SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
Security Awareness program
The Release process
Buffers
2. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Stop-or-go Sampling
Business Continuity
PERT Diagram?
Cloud computing
3. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Cloud computing
Testing activities
The 5 types of Evidence that the auditor will collect during an audit.
Security Awareness program
4. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
TCP/IP Network Model
An Operational Audit
Annualized Loss Expectance (ALE)
5. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Function Point Analysis
WAN Protocols
The 4-item focus of a Balanced Scorecard
Geographic location
6. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
WAN Protocols
An Operational Audit
Audit logging
7. (1.) General (2.) Application
Rating Scale for Process Maturity
OSI: Network Layer
Main types of Controls
IT Service Management
8. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
OSI Layer 5: Session
Information systems access
Gantt Chart
9. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Structural fires and transportation accidents
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Stay current with technology
10. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
A gate process
Dimensions of the COSO cube
Lacks specific expertise or resources to conduct an internal audit
11. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
TCP/IP Transport Layer packet delivery
Application Controls
Precision means
12. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Lacks specific expertise or resources to conduct an internal audit
Compliance Testing
Frameworks
Annualized Loss Expectance (ALE)
13. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Foreign Key
ITIL definition of PROBLEM
Segregation of duties issue in a high value process
List of systems examined
14. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Concentrate on samples known to represent high risk
The audit program
SDLC Phases
IT standards are not being reviewed often enough
15. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
A Forensic Audit
Background checks performed
Rating Scale for Process Maturity
Audit Methodologies
16. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Server cluster
Stratified Sampling
(1.) Man-made (2.) Natural
The availability of IT systems
17. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
ITIL definition of CHANGE MANAGEMENT
ITIL - IT Infrastructure Library
A Sample Mean
18. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Volumes of COSO framework
The Requirements
Gantt Chart
19. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
A Problem
Background checks performed
Referential Integrity
20. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Geographic location
Business impact analysis
Documentation and interview personnel
Separate administrative accounts
21. (1.) Objectives (2.) Components (3.) Business Units / Areas
Information security policy
ITIL - IT Infrastructure Library
Dimensions of the COSO cube
A gate process
22. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Lacks specific expertise or resources to conduct an internal audit
Rating Scale for Process Maturity
less than 24 hours
(1.) Polices (2.) Procedures (3.) Standards
23. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
The availability of IT systems
Categories of risk treatment
IT standards are not being reviewed often enough
OSI: Network Layer
24. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Compliance audit
Controls
A Virtual Server
TCP/IP Network Model
25. The main hardware component of a computer system - which executes instructions in computer programs.
A Sample Mean
CPU
Reduced sign-on
Annualized Loss Expectance (ALE)
26. (1.) Physical (2.) Technical (4.) Administrative
Blade Computer Architecture
Volumes of COSO framework
Three Types of Controls
Wet pipe fire sprinkler system
27. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The typical Configuration Items in Configuration Management
Annualized Loss Expectance (ALE)
To identify the tasks that are responsible for project delays
PERT Diagram?
28. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Stay current with technology
Risk Management
OSI Layer 6: Presentation
Hash
29. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
IT executives and the Board of Directors
The audit program
IT Service Management
PERT Diagram?
30. A representation of how closely a sample represents an entire population.
The Software Program Library
Organizational culture and maturity
Precision means
Control Risk
31. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Testing activities
Elements of the COSO pyramid
Network Layer Protocols
32. An audit that combines an operational audit and a financial audit.
An Integrated Audit
A Forensic Audit
Project change request
Disaster Recovery
33. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Documentation and interview personnel
OSI: Data Link Layer
Blade Computer Architecture
Personnel involved in the requirements phase of a software development project
34. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
(1.) Polices (2.) Procedures (3.) Standards
Separate administrative accounts
The Internet Layer in the TCP/IP model
35. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Power system controls
(1.) Polices (2.) Procedures (3.) Standards
Precision means
36. 1.) Executive Support (2.) Well-defined roles and responsibilities.
The best approach for identifying high risk areas for an audit
Types of sampling an auditor can perform.
Information security policy
Advantages of outsourcing
37. Contains programs that communicate directly with the end user.
Data Link Layer Standards
OSI Layer 7: Application
Confidence coefficient
The Release process
38. Gantt: used to display ______________.
Resource details
SDLC Phases
Volumes of COSO framework
Business Realization
39. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Hash
Elements of the COSO pyramid
An Administrative
Options for Risk Treatment
40. An alternate processing center that contains no information processing equipment.
IT Services Financial Management
A Cold Site
Confidence coefficient
Employee termination process
41. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Prblem Management
Current and most up-to-date
Formal waterfall
An Administrative
42. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Disaster Recovery
(1.) Polices (2.) Procedures (3.) Standards
WAN Protocols
Referential Integrity
43. A sampling technique where at least one exception is sought in a population
A Sample Mean
Discovery Sampling
Data Link Layer Standards
Controls
44. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Employee termination process
The appropriate role of an IS auditor in a control self-assessment
Blade Computer Architecture
OSI: Network Layer
45. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Blade Computer Architecture
Attribute Sampling
Critical Path Methodology
Configuration Management
46. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Capability Maturity Model Integration (CMMI)
Reduced sign-on
Entire password for an encryption key
47. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
The audit program
Server cluster
The Steering Committee
48. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Gantt Chart
Business impact analysis
Organizational culture and maturity
49. To measure organizational performance and effectiveness against strategic goals.
ISO 20000 Standard:
Balanced Scorecard
Stratified Sampling
Network Layer Protocols
50. The risk that an IS auditor will overlook errors or exceptions during an audit.
Risk Management
Confidence coefficient
Precision means
Detection Risk