SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Physical (2.) Technical (4.) Administrative
Sampling Risk
Three Types of Controls
IT Service Management
The first step in a business impact analysis
2. Gantt: used to display ______________.
Elements of the COSO pyramid
Input validation checking
Resource details
Business Continuity
3. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Judgmental sampling
Business Continuity
OSI: Physical Layer
Discovery Sampling
4. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Testing activities
The 5 types of Evidence that the auditor will collect during an audit.
less than 24 hours
5. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Department Charters
Examples of IT General Controls
Capability Maturity Model Integration (CMMI)
6. IT Service Management is defined in ___________________ framework.
The Eight Types of Audits
Entire password for an encryption key
PERT Diagram?
ITIL - IT Infrastructure Library
7. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
The 4-item focus of a Balanced Scorecard
Buffers
ISO 20000 Standard:
Audit logging
8. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Volumes of COSO framework
objective and unbiased
TCP/IP Internet Layer
OSI: Data Link Layer
9. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Business impact analysis
Sample Standard Deviation
Information security policy
PERT Diagram?
10. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Risk Management
TCP/IP Internet Layer
The Eight Types of Audits
OSI Layer 5: Session
11. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Main types of Controls
A Compliance audit
A gate process
12. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
A Compliance audit
Input validation checking
OSI Layer 5: Session
objective and unbiased
13. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Inherent Risk
Configuration Management
Attribute Sampling
14. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Referential Integrity
Critical Path Methodology
IT Services Financial Management
Power system controls
15. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
The Steering Committee
Assess the maturity of its business processes
objective and unbiased
Statistical Sampling
16. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Elements of the COSO pyramid
PERT Diagram?
Data Link Layer Standards
A gate process
17. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The 5 types of Evidence that the auditor will collect during an audit.
Separate administrative accounts
Grid Computing
Database primary key
18. Focuses on: post-event recovery and restoration of services
Employees with excessive privileges
OSI: Physical Layer
Disaster Recovery
The two Categories of Controls
19. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
The 7 phases and their order in the SDLC
Antivirus software on the email servers
Department Charters
OSI Layer 6: Presentation
20. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Service Level Management
Attribute Sampling
Registers
21. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
The Eight Types of Audits
The 7 phases and their order in the SDLC
Audit logging
Audit Methodologies
22. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Tolerable Error Rate
IT Strategy
Attribute Sampling
List of systems examined
23. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Inherent Risk
Cloud computing
Concentrate on samples known to represent high risk
Application Controls
24. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Separate administrative accounts
IT Services Financial Management
Information security policy
TCP/IP Internet Layer
25. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Deming Cycle
The Requirements
Disaster Recovery
Substantive Testing (test of transaction integrity)
26. Describes the effect on the business if a process is incapacitated for any appreciable time
An Operational Audit
Statement of Impact
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Department Charters
27. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
The Internet Layer in the TCP/IP model
The first step in a business impact analysis
Buffers
28. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
General Controls
Volumes of COSO framework
Stay current with technology
Annualized Loss Expectance (ALE)
29. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
Input validation checking
The first step in a business impact analysis
Recovery time objective
30. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
The audit program
Sample Standard Deviation
The Steering Committee
31. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Stratified Sampling
Control Unit
Main types of Controls
Vulnerability in the organization's PBX
32. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Department Charters
The Business Process Life Cycle
Variable Sampling
ITIL - IT Infrastructure Library
33. Used to determine which business processes are the most critical - by ranking them in order of criticality
Balanced Scorecard
Criticality analysis
Substantive Testing
Examples of IT General Controls
34. A representation of how closely a sample represents an entire population.
The best approach for identifying high risk areas for an audit
Department Charters
Precision means
ITIL definition of CHANGE MANAGEMENT
35. Used to measure the relative maturity of an organization and its processes.
Audit logging
IT Strategy
To identify the tasks that are responsible for project delays
Capability Maturity Model
36. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Segregation of duties issue in a high value process
OSI: Transport Layer
Service Continuity Management
Judgmental sampling
37. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Options for Risk Treatment
The Release process
Geographic location
To identify the tasks that are responsible for project delays
38. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
IT standards are not being reviewed often enough
The availability of IT systems
The Business Process Life Cycle
Expected Error Rate
39. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Six steps of the Release Management process
Insourcing
Attribute Sampling
Control Unit
40. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Primary security features of relational databases
Audit Methodologies
Overall audit risk
Capability Maturity Model
41. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
Project Management Strategies
Formal waterfall
Entire password for an encryption key
42. IT Governance is most concerned with ________.
Volumes of COSO framework
Deming Cycle
IT Strategy
Emergency Changes
43. Contains programs that communicate directly with the end user.
List of systems examined
OSI: Data Link Layer
OSI Layer 7: Application
Grid Computing
44. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
The availability of IT systems
The two Categories of Controls
General Controls
45. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
The first step in a business impact analysis
SDLC Phases
Six steps of the Release Management process
46. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Project change request
Function Point Analysis
An Operational Audit
The Steering Committee
47. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Segregation of duties issue in a high value process
The appropriate role of an IS auditor in a control self-assessment
WAN Protocols
Blade Computer Architecture
48. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
ISO 20000 Standard:
Inform the auditee
TCP/IP Link Layer
The Software Program Library
49. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Personnel involved in the requirements phase of a software development project
Advantages of outsourcing
The typical Configuration Items in Configuration Management
Configuration Management
50. An alternate processing center that contains no information processing equipment.
Annualized Loss Expectance (ALE)
SDLC Phases
A Cold Site
Control Unit
