SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Advantages of outsourcing
Inform the auditee
Transport Layer Protocols
The best approach for identifying high risk areas for an audit
2. An audit that is performed in support of an anticipated or active legal proceeding.
Tolerable Error Rate
Control Risk
A Forensic Audit
The Internet Layer in the TCP/IP model
3. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
IT standards are not being reviewed often enough
Judgmental sampling
Discovery Sampling
Annualized Loss Expectance (ALE)
4. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
A Sample Mean
Types of sampling an auditor can perform.
Current and most up-to-date
Department Charters
5. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Criticality analysis
Department Charters
PERT Diagram?
Sampling Risk
6. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
OSI Layer 5: Session
The Software Program Library
The audit program
General Controls
7. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
IT standards are not being reviewed often enough
Stay current with technology
More difficult to perform
Department Charters
8. Framework for auditing and measuring IT Service Management Processes.
OSI Layer 6: Presentation
Testing activities
Sample Standard Deviation
ISO 20000 Standard:
9. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
The appropriate role of an IS auditor in a control self-assessment
Compliance Testing
IT Services Financial Management
(1.) Man-made (2.) Natural
10. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
OSI: Transport Layer
Elements of the COSO pyramid
Prblem Management
Configuration Management
11. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Background checks performed
Concentrate on samples known to represent high risk
Personnel involved in the requirements phase of a software development project
The typical Configuration Items in Configuration Management
12. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The two Categories of Controls
The 5 types of Evidence that the auditor will collect during an audit.
The Steering Committee
Resource details
13. (1.) Link (2.) Internet (3.) Transport (4.) Application
Employees with excessive privileges
Controls
A Server Cluster
TCP/IP Network Model
14. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Elements of the COSO pyramid
Blade Computer Architecture
Formal waterfall
Critical Path Methodology
15. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Substantive Testing
A Problem
Separate administrative accounts
An IS audit
16. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Stop-or-go Sampling
Discovery Sampling
Foreign Key
Department Charters
17. An audit of an IS department's operations and systems.
Information systems access
Segregation of duties issue in a high value process
An IS audit
Recovery time objective
18. IT Service Management is defined in ___________________ framework.
Substantive Testing
Configuration Management
ITIL - IT Infrastructure Library
Audit Methodologies
19. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
Project change request
Configuration Management
Risk Management
20. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Detection Risk
Prblem Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
An Operational Audit
21. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
An Administrative
Sampling
Antivirus software on the email servers
TCP/IP Network Model
22. A collection of two or more servers that is designed to appear as a single server.
A Virtual Server
Critical Path Methodology
Server cluster
Sampling Risk
23. What type of testing is performed to determine if control procedures have proper design and are operating properly?
OSI: Physical Layer
Compliance Testing
Application Controls
Buffers
24. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Control Unit
A Financial Audit
Buffers
Substantive Testing (test of transaction integrity)
25. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
The Eight Types of Audits
Capability Maturity Model Integration (CMMI)
Business Continuity
SDLC Phases
26. Used to determine which business processes are the most critical - by ranking them in order of criticality
An IS audit
Information systems access
Criticality analysis
ITIL definition of CHANGE MANAGEMENT
27. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Personnel involved in the requirements phase of a software development project
Server cluster
The BCP process
28. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Prblem Management
Audit logging
Insourcing
(1.) Polices (2.) Procedures (3.) Standards
29. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Annualized Loss Expectance (ALE)
Critical Path Methodology
The Release process
OSI: Physical Layer
30. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Project Management Strategies
Organizational culture and maturity
IT Service Management
Department Charters
31. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
The 5 types of Evidence that the auditor will collect during an audit.
PERT Diagram?
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Information security policy
32. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Service Continuity Management
The 7 phases and their order in the SDLC
TCP/IP Transport Layer packet delivery
Wet pipe fire sprinkler system
33. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
A gate process
Service Continuity Management
Employee termination process
Control Unit
34. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
Application Layer protocols
ISO 20000 Standard:
List of systems examined
35. Describes the effect on the business if a process is incapacitated for any appreciable time
Reduced sign-on
Statement of Impact
Transport Layer Protocols
Business Continuity
36. To measure organizational performance and effectiveness against strategic goals.
Audit Methodologies
Registers
Balanced Scorecard
Department Charters
37. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Risk Management
SDLC Phases
Prblem Management
Entire password for an encryption key
38. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
The two Categories of Controls
Risk Management
OSI: Data Link Layer
Buffers
39. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Transport Layer Protocols
Business Continuity
Grid Computing
Elements of the COBIT Framework
40. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Assess the maturity of its business processes
A Compliance audit
Data Link Layer Standards
41. Used to translate or transform data from lower layers into formats that the application layer can work with.
Risk Management
Capability Maturity Model
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI Layer 6: Presentation
42. Defines internal controls and provides guidance for assessing and improving internal control systems.
Emergency Changes
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A Compliance audit
Grid Computing
43. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
A Forensic Audit
Application Controls
Detection Risk
44. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Information systems access
Inherent Risk
Audit logging
Volumes of COSO framework
45. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Vulnerability in the organization's PBX
General Controls
The typical Configuration Items in Configuration Management
Documentation and interview personnel
46. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
ISO 20000 Standard:
Function Point Analysis
Elements of the COBIT Framework
Insourcing
47. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
A Problem
Database primary key
Foreign Key
Stop-or-go Sampling
48. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Separate administrative accounts
TCP/IP Link Layer
To identify the tasks that are responsible for project delays
Entire password for an encryption key
49. The inventory of all in-scope business processes and systems
Vulnerability in the organization's PBX
The 7 phases and their order in the SDLC
The first step in a business impact analysis
Statement of Impact
50. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Sampling
A gate process
Dimensions of the COSO cube