SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of operational efficiency.
ITIL definition of CHANGE MANAGEMENT
Elements of the COSO pyramid
ISO 20000 Standard:
An Administrative
2. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
More difficult to perform
The 4-item focus of a Balanced Scorecard
ITIL - IT Infrastructure Library
3. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Stop-or-go Sampling
Foreign Key
A Forensic Audit
Deming Cycle
4. (1.) General (2.) Application
Blade Computer Architecture
Main types of Controls
Entire password for an encryption key
Power system controls
5. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Assess the maturity of its business processes
Split custody
Organizational culture and maturity
6. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
WAN Protocols
Inherent Risk
SDLC Phases
To identify the tasks that are responsible for project delays
7. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
(1.) Polices (2.) Procedures (3.) Standards
Categories of risk treatment
OSI: Physical Layer
Service Level Management
8. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
An Administrative
The appropriate role of an IS auditor in a control self-assessment
Options for Risk Treatment
9. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Notify the Audit Committee
Advantages of outsourcing
Types of sampling an auditor can perform.
10. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
BCP Plans
Insourcing
Stay current with technology
Capability Maturity Model
11. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Application Layer protocols
The typical Configuration Items in Configuration Management
Notify the Audit Committee
The Requirements
12. PERT: shows the ______________ critical path.
Elements of the COSO pyramid
Documentation and interview personnel
Current and most up-to-date
The Eight Types of Audits
13. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
Deming Cycle
Department Charters
Referential Integrity
14. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Stratified Sampling
The Requirements
Department Charters
Lacks specific expertise or resources to conduct an internal audit
15. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Security Awareness program
Split custody
Inherent Risk
16. The highest number of errors that can exist without a result being materially misstated.
The two Categories of Controls
An Integrated Audit
Risk Management
Tolerable Error Rate
17. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
A Server Cluster
Recovery time objective
The Release process
Split custody
18. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
The Release process
Stratified Sampling
TCP/IP Transport Layer
19. IT Service Management is defined in ___________________ framework.
Registers
Recovery time objective
Annualized Loss Expectance (ALE)
ITIL - IT Infrastructure Library
20. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Rating Scale for Process Maturity
A Service Provider audit
The BCP process
The typical Configuration Items in Configuration Management
21. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Inherent Risk
Insourcing
Sample Standard Deviation
The audit program
22. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
TCP/IP Link Layer
Emergency Changes
Service Level Management
23. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Vulnerability in the organization's PBX
Capability Maturity Model
Insourcing
24. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Elements of the COSO pyramid
Discovery Sampling
Information security policy
Formal waterfall
25. IT Governance is most concerned with ________.
Department Charters
IT Strategy
less than 24 hours
Referential Integrity
26. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Security Awareness program
Project Management Strategies
A Server Cluster
27. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Judgmental sampling
A Compliance audit
Assess the maturity of its business processes
Advantages of outsourcing
28. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Dimensions of the COSO cube
Blade Computer Architecture
TCP/IP Transport Layer
The best approach for identifying high risk areas for an audit
29. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Compliance Testing
Prblem Management
Organizational culture and maturity
IT Services Financial Management
30. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Project change request
Risk Management
IT Service Management
SDLC Phases
31. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
A Financial Audit
OSI: Transport Layer
Blade Computer Architecture
Business impact analysis
32. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Types of sampling an auditor can perform.
Blade Computer Architecture
The BCP process
Stay current with technology
33. Used to measure the relative maturity of an organization and its processes.
Deming Cycle
TCP/IP Network Model
Capability Maturity Model
less than 24 hours
34. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
IT Services Financial Management
A Service Provider audit
The Internet Layer in the TCP/IP model
35. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
A Cold Site
Application Layer protocols
Rating Scale for Process Maturity
Emergency Changes
36. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Advantages of outsourcing
Critical Path Methodology
TCP/IP Transport Layer packet delivery
Six steps of the Release Management process
37. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Background checks performed
Grid Computing
Function Point Analysis
The 5 types of Evidence that the auditor will collect during an audit.
38. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Rating Scale for Process Maturity
Application Controls
Release management
An Operational Audit
39. (1.) Access controls (2.) Encryption (3.) Audit logging
(1.) Man-made (2.) Natural
Three Types of Controls
Criticality analysis
Primary security features of relational databases
40. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
List of systems examined
Volumes of COSO framework
Grid Computing
41. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
PERT Diagram?
Audit logging
Tolerable Error Rate
Split custody
42. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Referential Integrity
Frameworks
A Compliance audit
43. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Sampling
More difficult to perform
Wet pipe fire sprinkler system
The audit program
44. An audit that combines an operational audit and a financial audit.
Registers
Assess the maturity of its business processes
An Integrated Audit
The BCP process
45. To measure organizational performance and effectiveness against strategic goals.
Split custody
The Eight Types of Audits
Data Link Layer Standards
Balanced Scorecard
46. Disasters are generally grouped in terms of type: ______________.
Business Continuity
Sampling
Primary security features of relational databases
(1.) Man-made (2.) Natural
47. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
SDLC Phases
Audit logging
Business Continuity
48. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
The Internet Layer in the TCP/IP model
Entire password for an encryption key
Substantive Testing (test of transaction integrity)
49. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Department Charters
Examples of Application Controls
Deming Cycle
Capability Maturity Model
50. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Audit logging
Precision means
Data Link Layer Standards
OSI Layer 5: Session