SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
OSI Layer 6: Presentation
Inherent Risk
Stay current with technology
Examples of Application Controls
2. The maximum period of downtime for a process or application
Wet pipe fire sprinkler system
Recovery time objective
Background checks performed
The 4-item focus of a Balanced Scorecard
3. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Power system controls
Input validation checking
Referential Integrity
Segregation of duties issue in a high value process
4. The sum of all samples divided by the number of samples.
Current and most up-to-date
A Sample Mean
Hash
Registers
5. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Wet pipe fire sprinkler system
Volumes of COSO framework
Business Continuity
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
6. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Volumes of COSO framework
Substantive Testing (test of transaction integrity)
Function Point Analysis
Split custody
7. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Buffers
Frameworks
Background checks performed
Structural fires and transportation accidents
8. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
The Internet Layer in the TCP/IP model
Detection Risk
An Operational Audit
Referential Integrity
9. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Types of sampling an auditor can perform.
Control Unit
Reduced sign-on
A Service Provider audit
10. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Business Continuity
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
BCP Plans
11. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
A Service Provider audit
Expected Error Rate
The Release process
List of systems examined
12. IT Service Management is defined in ___________________ framework.
The two Categories of Controls
ITIL - IT Infrastructure Library
Confidence coefficient
Insourcing
13. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
An Integrated Audit
BCP Plans
Segregation of duties issue in a high value process
Options for Risk Treatment
14. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Blade Computer Architecture
objective and unbiased
less than 24 hours
IT executives and the Board of Directors
15. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Business Realization
Variable Sampling
Audit logging
16. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
TCP/IP Transport Layer packet delivery
The BCP process
Buffers
17. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Confidence coefficient
To identify the tasks that are responsible for project delays
Function Point Analysis
18. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Gantt Chart
Transport Layer Protocols
ISO 20000 Standard:
19. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Antivirus software on the email servers
The 4-item focus of a Balanced Scorecard
More difficult to perform
Segregation of duties issue in a high value process
20. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Assess the maturity of its business processes
Inform the auditee
Vulnerability in the organization's PBX
21. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Network Layer Protocols
A Server Cluster
A Cold Site
Sampling Risk
22. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
TCP/IP Transport Layer
Testing activities
Incident Management
Overall audit risk
23. Used to translate or transform data from lower layers into formats that the application layer can work with.
Inform the auditee
Service Level Management
OSI Layer 6: Presentation
Capability Maturity Model
24. (1.) Automatic (2.) Manual
Registers
Application Layer protocols
The 5 types of Evidence that the auditor will collect during an audit.
The two Categories of Controls
25. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
Separate administrative accounts
Project Management Strategies
ITIL - IT Infrastructure Library
26. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Sampling Risk
Geographic location
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
27. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Service Continuity Management
ITIL definition of CHANGE MANAGEMENT
Insourcing
(1.) Polices (2.) Procedures (3.) Standards
28. (1.) Access controls (2.) Encryption (3.) Audit logging
List of systems examined
Primary security features of relational databases
Rating Scale for Process Maturity
OSI: Network Layer
29. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
An Operational Audit
Confidence coefficient
CPU
Sampling Risk
30. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
less than 24 hours
Types of sampling an auditor can perform.
Application Layer protocols
IT executives and the Board of Directors
31. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Database primary key
Security Awareness program
Elements of the COSO pyramid
32. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Formal waterfall
Change management
The first step in a business impact analysis
The typical Configuration Items in Configuration Management
33. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
34. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
OSI Layer 7: Application
The audit program
Incident Management
35. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Grid Computing
Input validation checking
IT standards are not being reviewed often enough
An IS audit
36. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
The Requirements
Function Point Analysis
Application Controls
Prblem Management
37. To communication security policies - procedures - and other security-related information to an organization's employees.
Referential Integrity
Security Awareness program
Emergency Changes
Control Unit
38. A maturity model that represents the aggregations of other maturity models.
Separate administrative accounts
Capability Maturity Model Integration (CMMI)
Rating Scale for Process Maturity
Buffers
39. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Primary security features of relational databases
Personnel involved in the requirements phase of a software development project
Stay current with technology
Release management
40. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
An Administrative
Testing activities
CPU
41. Subjective sampling is used when the auditor wants to _________________________.
Main types of Controls
The 4-item focus of a Balanced Scorecard
Concentrate on samples known to represent high risk
Recovery time objective
42. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
A Service Provider audit
Entire password for an encryption key
Service Continuity Management
Gantt Chart
43. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
TCP/IP Transport Layer
Stay current with technology
A Compliance audit
IT Services Financial Management
44. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
Overall audit risk
Employee termination process
The Software Program Library
45. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Database primary key
The 7 phases and their order in the SDLC
Organizational culture and maturity
Information security policy
46. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Inform the auditee
A Virtual Server
A Server Cluster
47. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Blade Computer Architecture
The two Categories of Controls
Options for Risk Treatment
Control Risk
48. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Discovery Sampling
Service Level Management
Elements of the COBIT Framework
Entire password for an encryption key
49. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Variable Sampling
Critical Path Methodology
Emergency Changes
Registers
50. An audit of a third-party organization that provides services to other organizations.
An Administrative
Formal waterfall
A Service Provider audit
Transport Layer Protocols