TCP/IP Transport Layer
26. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Lacks specific expertise or resources to conduct an internal audit
Stop-or-go Sampling
A Server Cluster
Critical Path Methodology
27. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Eight Types of Audits
Assess the maturity of its business processes
An IS audit
28. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
The appropriate role of an IS auditor in a control self-assessment
Audit logging
Referential Integrity
29. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
A Problem
Department Charters
Criticality analysis
30. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
TCP/IP Transport Layer
Separate administrative accounts
Background checks performed
objective and unbiased
31. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Network Layer Protocols
WAN Protocols
The two Categories of Controls
Application Layer protocols
32. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Reduced sign-on
Release management
less than 24 hours
33. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Statement of Impact
Antivirus software on the email servers
A Service Provider audit
34. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Background checks performed
More difficult to perform
Elements of the COBIT Framework
Function Point Analysis
35. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Inherent Risk
Compliance Testing
ITIL - IT Infrastructure Library
BCP Plans
36. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Inform the auditee
Compliance Testing
WAN Protocols
37. A maturity model that represents the aggregations of other maturity models.
A Virtual Server
Judgmental sampling
Annualized Loss Expectance (ALE)
Capability Maturity Model Integration (CMMI)
38. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Inform the auditee
Main types of Controls
Sample Standard Deviation
Split custody
39. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Substantive Testing (test of transaction integrity)
ISO 20000 Standard:
Confidence coefficient
40. Used to determine which business processes are the most critical - by ranking them in order of criticality
Database primary key
Criticality analysis
Application Layer protocols
Inherent Risk
41. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Blade Computer Architecture
Judgmental sampling
Resource details
Volumes of COSO framework
42. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
A Virtual Server
Data Link Layer Standards
Change management
Risk Management
43. The highest number of errors that can exist without a result being materially misstated.
Detection Risk
Tolerable Error Rate
Sampling Risk
Compliance Testing
44. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
A Financial Audit
Assess the maturity of its business processes
OSI Layer 5: Session
OSI: Network Layer
45. An audit of operational efficiency.
Data Link Layer Standards
Stratified Sampling
Employees with excessive privileges
An Administrative
46. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Referential Integrity
Substantive Testing
Configuration Management
IT executives and the Board of Directors
47. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Stay current with technology
less than 24 hours
Audit Methodologies
48. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
The 5 types of Evidence that the auditor will collect during an audit.
Organizational culture and maturity
TCP/IP Internet Layer
OSI: Transport Layer
49. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Capability Maturity Model Integration (CMMI)
Judgmental sampling
Insourcing
Formal waterfall
50. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Capability Maturity Model Integration (CMMI)
Testing activities
Detection Risk