SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Input validation checking
Service Continuity Management
The appropriate role of an IS auditor in a control self-assessment
2. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Risk Management
Documentation and interview personnel
PERT Diagram?
3. IT Governance is most concerned with ________.
Dimensions of the COSO cube
An Integrated Audit
Recovery time objective
IT Strategy
4. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Documentation and interview personnel
Overall audit risk
OSI: Transport Layer
Business Continuity
5. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Business Realization
OSI: Network Layer
Audit logging
6. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Business impact analysis
A Server Cluster
Detection Risk
The 5 types of Evidence that the auditor will collect during an audit.
7. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
The 4-item focus of a Balanced Scorecard
Capability Maturity Model Integration (CMMI)
Project change request
Stay current with technology
8. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Transport Layer Protocols
Control Risk
Split custody
The Steering Committee
9. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Compliance Testing
Segregation of duties issue in a high value process
Categories of risk treatment
The 5 types of Evidence that the auditor will collect during an audit.
10. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
IT Service Management
OSI: Data Link Layer
Capability Maturity Model Integration (CMMI)
11. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
TCP/IP Internet Layer
ITIL definition of CHANGE MANAGEMENT
Antivirus software on the email servers
12. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Incident Management
To identify the tasks that are responsible for project delays
Configuration Management
A Service Provider audit
13. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
An Operational Audit
TCP/IP Transport Layer packet delivery
TCP/IP Internet Layer
Lacks specific expertise or resources to conduct an internal audit
14. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
The Steering Committee
Testing activities
Risk Management
Sampling Risk
15. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Background checks performed
Referential Integrity
Stay current with technology
The typical Configuration Items in Configuration Management
16. (1.) TCP (2.) UDP
Grid Computing
Criticality analysis
Security Awareness program
Transport Layer Protocols
17. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Input validation checking
Application Layer protocols
Antivirus software on the email servers
(1.) Polices (2.) Procedures (3.) Standards
18. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
A Forensic Audit
WAN Protocols
The 4-item focus of a Balanced Scorecard
Referential Integrity
19. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Testing activities
Foreign Key
Advantages of outsourcing
less than 24 hours
20. Defines internal controls and provides guidance for assessing and improving internal control systems.
ITIL - IT Infrastructure Library
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Wet pipe fire sprinkler system
The Steering Committee
21. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
A Server Cluster
Segregation of duties issue in a high value process
A Virtual Server
22. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Variable Sampling
Gantt Chart
Capability Maturity Model Integration (CMMI)
Segregation of duties issue in a high value process
23. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Substantive Testing
Notify the Audit Committee
Annualized Loss Expectance (ALE)
Sampling
24. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
ITIL definition of PROBLEM
Assess the maturity of its business processes
Sampling Risk
25. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
IT Strategy
Application Layer protocols
IT Service Management
Blade Computer Architecture
26. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Discovery Sampling
Controls
An IS audit
27. An audit of operational efficiency.
The 5 types of Evidence that the auditor will collect during an audit.
Notify the Audit Committee
Rating Scale for Process Maturity
An Administrative
28. Describes the effect on the business if a process is incapacitated for any appreciable time
Inherent Risk
Change management
IT executives and the Board of Directors
Statement of Impact
29. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Foreign Key
Insourcing
A Compliance audit
Gantt Chart
30. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Resource details
TCP/IP Network Model
Attribute Sampling
Tolerable Error Rate
31. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Gantt Chart
Variable Sampling
Inform the auditee
A Service Provider audit
32. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Audit logging
Volumes of COSO framework
A gate process
A Cold Site
33. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Department Charters
Geographic location
Information systems access
Main types of Controls
34. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
More difficult to perform
Control Risk
Vulnerability in the organization's PBX
Audit Methodologies
35. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
less than 24 hours
TCP/IP Network Model
Data Link Layer Standards
Advantages of outsourcing
36. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Department Charters
TCP/IP Internet Layer
OSI: Network Layer
37. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Variable Sampling
IT executives and the Board of Directors
Business Realization
Examples of IT General Controls
38. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Gantt Chart
Registers
Information systems access
TCP/IP Transport Layer
39. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Organizational culture and maturity
Network Layer Protocols
Release management
The availability of IT systems
40. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Formal waterfall
Server cluster
Variable Sampling
Hash
41. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Referential Integrity
Elements of the COSO pyramid
Substantive Testing
Project change request
42. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Cloud computing
Dimensions of the COSO cube
A Problem
A Virtual Server
43. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Main types of Controls
A gate process
Variable Sampling
Assess the maturity of its business processes
44. The means by which management establishes and measures processes by which organizational objectives are achieved
An Operational Audit
PERT Diagram?
Change management
Controls
45. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Entire password for an encryption key
Server cluster
IT executives and the Board of Directors
46. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Documentation and interview personnel
Attribute Sampling
OSI Layer 6: Presentation
47. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
A Virtual Server
Advantages of outsourcing
Foreign Key
CPU
48. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Sampling Risk
Emergency Changes
Sampling Risk
The BCP process
49. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Security Awareness program
Personnel involved in the requirements phase of a software development project
TCP/IP Transport Layer
Discovery Sampling
50. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Personnel involved in the requirements phase of a software development project
Control Unit
The Internet Layer in the TCP/IP model
Annualized Loss Expectance (ALE)
