SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Statement of Impact
The audit program
Primary security features of relational databases
Elements of the COBIT Framework
2. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Project Management Strategies
Reduced sign-on
Dimensions of the COSO cube
Elements of the COSO pyramid
3. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Power system controls
IT Service Management
Sampling
Capability Maturity Model
4. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Organizational culture and maturity
Emergency Changes
Precision means
Lacks specific expertise or resources to conduct an internal audit
5. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
Testing activities
Employees with excessive privileges
An IS audit
6. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Primary security features of relational databases
Service Level Management
(1.) Polices (2.) Procedures (3.) Standards
7. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Deming Cycle
Business Realization
Data Link Layer Standards
Inherent Risk
8. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Confidence coefficient
Stop-or-go Sampling
Tolerable Error Rate
9. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Control Unit
Organizational culture and maturity
Judgmental sampling
10. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Insourcing
BCP Plans
Statement of Impact
11. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
OSI: Physical Layer
Capability Maturity Model
Assess the maturity of its business processes
12. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Vulnerability in the organization's PBX
Application Layer protocols
More difficult to perform
Substantive Testing
13. The maximum period of downtime for a process or application
(1.) Man-made (2.) Natural
Critical Path Methodology
Tolerable Error Rate
Recovery time objective
14. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
The BCP process
Sampling Risk
TCP/IP Transport Layer
15. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Organizational culture and maturity
Prblem Management
Entire password for an encryption key
Attribute Sampling
16. Collections of Controls that work together to achieve an entire range of an organization's objectives.
The appropriate role of an IS auditor in a control self-assessment
Structural fires and transportation accidents
Frameworks
Power system controls
17. (1.) TCP (2.) UDP
Compliance Testing
(1.) Man-made (2.) Natural
Power system controls
Transport Layer Protocols
18. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Business impact analysis
Detection Risk
The 4-item focus of a Balanced Scorecard
19. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
An Operational Audit
Background checks performed
A Server Cluster
20. Gantt: used to display ______________.
Cloud computing
Rating Scale for Process Maturity
OSI: Network Layer
Resource details
21. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
OSI: Physical Layer
Blade Computer Architecture
Audit Methodologies
The Release process
22. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
SDLC Phases
Detection Risk
A Financial Audit
23. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
TCP/IP Internet Layer
Structural fires and transportation accidents
Project change request
Confidence coefficient
24. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Sampling
Critical Path Methodology
A Financial Audit
Project Management Strategies
25. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Formal waterfall
The Software Program Library
General Controls
The appropriate role of an IS auditor in a control self-assessment
26. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Precision means
Types of sampling an auditor can perform.
Compliance Testing
Application Layer protocols
27. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Sampling Risk
The 7 phases and their order in the SDLC
Balanced Scorecard
28. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Cloud computing
The Business Process Life Cycle
Background checks performed
An IS audit
29. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Recovery time objective
Sampling Risk
Main types of Controls
Inherent Risk
30. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
The Release process
Service Continuity Management
Substantive Testing (test of transaction integrity)
Types of sampling an auditor can perform.
31. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
A gate process
An Administrative
The BCP process
Recovery time objective
32. IT Service Management is defined in ___________________ framework.
Attribute Sampling
A Cold Site
ITIL - IT Infrastructure Library
An Administrative
33. Defines internal controls and provides guidance for assessing and improving internal control systems.
The Eight Types of Audits
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
IT standards are not being reviewed often enough
Security Awareness program
34. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
(1.) Polices (2.) Procedures (3.) Standards
The Business Process Life Cycle
CPU
OSI Layer 5: Session
35. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Blade Computer Architecture
The Steering Committee
Documentation and interview personnel
OSI Layer 5: Session
36. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Sampling
A Virtual Server
Emergency Changes
Segregation of duties issue in a high value process
37. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
A Problem
An IS audit
Project change request
Change management
38. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
The appropriate role of an IS auditor in a control self-assessment
Compliance Testing
Current and most up-to-date
39. The inventory of all in-scope business processes and systems
Separate administrative accounts
Inform the auditee
The first step in a business impact analysis
Application Layer protocols
40. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Elements of the COBIT Framework
objective and unbiased
Emergency Changes
Stratified Sampling
41. PERT: shows the ______________ critical path.
The Software Program Library
The audit program
Stop-or-go Sampling
Current and most up-to-date
42. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
Grid Computing
ITIL definition of PROBLEM
Options for Risk Treatment
43. Describes the effect on the business if a process is incapacitated for any appreciable time
Variable Sampling
Statement of Impact
Testing activities
Control Unit
44. A collection of two or more servers that is designed to appear as a single server.
Resource details
Capability Maturity Model Integration (CMMI)
A Forensic Audit
Server cluster
45. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Security Awareness program
Buffers
ITIL definition of CHANGE MANAGEMENT
IT Service Management
46. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
TCP/IP Network Model
Buffers
Application Layer protocols
47. Framework for auditing and measuring IT Service Management Processes.
OSI: Data Link Layer
ISO 20000 Standard:
ITIL definition of CHANGE MANAGEMENT
IT Services Financial Management
48. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
(1.) Polices (2.) Procedures (3.) Standards
A Problem
Notify the Audit Committee
49. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Detection Risk
The Software Program Library
A Problem
50. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
ITIL definition of PROBLEM
Audit logging
Emergency Changes
Risk Management
