SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Capability Maturity Model
A Server Cluster
Emergency Changes
Information security policy
2. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Background checks performed
An Integrated Audit
Sampling Risk
3. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
The first step in a business impact analysis
Sampling
A Forensic Audit
To identify the tasks that are responsible for project delays
4. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
The appropriate role of an IS auditor in a control self-assessment
Vulnerability in the organization's PBX
IT standards are not being reviewed often enough
The typical Configuration Items in Configuration Management
5. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
Overall audit risk
Examples of Application Controls
Information security policy
6. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The audit program
Variable Sampling
Primary security features of relational databases
Business Continuity
7. The sum of all samples divided by the number of samples.
A Sample Mean
Organizational culture and maturity
SDLC Phases
(1.) Polices (2.) Procedures (3.) Standards
8. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
General Controls
The first step in a business impact analysis
Prblem Management
A gate process
9. Gantt: used to display ______________.
IT Service Management
Emergency Changes
IT standards are not being reviewed often enough
Resource details
10. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Judgmental sampling
Assess the maturity of its business processes
The Requirements
Sampling Risk
11. (1.) Physical (2.) Technical (4.) Administrative
The audit program
Main types of Controls
Tolerable Error Rate
Three Types of Controls
12. Support the functioning of the application controls
Cloud computing
OSI: Network Layer
OSI Layer 5: Session
General Controls
13. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
Vulnerability in the organization's PBX
objective and unbiased
Insourcing
14. The inventory of all in-scope business processes and systems
The audit program
Foreign Key
The first step in a business impact analysis
Control Unit
15. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
Six steps of the Release Management process
Precision means
Capability Maturity Model Integration (CMMI)
16. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Business impact analysis
Database primary key
Control Risk
Personnel involved in the requirements phase of a software development project
17. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Function Point Analysis
Wet pipe fire sprinkler system
Controls
Split custody
18. Used to translate or transform data from lower layers into formats that the application layer can work with.
Vulnerability in the organization's PBX
OSI Layer 6: Presentation
ITIL definition of CHANGE MANAGEMENT
OSI: Network Layer
19. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Compliance Testing
The availability of IT systems
Structural fires and transportation accidents
20. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Frameworks
TCP/IP Transport Layer packet delivery
General Controls
PERT Diagram?
21. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Control Risk
Project change request
A Cold Site
Rating Scale for Process Maturity
22. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
OSI: Network Layer
The availability of IT systems
Function Point Analysis
A gate process
23. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Options for Risk Treatment
Geographic location
Risk Management
General Controls
24. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Project change request
Formal waterfall
An Operational Audit
The audit program
25. (1.) Objectives (2.) Components (3.) Business Units / Areas
Overall audit risk
Personnel involved in the requirements phase of a software development project
Dimensions of the COSO cube
OSI: Data Link Layer
26. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Precision means
Hash
The Business Process Life Cycle
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
27. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The Eight Types of Audits
TCP/IP Network Model
More difficult to perform
TCP/IP Link Layer
28. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
IT executives and the Board of Directors
Lacks specific expertise or resources to conduct an internal audit
Application Controls
29. The highest number of errors that can exist without a result being materially misstated.
Advantages of outsourcing
SDLC Phases
Tolerable Error Rate
Business Realization
30. Focuses on: post-event recovery and restoration of services
Geographic location
Disaster Recovery
(1.) Man-made (2.) Natural
Entire password for an encryption key
31. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Data Link Layer Standards
The appropriate role of an IS auditor in a control self-assessment
Insourcing
32. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Buffers
Gantt Chart
Separate administrative accounts
Geographic location
33. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Control Unit
A Problem
The best approach for identifying high risk areas for an audit
Elements of the COBIT Framework
34. An audit that is performed in support of an anticipated or active legal proceeding.
Registers
A Forensic Audit
Server cluster
Statistical Sampling
35. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Segregation of duties issue in a high value process
BCP Plans
The Eight Types of Audits
36. Describes the effect on the business if a process is incapacitated for any appreciable time
Variable Sampling
Statement of Impact
Data Link Layer Standards
The two Categories of Controls
37. Framework for auditing and measuring IT Service Management Processes.
IT executives and the Board of Directors
An Administrative
An IS audit
ISO 20000 Standard:
38. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Cloud computing
Recovery time objective
Resource details
Inherent Risk
39. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
The Software Program Library
Server cluster
Hash
A Problem
40. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Business Continuity
A Virtual Server
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
41. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
More difficult to perform
Confidence coefficient
Dimensions of the COSO cube
The 7 phases and their order in the SDLC
42. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
Personnel involved in the requirements phase of a software development project
SDLC Phases
Project Management Strategies
43. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
IT Service Management
Blade Computer Architecture
Formal waterfall
A Server Cluster
44. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
The audit program
IT executives and the Board of Directors
Business Realization
45. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
A Problem
Service Level Management
Antivirus software on the email servers
The audit program
46. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Structural fires and transportation accidents
Notify the Audit Committee
Statement of Impact
OSI Layer 5: Session
47. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Data Link Layer Standards
Sample Standard Deviation
Elements of the COSO pyramid
Power system controls
48. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Business Continuity
The audit program
A Financial Audit
Dimensions of the COSO cube
49. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
OSI Layer 7: Application
Statement of Impact
Department Charters
Application Layer protocols
50. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Elements of the COBIT Framework
A gate process
The Steering Committee