SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Stay current with technology
A Problem
Inform the auditee
Grid Computing
2. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Dimensions of the COSO cube
Project change request
Change management
Information systems access
3. Contains programs that communicate directly with the end user.
Foreign Key
OSI Layer 7: Application
To identify the tasks that are responsible for project delays
Variable Sampling
4. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
To identify the tasks that are responsible for project delays
Audit Methodologies
Overall audit risk
Annualized Loss Expectance (ALE)
5. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Notify the Audit Committee
Audit logging
less than 24 hours
OSI: Network Layer
6. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Server cluster
Project change request
Elements of the COBIT Framework
Gantt Chart
7. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
A Server Cluster
(1.) Polices (2.) Procedures (3.) Standards
Employees with excessive privileges
8. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
less than 24 hours
Types of sampling an auditor can perform.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
9. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Current and most up-to-date
The 4-item focus of a Balanced Scorecard
The availability of IT systems
SDLC Phases
10. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
TCP/IP Network Model
IT executives and the Board of Directors
Categories of risk treatment
An Operational Audit
11. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Business impact analysis
Employees with excessive privileges
Separate administrative accounts
Controls
12. A maturity model that represents the aggregations of other maturity models.
A Problem
TCP/IP Transport Layer packet delivery
Capability Maturity Model Integration (CMMI)
The two Categories of Controls
13. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Detection Risk
More difficult to perform
Incident Management
Examples of IT General Controls
14. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Vulnerability in the organization's PBX
TCP/IP Internet Layer
Project change request
OSI: Physical Layer
15. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Assess the maturity of its business processes
Organizational culture and maturity
Examples of IT General Controls
16. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
The first step in a business impact analysis
Sampling Risk
Stratified Sampling
Prblem Management
17. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
Primary security features of relational databases
Gantt Chart
Application Layer protocols
18. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Wet pipe fire sprinkler system
The Software Program Library
A Compliance audit
Deming Cycle
19. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Stay current with technology
Gantt Chart
PERT Diagram?
Background checks performed
20. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Lacks specific expertise or resources to conduct an internal audit
Frameworks
A Virtual Server
Structural fires and transportation accidents
21. The highest number of errors that can exist without a result being materially misstated.
Stratified Sampling
A gate process
Service Continuity Management
Tolerable Error Rate
22. Subjective sampling is used when the auditor wants to _________________________.
IT standards are not being reviewed often enough
Control Unit
Resource details
Concentrate on samples known to represent high risk
23. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
SDLC Phases
Vulnerability in the organization's PBX
TCP/IP Transport Layer packet delivery
24. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Statement of Impact
Network Layer Protocols
Background checks performed
25. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
TCP/IP Network Model
Stay current with technology
TCP/IP Transport Layer packet delivery
26. Defines internal controls and provides guidance for assessing and improving internal control systems.
Audit logging
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Emergency Changes
Sampling Risk
27. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Employee termination process
Incident Management
(1.) Polices (2.) Procedures (3.) Standards
IT standards are not being reviewed often enough
28. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
The Release process
Sampling Risk
Three Types of Controls
TCP/IP Link Layer
29. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
The two Categories of Controls
Personnel involved in the requirements phase of a software development project
ITIL definition of CHANGE MANAGEMENT
30. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
Inform the auditee
Tolerable Error Rate
The Internet Layer in the TCP/IP model
31. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
More difficult to perform
Stratified Sampling
Structural fires and transportation accidents
Compliance Testing
32. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
The 7 phases and their order in the SDLC
Structural fires and transportation accidents
General Controls
Power system controls
33. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
ISO 20000 Standard:
ITIL definition of PROBLEM
BCP Plans
OSI Layer 7: Application
34. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
WAN Protocols
Controls
Advantages of outsourcing
Control Risk
35. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
A Financial Audit
Stratified Sampling
Stop-or-go Sampling
36. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Resource details
Vulnerability in the organization's PBX
The Eight Types of Audits
Configuration Management
37. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
OSI Layer 5: Session
Sampling Risk
Blade Computer Architecture
TCP/IP Network Model
38. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Audit Methodologies
Employees with excessive privileges
Buffers
Substantive Testing
39. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Controls
The Eight Types of Audits
Antivirus software on the email servers
Statistical Sampling
40. The first major task in a disaster recovery or business continuity planning project.
Criticality analysis
More difficult to perform
Business impact analysis
Stop-or-go Sampling
41. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Criticality analysis
Assess the maturity of its business processes
Geographic location
Statement of Impact
42. Used to measure the relative maturity of an organization and its processes.
Elements of the COBIT Framework
Reduced sign-on
Types of sampling an auditor can perform.
Capability Maturity Model
43. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Substantive Testing (test of transaction integrity)
Buffers
Configuration Management
Controls
44. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Function Point Analysis
PERT Diagram?
Reduced sign-on
45. 1.) Executive Support (2.) Well-defined roles and responsibilities.
The audit program
Information security policy
Judgmental sampling
Background checks performed
46. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Recovery time objective
Detection Risk
The Steering Committee
Referential Integrity
47. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
ITIL definition of CHANGE MANAGEMENT
Types of sampling an auditor can perform.
An Administrative
IT Services Financial Management
48. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Referential Integrity
Power system controls
Substantive Testing
Controls
49. Used to determine which business processes are the most critical - by ranking them in order of criticality
Employee termination process
Notify the Audit Committee
Deming Cycle
Criticality analysis
50. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Department Charters
TCP/IP Link Layer
Elements of the COBIT Framework
The typical Configuration Items in Configuration Management