SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Service Continuity Management
TCP/IP Link Layer
Emergency Changes
PERT Diagram?
2. IT Governance is most concerned with ________.
Power system controls
IT Strategy
SDLC Phases
Critical Path Methodology
3. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Notify the Audit Committee
Substantive Testing
Testing activities
PERT Diagram?
4. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
A Server Cluster
Personnel involved in the requirements phase of a software development project
Examples of IT General Controls
5. An audit of an IS department's operations and systems.
Employees with excessive privileges
Information systems access
An IS audit
Testing activities
6. A representation of how closely a sample represents an entire population.
Precision means
Application Layer protocols
Background checks performed
ISO 20000 Standard:
7. Guide program execution through organization of resources and development of clear project objectives.
ISO 20000 Standard:
IT Services Financial Management
Project Management Strategies
An Operational Audit
8. The means by which management establishes and measures processes by which organizational objectives are achieved
Volumes of COSO framework
The availability of IT systems
Controls
Variable Sampling
9. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Six steps of the Release Management process
Network Layer Protocols
Split custody
Incident Management
10. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Attribute Sampling
TCP/IP Internet Layer
Frameworks
Entire password for an encryption key
11. Disasters are generally grouped in terms of type: ______________.
Volumes of COSO framework
Power system controls
Control Risk
(1.) Man-made (2.) Natural
12. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Six steps of the Release Management process
Service Continuity Management
Gantt Chart
Sampling
13. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Control Risk
Six steps of the Release Management process
Annualized Loss Expectance (ALE)
A Compliance audit
14. The memory locations in the CPU where arithmetic values are stored.
Resource details
Registers
Documentation and interview personnel
Sampling Risk
15. (1.) Automatic (2.) Manual
An IS audit
ITIL definition of PROBLEM
The two Categories of Controls
objective and unbiased
16. The sum of all samples divided by the number of samples.
The Internet Layer in the TCP/IP model
A Sample Mean
Emergency Changes
Business impact analysis
17. The first major task in a disaster recovery or business continuity planning project.
Antivirus software on the email servers
Business impact analysis
The availability of IT systems
OSI: Transport Layer
18. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Personnel involved in the requirements phase of a software development project
Department Charters
An IS audit
The Requirements
19. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Business Continuity
Detection Risk
IT executives and the Board of Directors
20. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Antivirus software on the email servers
The Eight Types of Audits
Department Charters
Reduced sign-on
21. Support the functioning of the application controls
Dimensions of the COSO cube
Statistical Sampling
objective and unbiased
General Controls
22. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Business impact analysis
Rating Scale for Process Maturity
IT Service Management
Annualized Loss Expectance (ALE)
23. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Rating Scale for Process Maturity
Controls
A Problem
24. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Capability Maturity Model Integration (CMMI)
Input validation checking
Elements of the COBIT Framework
TCP/IP Internet Layer
25. Focuses on: post-event recovery and restoration of services
Current and most up-to-date
Disaster Recovery
ITIL definition of PROBLEM
Incident Management
26. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Lacks specific expertise or resources to conduct an internal audit
TCP/IP Network Model
A Server Cluster
The typical Configuration Items in Configuration Management
27. Framework for auditing and measuring IT Service Management Processes.
Release management
TCP/IP Internet Layer
Service Continuity Management
ISO 20000 Standard:
28. (1.) Access controls (2.) Encryption (3.) Audit logging
Sample Standard Deviation
Primary security features of relational databases
Main types of Controls
OSI: Physical Layer
29. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
A Service Provider audit
Disaster Recovery
OSI: Data Link Layer
Sample Standard Deviation
30. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Controls
Sampling Risk
Application Controls
31. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
The audit program
Insourcing
Critical Path Methodology
32. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
A Service Provider audit
Sample Standard Deviation
Discovery Sampling
less than 24 hours
33. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Separate administrative accounts
Rating Scale for Process Maturity
Judgmental sampling
Sampling Risk
34. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
Categories of risk treatment
BCP Plans
Statistical Sampling
35. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Types of sampling an auditor can perform.
IT Services Financial Management
IT executives and the Board of Directors
Assess the maturity of its business processes
36. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Stratified Sampling
Blade Computer Architecture
Segregation of duties issue in a high value process
Antivirus software on the email servers
37. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
IT executives and the Board of Directors
ITIL definition of CHANGE MANAGEMENT
A Virtual Server
Incident Management
38. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Grid Computing
Balanced Scorecard
To identify the tasks that are responsible for project delays
39. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Service Continuity Management
Inform the auditee
Audit logging
40. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
ITIL definition of CHANGE MANAGEMENT
List of systems examined
OSI: Data Link Layer
Substantive Testing
41. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Deming Cycle
The typical Configuration Items in Configuration Management
Information systems access
TCP/IP Network Model
42. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Audit logging
Six steps of the Release Management process
Advantages of outsourcing
A Service Provider audit
43. An audit that is performed in support of an anticipated or active legal proceeding.
Registers
TCP/IP Network Model
A Forensic Audit
Organizational culture and maturity
44. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Examples of Application Controls
The Software Program Library
Precision means
45. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Department Charters
CPU
Configuration Management
Business Continuity
46. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
The BCP process
Attribute Sampling
Documentation and interview personnel
Six steps of the Release Management process
47. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Project change request
Audit logging
objective and unbiased
OSI Layer 7: Application
48. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Current and most up-to-date
OSI Layer 6: Presentation
Compliance Testing
An Operational Audit
49. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
Function Point Analysis
The Requirements
PERT Diagram?
50. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
OSI Layer 6: Presentation
Project Management Strategies
Elements of the COBIT Framework
The 7 phases and their order in the SDLC