Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A maturity model that represents the aggregations of other maturity models.
Gantt Chart
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Capability Maturity Model Integration (CMMI)
IT Services Financial Management

2. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
A Server Cluster
Categories of risk treatment
General Controls

3. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Business Realization
Data Link Layer Standards
Sampling
A Service Provider audit

4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
(1.) Polices (2.) Procedures (3.) Standards
Variable Sampling
Judgmental sampling
Primary security features of relational databases

5. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Statistical Sampling
Audit logging
Examples of Application Controls
The Requirements

6. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
TCP/IP Network Model
ITIL definition of PROBLEM
Notify the Audit Committee
A Server Cluster

7. An alternate processing center that contains no information processing equipment.
Rating Scale for Process Maturity
A Cold Site
Balanced Scorecard
A Forensic Audit

8. Concerned with electrical and physical specifications for devices. No frames or packets involved.
An Integrated Audit
IT Service Management
OSI: Physical Layer
Examples of Application Controls

9. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Disaster Recovery
Cloud computing
Formal waterfall

10. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Service Level Management
Formal waterfall
Business Continuity
Critical Path Methodology

11. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Control Risk
The Steering Committee
Service Level Management

12. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
A Compliance audit
Substantive Testing (test of transaction integrity)
Information security policy
Assess the maturity of its business processes

13. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Variable Sampling
A Financial Audit
Application Controls
Business impact analysis

14. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Inform the auditee
A Problem
TCP/IP Network Model

15. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The BCP process
Confidence coefficient
An IS audit
The Steering Committee

16. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
Business Continuity
Discovery Sampling
OSI Layer 5: Session

17. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
(1.) Man-made (2.) Natural
Stay current with technology
Deming Cycle

18. Used to estimate the effort required to develop a software program.
Structural fires and transportation accidents
Deming Cycle
Examples of Application Controls
Function Point Analysis

19. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Concentrate on samples known to represent high risk
Rating Scale for Process Maturity
OSI: Physical Layer

20. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Criticality analysis
Variable Sampling
IT Strategy
Primary security features of relational databases

21. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Capability Maturity Model Integration (CMMI)
Network Layer Protocols
Referential Integrity
Sampling Risk

22. The sum of all samples divided by the number of samples.
IT standards are not being reviewed often enough
IT executives and the Board of Directors
Capability Maturity Model Integration (CMMI)
A Sample Mean

23. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
To identify the tasks that are responsible for project delays
The Eight Types of Audits
A Virtual Server
Deming Cycle

24. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Change management
BCP Plans
A Service Provider audit

25. The risk that an IS auditor will overlook errors or exceptions during an audit.
ITIL definition of PROBLEM
IT Services Financial Management
Disaster Recovery
Detection Risk

26. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
List of systems examined
A Cold Site
Sample Standard Deviation
Primary security features of relational databases

27. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Application Controls
BCP Plans
OSI: Network Layer
OSI: Physical Layer

28. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Transport Layer Protocols
Background checks performed
Balanced Scorecard
Application Layer protocols

29. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
OSI Layer 7: Application
objective and unbiased
OSI: Data Link Layer

30. The inventory of all in-scope business processes and systems
Data Link Layer Standards
Tolerable Error Rate
The first step in a business impact analysis
Service Continuity Management

31. Used to translate or transform data from lower layers into formats that the application layer can work with.
Release management
Three Types of Controls
OSI Layer 6: Presentation
Sample Standard Deviation

32. Support the functioning of the application controls
General Controls
Registers
Network Layer Protocols
Statement of Impact

33. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
IT Strategy
Cloud computing
Resource details
The Release process

34. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Change management
Detection Risk
Inherent Risk
TCP/IP Transport Layer packet delivery

35. One of a database table's fields - whose value is unique.
Control Risk
Sampling Risk
Database primary key
The Internet Layer in the TCP/IP model

36. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
A Forensic Audit
Current and most up-to-date
Main types of Controls

37. PERT: shows the ______________ critical path.
Separate administrative accounts
objective and unbiased
Sampling
Current and most up-to-date

38. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Sampling Risk
Change management
An Administrative

39. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Rating Scale for Process Maturity
Wet pipe fire sprinkler system
Grid Computing
ITIL - IT Infrastructure Library

40. The means by which management establishes and measures processes by which organizational objectives are achieved
Statistical Sampling
Grid Computing
Business Continuity
Controls

41. The memory locations in the CPU where arithmetic values are stored.
Testing activities
Registers
objective and unbiased
Vulnerability in the organization's PBX

42. Used to measure the relative maturity of an organization and its processes.
A Service Provider audit
IT Services Financial Management
Capability Maturity Model
An Operational Audit

43. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
An Administrative
An IS audit
The typical Configuration Items in Configuration Management
Attribute Sampling

44. To measure organizational performance and effectiveness against strategic goals.
Department Charters
OSI Layer 5: Session
Business Continuity
Balanced Scorecard

45. (1.) Access controls (2.) Encryption (3.) Audit logging
Balanced Scorecard
Structural fires and transportation accidents
The Eight Types of Audits
Primary security features of relational databases

46. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Substantive Testing
The first step in a business impact analysis
Grid Computing
Expected Error Rate

47. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
The 7 phases and their order in the SDLC
A Forensic Audit
Control Unit

48. An audit of a third-party organization that provides services to other organizations.
Sampling
A Sample Mean
Substantive Testing
A Service Provider audit

49. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Capability Maturity Model Integration (CMMI)
Rating Scale for Process Maturity
The 7 phases and their order in the SDLC
less than 24 hours

50. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Recovery time objective
More difficult to perform
Cloud computing