SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Function Point Analysis
Lacks specific expertise or resources to conduct an internal audit
Audit logging
2. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Sampling Risk
Change management
Rating Scale for Process Maturity
List of systems examined
3. Describes the effect on the business if a process is incapacitated for any appreciable time
Frameworks
Sampling Risk
Statement of Impact
less than 24 hours
4. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
ITIL definition of PROBLEM
Elements of the COSO pyramid
Rating Scale for Process Maturity
Organizational culture and maturity
5. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Options for Risk Treatment
IT Services Financial Management
Network Layer Protocols
Examples of Application Controls
6. An audit of a third-party organization that provides services to other organizations.
The two Categories of Controls
A Service Provider audit
Inherent Risk
Power system controls
7. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Compliance audit
Audit logging
A Server Cluster
Substantive Testing (test of transaction integrity)
8. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Three Types of Controls
Prblem Management
The appropriate role of an IS auditor in a control self-assessment
Testing activities
9. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Overall audit risk
Gantt Chart
Volumes of COSO framework
Foreign Key
10. Support the functioning of the application controls
General Controls
Change management
Substantive Testing (test of transaction integrity)
Personnel involved in the requirements phase of a software development project
11. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Segregation of duties issue in a high value process
ISO 20000 Standard:
PERT Diagram?
Reduced sign-on
12. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Incident Management
less than 24 hours
The Requirements
13. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
PERT Diagram?
The Business Process Life Cycle
Network Layer Protocols
14. (1.) TCP (2.) UDP
Lacks specific expertise or resources to conduct an internal audit
Transport Layer Protocols
Substantive Testing (test of transaction integrity)
Deming Cycle
15. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
ISO 20000 Standard:
Employee termination process
A Server Cluster
The 7 phases and their order in the SDLC
16. IT Service Management is defined in ___________________ framework.
IT Services Financial Management
ITIL - IT Infrastructure Library
Split custody
IT Strategy
17. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
An Integrated Audit
The Steering Committee
Capability Maturity Model
Expected Error Rate
18. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
Employees with excessive privileges
Registers
More difficult to perform
19. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The Requirements
Assess the maturity of its business processes
ITIL - IT Infrastructure Library
The BCP process
20. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
TCP/IP Transport Layer packet delivery
Variable Sampling
Business Realization
21. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
IT Strategy
IT Service Management
Employee termination process
OSI: Network Layer
22. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
IT executives and the Board of Directors
Resource details
Annualized Loss Expectance (ALE)
Elements of the COBIT Framework
23. The first major task in a disaster recovery or business continuity planning project.
Inform the auditee
Business impact analysis
Overall audit risk
BCP Plans
24. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Reduced sign-on
Segregation of duties issue in a high value process
Notify the Audit Committee
Referential Integrity
25. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Deming Cycle
ISO 20000 Standard:
Annualized Loss Expectance (ALE)
Information systems access
26. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Business Continuity
Critical Path Methodology
Options for Risk Treatment
Vulnerability in the organization's PBX
27. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Server cluster
Change management
Project change request
28. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
Stay current with technology
More difficult to perform
Transport Layer Protocols
29. A representation of how closely a sample represents an entire population.
Cloud computing
Security Awareness program
A Sample Mean
Precision means
30. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
More difficult to perform
Entire password for an encryption key
Compliance Testing
31. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
IT Services Financial Management
Categories of risk treatment
Capability Maturity Model
32. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Information security policy
IT standards are not being reviewed often enough
Project Management Strategies
33. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Business Realization
Insourcing
IT Service Management
Balanced Scorecard
34. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Options for Risk Treatment
Vulnerability in the organization's PBX
A Cold Site
Cloud computing
35. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Network Layer Protocols
OSI: Network Layer
Detection Risk
36. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Control Risk
TCP/IP Link Layer
(1.) Man-made (2.) Natural
37. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Personnel involved in the requirements phase of a software development project
Expected Error Rate
Critical Path Methodology
38. An audit of operational efficiency.
A Compliance audit
An Administrative
Recovery time objective
The Requirements
39. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
The Steering Committee
Application Layer protocols
Dimensions of the COSO cube
40. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Stay current with technology
A Virtual Server
A Problem
Project change request
41. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
TCP/IP Link Layer
A Virtual Server
The BCP process
OSI: Transport Layer
42. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
The two Categories of Controls
OSI Layer 6: Presentation
OSI: Transport Layer
43. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Emergency Changes
Recovery time objective
Detection Risk
Volumes of COSO framework
44. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Criticality analysis
Attribute Sampling
Application Layer protocols
45. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
The Business Process Life Cycle
OSI: Physical Layer
The appropriate role of an IS auditor in a control self-assessment
Power system controls
46. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Business Realization
TCP/IP Link Layer
Six steps of the Release Management process
Audit Methodologies
47. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Input validation checking
Buffers
Sampling Risk
Service Continuity Management
48. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Sample Standard Deviation
OSI Layer 5: Session
OSI: Network Layer
Sampling
49. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
Referential Integrity
ITIL definition of CHANGE MANAGEMENT
IT Services Financial Management
50. The memory locations in the CPU where arithmetic values are stored.
Registers
The audit program
Statistical Sampling
More difficult to perform