SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Physical (2.) Technical (4.) Administrative
Volumes of COSO framework
Attribute Sampling
Three Types of Controls
Tolerable Error Rate
2. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Stop-or-go Sampling
Categories of risk treatment
ITIL definition of PROBLEM
3. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Referential Integrity
Elements of the COBIT Framework
The best approach for identifying high risk areas for an audit
Statement of Impact
4. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
The Software Program Library
Audit Methodologies
Elements of the COSO pyramid
Prblem Management
5. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
An Integrated Audit
Examples of Application Controls
Project change request
Sampling Risk
6. Used to measure the relative maturity of an organization and its processes.
Critical Path Methodology
Server cluster
IT Service Management
Capability Maturity Model
7. ITIL term used to describe the SDLC.
Service Level Management
A Virtual Server
Release management
The 4-item focus of a Balanced Scorecard
8. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
The two Categories of Controls
The audit program
Risk Management
Control Risk
9. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
Business impact analysis
Reduced sign-on
Background checks performed
10. IT Governance is most concerned with ________.
Reduced sign-on
A Sample Mean
IT Strategy
OSI: Physical Layer
11. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Control Unit
The Release process
More difficult to perform
TCP/IP Link Layer
12. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Resource details
A Problem
Business Realization
The Steering Committee
13. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
An Administrative
A Virtual Server
CPU
Annualized Loss Expectance (ALE)
14. The memory locations in the CPU where arithmetic values are stored.
Change management
TCP/IP Transport Layer
Judgmental sampling
Registers
15. Disasters are generally grouped in terms of type: ______________.
A Forensic Audit
Audit Methodologies
(1.) Man-made (2.) Natural
Expected Error Rate
16. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Function Point Analysis
The Software Program Library
The audit program
17. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Employee termination process
A gate process
Audit logging
Referential Integrity
18. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Six steps of the Release Management process
Grid Computing
The Release process
Testing activities
19. The first major task in a disaster recovery or business continuity planning project.
Sampling Risk
Business impact analysis
TCP/IP Network Model
The availability of IT systems
20. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Background checks performed
Formal waterfall
(1.) Polices (2.) Procedures (3.) Standards
The Business Process Life Cycle
21. Defines internal controls and provides guidance for assessing and improving internal control systems.
Project Management Strategies
The two Categories of Controls
Tolerable Error Rate
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
22. The main hardware component of a computer system - which executes instructions in computer programs.
Formal waterfall
Annualized Loss Expectance (ALE)
Statement of Impact
CPU
23. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
IT executives and the Board of Directors
objective and unbiased
BCP Plans
24. Used to determine which business processes are the most critical - by ranking them in order of criticality
Insourcing
Audit logging
Criticality analysis
Rating Scale for Process Maturity
25. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
TCP/IP Network Model
Service Continuity Management
The 7 phases and their order in the SDLC
The audit program
26. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
The Steering Committee
Gantt Chart
A gate process
27. Delivery of packets from one station to another - on the same network or on different networks.
Stop-or-go Sampling
The Internet Layer in the TCP/IP model
A Server Cluster
Application Controls
28. An audit that combines an operational audit and a financial audit.
An Integrated Audit
A Financial Audit
TCP/IP Link Layer
(1.) Polices (2.) Procedures (3.) Standards
29. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
The first step in a business impact analysis
Variable Sampling
Examples of IT General Controls
30. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Critical Path Methodology
Controls
TCP/IP Transport Layer packet delivery
Balanced Scorecard
31. PERT: shows the ______________ critical path.
Current and most up-to-date
A Server Cluster
The Release process
Tolerable Error Rate
32. Contains programs that communicate directly with the end user.
Control Unit
Grid Computing
Sampling Risk
OSI Layer 7: Application
33. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
An Integrated Audit
Three Types of Controls
Compliance Testing
34. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
TCP/IP Transport Layer packet delivery
(1.) Polices (2.) Procedures (3.) Standards
Critical Path Methodology
35. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
OSI: Data Link Layer
IT executives and the Board of Directors
OSI Layer 7: Application
Dimensions of the COSO cube
36. Support the functioning of the application controls
Dimensions of the COSO cube
General Controls
Buffers
Insourcing
37. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Control Risk
A Problem
ITIL - IT Infrastructure Library
38. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The 4-item focus of a Balanced Scorecard
Resource details
Information systems access
Hash
39. The sum of all samples divided by the number of samples.
PERT Diagram?
Inform the auditee
A Sample Mean
Audit Methodologies
40. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Annualized Loss Expectance (ALE)
Information systems access
The typical Configuration Items in Configuration Management
Department Charters
41. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Server cluster
less than 24 hours
OSI Layer 6: Presentation
objective and unbiased
42. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Rating Scale for Process Maturity
Options for Risk Treatment
TCP/IP Internet Layer
The availability of IT systems
43. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
An Integrated Audit
OSI Layer 5: Session
An Operational Audit
44. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Detection Risk
Expected Error Rate
IT Service Management
Server cluster
45. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Balanced Scorecard
Segregation of duties issue in a high value process
Frameworks
46. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Foreign Key
OSI: Physical Layer
Incident Management
Hash
47. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Business Continuity
Variable Sampling
Substantive Testing
Reduced sign-on
48. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Confidence coefficient
Overall audit risk
Employees with excessive privileges
49. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Rating Scale for Process Maturity
Segregation of duties issue in a high value process
Six steps of the Release Management process
Buffers
50. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Audit Methodologies
A gate process
Annualized Loss Expectance (ALE)
Prblem Management