SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Wet pipe fire sprinkler system
General Controls
Confidence coefficient
Function Point Analysis
2. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
Transport Layer Protocols
Foreign Key
Function Point Analysis
3. ITIL term used to describe the SDLC.
To identify the tasks that are responsible for project delays
The Software Program Library
Substantive Testing (test of transaction integrity)
Release management
4. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
To identify the tasks that are responsible for project delays
Substantive Testing (test of transaction integrity)
Wet pipe fire sprinkler system
Examples of IT General Controls
5. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Precision means
The Eight Types of Audits
Split custody
Deming Cycle
6. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Elements of the COSO pyramid
Reduced sign-on
Stay current with technology
A Sample Mean
7. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Critical Path Methodology
Emergency Changes
Inform the auditee
8. Used to determine which business processes are the most critical - by ranking them in order of criticality
Prblem Management
Frameworks
Criticality analysis
Audit Methodologies
9. (1.) General (2.) Application
Variable Sampling
OSI: Transport Layer
Main types of Controls
Discovery Sampling
10. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Examples of Application Controls
Department Charters
The 7 phases and their order in the SDLC
11. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Service Level Management
(1.) Polices (2.) Procedures (3.) Standards
SDLC Phases
Sampling Risk
12. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
OSI Layer 6: Presentation
Organizational culture and maturity
A Virtual Server
13. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Rating Scale for Process Maturity
Change management
A Sample Mean
Sampling
14. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
WAN Protocols
The Release process
Disaster Recovery
The Steering Committee
15. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Software Program Library
(1.) Polices (2.) Procedures (3.) Standards
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Business Process Life Cycle
16. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Configuration Management
Employee termination process
Change management
17. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Precision means
IT executives and the Board of Directors
Sample Standard Deviation
Audit Methodologies
18. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
The Release process
Employee termination process
Database primary key
Dimensions of the COSO cube
19. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
OSI: Network Layer
Employees with excessive privileges
Split custody
ITIL definition of PROBLEM
20. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Audit Methodologies
less than 24 hours
The availability of IT systems
A Compliance audit
21. Used to estimate the effort required to develop a software program.
The best approach for identifying high risk areas for an audit
Input validation checking
The Software Program Library
Function Point Analysis
22. Defines internal controls and provides guidance for assessing and improving internal control systems.
less than 24 hours
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Examples of Application Controls
Sampling Risk
23. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Split custody
Elements of the COBIT Framework
An IS audit
Cloud computing
24. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
The Release process
A Problem
Types of sampling an auditor can perform.
Cloud computing
25. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
General Controls
Wet pipe fire sprinkler system
IT Service Management
26. The inventory of all in-scope business processes and systems
Segregation of duties issue in a high value process
The Software Program Library
The Steering Committee
The first step in a business impact analysis
27. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
A Service Provider audit
Stop-or-go Sampling
Change management
28. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Sample Standard Deviation
Network Layer Protocols
Testing activities
Power system controls
29. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
CPU
The best approach for identifying high risk areas for an audit
To identify the tasks that are responsible for project delays
Critical Path Methodology
30. An audit of a third-party organization that provides services to other organizations.
An IS audit
Business impact analysis
Compliance Testing
A Service Provider audit
31. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
More difficult to perform
Wet pipe fire sprinkler system
The Software Program Library
32. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
The Release process
Buffers
Statement of Impact
33. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Incident Management
Reduced sign-on
Substantive Testing
PERT Diagram?
34. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
TCP/IP Transport Layer packet delivery
Rating Scale for Process Maturity
Volumes of COSO framework
Network Layer Protocols
35. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Application Controls
Sampling Risk
ISO 20000 Standard:
Stop-or-go Sampling
36. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
OSI: Physical Layer
Referential Integrity
PERT Diagram?
37. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
A Virtual Server
Options for Risk Treatment
Entire password for an encryption key
38. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Antivirus software on the email servers
Judgmental sampling
Rating Scale for Process Maturity
Sampling Risk
39. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Service Continuity Management
Formal waterfall
Buffers
(1.) Man-made (2.) Natural
40. Delivery of packets from one station to another - on the same network or on different networks.
The Software Program Library
The Internet Layer in the TCP/IP model
Network Layer Protocols
Dimensions of the COSO cube
41. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Cloud computing
Confidence coefficient
Insourcing
The Software Program Library
42. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Criticality analysis
Grid Computing
Network Layer Protocols
Options for Risk Treatment
43. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Rating Scale for Process Maturity
Emergency Changes
Server cluster
44. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Capability Maturity Model
Hash
The 7 phases and their order in the SDLC
Main types of Controls
45. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Registers
Sampling
Data Link Layer Standards
The appropriate role of an IS auditor in a control self-assessment
46. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
OSI: Transport Layer
Risk Management
The Business Process Life Cycle
Entire password for an encryption key
47. Consists of two main packet transport protocols: TCP and UDP.
Employees with excessive privileges
Release management
TCP/IP Transport Layer packet delivery
TCP/IP Transport Layer
48. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
Buffers
Database primary key
Segregation of duties issue in a high value process
49. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Segregation of duties issue in a high value process
Expected Error Rate
objective and unbiased
Detection Risk
50. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Critical Path Methodology
Entire password for an encryption key
Audit Methodologies
