SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
IT standards are not being reviewed often enough
IT Services Financial Management
(1.) Man-made (2.) Natural
Inform the auditee
2. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
TCP/IP Link Layer
Geographic location
Risk Management
Separate administrative accounts
3. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Examples of Application Controls
Current and most up-to-date
OSI Layer 7: Application
Split custody
4. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Substantive Testing (test of transaction integrity)
Statement of Impact
Buffers
Service Level Management
5. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Reduced sign-on
Service Continuity Management
Judgmental sampling
Emergency Changes
6. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Gantt Chart
ITIL definition of CHANGE MANAGEMENT
The 4-item focus of a Balanced Scorecard
OSI: Physical Layer
7. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
A Service Provider audit
The availability of IT systems
A gate process
Antivirus software on the email servers
8. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Employees with excessive privileges
Grid Computing
Foreign Key
Hash
9. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Primary security features of relational databases
Project change request
Cloud computing
10. The means by which management establishes and measures processes by which organizational objectives are achieved
Inform the auditee
Controls
Six steps of the Release Management process
The Steering Committee
11. (1.) Objectives (2.) Components (3.) Business Units / Areas
The 5 types of Evidence that the auditor will collect during an audit.
Categories of risk treatment
Three Types of Controls
Dimensions of the COSO cube
12. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Expected Error Rate
Balanced Scorecard
A Compliance audit
Confidence coefficient
13. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Release management
Types of sampling an auditor can perform.
Sampling Risk
Primary security features of relational databases
14. (1.) Link (2.) Internet (3.) Transport (4.) Application
Recovery time objective
Substantive Testing
A Service Provider audit
TCP/IP Network Model
15. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Service Continuity Management
Documentation and interview personnel
OSI Layer 5: Session
16. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
An Administrative
BCP Plans
Types of sampling an auditor can perform.
Application Layer protocols
17. ITIL term used to describe the SDLC.
Current and most up-to-date
Release management
Stratified Sampling
Six steps of the Release Management process
18. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Insourcing
Referential Integrity
Tolerable Error Rate
19. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Examples of Application Controls
Business Realization
Incident Management
IT Strategy
20. A collection of two or more servers that is designed to appear as a single server.
Server cluster
Stay current with technology
ITIL definition of CHANGE MANAGEMENT
TCP/IP Transport Layer
21. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
An IS audit
Buffers
Stop-or-go Sampling
Network Layer Protocols
22. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
The Internet Layer in the TCP/IP model
TCP/IP Transport Layer packet delivery
To identify the tasks that are responsible for project delays
23. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Stratified Sampling
A Virtual Server
Critical Path Methodology
Data Link Layer Standards
24. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Criticality analysis
CPU
Six steps of the Release Management process
25. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
OSI: Transport Layer
Statement of Impact
Business Realization
BCP Plans
26. The highest number of errors that can exist without a result being materially misstated.
Volumes of COSO framework
Sample Standard Deviation
TCP/IP Transport Layer packet delivery
Tolerable Error Rate
27. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
BCP Plans
Personnel involved in the requirements phase of a software development project
The Eight Types of Audits
The typical Configuration Items in Configuration Management
28. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Employees with excessive privileges
Rating Scale for Process Maturity
Primary security features of relational databases
29. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Project change request
Substantive Testing (test of transaction integrity)
Blade Computer Architecture
The 7 phases and their order in the SDLC
30. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Types of sampling an auditor can perform.
Buffers
Release management
TCP/IP Transport Layer packet delivery
31. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Capability Maturity Model Integration (CMMI)
Project change request
Application Layer protocols
Three Types of Controls
32. IT Service Management is defined in ___________________ framework.
Data Link Layer Standards
ITIL - IT Infrastructure Library
Change management
Frameworks
33. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Prblem Management
Precision means
Testing activities
Employees with excessive privileges
34. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Split custody
Lacks specific expertise or resources to conduct an internal audit
Confidence coefficient
Sampling Risk
35. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
PERT Diagram?
Frameworks
(1.) Polices (2.) Procedures (3.) Standards
Attribute Sampling
36. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
The 5 types of Evidence that the auditor will collect during an audit.
Sampling Risk
IT executives and the Board of Directors
objective and unbiased
37. An audit of an IS department's operations and systems.
An IS audit
Split custody
The 7 phases and their order in the SDLC
Audit Methodologies
38. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
The 7 phases and their order in the SDLC
Advantages of outsourcing
Input validation checking
Prblem Management
39. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Blade Computer Architecture
Substantive Testing
Business Continuity
Information systems access
40. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Change management
ITIL - IT Infrastructure Library
less than 24 hours
41. The maximum period of downtime for a process or application
A Service Provider audit
Main types of Controls
Recovery time objective
Project Management Strategies
42. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Grid Computing
IT Service Management
Employees with excessive privileges
43. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Variable Sampling
Release management
Transport Layer Protocols
Six steps of the Release Management process
44. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Foreign Key
Referential Integrity
Rating Scale for Process Maturity
The two Categories of Controls
45. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Information systems access
Incident Management
CPU
46. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Dimensions of the COSO cube
Statistical Sampling
OSI Layer 5: Session
objective and unbiased
47. Defines internal controls and provides guidance for assessing and improving internal control systems.
Confidence coefficient
A Compliance audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
CPU
48. Used to translate or transform data from lower layers into formats that the application layer can work with.
Elements of the COSO pyramid
Frameworks
Wet pipe fire sprinkler system
OSI Layer 6: Presentation
49. 1.) Executive Support (2.) Well-defined roles and responsibilities.
General Controls
Information security policy
Vulnerability in the organization's PBX
Gantt Chart
50. Used to estimate the effort required to develop a software program.
Background checks performed
Function Point Analysis
The audit program
IT Services Financial Management
