Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Segregation of duties issue in a high value process
A Compliance audit
The appropriate role of an IS auditor in a control self-assessment
Substantive Testing (test of transaction integrity)

2. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
To identify the tasks that are responsible for project delays
A Financial Audit
Business Realization
Department Charters

3. Consists of two main packet transport protocols: TCP and UDP.
Blade Computer Architecture
Release management
Insourcing
TCP/IP Transport Layer

4. Defines internal controls and provides guidance for assessing and improving internal control systems.
Application Controls
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Eight Types of Audits
Employees with excessive privileges

5. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
A Forensic Audit
TCP/IP Network Model
A Virtual Server

6. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
SDLC Phases
Employees with excessive privileges
Capability Maturity Model Integration (CMMI)
The Requirements

7. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Application Controls
Sampling
The 7 phases and their order in the SDLC

8. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
(1.) Man-made (2.) Natural
Disaster Recovery
Categories of risk treatment
A Sample Mean

9. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Background checks performed
Confidence coefficient
Referential Integrity
COSO (Committee of Sponsoring Organizations of the Treadway Commission)

10. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
A Financial Audit
An Administrative
Cloud computing
Audit Methodologies

11. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Options for Risk Treatment
Testing activities
A gate process

12. A maturity model that represents the aggregations of other maturity models.
Vulnerability in the organization's PBX
Capability Maturity Model Integration (CMMI)
Audit Methodologies
Security Awareness program

13. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Release management
Server cluster
TCP/IP Network Model
Six steps of the Release Management process

14. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Database primary key
Sampling Risk
Assess the maturity of its business processes
Confidence coefficient

15. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Power system controls
Business Continuity
Notify the Audit Committee
Types of sampling an auditor can perform.

16. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Service Level Management
Input validation checking
PERT Diagram?
Foreign Key

17. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Control Unit
IT executives and the Board of Directors
Vulnerability in the organization's PBX

18. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Segregation of duties issue in a high value process
Wet pipe fire sprinkler system
Configuration Management
SDLC Phases

19. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The Requirements
A Service Provider audit
Security Awareness program
Hash

20. What type of testing is performed to determine if control procedures have proper design and are operating properly?
IT Services Financial Management
Segregation of duties issue in a high value process
Compliance Testing
Sampling Risk

21. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Notify the Audit Committee
Dimensions of the COSO cube
Rating Scale for Process Maturity
Recovery time objective

22. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Formal waterfall
Primary security features of relational databases
Six steps of the Release Management process

23. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
The appropriate role of an IS auditor in a control self-assessment
Inform the auditee
Business Realization

24. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Department Charters
IT Service Management
Confidence coefficient
objective and unbiased

25. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Precision means
ISO 20000 Standard:
Controls
Business Continuity

26. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Substantive Testing
Three Types of Controls
Blade Computer Architecture

27. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Judgmental sampling
Six steps of the Release Management process
Sample Standard Deviation
List of systems examined

28. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Personnel involved in the requirements phase of a software development project
A Sample Mean
Audit logging

29. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
OSI Layer 5: Session
The Eight Types of Audits
Audit logging

30. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Entire password for an encryption key
OSI Layer 7: Application
Six steps of the Release Management process
Configuration Management

31. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
General Controls
Employee termination process
TCP/IP Transport Layer packet delivery
PERT Diagram?

32. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Current and most up-to-date
A Sample Mean
The Software Program Library
An Integrated Audit

33. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Rating Scale for Process Maturity
Disaster Recovery
A Virtual Server
To identify the tasks that are responsible for project delays

34. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Inform the auditee
IT standards are not being reviewed often enough
Deming Cycle
Business impact analysis

35. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Server cluster
Power system controls
(1.) Polices (2.) Procedures (3.) Standards
ISO 20000 Standard:

36. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Stay current with technology
Attribute Sampling
Emergency Changes
Organizational culture and maturity

37. An audit of operational efficiency.
An Administrative
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Inherent Risk
Main types of Controls

38. The sum of all samples divided by the number of samples.
Business Continuity
A Sample Mean
Primary security features of relational databases
IT Service Management

39. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Substantive Testing (test of transaction integrity)
Sampling
Stop-or-go Sampling
Primary security features of relational databases

40. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
IT Services Financial Management
Elements of the COSO pyramid
Power system controls

41. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Tolerable Error Rate
The 5 types of Evidence that the auditor will collect during an audit.
Precision means
OSI: Physical Layer

42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Project Management Strategies
OSI: Network Layer
A Virtual Server
Sampling Risk

43. To measure organizational performance and effectiveness against strategic goals.
less than 24 hours
Balanced Scorecard
WAN Protocols
Options for Risk Treatment

44. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Capability Maturity Model Integration (CMMI)
Dimensions of the COSO cube
Insourcing

45. An audit of a third-party organization that provides services to other organizations.
ITIL - IT Infrastructure Library
An IS audit
A Service Provider audit
The Steering Committee

46. (1.) General (2.) Application
Main types of Controls
Information security policy
Input validation checking
Information systems access

47. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
The appropriate role of an IS auditor in a control self-assessment
General Controls
TCP/IP Transport Layer packet delivery
Substantive Testing (test of transaction integrity)

48. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
Overall audit risk
The 7 phases and their order in the SDLC
Inform the auditee

49. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
A Problem
Assess the maturity of its business processes
objective and unbiased
IT standards are not being reviewed often enough

50. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Criticality analysis
Project Management Strategies
WAN Protocols