SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The risk that an IS auditor will overlook errors or exceptions during an audit.
Volumes of COSO framework
Employees with excessive privileges
Server cluster
Detection Risk
2. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Critical Path Methodology
Antivirus software on the email servers
Examples of Application Controls
3. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
General Controls
Discovery Sampling
Department Charters
Concentrate on samples known to represent high risk
4. IT Governance is most concerned with ________.
Precision means
The Steering Committee
Categories of risk treatment
IT Strategy
5. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Concentrate on samples known to represent high risk
Examples of Application Controls
Attribute Sampling
Stratified Sampling
6. PERT: shows the ______________ critical path.
A Cold Site
TCP/IP Link Layer
Current and most up-to-date
WAN Protocols
7. Defines internal controls and provides guidance for assessing and improving internal control systems.
Stay current with technology
less than 24 hours
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Control Unit
8. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Grid Computing
IT executives and the Board of Directors
IT Services Financial Management
Audit Methodologies
9. An audit of operational efficiency.
Entire password for an encryption key
The Software Program Library
An Administrative
Database primary key
10. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Three Types of Controls
Database primary key
A Compliance audit
Cloud computing
11. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
The Eight Types of Audits
A Server Cluster
A Forensic Audit
Configuration Management
12. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
The BCP process
Examples of IT General Controls
Volumes of COSO framework
Examples of Application Controls
13. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Project change request
OSI: Data Link Layer
Audit Methodologies
OSI: Network Layer
14. Subjective sampling is used when the auditor wants to _________________________.
Project change request
Capability Maturity Model Integration (CMMI)
Concentrate on samples known to represent high risk
Hash
15. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Audit Methodologies
The Requirements
Hash
An Operational Audit
16. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Sampling Risk
Structural fires and transportation accidents
Categories of risk treatment
Network Layer Protocols
17. (1.) Access controls (2.) Encryption (3.) Audit logging
Assess the maturity of its business processes
Balanced Scorecard
A gate process
Primary security features of relational databases
18. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Audit Methodologies
ITIL - IT Infrastructure Library
A Financial Audit
Business Realization
19. The sum of all samples divided by the number of samples.
Options for Risk Treatment
Organizational culture and maturity
Examples of Application Controls
A Sample Mean
20. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Stratified Sampling
Change management
OSI Layer 5: Session
The 4-item focus of a Balanced Scorecard
21. A sampling technique where at least one exception is sought in a population
Department Charters
ISO 20000 Standard:
Release management
Discovery Sampling
22. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Emergency Changes
Judgmental sampling
Stay current with technology
Tolerable Error Rate
23. Contains programs that communicate directly with the end user.
Lacks specific expertise or resources to conduct an internal audit
Separate administrative accounts
OSI: Physical Layer
OSI Layer 7: Application
24. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Structural fires and transportation accidents
Confidence coefficient
Antivirus software on the email servers
Application Layer protocols
25. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Stratified Sampling
Separate administrative accounts
ITIL definition of CHANGE MANAGEMENT
Information security policy
26. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
The best approach for identifying high risk areas for an audit
IT executives and the Board of Directors
Employee termination process
Wet pipe fire sprinkler system
27. (1.) Objectives (2.) Components (3.) Business Units / Areas
Concentrate on samples known to represent high risk
Application Controls
Application Layer protocols
Dimensions of the COSO cube
28. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Prblem Management
Testing activities
CPU
Background checks performed
29. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Documentation and interview personnel
Sampling
More difficult to perform
Reduced sign-on
30. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
An Integrated Audit
IT Services Financial Management
Examples of Application Controls
31. The first major task in a disaster recovery or business continuity planning project.
Emergency Changes
Business impact analysis
The 4-item focus of a Balanced Scorecard
The Eight Types of Audits
32. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
BCP Plans
Elements of the COSO pyramid
Incident Management
Database primary key
33. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Buffers
Inform the auditee
Geographic location
The 5 types of Evidence that the auditor will collect during an audit.
34. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The best approach for identifying high risk areas for an audit
Control Risk
Grid Computing
Service Level Management
35. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Frameworks
Resource details
Emergency Changes
A Server Cluster
36. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
OSI Layer 6: Presentation
Three Types of Controls
Formal waterfall
Hash
37. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Prblem Management
The Business Process Life Cycle
OSI: Transport Layer
Deming Cycle
38. Describes the effect on the business if a process is incapacitated for any appreciable time
IT Service Management
Statement of Impact
A Forensic Audit
Sampling Risk
39. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Audit Methodologies
Expected Error Rate
Sampling Risk
Segregation of duties issue in a high value process
40. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
TCP/IP Network Model
Sampling Risk
Release management
41. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
ISO 20000 Standard:
Current and most up-to-date
The typical Configuration Items in Configuration Management
Main types of Controls
42. Support the functioning of the application controls
A Sample Mean
IT standards are not being reviewed often enough
Prblem Management
General Controls
43. An audit that combines an operational audit and a financial audit.
An Integrated Audit
Information security policy
Dimensions of the COSO cube
Elements of the COSO pyramid
44. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Lacks specific expertise or resources to conduct an internal audit
Buffers
IT Services Financial Management
45. Concerned with electrical and physical specifications for devices. No frames or packets involved.
The 7 phases and their order in the SDLC
OSI: Physical Layer
A Server Cluster
Capability Maturity Model Integration (CMMI)
46. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
General Controls
Critical Path Methodology
objective and unbiased
Confidence coefficient
47. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Audit logging
Elements of the COSO pyramid
(1.) Polices (2.) Procedures (3.) Standards
Control Unit
48. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
ITIL definition of PROBLEM
Data Link Layer Standards
Control Unit
IT standards are not being reviewed often enough
49. A maturity model that represents the aggregations of other maturity models.
Annualized Loss Expectance (ALE)
Substantive Testing (test of transaction integrity)
Capability Maturity Model Integration (CMMI)
Sampling
50. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Geographic location
Testing activities
(1.) Polices (2.) Procedures (3.) Standards
Information security policy
