SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Application Layer protocols
Six steps of the Release Management process
Elements of the COSO pyramid
2. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
An Operational Audit
Six steps of the Release Management process
Control Risk
3. A collection of two or more servers that is designed to appear as a single server.
Service Level Management
Server cluster
Annualized Loss Expectance (ALE)
WAN Protocols
4. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Database primary key
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI: Transport Layer
The audit program
5. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
The Software Program Library
Concentrate on samples known to represent high risk
OSI: Data Link Layer
Six steps of the Release Management process
6. The maximum period of downtime for a process or application
Business impact analysis
Judgmental sampling
Recovery time objective
Confidence coefficient
7. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Application Controls
An Integrated Audit
Examples of Application Controls
Audit Methodologies
8. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Advantages of outsourcing
Service Level Management
Three Types of Controls
9. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Control Unit
Balanced Scorecard
A Problem
OSI: Physical Layer
10. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
Examples of Application Controls
Balanced Scorecard
CPU
11. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Configuration Management
Information security policy
Entire password for an encryption key
Three Types of Controls
12. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Expected Error Rate
The Steering Committee
Project Management Strategies
Entire password for an encryption key
13. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
The Requirements
ITIL - IT Infrastructure Library
Rating Scale for Process Maturity
Buffers
14. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Incident Management
Application Layer protocols
Separate administrative accounts
Rating Scale for Process Maturity
15. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
Project Management Strategies
General Controls
Audit logging
16. Handle application processing
Statistical Sampling
Application Controls
Confidence coefficient
OSI: Data Link Layer
17. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
TCP/IP Internet Layer
The 4-item focus of a Balanced Scorecard
Elements of the COBIT Framework
OSI: Network Layer
18. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Elements of the COBIT Framework
The first step in a business impact analysis
Detection Risk
Antivirus software on the email servers
19. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
The Release process
Stop-or-go Sampling
Emergency Changes
(1.) Polices (2.) Procedures (3.) Standards
20. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
TCP/IP Network Model
Function Point Analysis
The first step in a business impact analysis
21. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Capability Maturity Model
An Operational Audit
(1.) Man-made (2.) Natural
The Eight Types of Audits
22. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Statistical Sampling
Vulnerability in the organization's PBX
Examples of IT General Controls
Substantive Testing (test of transaction integrity)
23. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Transport Layer Protocols
IT executives and the Board of Directors
A Service Provider audit
Employee termination process
24. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
Separate administrative accounts
To identify the tasks that are responsible for project delays
Statement of Impact
25. To measure organizational performance and effectiveness against strategic goals.
Split custody
Balanced Scorecard
A Cold Site
Registers
26. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Information systems access
Dimensions of the COSO cube
Deming Cycle
27. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Statistical Sampling
IT Services Financial Management
Entire password for an encryption key
WAN Protocols
28. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Main types of Controls
Prblem Management
Inherent Risk
Employees with excessive privileges
29. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Project Management Strategies
Deming Cycle
The Business Process Life Cycle
Categories of risk treatment
30. ITIL term used to describe the SDLC.
Release management
A Service Provider audit
OSI Layer 6: Presentation
IT Service Management
31. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
Business Realization
Sampling
A Virtual Server
32. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Data Link Layer Standards
Wet pipe fire sprinkler system
A Sample Mean
Incident Management
33. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
A Cold Site
Sample Standard Deviation
Volumes of COSO framework
34. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
ITIL definition of PROBLEM
Application Layer protocols
Business impact analysis
Change management
35. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
IT Service Management
Options for Risk Treatment
A Compliance audit
36. Used to determine which business processes are the most critical - by ranking them in order of criticality
TCP/IP Internet Layer
Reduced sign-on
Application Controls
Criticality analysis
37. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Service Level Management
Notify the Audit Committee
Formal waterfall
The 7 phases and their order in the SDLC
38. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Control Risk
Three Types of Controls
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
39. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Attribute Sampling
Structural fires and transportation accidents
OSI: Physical Layer
40. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
An Integrated Audit
Advantages of outsourcing
Examples of IT General Controls
Variable Sampling
41. The inventory of all in-scope business processes and systems
Expected Error Rate
Resource details
The first step in a business impact analysis
Controls
42. PERT: shows the ______________ critical path.
Stop-or-go Sampling
Overall audit risk
ISO 20000 Standard:
Current and most up-to-date
43. A representation of how closely a sample represents an entire population.
Precision means
Stay current with technology
A Service Provider audit
Sampling Risk
44. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
The Business Process Life Cycle
Examples of Application Controls
Information systems access
Advantages of outsourcing
45. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Structural fires and transportation accidents
Notify the Audit Committee
A Forensic Audit
Compliance Testing
46. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
The Internet Layer in the TCP/IP model
IT Service Management
Employees with excessive privileges
Grid Computing
47. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Service Continuity Management
Discovery Sampling
Control Unit
Project Management Strategies
48. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Geographic location
Entire password for an encryption key
Information systems access
SDLC Phases
49. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Statement of Impact
OSI: Physical Layer
Testing activities
50. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Stratified Sampling
Testing activities
Change management
Annualized Loss Expectance (ALE)
