SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An alternate processing center that contains no information processing equipment.
Testing activities
TCP/IP Transport Layer
Current and most up-to-date
A Cold Site
2. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Hash
Information security policy
Data Link Layer Standards
3. A maturity model that represents the aggregations of other maturity models.
Power system controls
Capability Maturity Model Integration (CMMI)
Substantive Testing
Tolerable Error Rate
4. The inventory of all in-scope business processes and systems
Information systems access
Application Controls
BCP Plans
The first step in a business impact analysis
5. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Information systems access
Prblem Management
Concentrate on samples known to represent high risk
6. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Resource details
Application Controls
Options for Risk Treatment
OSI: Data Link Layer
7. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Detection Risk
Stay current with technology
OSI: Network Layer
A Sample Mean
8. An audit of a third-party organization that provides services to other organizations.
Antivirus software on the email servers
Attribute Sampling
Network Layer Protocols
A Service Provider audit
9. A collection of two or more servers that is designed to appear as a single server.
The Eight Types of Audits
Application Layer protocols
Control Risk
Server cluster
10. ITIL term used to describe the SDLC.
Expected Error Rate
Types of sampling an auditor can perform.
Release management
WAN Protocols
11. The maximum period of downtime for a process or application
Change management
Recovery time objective
Confidence coefficient
Substantive Testing
12. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Balanced Scorecard
Compliance Testing
Separate administrative accounts
TCP/IP Internet Layer
13. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Security Awareness program
Sampling Risk
Deming Cycle
The BCP process
14. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Elements of the COSO pyramid
Project change request
Substantive Testing
Main types of Controls
15. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Balanced Scorecard
Segregation of duties issue in a high value process
Registers
TCP/IP Link Layer
16. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
OSI: Physical Layer
Rating Scale for Process Maturity
The Requirements
Balanced Scorecard
17. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
OSI Layer 5: Session
A Forensic Audit
Categories of risk treatment
(1.) Polices (2.) Procedures (3.) Standards
18. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Blade Computer Architecture
To identify the tasks that are responsible for project delays
Controls
Elements of the COBIT Framework
19. The means by which management establishes and measures processes by which organizational objectives are achieved
Compliance Testing
Security Awareness program
Controls
Concentrate on samples known to represent high risk
20. Guide program execution through organization of resources and development of clear project objectives.
Security Awareness program
Audit Methodologies
Project Management Strategies
An IS audit
21. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Capability Maturity Model
IT standards are not being reviewed often enough
Project change request
Network Layer Protocols
22. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
Stop-or-go Sampling
The Steering Committee
Background checks performed
23. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Categories of risk treatment
Referential Integrity
Elements of the COBIT Framework
Capability Maturity Model Integration (CMMI)
24. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Entire password for an encryption key
Employees with excessive privileges
The typical Configuration Items in Configuration Management
25. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Formal waterfall
Confidence coefficient
OSI Layer 7: Application
26. Used to translate or transform data from lower layers into formats that the application layer can work with.
IT executives and the Board of Directors
TCP/IP Network Model
Background checks performed
OSI Layer 6: Presentation
27. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Data Link Layer Standards
Control Risk
The Software Program Library
Department Charters
28. The first major task in a disaster recovery or business continuity planning project.
Judgmental sampling
Business impact analysis
IT standards are not being reviewed often enough
Blade Computer Architecture
29. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Statement of Impact
Precision means
Expected Error Rate
30. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Expected Error Rate
Detection Risk
Notify the Audit Committee
IT Strategy
31. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Organizational culture and maturity
Sampling Risk
Categories of risk treatment
Risk Management
32. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Service Level Management
Information systems access
Antivirus software on the email servers
33. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
(1.) Man-made (2.) Natural
Application Controls
Control Risk
34. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Volumes of COSO framework
The Internet Layer in the TCP/IP model
Compliance Testing
An Operational Audit
35. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Precision means
Formal waterfall
TCP/IP Network Model
Statistical Sampling
36. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
37. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Deming Cycle
Resource details
Sample Standard Deviation
38. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
IT Service Management
A Sample Mean
Sample Standard Deviation
39. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Database primary key
Sample Standard Deviation
Volumes of COSO framework
Release management
40. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
ISO 20000 Standard:
Examples of Application Controls
Cloud computing
Primary security features of relational databases
41. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
PERT Diagram?
BCP Plans
Organizational culture and maturity
Antivirus software on the email servers
42. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Discovery Sampling
A Virtual Server
Dimensions of the COSO cube
Entire password for an encryption key
43. To measure organizational performance and effectiveness against strategic goals.
Controls
Balanced Scorecard
WAN Protocols
Notify the Audit Committee
44. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Examples of IT General Controls
More difficult to perform
Resource details
Application Controls
45. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
CPU
Blade Computer Architecture
Business Continuity
46. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
A Service Provider audit
less than 24 hours
Reduced sign-on
An Integrated Audit
47. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Examples of Application Controls
TCP/IP Link Layer
Substantive Testing (test of transaction integrity)
Control Unit
48. An audit of an IS department's operations and systems.
ITIL - IT Infrastructure Library
TCP/IP Transport Layer packet delivery
An IS audit
Department Charters
49. 1.) Executive Support (2.) Well-defined roles and responsibilities.
The 5 types of Evidence that the auditor will collect during an audit.
Information security policy
Volumes of COSO framework
The Release process
50. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
The 5 types of Evidence that the auditor will collect during an audit.
Lacks specific expertise or resources to conduct an internal audit
Capability Maturity Model
Security Awareness program