SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Insourcing
OSI Layer 7: Application
Advantages of outsourcing
Change management
2. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
The appropriate role of an IS auditor in a control self-assessment
Incident Management
The 5 types of Evidence that the auditor will collect during an audit.
A Problem
3. The first major task in a disaster recovery or business continuity planning project.
The availability of IT systems
Six steps of the Release Management process
Business impact analysis
ISO 20000 Standard:
4. The memory locations in the CPU where arithmetic values are stored.
CPU
Registers
The availability of IT systems
Buffers
5. The highest number of errors that can exist without a result being materially misstated.
Information systems access
Balanced Scorecard
Tolerable Error Rate
Audit logging
6. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Network Layer Protocols
ITIL definition of PROBLEM
Confidence coefficient
7. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
TCP/IP Network Model
A Virtual Server
Sampling
8. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Structural fires and transportation accidents
Categories of risk treatment
TCP/IP Internet Layer
Wet pipe fire sprinkler system
9. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
OSI: Transport Layer
OSI: Data Link Layer
Entire password for an encryption key
OSI Layer 6: Presentation
10. Delivery of packets from one station to another - on the same network or on different networks.
OSI: Physical Layer
The Internet Layer in the TCP/IP model
Stay current with technology
Rating Scale for Process Maturity
11. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Testing activities
Examples of IT General Controls
Advantages of outsourcing
Business Realization
12. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Statistical Sampling
BCP Plans
IT Strategy
Split custody
13. To communication security policies - procedures - and other security-related information to an organization's employees.
A Sample Mean
Security Awareness program
Elements of the COSO pyramid
An Operational Audit
14. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Prblem Management
Main types of Controls
Overall audit risk
OSI: Data Link Layer
15. Focuses on: post-event recovery and restoration of services
Critical Path Methodology
Sampling Risk
Disaster Recovery
Stratified Sampling
16. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
Judgmental sampling
Tolerable Error Rate
Foreign Key
17. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Organizational culture and maturity
Expected Error Rate
Information security policy
A Virtual Server
18. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
General Controls
Volumes of COSO framework
Business Continuity
19. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Control Unit
The 4-item focus of a Balanced Scorecard
Data Link Layer Standards
The availability of IT systems
20. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
The 5 types of Evidence that the auditor will collect during an audit.
Project change request
Function Point Analysis
Referential Integrity
21. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Examples of Application Controls
OSI: Network Layer
Control Risk
Registers
22. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Employee termination process
OSI: Transport Layer
ISO 20000 Standard:
IT Service Management
23. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Reduced sign-on
Capability Maturity Model
Volumes of COSO framework
Power system controls
24. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
Variable Sampling
OSI: Transport Layer
The Business Process Life Cycle
25. An audit of operational efficiency.
Inform the auditee
Business Continuity
An Administrative
Controls
26. (1.) TCP (2.) UDP
ITIL - IT Infrastructure Library
Split custody
Transport Layer Protocols
The Requirements
27. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
A Server Cluster
A Compliance audit
General Controls
Overall audit risk
28. A representation of how closely a sample represents an entire population.
Information systems access
OSI Layer 7: Application
A Forensic Audit
Precision means
29. (1.) Link (2.) Internet (3.) Transport (4.) Application
Controls
TCP/IP Network Model
Organizational culture and maturity
Power system controls
30. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
The availability of IT systems
OSI: Data Link Layer
Concentrate on samples known to represent high risk
31. The inventory of all in-scope business processes and systems
Stratified Sampling
The first step in a business impact analysis
Inherent Risk
OSI Layer 6: Presentation
32. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
The 7 phases and their order in the SDLC
Attribute Sampling
Recovery time objective
OSI Layer 5: Session
33. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Employee termination process
Data Link Layer Standards
Notify the Audit Committee
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
34. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
Attribute Sampling
To identify the tasks that are responsible for project delays
Control Risk
35. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Deming Cycle
Reduced sign-on
Current and most up-to-date
The 7 phases and their order in the SDLC
36. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Hash
More difficult to perform
The audit program
IT standards are not being reviewed often enough
37. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Grid Computing
Application Controls
Audit Methodologies
Inform the auditee
38. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
(1.) Polices (2.) Procedures (3.) Standards
Stop-or-go Sampling
Lacks specific expertise or resources to conduct an internal audit
39. One of a database table's fields - whose value is unique.
Categories of risk treatment
Database primary key
SDLC Phases
Expected Error Rate
40. Used to estimate the effort required to develop a software program.
A Server Cluster
Function Point Analysis
Assess the maturity of its business processes
Testing activities
41. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Structural fires and transportation accidents
Background checks performed
Buffers
42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Criticality analysis
TCP/IP Transport Layer
The BCP process
Sampling Risk
43. An audit that is performed in support of an anticipated or active legal proceeding.
Incident Management
Disaster Recovery
A Forensic Audit
A Cold Site
44. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
TCP/IP Link Layer
The Steering Committee
Information security policy
Antivirus software on the email servers
45. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
List of systems examined
PERT Diagram?
Personnel involved in the requirements phase of a software development project
A Compliance audit
46. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
The Software Program Library
Segregation of duties issue in a high value process
Personnel involved in the requirements phase of a software development project
A Financial Audit
47. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Wet pipe fire sprinkler system
Primary security features of relational databases
An Operational Audit
Entire password for an encryption key
48. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Assess the maturity of its business processes
IT standards are not being reviewed often enough
OSI: Transport Layer
49. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
(1.) Polices (2.) Procedures (3.) Standards
Gantt Chart
BCP Plans
TCP/IP Network Model
50. Handle application processing
Network Layer Protocols
Sample Standard Deviation
Application Controls
A Cold Site