SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Testing activities
Split custody
Critical Path Methodology
OSI: Transport Layer
2. Subjective sampling is used when the auditor wants to _________________________.
Department Charters
Concentrate on samples known to represent high risk
Data Link Layer Standards
OSI Layer 6: Presentation
3. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Recovery time objective
Rating Scale for Process Maturity
Criticality analysis
Application Layer protocols
4. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Concentrate on samples known to represent high risk
The Business Process Life Cycle
Information security policy
A Problem
5. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
An Integrated Audit
Structural fires and transportation accidents
Gantt Chart
Capability Maturity Model Integration (CMMI)
6. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
ITIL definition of CHANGE MANAGEMENT
Inform the auditee
An Operational Audit
PERT Diagram?
7. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
A Financial Audit
Inherent Risk
ITIL definition of PROBLEM
Foreign Key
8. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
A Virtual Server
Control Unit
Notify the Audit Committee
9. A sampling technique where at least one exception is sought in a population
Entire password for an encryption key
Discovery Sampling
The Release process
Precision means
10. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Security Awareness program
Controls
Categories of risk treatment
11. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
less than 24 hours
Information security policy
Background checks performed
Audit Methodologies
12. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
OSI: Physical Layer
Deming Cycle
To identify the tasks that are responsible for project delays
13. (1.) Automatic (2.) Manual
TCP/IP Link Layer
(1.) Man-made (2.) Natural
Sampling Risk
The two Categories of Controls
14. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
IT Services Financial Management
Frameworks
IT standards are not being reviewed often enough
Power system controls
15. Consists of two main packet transport protocols: TCP and UDP.
Notify the Audit Committee
IT standards are not being reviewed often enough
Categories of risk treatment
TCP/IP Transport Layer
16. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Vulnerability in the organization's PBX
TCP/IP Link Layer
Insourcing
OSI: Physical Layer
17. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The appropriate role of an IS auditor in a control self-assessment
Examples of Application Controls
The 4-item focus of a Balanced Scorecard
ITIL - IT Infrastructure Library
18. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Sampling
Segregation of duties issue in a high value process
OSI: Transport Layer
Substantive Testing
19. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
The 4-item focus of a Balanced Scorecard
Project Management Strategies
Resource details
20. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
The best approach for identifying high risk areas for an audit
The 4-item focus of a Balanced Scorecard
Elements of the COBIT Framework
OSI: Physical Layer
21. The sum of all samples divided by the number of samples.
Detection Risk
A Sample Mean
ITIL definition of PROBLEM
Criticality analysis
22. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Advantages of outsourcing
Dimensions of the COSO cube
PERT Diagram?
The typical Configuration Items in Configuration Management
23. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Vulnerability in the organization's PBX
(1.) Man-made (2.) Natural
Judgmental sampling
24. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Judgmental sampling
Business Continuity
Input validation checking
25. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Business Continuity
Stratified Sampling
ITIL - IT Infrastructure Library
The BCP process
26. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Application Controls
Service Level Management
Annualized Loss Expectance (ALE)
Antivirus software on the email servers
27. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
WAN Protocols
Criticality analysis
TCP/IP Link Layer
28. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Database primary key
Notify the Audit Committee
Types of sampling an auditor can perform.
29. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Deming Cycle
Insourcing
Background checks performed
Notify the Audit Committee
30. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Attribute Sampling
Referential Integrity
The Requirements
Function Point Analysis
31. Disasters are generally grouped in terms of type: ______________.
More difficult to perform
(1.) Man-made (2.) Natural
Project Management Strategies
The Internet Layer in the TCP/IP model
32. To measure organizational performance and effectiveness against strategic goals.
Overall audit risk
Balanced Scorecard
Tolerable Error Rate
The 7 phases and their order in the SDLC
33. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
IT standards are not being reviewed often enough
SDLC Phases
Overall audit risk
Testing activities
34. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
Data Link Layer Standards
The Business Process Life Cycle
List of systems examined
35. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Assess the maturity of its business processes
Inherent Risk
BCP Plans
To identify the tasks that are responsible for project delays
36. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Precision means
Detection Risk
Service Level Management
37. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Data Link Layer
Criticality analysis
To identify the tasks that are responsible for project delays
The 4-item focus of a Balanced Scorecard
38. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Categories of risk treatment
Network Layer Protocols
PERT Diagram?
The 5 types of Evidence that the auditor will collect during an audit.
39. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Overall audit risk
TCP/IP Transport Layer
Options for Risk Treatment
A Server Cluster
40. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Server cluster
Lacks specific expertise or resources to conduct an internal audit
Buffers
41. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
A Problem
Business impact analysis
Incident Management
Personnel involved in the requirements phase of a software development project
42. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Information systems access
Control Risk
A Virtual Server
43. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Employee termination process
Data Link Layer Standards
Sampling Risk
OSI: Physical Layer
44. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Database primary key
Service Continuity Management
Capability Maturity Model Integration (CMMI)
Stay current with technology
45. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
TCP/IP Transport Layer
Antivirus software on the email servers
Security Awareness program
Capability Maturity Model Integration (CMMI)
46. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Balanced Scorecard
A Cold Site
The appropriate role of an IS auditor in a control self-assessment
Employee termination process
47. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
OSI Layer 5: Session
The BCP process
TCP/IP Transport Layer
48. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
TCP/IP Transport Layer
Rating Scale for Process Maturity
Main types of Controls
IT executives and the Board of Directors
49. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Audit Methodologies
Six steps of the Release Management process
Main types of Controls
The Release process
50. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
The Internet Layer in the TCP/IP model
Sampling Risk
Split custody
The first step in a business impact analysis
