SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Guide program execution through organization of resources and development of clear project objectives.
Information systems access
Project Management Strategies
Confidence coefficient
Tolerable Error Rate
2. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Disaster Recovery
(1.) Polices (2.) Procedures (3.) Standards
Notify the Audit Committee
A Sample Mean
3. An audit of operational efficiency.
Separate administrative accounts
An Administrative
Reduced sign-on
Function Point Analysis
4. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
Organizational culture and maturity
Inherent Risk
OSI Layer 7: Application
5. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Stratified Sampling
Assess the maturity of its business processes
The first step in a business impact analysis
Judgmental sampling
6. (1.) TCP (2.) UDP
Statistical Sampling
A Sample Mean
Transport Layer Protocols
The Eight Types of Audits
7. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Configuration Management
Stay current with technology
Tolerable Error Rate
Current and most up-to-date
8. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
Assess the maturity of its business processes
Criticality analysis
Change management
9. Support the functioning of the application controls
Separate administrative accounts
General Controls
Capability Maturity Model Integration (CMMI)
Business impact analysis
10. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
ITIL definition of CHANGE MANAGEMENT
Sampling Risk
More difficult to perform
11. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
The Internet Layer in the TCP/IP model
Options for Risk Treatment
Testing activities
12. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Notify the Audit Committee
A gate process
Rating Scale for Process Maturity
Types of sampling an auditor can perform.
13. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
The 7 phases and their order in the SDLC
Business impact analysis
Organizational culture and maturity
Stratified Sampling
14. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Advantages of outsourcing
Sampling
Configuration Management
(1.) Polices (2.) Procedures (3.) Standards
15. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
The Release process
Antivirus software on the email servers
The first step in a business impact analysis
16. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Sampling Risk
Input validation checking
To identify the tasks that are responsible for project delays
17. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
SDLC Phases
IT standards are not being reviewed often enough
A Problem
An Administrative
18. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Entire password for an encryption key
Disaster Recovery
Critical Path Methodology
Wet pipe fire sprinkler system
19. Framework for auditing and measuring IT Service Management Processes.
Sample Standard Deviation
Frameworks
ISO 20000 Standard:
Controls
20. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Types of sampling an auditor can perform.
Power system controls
Department Charters
TCP/IP Transport Layer
21. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Project Management Strategies
TCP/IP Transport Layer
Antivirus software on the email servers
22. The risk that an IS auditor will overlook errors or exceptions during an audit.
Power system controls
Inform the auditee
Lacks specific expertise or resources to conduct an internal audit
Detection Risk
23. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Variable Sampling
The appropriate role of an IS auditor in a control self-assessment
To identify the tasks that are responsible for project delays
An IS audit
24. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Server cluster
General Controls
Sampling Risk
The Eight Types of Audits
25. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
Database primary key
Categories of risk treatment
Incident Management
26. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
Cloud computing
Formal waterfall
Assess the maturity of its business processes
27. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Recovery time objective
Business Realization
Sampling Risk
28. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Emergency Changes
Assess the maturity of its business processes
Examples of Application Controls
IT executives and the Board of Directors
29. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Prblem Management
Change management
Business Realization
30. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Control Risk
The 4-item focus of a Balanced Scorecard
The first step in a business impact analysis
The 7 phases and their order in the SDLC
31. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Three Types of Controls
Gantt Chart
Recovery time objective
32. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Wet pipe fire sprinkler system
A Service Provider audit
The best approach for identifying high risk areas for an audit
ITIL definition of PROBLEM
33. What type of testing is performed to determine if control procedures have proper design and are operating properly?
The two Categories of Controls
Compliance Testing
Tolerable Error Rate
The first step in a business impact analysis
34. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Risk Management
Buffers
Cloud computing
Audit Methodologies
35. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Primary security features of relational databases
Capability Maturity Model
Audit logging
IT standards are not being reviewed often enough
36. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Business Realization
Sampling Risk
Configuration Management
Controls
37. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
OSI Layer 5: Session
OSI: Network Layer
General Controls
Insourcing
38. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Incident Management
Geographic location
Input validation checking
OSI Layer 6: Presentation
39. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Split custody
Incident Management
Control Unit
The Software Program Library
40. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Documentation and interview personnel
Reduced sign-on
TCP/IP Link Layer
Three Types of Controls
41. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Vulnerability in the organization's PBX
The best approach for identifying high risk areas for an audit
Gantt Chart
Three Types of Controls
42. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
A Cold Site
Service Continuity Management
Split custody
Emergency Changes
43. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Examples of Application Controls
Main types of Controls
TCP/IP Network Model
The typical Configuration Items in Configuration Management
44. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Testing activities
ITIL definition of PROBLEM
Control Risk
OSI: Physical Layer
45. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Grid Computing
Network Layer Protocols
Disaster Recovery
46. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
The first step in a business impact analysis
Formal waterfall
Emergency Changes
A Problem
47. Used to determine which business processes are the most critical - by ranking them in order of criticality
Sampling Risk
OSI: Transport Layer
Employee termination process
Criticality analysis
48. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
A Problem
Foreign Key
Current and most up-to-date
Volumes of COSO framework
49. An audit that is performed in support of an anticipated or active legal proceeding.
ITIL - IT Infrastructure Library
Employees with excessive privileges
less than 24 hours
A Forensic Audit
50. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Inherent Risk
The 5 types of Evidence that the auditor will collect during an audit.
Information systems access
Employees with excessive privileges
