SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
A Compliance audit
IT Strategy
OSI: Data Link Layer
General Controls
2. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
A Sample Mean
An Operational Audit
Criticality analysis
Gantt Chart
3. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Deming Cycle
Configuration Management
Advantages of outsourcing
4. Handle application processing
Application Controls
Overall audit risk
Volumes of COSO framework
Function Point Analysis
5. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Vulnerability in the organization's PBX
Incident Management
Information systems access
Prblem Management
6. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
WAN Protocols
Judgmental sampling
More difficult to perform
Gantt Chart
7. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
A Forensic Audit
less than 24 hours
Audit Methodologies
The typical Configuration Items in Configuration Management
8. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
The best approach for identifying high risk areas for an audit
Function Point Analysis
A Server Cluster
9. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Sampling Risk
Criticality analysis
Organizational culture and maturity
Stratified Sampling
10. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Blade Computer Architecture
Controls
Expected Error Rate
Transport Layer Protocols
11. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Attribute Sampling
objective and unbiased
Service Level Management
12. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Tolerable Error Rate
The Internet Layer in the TCP/IP model
General Controls
13. Guide program execution through organization of resources and development of clear project objectives.
Reduced sign-on
Project Management Strategies
Examples of Application Controls
Stay current with technology
14. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
To identify the tasks that are responsible for project delays
Power system controls
Control Unit
(1.) Polices (2.) Procedures (3.) Standards
15. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Segregation of duties issue in a high value process
To identify the tasks that are responsible for project delays
Audit Methodologies
Buffers
16. To communication security policies - procedures - and other security-related information to an organization's employees.
BCP Plans
Security Awareness program
TCP/IP Transport Layer
The Eight Types of Audits
17. The memory locations in the CPU where arithmetic values are stored.
Rating Scale for Process Maturity
OSI: Network Layer
Registers
Blade Computer Architecture
18. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
The Eight Types of Audits
Wet pipe fire sprinkler system
TCP/IP Internet Layer
Split custody
19. (1.) TCP (2.) UDP
Application Layer protocols
Transport Layer Protocols
Advantages of outsourcing
The Internet Layer in the TCP/IP model
20. Framework for auditing and measuring IT Service Management Processes.
Options for Risk Treatment
ISO 20000 Standard:
Disaster Recovery
Rating Scale for Process Maturity
21. (1.) Automatic (2.) Manual
List of systems examined
A Sample Mean
The two Categories of Controls
Recovery time objective
22. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Blade Computer Architecture
Examples of Application Controls
Examples of IT General Controls
Stratified Sampling
23. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
OSI: Network Layer
Substantive Testing (test of transaction integrity)
Balanced Scorecard
Rating Scale for Process Maturity
24. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Project change request
Risk Management
The two Categories of Controls
25. (1.) Link (2.) Internet (3.) Transport (4.) Application
A Server Cluster
To identify the tasks that are responsible for project delays
Service Level Management
TCP/IP Network Model
26. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Disaster Recovery
Information security policy
The two Categories of Controls
Elements of the COSO pyramid
27. IT Governance is most concerned with ________.
Insourcing
IT Strategy
Controls
Network Layer Protocols
28. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
OSI: Data Link Layer
IT Service Management
Business Continuity
Lacks specific expertise or resources to conduct an internal audit
29. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Sample Standard Deviation
Annualized Loss Expectance (ALE)
Project Management Strategies
Stratified Sampling
30. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Documentation and interview personnel
Organizational culture and maturity
less than 24 hours
31. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
The Eight Types of Audits
Deming Cycle
The best approach for identifying high risk areas for an audit
Change management
32. The highest number of errors that can exist without a result being materially misstated.
ITIL definition of CHANGE MANAGEMENT
Six steps of the Release Management process
The Software Program Library
Tolerable Error Rate
33. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
Transport Layer Protocols
The Software Program Library
Business Realization
34. (1.) Access controls (2.) Encryption (3.) Audit logging
TCP/IP Internet Layer
Primary security features of relational databases
OSI Layer 5: Session
Capability Maturity Model
35. Focuses on: post-event recovery and restoration of services
The 4-item focus of a Balanced Scorecard
Audit logging
IT executives and the Board of Directors
Disaster Recovery
36. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
Frameworks
Discovery Sampling
A Cold Site
37. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
TCP/IP Internet Layer
PERT Diagram?
Change management
Buffers
38. Used to determine which business processes are the most critical - by ranking them in order of criticality
ITIL definition of CHANGE MANAGEMENT
Substantive Testing (test of transaction integrity)
Criticality analysis
ITIL - IT Infrastructure Library
39. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Stop-or-go Sampling
An Administrative
A Server Cluster
Wet pipe fire sprinkler system
40. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
IT executives and the Board of Directors
Vulnerability in the organization's PBX
Advantages of outsourcing
Prblem Management
41. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
To identify the tasks that are responsible for project delays
Critical Path Methodology
Overall audit risk
Audit Methodologies
42. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Foreign Key
Testing activities
The BCP process
Stratified Sampling
43. 1.) Executive Support (2.) Well-defined roles and responsibilities.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Personnel involved in the requirements phase of a software development project
Documentation and interview personnel
Information security policy
44. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Prblem Management
Separate administrative accounts
Resource details
(1.) Man-made (2.) Natural
45. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Balanced Scorecard
Risk Management
Notify the Audit Committee
Precision means
46. An audit that is performed in support of an anticipated or active legal proceeding.
Split custody
Cloud computing
A Forensic Audit
Grid Computing
47. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Options for Risk Treatment
Elements of the COBIT Framework
The 5 types of Evidence that the auditor will collect during an audit.
OSI Layer 5: Session
48. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Stay current with technology
Project Management Strategies
Project change request
OSI Layer 5: Session
49. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
A gate process
TCP/IP Link Layer
Control Risk
50. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Structural fires and transportation accidents
Critical Path Methodology
Assess the maturity of its business processes
Recovery time objective