SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Focuses on: post-event recovery and restoration of services
Disaster Recovery
The Eight Types of Audits
Capability Maturity Model
Categories of risk treatment
2. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Three Types of Controls
Substantive Testing (test of transaction integrity)
Department Charters
An IS audit
3. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
A Server Cluster
Types of sampling an auditor can perform.
Inherent Risk
Segregation of duties issue in a high value process
4. (1.) Access controls (2.) Encryption (3.) Audit logging
OSI: Physical Layer
Primary security features of relational databases
PERT Diagram?
OSI: Network Layer
5. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Application Controls
Inform the auditee
Disaster Recovery
Cloud computing
6. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
IT Strategy
Organizational culture and maturity
The Business Process Life Cycle
Personnel involved in the requirements phase of a software development project
7. A collection of two or more servers that is designed to appear as a single server.
Business Realization
PERT Diagram?
Main types of Controls
Server cluster
8. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Inherent Risk
OSI Layer 6: Presentation
Application Controls
Change management
9. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
The appropriate role of an IS auditor in a control self-assessment
Capability Maturity Model
Sampling Risk
Stay current with technology
10. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Expected Error Rate
Hash
Resource details
11. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
The 7 phases and their order in the SDLC
IT standards are not being reviewed often enough
TCP/IP Network Model
12. The sum of all samples divided by the number of samples.
Lacks specific expertise or resources to conduct an internal audit
The availability of IT systems
The Requirements
A Sample Mean
13. The first major task in a disaster recovery or business continuity planning project.
A Sample Mean
Business impact analysis
TCP/IP Network Model
Detection Risk
14. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
The BCP process
Six steps of the Release Management process
Vulnerability in the organization's PBX
Volumes of COSO framework
15. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Sampling
IT executives and the Board of Directors
The audit program
Power system controls
16. PERT: shows the ______________ critical path.
Project change request
Stratified Sampling
Current and most up-to-date
Registers
17. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
TCP/IP Link Layer
A Compliance audit
The Eight Types of Audits
TCP/IP Transport Layer
18. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
A Service Provider audit
OSI: Transport Layer
OSI: Data Link Layer
Referential Integrity
19. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Configuration Management
Control Risk
Categories of risk treatment
Options for Risk Treatment
20. IT Governance is most concerned with ________.
Data Link Layer Standards
A Cold Site
An Operational Audit
IT Strategy
21. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Examples of Application Controls
Buffers
Formal waterfall
Segregation of duties issue in a high value process
22. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
OSI: Data Link Layer
Structural fires and transportation accidents
Precision means
23. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Release management
TCP/IP Link Layer
Examples of IT General Controls
TCP/IP Internet Layer
24. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
OSI: Network Layer
Organizational culture and maturity
Formal waterfall
25. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Insourcing
Employees with excessive privileges
The Release process
26. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
(1.) Man-made (2.) Natural
Sampling
Stop-or-go Sampling
Recovery time objective
27. Delivery of packets from one station to another - on the same network or on different networks.
Background checks performed
Stay current with technology
Cloud computing
The Internet Layer in the TCP/IP model
28. Defines internal controls and provides guidance for assessing and improving internal control systems.
Volumes of COSO framework
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Current and most up-to-date
Separate administrative accounts
29. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
TCP/IP Network Model
Configuration Management
Organizational culture and maturity
An Integrated Audit
30. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Sampling
ITIL definition of PROBLEM
The audit program
31. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Business Realization
Capability Maturity Model Integration (CMMI)
Substantive Testing (test of transaction integrity)
The BCP process
32. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
To identify the tasks that are responsible for project delays
Employees with excessive privileges
TCP/IP Transport Layer packet delivery
Confidence coefficient
33. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
Six steps of the Release Management process
A Cold Site
Substantive Testing
34. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Release management
Notify the Audit Committee
Service Continuity Management
Sampling Risk
35. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Controls
Buffers
OSI Layer 7: Application
36. The maximum period of downtime for a process or application
Structural fires and transportation accidents
Resource details
ISO 20000 Standard:
Recovery time objective
37. Used to determine which business processes are the most critical - by ranking them in order of criticality
Background checks performed
Confidence coefficient
Criticality analysis
Transport Layer Protocols
38. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Department Charters
General Controls
IT executives and the Board of Directors
39. To communication security policies - procedures - and other security-related information to an organization's employees.
Employee termination process
Power system controls
Security Awareness program
Separate administrative accounts
40. Describes the effect on the business if a process is incapacitated for any appreciable time
A Cold Site
Statement of Impact
OSI: Network Layer
Security Awareness program
41. An audit of an IS department's operations and systems.
Separate administrative accounts
An IS audit
An Administrative
Audit Methodologies
42. ITIL term used to describe the SDLC.
Annualized Loss Expectance (ALE)
Release management
The Internet Layer in the TCP/IP model
Information systems access
43. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
ITIL - IT Infrastructure Library
Foreign Key
Business impact analysis
IT Service Management
44. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
BCP Plans
Examples of IT General Controls
TCP/IP Link Layer
IT Services Financial Management
45. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Administrative
Compliance Testing
An Operational Audit
Transport Layer Protocols
46. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Primary security features of relational databases
Personnel involved in the requirements phase of a software development project
Overall audit risk
Configuration Management
47. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
A Problem
The typical Configuration Items in Configuration Management
List of systems examined
Service Continuity Management
48. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
IT Services Financial Management
The best approach for identifying high risk areas for an audit
ITIL definition of PROBLEM
Statement of Impact
49. Used to translate or transform data from lower layers into formats that the application layer can work with.
Resource details
OSI Layer 6: Presentation
Lacks specific expertise or resources to conduct an internal audit
Capability Maturity Model
50. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Vulnerability in the organization's PBX
Incident Management
A Cold Site