SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Primary security features of relational databases
The availability of IT systems
Concentrate on samples known to represent high risk
An IS audit
2. A maturity model that represents the aggregations of other maturity models.
ITIL - IT Infrastructure Library
Rating Scale for Process Maturity
A gate process
Capability Maturity Model Integration (CMMI)
3. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Stay current with technology
The 5 types of Evidence that the auditor will collect during an audit.
Input validation checking
4. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Separate administrative accounts
Emergency Changes
A Financial Audit
Lacks specific expertise or resources to conduct an internal audit
5. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
The audit program
Criticality analysis
The Release process
6. Subjective sampling is used when the auditor wants to _________________________.
Sample Standard Deviation
IT Service Management
Concentrate on samples known to represent high risk
Control Risk
7. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
Compliance Testing
Three Types of Controls
Power system controls
8. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
IT standards are not being reviewed often enough
Precision means
Advantages of outsourcing
PERT Diagram?
9. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
TCP/IP Internet Layer
A Compliance audit
Volumes of COSO framework
10. An audit of operational efficiency.
Separate administrative accounts
The Internet Layer in the TCP/IP model
Vulnerability in the organization's PBX
An Administrative
11. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The 4-item focus of a Balanced Scorecard
Hash
The two Categories of Controls
The Internet Layer in the TCP/IP model
12. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
An Integrated Audit
Application Layer protocols
Cloud computing
A Server Cluster
13. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Balanced Scorecard
(1.) Man-made (2.) Natural
Disaster Recovery
14. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Information systems access
The Software Program Library
Separate administrative accounts
Project Management Strategies
15. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
IT executives and the Board of Directors
Service Level Management
Insourcing
Types of sampling an auditor can perform.
16. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Wet pipe fire sprinkler system
Sampling Risk
Categories of risk treatment
TCP/IP Link Layer
17. The inventory of all in-scope business processes and systems
Control Risk
The first step in a business impact analysis
Inform the auditee
Project change request
18. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Blade Computer Architecture
Deming Cycle
TCP/IP Internet Layer
Control Risk
19. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
ITIL definition of PROBLEM
Function Point Analysis
Compliance Testing
20. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Buffers
Frameworks
IT Service Management
21. An audit of an IS department's operations and systems.
Project Management Strategies
ITIL - IT Infrastructure Library
An IS audit
Substantive Testing
22. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
The Steering Committee
TCP/IP Transport Layer
TCP/IP Internet Layer
23. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
TCP/IP Internet Layer
IT Services Financial Management
Background checks performed
24. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
TCP/IP Internet Layer
Risk Management
Disaster Recovery
Gantt Chart
25. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
WAN Protocols
Attribute Sampling
Inform the auditee
Configuration Management
26. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Three Types of Controls
Vulnerability in the organization's PBX
Cloud computing
Reduced sign-on
27. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Change management
Variable Sampling
Segregation of duties issue in a high value process
The Eight Types of Audits
28. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
An Integrated Audit
ISO 20000 Standard:
The BCP process
CPU
29. The risk that an IS auditor will overlook errors or exceptions during an audit.
An IS audit
Assess the maturity of its business processes
Detection Risk
IT Service Management
30. (1.) TCP (2.) UDP
Transport Layer Protocols
Testing activities
Audit logging
The first step in a business impact analysis
31. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
A Forensic Audit
Transport Layer Protocols
Cloud computing
Incident Management
32. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Hash
A Financial Audit
Detection Risk
Application Layer protocols
33. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Judgmental sampling
TCP/IP Network Model
Stay current with technology
Audit logging
34. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Personnel involved in the requirements phase of a software development project
Documentation and interview personnel
Function Point Analysis
ITIL definition of CHANGE MANAGEMENT
35. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
The Release process
Examples of Application Controls
Rating Scale for Process Maturity
TCP/IP Link Layer
36. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
ISO 20000 Standard:
WAN Protocols
The 4-item focus of a Balanced Scorecard
Project change request
37. (1.) Objectives (2.) Components (3.) Business Units / Areas
Information systems access
Dimensions of the COSO cube
Sampling
Main types of Controls
38. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Examples of IT General Controls
OSI: Network Layer
Information security policy
Network Layer Protocols
39. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
OSI: Transport Layer
Application Controls
Expected Error Rate
Frameworks
40. PERT: shows the ______________ critical path.
Formal waterfall
Current and most up-to-date
objective and unbiased
Grid Computing
41. The sum of all samples divided by the number of samples.
Service Continuity Management
WAN Protocols
A Sample Mean
Discovery Sampling
42. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
OSI: Physical Layer
Audit logging
Overall audit risk
Control Risk
43. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Disaster Recovery
More difficult to perform
Sampling
The BCP process
44. Consists of two main packet transport protocols: TCP and UDP.
Main types of Controls
TCP/IP Transport Layer
(1.) Polices (2.) Procedures (3.) Standards
Attribute Sampling
45. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Judgmental sampling
Input validation checking
The audit program
46. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Network Layer Protocols
Options for Risk Treatment
IT Services Financial Management
The Software Program Library
47. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Hash
Frameworks
Audit Methodologies
Notify the Audit Committee
48. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
Wet pipe fire sprinkler system
The Business Process Life Cycle
Balanced Scorecard
49. A representation of how closely a sample represents an entire population.
OSI Layer 5: Session
Application Controls
Precision means
IT executives and the Board of Directors
50. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Project change request
General Controls
Rating Scale for Process Maturity
IT Strategy