SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to translate or transform data from lower layers into formats that the application layer can work with.
Types of sampling an auditor can perform.
(1.) Polices (2.) Procedures (3.) Standards
List of systems examined
OSI Layer 6: Presentation
2. (1.) Access controls (2.) Encryption (3.) Audit logging
(1.) Man-made (2.) Natural
Primary security features of relational databases
The Eight Types of Audits
Stay current with technology
3. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Risk Management
Documentation and interview personnel
Expected Error Rate
Service Level Management
4. Gantt: used to display ______________.
The Business Process Life Cycle
Geographic location
Resource details
A Virtual Server
5. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Wet pipe fire sprinkler system
Substantive Testing (test of transaction integrity)
(1.) Polices (2.) Procedures (3.) Standards
ISO 20000 Standard:
6. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Cloud computing
Statement of Impact
More difficult to perform
Variable Sampling
7. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Release management
Control Unit
Three Types of Controls
Deming Cycle
8. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
To identify the tasks that are responsible for project delays
Blade Computer Architecture
Network Layer Protocols
Wet pipe fire sprinkler system
9. Disasters are generally grouped in terms of type: ______________.
TCP/IP Network Model
Insourcing
(1.) Man-made (2.) Natural
Control Risk
10. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Criticality analysis
ITIL definition of CHANGE MANAGEMENT
Control Unit
Documentation and interview personnel
11. Focuses on: post-event recovery and restoration of services
Overall audit risk
Blade Computer Architecture
Disaster Recovery
Control Risk
12. ITIL term used to describe the SDLC.
A Problem
Elements of the COSO pyramid
The first step in a business impact analysis
Release management
13. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Organizational culture and maturity
List of systems examined
The Steering Committee
The typical Configuration Items in Configuration Management
14. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Grid Computing
A Financial Audit
Configuration Management
15. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Stop-or-go Sampling
OSI: Network Layer
The best approach for identifying high risk areas for an audit
The Software Program Library
16. A maturity model that represents the aggregations of other maturity models.
Criticality analysis
Change management
More difficult to perform
Capability Maturity Model Integration (CMMI)
17. The memory locations in the CPU where arithmetic values are stored.
An Integrated Audit
Registers
OSI Layer 7: Application
Personnel involved in the requirements phase of a software development project
18. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Configuration Management
TCP/IP Link Layer
The Eight Types of Audits
Organizational culture and maturity
19. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
less than 24 hours
A Financial Audit
Sampling
ITIL - IT Infrastructure Library
20. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
An Administrative
Documentation and interview personnel
Split custody
Service Continuity Management
21. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
Annualized Loss Expectance (ALE)
Volumes of COSO framework
Prblem Management
22. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Separate administrative accounts
Testing activities
A Financial Audit
Stay current with technology
23. Used to determine which business processes are the most critical - by ranking them in order of criticality
The Business Process Life Cycle
Criticality analysis
Deming Cycle
Dimensions of the COSO cube
24. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Employees with excessive privileges
The Release process
Transport Layer Protocols
25. An audit that is performed in support of an anticipated or active legal proceeding.
Capability Maturity Model
The availability of IT systems
A Forensic Audit
OSI Layer 6: Presentation
26. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Blade Computer Architecture
Hash
Concentrate on samples known to represent high risk
Statistical Sampling
27. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
Organizational culture and maturity
General Controls
Frameworks
28. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Employee termination process
Precision means
A Cold Site
Critical Path Methodology
29. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
List of systems examined
Lacks specific expertise or resources to conduct an internal audit
Statement of Impact
Judgmental sampling
30. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Incident Management
IT Strategy
OSI Layer 7: Application
Service Level Management
31. (1.) TCP (2.) UDP
Criticality analysis
The Business Process Life Cycle
Wet pipe fire sprinkler system
Transport Layer Protocols
32. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Data Link Layer Standards
Buffers
Statistical Sampling
Change management
33. (1.) General (2.) Application
Sample Standard Deviation
The 4-item focus of a Balanced Scorecard
Controls
Main types of Controls
34. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
TCP/IP Internet Layer
The typical Configuration Items in Configuration Management
Variable Sampling
Change management
35. Contains programs that communicate directly with the end user.
Gantt Chart
Main types of Controls
OSI Layer 7: Application
Variable Sampling
36. One of a database table's fields - whose value is unique.
Geographic location
Deming Cycle
Annualized Loss Expectance (ALE)
Database primary key
37. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Elements of the COBIT Framework
Disaster Recovery
The best approach for identifying high risk areas for an audit
The Software Program Library
38. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Organizational culture and maturity
Sampling Risk
Incident Management
39. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Audit logging
Six steps of the Release Management process
OSI Layer 6: Presentation
40. (1.) Automatic (2.) Manual
Wet pipe fire sprinkler system
OSI: Data Link Layer
A Compliance audit
The two Categories of Controls
41. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
CPU
Elements of the COSO pyramid
TCP/IP Link Layer
An Operational Audit
42. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Attribute Sampling
A Problem
Buffers
43. An audit of operational efficiency.
Business Realization
An Administrative
Volumes of COSO framework
OSI Layer 7: Application
44. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
Notify the Audit Committee
Grid Computing
TCP/IP Transport Layer
45. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
A Server Cluster
TCP/IP Network Model
Attribute Sampling
46. (1.) Physical (2.) Technical (4.) Administrative
Cloud computing
Three Types of Controls
Advantages of outsourcing
Examples of IT General Controls
47. A sampling technique where at least one exception is sought in a population
Split custody
Discovery Sampling
Function Point Analysis
The BCP process
48. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Substantive Testing (test of transaction integrity)
Power system controls
Formal waterfall
49. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
TCP/IP Internet Layer
Grid Computing
Buffers
More difficult to perform
50. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
Inform the auditee
Transport Layer Protocols
Configuration Management