SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Application Controls
Entire password for an encryption key
Stratified Sampling
Grid Computing
2. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
PERT Diagram?
Sampling Risk
Confidence coefficient
OSI: Network Layer
3. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Sampling Risk
The appropriate role of an IS auditor in a control self-assessment
Three Types of Controls
4. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
List of systems examined
Rating Scale for Process Maturity
Volumes of COSO framework
Variable Sampling
5. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Sampling
Vulnerability in the organization's PBX
Examples of IT General Controls
6. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The Release process
The BCP process
List of systems examined
The first step in a business impact analysis
7. Gantt: used to display ______________.
TCP/IP Internet Layer
Sampling Risk
Resource details
BCP Plans
8. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
A Sample Mean
Stratified Sampling
Application Layer protocols
Primary security features of relational databases
9. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Primary security features of relational databases
ITIL definition of PROBLEM
Statistical Sampling
The 5 types of Evidence that the auditor will collect during an audit.
10. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
IT Service Management
TCP/IP Link Layer
Function Point Analysis
11. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Registers
A Virtual Server
Confidence coefficient
Antivirus software on the email servers
12. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
A Cold Site
TCP/IP Internet Layer
Insourcing
An Administrative
13. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
A Problem
TCP/IP Internet Layer
Sampling Risk
14. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
OSI Layer 6: Presentation
Incident Management
Frameworks
Expected Error Rate
15. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Elements of the COBIT Framework
Background checks performed
Business Realization
The 7 phases and their order in the SDLC
16. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
The Business Process Life Cycle
Detection Risk
Types of sampling an auditor can perform.
17. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Reduced sign-on
Compliance Testing
Options for Risk Treatment
Rating Scale for Process Maturity
18. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Expected Error Rate
Project change request
Examples of IT General Controls
Control Unit
19. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Audit logging
Elements of the COBIT Framework
An Integrated Audit
Organizational culture and maturity
20. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Personnel involved in the requirements phase of a software development project
Buffers
Critical Path Methodology
The availability of IT systems
21. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Transport Layer Protocols
The typical Configuration Items in Configuration Management
Business Realization
Function Point Analysis
22. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Substantive Testing
Business Continuity
OSI Layer 5: Session
The Requirements
23. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
OSI: Physical Layer
Audit Methodologies
Frameworks
Incident Management
24. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Examples of Application Controls
Categories of risk treatment
Network Layer Protocols
Input validation checking
25. (1.) Automatic (2.) Manual
Server cluster
Change management
The two Categories of Controls
Application Layer protocols
26. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
Critical Path Methodology
Audit logging
Tolerable Error Rate
27. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Business Continuity
Insourcing
Configuration Management
28. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
OSI: Transport Layer
An Administrative
The 7 phases and their order in the SDLC
29. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
The BCP process
objective and unbiased
Risk Management
Organizational culture and maturity
30. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Antivirus software on the email servers
Server cluster
The BCP process
31. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
ISO 20000 Standard:
Audit Methodologies
Expected Error Rate
Substantive Testing (test of transaction integrity)
32. IT Service Management is defined in ___________________ framework.
The 4-item focus of a Balanced Scorecard
ITIL - IT Infrastructure Library
ISO 20000 Standard:
TCP/IP Transport Layer packet delivery
33. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Advantages of outsourcing
Tolerable Error Rate
ITIL definition of CHANGE MANAGEMENT
Overall audit risk
34. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Recovery time objective
Assess the maturity of its business processes
Discovery Sampling
Data Link Layer Standards
35. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Change management
Assess the maturity of its business processes
The Software Program Library
Precision means
36. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
OSI: Physical Layer
Business Realization
Assess the maturity of its business processes
The Requirements
37. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Capability Maturity Model Integration (CMMI)
Audit Methodologies
Stop-or-go Sampling
38. Describes the effect on the business if a process is incapacitated for any appreciable time
Judgmental sampling
The best approach for identifying high risk areas for an audit
Recovery time objective
Statement of Impact
39. A representation of how closely a sample represents an entire population.
Precision means
Registers
ITIL definition of CHANGE MANAGEMENT
A Server Cluster
40. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
ITIL - IT Infrastructure Library
Formal waterfall
SDLC Phases
Buffers
41. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Information security policy
OSI Layer 5: Session
Expected Error Rate
The appropriate role of an IS auditor in a control self-assessment
42. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Detection Risk
Balanced Scorecard
List of systems examined
BCP Plans
43. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
OSI Layer 6: Presentation
Annualized Loss Expectance (ALE)
More difficult to perform
TCP/IP Transport Layer packet delivery
44. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Substantive Testing
Sampling
Capability Maturity Model Integration (CMMI)
Foreign Key
45. An audit of a third-party organization that provides services to other organizations.
Overall audit risk
Categories of risk treatment
Input validation checking
A Service Provider audit
46. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Employees with excessive privileges
Department Charters
Variable Sampling
A Cold Site
47. The sum of all samples divided by the number of samples.
A Sample Mean
Stop-or-go Sampling
A Cold Site
OSI: Data Link Layer
48. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Stratified Sampling
The Requirements
The 4-item focus of a Balanced Scorecard
Business Continuity
49. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Information security policy
Service Level Management
Buffers
Current and most up-to-date
50. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
objective and unbiased
OSI: Network Layer
IT Service Management
The two Categories of Controls
