SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
A gate process
Attribute Sampling
Stop-or-go Sampling
Business impact analysis
2. An audit that combines an operational audit and a financial audit.
Rating Scale for Process Maturity
An Integrated Audit
OSI: Data Link Layer
Examples of IT General Controls
3. Focuses on: post-event recovery and restoration of services
Grid Computing
Notify the Audit Committee
Disaster Recovery
More difficult to perform
4. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
CPU
Incident Management
Elements of the COBIT Framework
Business impact analysis
5. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Deming Cycle
OSI Layer 5: Session
Types of sampling an auditor can perform.
6. Used to translate or transform data from lower layers into formats that the application layer can work with.
The 5 types of Evidence that the auditor will collect during an audit.
Security Awareness program
OSI Layer 6: Presentation
Cloud computing
7. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
The BCP process
Separate administrative accounts
Employee termination process
Input validation checking
8. IT Service Management is defined in ___________________ framework.
Inherent Risk
ITIL - IT Infrastructure Library
Insourcing
Antivirus software on the email servers
9. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Main types of Controls
To identify the tasks that are responsible for project delays
Geographic location
(1.) Polices (2.) Procedures (3.) Standards
10. Handle application processing
The Requirements
Application Controls
Inform the auditee
An Operational Audit
11. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
IT standards are not being reviewed often enough
Deming Cycle
List of systems examined
Statistical Sampling
12. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Critical Path Methodology
WAN Protocols
The appropriate role of an IS auditor in a control self-assessment
13. Used to measure the relative maturity of an organization and its processes.
Structural fires and transportation accidents
Capability Maturity Model
OSI Layer 7: Application
List of systems examined
14. Subjective sampling is used when the auditor wants to _________________________.
Elements of the COSO pyramid
Segregation of duties issue in a high value process
Documentation and interview personnel
Concentrate on samples known to represent high risk
15. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
OSI: Transport Layer
A Forensic Audit
IT Service Management
Notify the Audit Committee
16. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
ITIL definition of CHANGE MANAGEMENT
Vulnerability in the organization's PBX
A Virtual Server
Controls
17. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Registers
Sampling Risk
Concentrate on samples known to represent high risk
objective and unbiased
18. To measure organizational performance and effectiveness against strategic goals.
Function Point Analysis
Balanced Scorecard
IT Service Management
Hash
19. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Segregation of duties issue in a high value process
Attribute Sampling
IT Service Management
Organizational culture and maturity
20. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Reduced sign-on
Inherent Risk
OSI: Physical Layer
21. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Options for Risk Treatment
ITIL definition of CHANGE MANAGEMENT
Configuration Management
IT executives and the Board of Directors
22. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
OSI Layer 6: Presentation
WAN Protocols
Server cluster
Inform the auditee
23. Describes the effect on the business if a process is incapacitated for any appreciable time
Personnel involved in the requirements phase of a software development project
Statement of Impact
Segregation of duties issue in a high value process
Information security policy
24. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Notify the Audit Committee
An Administrative
To identify the tasks that are responsible for project delays
Emergency Changes
25. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
OSI: Physical Layer
Substantive Testing (test of transaction integrity)
Formal waterfall
Cloud computing
26. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Emergency Changes
Input validation checking
Wet pipe fire sprinkler system
Antivirus software on the email servers
27. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
TCP/IP Internet Layer
Entire password for an encryption key
Deming Cycle
28. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Capability Maturity Model Integration (CMMI)
The Software Program Library
A gate process
(1.) Man-made (2.) Natural
29. Lowest layer. Delivers messages (frames) from one station to another vial local network.
A Cold Site
Six steps of the Release Management process
TCP/IP Link Layer
Change management
30. Used to estimate the effort required to develop a software program.
Function Point Analysis
Confidence coefficient
Control Unit
IT Services Financial Management
31. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Server cluster
Geographic location
The availability of IT systems
The Eight Types of Audits
32. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
An Operational Audit
Notify the Audit Committee
The typical Configuration Items in Configuration Management
OSI: Physical Layer
33. Delivery of packets from one station to another - on the same network or on different networks.
A gate process
Segregation of duties issue in a high value process
Department Charters
The Internet Layer in the TCP/IP model
34. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Referential Integrity
Structural fires and transportation accidents
Categories of risk treatment
TCP/IP Link Layer
35. What type of testing is performed to determine if control procedures have proper design and are operating properly?
OSI Layer 5: Session
Project Management Strategies
Compliance Testing
An Administrative
36. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Network Layer Protocols
Application Layer protocols
Department Charters
37. Used to determine which business processes are the most critical - by ranking them in order of criticality
Entire password for an encryption key
Criticality analysis
Overall audit risk
IT Strategy
38. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Reduced sign-on
The availability of IT systems
The Eight Types of Audits
39. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
To identify the tasks that are responsible for project delays
Balanced Scorecard
Information security policy
40. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Database primary key
Service Continuity Management
Main types of Controls
The typical Configuration Items in Configuration Management
41. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
ITIL definition of PROBLEM
Department Charters
Advantages of outsourcing
Overall audit risk
42. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Security Awareness program
A Server Cluster
Personnel involved in the requirements phase of a software development project
Referential Integrity
43. The main hardware component of a computer system - which executes instructions in computer programs.
A Virtual Server
OSI Layer 7: Application
Criticality analysis
CPU
44. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
The Steering Committee
A Service Provider audit
More difficult to perform
45. Defines internal controls and provides guidance for assessing and improving internal control systems.
Notify the Audit Committee
A Cold Site
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI: Network Layer
46. The highest number of errors that can exist without a result being materially misstated.
Formal waterfall
IT standards are not being reviewed often enough
Tolerable Error Rate
Judgmental sampling
47. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Substantive Testing
Risk Management
Stay current with technology
Notify the Audit Committee
48. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
The Internet Layer in the TCP/IP model
Advantages of outsourcing
Control Risk
49. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
A Problem
Audit Methodologies
Stratified Sampling
IT Strategy
50. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
The appropriate role of an IS auditor in a control self-assessment
Rating Scale for Process Maturity
Concentrate on samples known to represent high risk
COSO (Committee of Sponsoring Organizations of the Treadway Commission)