SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The inventory of all in-scope business processes and systems
Disaster Recovery
Grid Computing
The first step in a business impact analysis
Function Point Analysis
2. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Gantt Chart
OSI: Transport Layer
Separate administrative accounts
3. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Inherent Risk
Sampling
Controls
4. Focuses on: post-event recovery and restoration of services
Entire password for an encryption key
Disaster Recovery
Referential Integrity
An Administrative
5. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Precision means
Assess the maturity of its business processes
Volumes of COSO framework
OSI Layer 5: Session
6. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
A Virtual Server
Assess the maturity of its business processes
The two Categories of Controls
7. IT Service Management is defined in ___________________ framework.
Criticality analysis
The availability of IT systems
Network Layer Protocols
ITIL - IT Infrastructure Library
8. The maximum period of downtime for a process or application
Split custody
Recovery time objective
IT Strategy
Overall audit risk
9. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
Sampling
Structural fires and transportation accidents
Business Continuity
10. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Server cluster
Prblem Management
Employees with excessive privileges
IT executives and the Board of Directors
11. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
The 5 types of Evidence that the auditor will collect during an audit.
Segregation of duties issue in a high value process
Precision means
Rating Scale for Process Maturity
12. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
A Financial Audit
The BCP process
TCP/IP Network Model
Concentrate on samples known to represent high risk
13. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
OSI: Network Layer
Assess the maturity of its business processes
Database primary key
14. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
Separate administrative accounts
Tolerable Error Rate
Service Continuity Management
15. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Examples of Application Controls
The best approach for identifying high risk areas for an audit
Audit logging
TCP/IP Network Model
16. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The two Categories of Controls
Balanced Scorecard
To identify the tasks that are responsible for project delays
Database primary key
17. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Confidence coefficient
Elements of the COBIT Framework
Employees with excessive privileges
18. The main hardware component of a computer system - which executes instructions in computer programs.
The appropriate role of an IS auditor in a control self-assessment
WAN Protocols
PERT Diagram?
CPU
19. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
The BCP process
PERT Diagram?
Wet pipe fire sprinkler system
Function Point Analysis
20. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
A Cold Site
(1.) Polices (2.) Procedures (3.) Standards
An IS audit
Controls
21. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Detection Risk
Critical Path Methodology
Resource details
22. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Statistical Sampling
Advantages of outsourcing
Antivirus software on the email servers
Volumes of COSO framework
23. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
A Cold Site
Release management
ITIL definition of CHANGE MANAGEMENT
24. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Options for Risk Treatment
The appropriate role of an IS auditor in a control self-assessment
Power system controls
The 4-item focus of a Balanced Scorecard
25. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Tolerable Error Rate
Application Layer protocols
(1.) Man-made (2.) Natural
Judgmental sampling
26. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
An Administrative
objective and unbiased
Six steps of the Release Management process
Data Link Layer Standards
27. Used to measure the relative maturity of an organization and its processes.
The Steering Committee
The Release process
Capability Maturity Model
A gate process
28. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Change management
Project Management Strategies
Split custody
Vulnerability in the organization's PBX
29. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Insourcing
Information security policy
Categories of risk treatment
30. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Capability Maturity Model Integration (CMMI)
Stop-or-go Sampling
Testing activities
Background checks performed
31. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Concentrate on samples known to represent high risk
Confidence coefficient
Deming Cycle
ITIL definition of PROBLEM
32. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Risk Management
Frameworks
The typical Configuration Items in Configuration Management
The 5 types of Evidence that the auditor will collect during an audit.
33. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
The appropriate role of an IS auditor in a control self-assessment
An Integrated Audit
Notify the Audit Committee
Gantt Chart
34. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
objective and unbiased
OSI: Data Link Layer
A Forensic Audit
IT executives and the Board of Directors
35. One of a database table's fields - whose value is unique.
Confidence coefficient
Critical Path Methodology
Database primary key
A Sample Mean
36. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Vulnerability in the organization's PBX
Network Layer Protocols
The 4-item focus of a Balanced Scorecard
Statistical Sampling
37. (1.) Access controls (2.) Encryption (3.) Audit logging
Insourcing
Primary security features of relational databases
A Server Cluster
Main types of Controls
38. (1.) Objectives (2.) Components (3.) Business Units / Areas
A Financial Audit
Application Controls
The 5 types of Evidence that the auditor will collect during an audit.
Dimensions of the COSO cube
39. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Incident Management
Frameworks
Formal waterfall
Attribute Sampling
40. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
Frameworks
Grid Computing
Network Layer Protocols
41. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Registers
Stay current with technology
The Internet Layer in the TCP/IP model
Compliance Testing
42. The memory locations in the CPU where arithmetic values are stored.
Registers
Separate administrative accounts
Statistical Sampling
More difficult to perform
43. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
The 4-item focus of a Balanced Scorecard
Judgmental sampling
Split custody
44. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
Elements of the COSO pyramid
Stratified Sampling
ISO 20000 Standard:
45. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Judgmental sampling
Detection Risk
Attribute Sampling
46. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
A Cold Site
Confidence coefficient
Information systems access
47. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
The Release process
Stay current with technology
IT executives and the Board of Directors
A gate process
48. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Information security policy
Service Continuity Management
The 7 phases and their order in the SDLC
IT Strategy
49. (1.) General (2.) Application
Main types of Controls
Hash
Audit Methodologies
Service Level Management
50. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Sampling
The Steering Committee
Vulnerability in the organization's PBX
Categories of risk treatment