SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Registers
TCP/IP Transport Layer
Discovery Sampling
Stay current with technology
2. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
SDLC Phases
objective and unbiased
Employee termination process
Transport Layer Protocols
3. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Emergency Changes
To identify the tasks that are responsible for project delays
Sampling
Security Awareness program
4. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
A Forensic Audit
Server cluster
Network Layer Protocols
Referential Integrity
5. The means by which management establishes and measures processes by which organizational objectives are achieved
Registers
Options for Risk Treatment
CPU
Controls
6. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
(1.) Polices (2.) Procedures (3.) Standards
A Server Cluster
Primary security features of relational databases
7. The first major task in a disaster recovery or business continuity planning project.
Attribute Sampling
Volumes of COSO framework
Expected Error Rate
Business impact analysis
8. (1.) Physical (2.) Technical (4.) Administrative
Judgmental sampling
Entire password for an encryption key
Employee termination process
Three Types of Controls
9. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Six steps of the Release Management process
Critical Path Methodology
An Operational Audit
Entire password for an encryption key
10. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
IT Service Management
Buffers
A Service Provider audit
Employee termination process
11. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
More difficult to perform
Risk Management
Geographic location
12. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
A gate process
Precision means
Emergency Changes
The Release process
13. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Sample Standard Deviation
Assess the maturity of its business processes
Control Unit
less than 24 hours
14. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
PERT Diagram?
Referential Integrity
Frameworks
15. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Power system controls
Risk Management
Disaster Recovery
Frameworks
16. One of a database table's fields - whose value is unique.
Database primary key
Personnel involved in the requirements phase of a software development project
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The availability of IT systems
17. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
TCP/IP Transport Layer
A Financial Audit
OSI Layer 7: Application
The audit program
18. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Reduced sign-on
General Controls
Configuration Management
Compliance Testing
19. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Database primary key
An Operational Audit
Reduced sign-on
20. Framework for auditing and measuring IT Service Management Processes.
A Compliance audit
Control Risk
ISO 20000 Standard:
Information systems access
21. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Statistical Sampling
Documentation and interview personnel
Annualized Loss Expectance (ALE)
The two Categories of Controls
22. (1.) General (2.) Application
Main types of Controls
Attribute Sampling
Examples of Application Controls
Employees with excessive privileges
23. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
OSI Layer 7: Application
Inherent Risk
Sampling
Separate administrative accounts
24. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Capability Maturity Model
Separate administrative accounts
TCP/IP Transport Layer packet delivery
The Business Process Life Cycle
25. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
IT Strategy
Stop-or-go Sampling
The two Categories of Controls
Capability Maturity Model Integration (CMMI)
26. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
A Forensic Audit
Substantive Testing (test of transaction integrity)
Insourcing
Detection Risk
27. An audit that combines an operational audit and a financial audit.
Release management
Statistical Sampling
An Integrated Audit
The best approach for identifying high risk areas for an audit
28. Disasters are generally grouped in terms of type: ______________.
Examples of IT General Controls
Transport Layer Protocols
Lacks specific expertise or resources to conduct an internal audit
(1.) Man-made (2.) Natural
29. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
OSI: Transport Layer
Audit Methodologies
Business impact analysis
Advantages of outsourcing
30. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
IT standards are not being reviewed often enough
The 7 phases and their order in the SDLC
OSI: Data Link Layer
Documentation and interview personnel
31. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
Insourcing
Overall audit risk
OSI: Network Layer
32. The memory locations in the CPU where arithmetic values are stored.
The best approach for identifying high risk areas for an audit
Registers
OSI Layer 6: Presentation
TCP/IP Internet Layer
33. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The Business Process Life Cycle
IT standards are not being reviewed often enough
less than 24 hours
The 5 types of Evidence that the auditor will collect during an audit.
34. An audit of operational efficiency.
BCP Plans
Information security policy
An Administrative
Risk Management
35. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Primary security features of relational databases
The Release process
An Integrated Audit
36. (1.) Link (2.) Internet (3.) Transport (4.) Application
Documentation and interview personnel
Application Controls
The availability of IT systems
TCP/IP Network Model
37. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Compliance Testing
Control Risk
OSI Layer 6: Presentation
38. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Six steps of the Release Management process
(1.) Polices (2.) Procedures (3.) Standards
Security Awareness program
Employees with excessive privileges
39. A representation of how closely a sample represents an entire population.
Split custody
Input validation checking
Precision means
Cloud computing
40. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
(1.) Man-made (2.) Natural
Statistical Sampling
TCP/IP Transport Layer packet delivery
Capability Maturity Model Integration (CMMI)
41. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
OSI: Physical Layer
Stop-or-go Sampling
Rating Scale for Process Maturity
42. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
OSI Layer 7: Application
Lacks specific expertise or resources to conduct an internal audit
Release management
Power system controls
43. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
OSI: Network Layer
The 5 types of Evidence that the auditor will collect during an audit.
Control Risk
Blade Computer Architecture
44. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
IT executives and the Board of Directors
An Operational Audit
Antivirus software on the email servers
Personnel involved in the requirements phase of a software development project
45. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
The audit program
less than 24 hours
Emergency Changes
46. (1.) Automatic (2.) Manual
Discovery Sampling
Emergency Changes
Advantages of outsourcing
The two Categories of Controls
47. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
A Problem
Discovery Sampling
Sample Standard Deviation
WAN Protocols
48. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
WAN Protocols
The typical Configuration Items in Configuration Management
Service Continuity Management
Entire password for an encryption key
49. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Department Charters
Gantt Chart
A Financial Audit
Overall audit risk
50. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
Substantive Testing
A Compliance audit
Stay current with technology