SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
ISO 20000 Standard:
TCP/IP Internet Layer
OSI: Network Layer
2. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Database primary key
Judgmental sampling
An Integrated Audit
Business Continuity
3. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
IT executives and the Board of Directors
Background checks performed
Rating Scale for Process Maturity
Examples of IT General Controls
4. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Input validation checking
The 7 phases and their order in the SDLC
Reduced sign-on
ITIL definition of PROBLEM
5. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Primary security features of relational databases
TCP/IP Internet Layer
An Integrated Audit
More difficult to perform
6. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
A Forensic Audit
IT Service Management
Sample Standard Deviation
IT standards are not being reviewed often enough
7. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Project Management Strategies
To identify the tasks that are responsible for project delays
Sampling
A gate process
8. An alternate processing center that contains no information processing equipment.
Emergency Changes
A Cold Site
Referential Integrity
The Release process
9. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Deming Cycle
To identify the tasks that are responsible for project delays
Entire password for an encryption key
Sample Standard Deviation
10. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Elements of the COBIT Framework
Business impact analysis
A Virtual Server
11. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
The typical Configuration Items in Configuration Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
(1.) Man-made (2.) Natural
Attribute Sampling
12. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
The best approach for identifying high risk areas for an audit
Stay current with technology
Expected Error Rate
OSI Layer 5: Session
13. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
IT Strategy
Audit logging
less than 24 hours
Critical Path Methodology
14. Used to translate or transform data from lower layers into formats that the application layer can work with.
Precision means
OSI Layer 6: Presentation
Release management
Sampling
15. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Categories of risk treatment
TCP/IP Transport Layer packet delivery
General Controls
Entire password for an encryption key
16. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
TCP/IP Network Model
Primary security features of relational databases
Transport Layer Protocols
The Steering Committee
17. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Input validation checking
Segregation of duties issue in a high value process
List of systems examined
Business impact analysis
18. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
IT Strategy
Capability Maturity Model Integration (CMMI)
objective and unbiased
Sampling Risk
19. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
IT Service Management
Overall audit risk
Blade Computer Architecture
Primary security features of relational databases
20. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Statement of Impact
Frameworks
(1.) Polices (2.) Procedures (3.) Standards
TCP/IP Internet Layer
21. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Geographic location
Documentation and interview personnel
Risk Management
22. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
objective and unbiased
PERT Diagram?
Reduced sign-on
Sampling
23. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Business impact analysis
Examples of Application Controls
Deming Cycle
24. Subjective sampling is used when the auditor wants to _________________________.
Application Layer protocols
Concentrate on samples known to represent high risk
Registers
Entire password for an encryption key
25. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
The 4-item focus of a Balanced Scorecard
IT executives and the Board of Directors
General Controls
Stratified Sampling
26. ITIL term used to describe the SDLC.
Network Layer Protocols
Release management
A Financial Audit
Data Link Layer Standards
27. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
A Financial Audit
Sampling
Inherent Risk
Documentation and interview personnel
28. The sum of all samples divided by the number of samples.
An Operational Audit
A Sample Mean
Types of sampling an auditor can perform.
OSI Layer 6: Presentation
29. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Capability Maturity Model
CPU
Service Level Management
TCP/IP Transport Layer
30. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
OSI: Physical Layer
(1.) Polices (2.) Procedures (3.) Standards
Advantages of outsourcing
The appropriate role of an IS auditor in a control self-assessment
31. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Notify the Audit Committee
Advantages of outsourcing
A gate process
OSI: Physical Layer
32. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Examples of Application Controls
The two Categories of Controls
Annualized Loss Expectance (ALE)
SDLC Phases
33. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
The first step in a business impact analysis
Disaster Recovery
List of systems examined
34. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
Network Layer Protocols
Stay current with technology
(1.) Man-made (2.) Natural
35. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
CPU
Security Awareness program
Antivirus software on the email servers
36. Used to determine which business processes are the most critical - by ranking them in order of criticality
Employees with excessive privileges
Confidence coefficient
Criticality analysis
Tolerable Error Rate
37. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
ITIL definition of CHANGE MANAGEMENT
Configuration Management
Data Link Layer Standards
Prblem Management
38. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Three Types of Controls
Referential Integrity
A Server Cluster
A Problem
39. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The Release process
Categories of risk treatment
Criticality analysis
The audit program
40. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
Wet pipe fire sprinkler system
Structural fires and transportation accidents
Transport Layer Protocols
41. IT Governance is most concerned with ________.
Attribute Sampling
IT Strategy
TCP/IP Transport Layer packet delivery
SDLC Phases
42. Defines internal controls and provides guidance for assessing and improving internal control systems.
Grid Computing
OSI: Physical Layer
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
less than 24 hours
43. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
List of systems examined
Cloud computing
To identify the tasks that are responsible for project delays
44. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
A Virtual Server
Variable Sampling
Transport Layer Protocols
45. The means by which management establishes and measures processes by which organizational objectives are achieved
WAN Protocols
Entire password for an encryption key
A Forensic Audit
Controls
46. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
ITIL definition of CHANGE MANAGEMENT
Application Layer protocols
Antivirus software on the email servers
47. An audit of operational efficiency.
An Administrative
List of systems examined
Overall audit risk
ITIL - IT Infrastructure Library
48. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Project change request
Application Controls
Separate administrative accounts
Audit logging
49. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Insourcing
OSI: Transport Layer
Input validation checking
Registers
50. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
IT executives and the Board of Directors
Power system controls
Categories of risk treatment
The appropriate role of an IS auditor in a control self-assessment
