Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
PERT Diagram?
Blade Computer Architecture
Service Level Management
A Cold Site

2. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
The Release process
The first step in a business impact analysis
Detection Risk

3. (1.) General (2.) Application
Stop-or-go Sampling
Main types of Controls
An IS audit
A gate process

4. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
PERT Diagram?
TCP/IP Internet Layer
Substantive Testing (test of transaction integrity)
Security Awareness program

5. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
The audit program
Volumes of COSO framework
A Compliance audit
Overall audit risk

6. The highest number of errors that can exist without a result being materially misstated.
Sampling Risk
TCP/IP Link Layer
Business impact analysis
Tolerable Error Rate

7. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Tolerable Error Rate
Elements of the COSO pyramid
IT Services Financial Management
Split custody

8. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Critical Path Methodology
A Sample Mean
Reduced sign-on
Three Types of Controls

9. The means by which management establishes and measures processes by which organizational objectives are achieved
Recovery time objective
Audit logging
Transport Layer Protocols
Controls

10. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Recovery time objective
The Steering Committee
Concentrate on samples known to represent high risk

11. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Sample Standard Deviation
Buffers
Employees with excessive privileges
A Forensic Audit

12. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Audit logging
The 5 types of Evidence that the auditor will collect during an audit.
Separate administrative accounts
List of systems examined

13. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
OSI: Network Layer
Sampling
Statement of Impact
Inherent Risk

14. (1.) TCP (2.) UDP
IT executives and the Board of Directors
Confidence coefficient
Transport Layer Protocols
A Service Provider audit

15. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Gantt Chart
Critical Path Methodology
A Server Cluster
Types of sampling an auditor can perform.

16. An audit that is performed in support of an anticipated or active legal proceeding.
Application Layer protocols
Substantive Testing
Overall audit risk
A Forensic Audit

17. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Six steps of the Release Management process
Prblem Management
Sampling Risk
Precision means

18. To communication security policies - procedures - and other security-related information to an organization's employees.
Primary security features of relational databases
Rating Scale for Process Maturity
Tolerable Error Rate
Security Awareness program

19. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Volumes of COSO framework
Database primary key
An Operational Audit

20. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
The typical Configuration Items in Configuration Management
ITIL - IT Infrastructure Library
Elements of the COBIT Framework
Discovery Sampling

21. Disasters are generally grouped in terms of type: ______________.
Foreign Key
Testing activities
Sample Standard Deviation
(1.) Man-made (2.) Natural

22. Delivery of packets from one station to another - on the same network or on different networks.
IT standards are not being reviewed often enough
The Internet Layer in the TCP/IP model
Sampling Risk
Entire password for an encryption key

23. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
A Forensic Audit
Elements of the COBIT Framework
IT Strategy

24. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
ISO 20000 Standard:
Volumes of COSO framework
TCP/IP Internet Layer
Foreign Key

25. Used to estimate the effort required to develop a software program.
The Internet Layer in the TCP/IP model
A Forensic Audit
Function Point Analysis
Volumes of COSO framework

26. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
(1.) Polices (2.) Procedures (3.) Standards
The 7 phases and their order in the SDLC
List of systems examined

27. Consists of two main packet transport protocols: TCP and UDP.
Advantages of outsourcing
TCP/IP Transport Layer
A Compliance audit
TCP/IP Transport Layer packet delivery

28. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Segregation of duties issue in a high value process
A Cold Site
Sampling Risk
List of systems examined

29. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Emergency Changes
Rating Scale for Process Maturity
Change management
Employee termination process

30. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Control Unit
OSI: Data Link Layer
Dimensions of the COSO cube

31. IT Governance is most concerned with ________.
SDLC Phases
Resource details
Compliance Testing
IT Strategy

32. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Elements of the COBIT Framework
TCP/IP Link Layer
Audit Methodologies
A Service Provider audit

33. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
The Steering Committee
A Problem
A Sample Mean
WAN Protocols

34. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Elements of the COSO pyramid
OSI Layer 5: Session
The Eight Types of Audits
Business Continuity

35. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Release management
Incident Management
(1.) Man-made (2.) Natural

36. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
The appropriate role of an IS auditor in a control self-assessment
Project change request
Variable Sampling

37. (1.) Access controls (2.) Encryption (3.) Audit logging
Emergency Changes
(1.) Man-made (2.) Natural
Primary security features of relational databases
IT executives and the Board of Directors

38. Describes the effect on the business if a process is incapacitated for any appreciable time
Employee termination process
Expected Error Rate
Statement of Impact
IT Services Financial Management

39. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Six steps of the Release Management process
Inherent Risk
Change management
Variable Sampling

40. Support the functioning of the application controls
General Controls
IT Strategy
Configuration Management
Assess the maturity of its business processes

41. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Foreign Key
A Financial Audit
Background checks performed
Criticality analysis

42. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
An Operational Audit
Sampling Risk
A Cold Site

43. Used to determine which business processes are the most critical - by ranking them in order of criticality
Critical Path Methodology
An Operational Audit
Substantive Testing
Criticality analysis

44. IT Service Management is defined in ___________________ framework.
Judgmental sampling
A Problem
Examples of Application Controls
ITIL - IT Infrastructure Library

45. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
The best approach for identifying high risk areas for an audit
Service Continuity Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Deming Cycle

46. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Stratified Sampling
Control Unit
OSI: Data Link Layer

47. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Gantt Chart
Volumes of COSO framework
Criticality analysis
Employee termination process

48. Used to measure the relative maturity of an organization and its processes.
Information security policy
OSI: Transport Layer
Capability Maturity Model
Business Realization

49. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
The first step in a business impact analysis
OSI: Data Link Layer
TCP/IP Network Model
SDLC Phases

50. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Advantages of outsourcing
Critical Path Methodology
ITIL definition of CHANGE MANAGEMENT
OSI: Network Layer