SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
A Virtual Server
Audit Methodologies
Release management
2. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
OSI Layer 5: Session
Entire password for an encryption key
Overall audit risk
Prblem Management
3. (1.) TCP (2.) UDP
List of systems examined
Information systems access
Transport Layer Protocols
The Internet Layer in the TCP/IP model
4. The maximum period of downtime for a process or application
Recovery time objective
Formal waterfall
IT Strategy
Application Layer protocols
5. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Reduced sign-on
Project change request
A Compliance audit
6. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
PERT Diagram?
An Administrative
An IS audit
The Business Process Life Cycle
7. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
IT executives and the Board of Directors
A Cold Site
Project Management Strategies
Control Unit
8. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Volumes of COSO framework
Examples of IT General Controls
The Requirements
9. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Substantive Testing (test of transaction integrity)
less than 24 hours
Attribute Sampling
Wet pipe fire sprinkler system
10. ITIL term used to describe the SDLC.
Release management
A gate process
Notify the Audit Committee
SDLC Phases
11. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Inform the auditee
Compliance Testing
Network Layer Protocols
Organizational culture and maturity
12. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
Statement of Impact
Examples of IT General Controls
The Release process
13. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Resource details
Elements of the COSO pyramid
IT executives and the Board of Directors
Sampling Risk
14. (1.) Link (2.) Internet (3.) Transport (4.) Application
Business impact analysis
TCP/IP Network Model
Application Layer protocols
Business Realization
15. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Critical Path Methodology
TCP/IP Transport Layer
Three Types of Controls
The Steering Committee
16. Describes the effect on the business if a process is incapacitated for any appreciable time
BCP Plans
A Virtual Server
Types of sampling an auditor can perform.
Statement of Impact
17. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
A Virtual Server
Balanced Scorecard
Categories of risk treatment
18. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Substantive Testing (test of transaction integrity)
Application Layer protocols
Elements of the COBIT Framework
Sampling Risk
19. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Assess the maturity of its business processes
Background checks performed
ITIL definition of PROBLEM
PERT Diagram?
20. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
PERT Diagram?
Options for Risk Treatment
A gate process
21. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Business impact analysis
Lacks specific expertise or resources to conduct an internal audit
Sampling Risk
Grid Computing
22. Focuses on: post-event recovery and restoration of services
The Eight Types of Audits
Disaster Recovery
A Financial Audit
OSI Layer 6: Presentation
23. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Audit Methodologies
CPU
Substantive Testing (test of transaction integrity)
List of systems examined
24. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Six steps of the Release Management process
Annualized Loss Expectance (ALE)
Foreign Key
25. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Business Continuity
The Eight Types of Audits
Server cluster
Judgmental sampling
26. Gantt: used to display ______________.
Resource details
Business Continuity
Change management
The appropriate role of an IS auditor in a control self-assessment
27. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
TCP/IP Transport Layer packet delivery
Assess the maturity of its business processes
Service Level Management
Control Unit
28. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Formal waterfall
Six steps of the Release Management process
Confidence coefficient
29. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Inform the auditee
TCP/IP Transport Layer
The BCP process
The 4-item focus of a Balanced Scorecard
30. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Formal waterfall
IT executives and the Board of Directors
Change management
ITIL definition of PROBLEM
31. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
A Cold Site
Documentation and interview personnel
Registers
OSI Layer 7: Application
32. An audit of a third-party organization that provides services to other organizations.
Configuration Management
Balanced Scorecard
TCP/IP Internet Layer
A Service Provider audit
33. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
The best approach for identifying high risk areas for an audit
The Requirements
OSI: Physical Layer
34. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
Options for Risk Treatment
To identify the tasks that are responsible for project delays
ITIL - IT Infrastructure Library
35. Disasters are generally grouped in terms of type: ______________.
A gate process
(1.) Man-made (2.) Natural
A Problem
The 4-item focus of a Balanced Scorecard
36. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Department Charters
Transport Layer Protocols
PERT Diagram?
Data Link Layer Standards
37. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Tolerable Error Rate
Network Layer Protocols
Employee termination process
Substantive Testing
38. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Confidence coefficient
Testing activities
Sampling Risk
The audit program
39. The memory locations in the CPU where arithmetic values are stored.
Vulnerability in the organization's PBX
Confidence coefficient
Registers
Lacks specific expertise or resources to conduct an internal audit
40. Delivery of packets from one station to another - on the same network or on different networks.
Network Layer Protocols
Precision means
The Internet Layer in the TCP/IP model
IT executives and the Board of Directors
41. An audit that combines an operational audit and a financial audit.
List of systems examined
Buffers
PERT Diagram?
An Integrated Audit
42. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Reduced sign-on
TCP/IP Link Layer
To identify the tasks that are responsible for project delays
Business Realization
43. Handle application processing
Prblem Management
Gantt Chart
Registers
Application Controls
44. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Disaster Recovery
WAN Protocols
Stop-or-go Sampling
ISO 20000 Standard:
45. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
The Internet Layer in the TCP/IP model
Reduced sign-on
(1.) Man-made (2.) Natural
46. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
A Sample Mean
IT Service Management
An Operational Audit
Network Layer Protocols
47. The highest number of errors that can exist without a result being materially misstated.
Project change request
The Requirements
ITIL definition of PROBLEM
Tolerable Error Rate
48. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
TCP/IP Transport Layer
Service Continuity Management
OSI Layer 5: Session
Tolerable Error Rate
49. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
OSI: Data Link Layer
Stratified Sampling
Cloud computing
The BCP process
50. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
PERT Diagram?
Function Point Analysis
Recovery time objective
