SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
To identify the tasks that are responsible for project delays
Security Awareness program
General Controls
Lacks specific expertise or resources to conduct an internal audit
2. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
OSI Layer 6: Presentation
The 7 phases and their order in the SDLC
An Administrative
Frameworks
3. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Application Layer protocols
Business Realization
Department Charters
BCP Plans
4. IT Governance is most concerned with ________.
(1.) Polices (2.) Procedures (3.) Standards
SDLC Phases
IT Strategy
TCP/IP Internet Layer
5. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
The best approach for identifying high risk areas for an audit
Reduced sign-on
OSI Layer 5: Session
Employees with excessive privileges
6. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
A Compliance audit
Volumes of COSO framework
Project change request
Critical Path Methodology
7. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Incident Management
SDLC Phases
A Financial Audit
8. An audit of operational efficiency.
Deming Cycle
An Administrative
Annualized Loss Expectance (ALE)
Business Continuity
9. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Elements of the COBIT Framework
Testing activities
The availability of IT systems
10. A sampling technique where at least one exception is sought in a population
objective and unbiased
The typical Configuration Items in Configuration Management
Tolerable Error Rate
Discovery Sampling
11. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Deming Cycle
Precision means
An Operational Audit
Overall audit risk
12. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Configuration Management
ISO 20000 Standard:
ITIL definition of PROBLEM
Inherent Risk
13. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Structural fires and transportation accidents
Formal waterfall
Registers
The BCP process
14. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Application Controls
Six steps of the Release Management process
Types of sampling an auditor can perform.
TCP/IP Transport Layer
15. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Three Types of Controls
Reduced sign-on
Audit Methodologies
16. (1.) Access controls (2.) Encryption (3.) Audit logging
WAN Protocols
Separate administrative accounts
Primary security features of relational databases
Incident Management
17. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
More difficult to perform
Vulnerability in the organization's PBX
Control Risk
18. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
The Software Program Library
(1.) Polices (2.) Procedures (3.) Standards
A Problem
19. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Prblem Management
Attribute Sampling
TCP/IP Link Layer
Six steps of the Release Management process
20. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
TCP/IP Transport Layer packet delivery
Server cluster
An Integrated Audit
Attribute Sampling
21. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Foreign Key
IT executives and the Board of Directors
Categories of risk treatment
Sampling Risk
22. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Grid Computing
Referential Integrity
IT standards are not being reviewed often enough
23. (1.) Physical (2.) Technical (4.) Administrative
Formal waterfall
Main types of Controls
Three Types of Controls
TCP/IP Transport Layer packet delivery
24. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The typical Configuration Items in Configuration Management
Elements of the COSO pyramid
The Steering Committee
Examples of IT General Controls
25. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Precision means
OSI: Transport Layer
Security Awareness program
Stay current with technology
26. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
TCP/IP Transport Layer
The first step in a business impact analysis
Substantive Testing
27. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Buffers
Risk Management
objective and unbiased
28. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Inform the auditee
TCP/IP Internet Layer
Sample Standard Deviation
WAN Protocols
29. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Reduced sign-on
Statement of Impact
Detection Risk
30. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Gantt Chart
The 7 phases and their order in the SDLC
Referential Integrity
31. The main hardware component of a computer system - which executes instructions in computer programs.
Sampling Risk
Inform the auditee
CPU
Rating Scale for Process Maturity
32. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
Inherent Risk
Organizational culture and maturity
Compliance Testing
33. One of a database table's fields - whose value is unique.
Critical Path Methodology
Database primary key
Personnel involved in the requirements phase of a software development project
Attribute Sampling
34. To communication security policies - procedures - and other security-related information to an organization's employees.
Gantt Chart
The appropriate role of an IS auditor in a control self-assessment
Security Awareness program
Vulnerability in the organization's PBX
35. A maturity model that represents the aggregations of other maturity models.
Gantt Chart
TCP/IP Transport Layer packet delivery
Capability Maturity Model Integration (CMMI)
Criticality analysis
36. Framework for auditing and measuring IT Service Management Processes.
objective and unbiased
IT executives and the Board of Directors
ISO 20000 Standard:
Statement of Impact
37. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Audit Methodologies
Sampling Risk
The audit program
Separate administrative accounts
38. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
Project change request
The two Categories of Controls
WAN Protocols
39. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Precision means
Concentrate on samples known to represent high risk
Substantive Testing (test of transaction integrity)
Controls
40. Guide program execution through organization of resources and development of clear project objectives.
Dimensions of the COSO cube
Audit logging
Project Management Strategies
Lacks specific expertise or resources to conduct an internal audit
41. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Confidence coefficient
less than 24 hours
Lacks specific expertise or resources to conduct an internal audit
Data Link Layer Standards
42. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Structural fires and transportation accidents
Advantages of outsourcing
A Financial Audit
Application Layer protocols
43. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
TCP/IP Link Layer
Critical Path Methodology
Categories of risk treatment
Employee termination process
44. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
CPU
ITIL - IT Infrastructure Library
Options for Risk Treatment
Deming Cycle
45. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Business Continuity
IT standards are not being reviewed often enough
The audit program
Background checks performed
46. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Advantages of outsourcing
Reduced sign-on
Cloud computing
Sample Standard Deviation
47. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Notify the Audit Committee
Capability Maturity Model Integration (CMMI)
Documentation and interview personnel
The Release process
48. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
ITIL definition of PROBLEM
A Sample Mean
Formal waterfall
Statement of Impact
49. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Control Risk
TCP/IP Internet Layer
Frameworks
Overall audit risk
50. Contains programs that communicate directly with the end user.
An IS audit
Grid Computing
Prblem Management
OSI Layer 7: Application
