SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Examples of IT General Controls
Buffers
A Server Cluster
BCP Plans
2. To measure organizational performance and effectiveness against strategic goals.
Background checks performed
The BCP process
Balanced Scorecard
Configuration Management
3. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
(1.) Man-made (2.) Natural
Insourcing
Variable Sampling
less than 24 hours
4. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
BCP Plans
Gantt Chart
Recovery time objective
5. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
To identify the tasks that are responsible for project delays
Elements of the COBIT Framework
Three Types of Controls
6. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Entire password for an encryption key
The audit program
Database primary key
7. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Prblem Management
PERT Diagram?
Foreign Key
ISO 20000 Standard:
8. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
To identify the tasks that are responsible for project delays
ITIL definition of PROBLEM
Stratified Sampling
The Software Program Library
9. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Primary security features of relational databases
Capability Maturity Model Integration (CMMI)
A Financial Audit
The 7 phases and their order in the SDLC
10. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Elements of the COSO pyramid
Testing activities
TCP/IP Network Model
11. (1.) Objectives (2.) Components (3.) Business Units / Areas
Elements of the COSO pyramid
Application Layer protocols
TCP/IP Transport Layer
Dimensions of the COSO cube
12. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
Expected Error Rate
Concentrate on samples known to represent high risk
The Business Process Life Cycle
13. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
The first step in a business impact analysis
Blade Computer Architecture
The two Categories of Controls
14. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
TCP/IP Transport Layer packet delivery
The Eight Types of Audits
Deming Cycle
A Financial Audit
15. An audit of operational efficiency.
Discovery Sampling
An Administrative
General Controls
Buffers
16. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Control Unit
Reduced sign-on
An Operational Audit
The audit program
17. Delivery of packets from one station to another - on the same network or on different networks.
Criticality analysis
The Internet Layer in the TCP/IP model
Foreign Key
A Problem
18. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Control Risk
Elements of the COSO pyramid
Advantages of outsourcing
ITIL definition of CHANGE MANAGEMENT
19. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Geographic location
SDLC Phases
Stratified Sampling
20. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
IT executives and the Board of Directors
Employee termination process
ISO 20000 Standard:
A Server Cluster
21. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Power system controls
Control Unit
Hash
Personnel involved in the requirements phase of a software development project
22. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Security Awareness program
Department Charters
(1.) Polices (2.) Procedures (3.) Standards
The BCP process
23. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
The first step in a business impact analysis
Foreign Key
Personnel involved in the requirements phase of a software development project
Sampling Risk
24. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Documentation and interview personnel
IT Services Financial Management
Resource details
Application Controls
25. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Risk Management
Discovery Sampling
Data Link Layer Standards
Buffers
26. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
A Server Cluster
Inherent Risk
TCP/IP Transport Layer
Sampling Risk
27. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
TCP/IP Internet Layer
Separate administrative accounts
Discovery Sampling
28. PERT: shows the ______________ critical path.
The 5 types of Evidence that the auditor will collect during an audit.
Current and most up-to-date
OSI Layer 7: Application
Statistical Sampling
29. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Substantive Testing (test of transaction integrity)
OSI Layer 5: Session
List of systems examined
The best approach for identifying high risk areas for an audit
30. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Criticality analysis
Prblem Management
Elements of the COBIT Framework
IT Services Financial Management
31. An audit of an IS department's operations and systems.
Business Continuity
Grid Computing
less than 24 hours
An IS audit
32. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Referential Integrity
Grid Computing
Business Realization
TCP/IP Internet Layer
33. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
BCP Plans
Application Layer protocols
Vulnerability in the organization's PBX
The Release process
34. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Employees with excessive privileges
Three Types of Controls
TCP/IP Internet Layer
A gate process
35. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Data Link Layer Standards
Registers
Department Charters
Confidence coefficient
36. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
(1.) Man-made (2.) Natural
Disaster Recovery
The 5 types of Evidence that the auditor will collect during an audit.
Department Charters
37. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
The typical Configuration Items in Configuration Management
IT Services Financial Management
Structural fires and transportation accidents
38. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
The availability of IT systems
Examples of IT General Controls
Expected Error Rate
39. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Employee termination process
Discovery Sampling
Categories of risk treatment
Assess the maturity of its business processes
40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
OSI Layer 7: Application
The 5 types of Evidence that the auditor will collect during an audit.
Split custody
41. The maximum period of downtime for a process or application
Recovery time objective
Project change request
Control Unit
More difficult to perform
42. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Capability Maturity Model Integration (CMMI)
Inherent Risk
The two Categories of Controls
The 4-item focus of a Balanced Scorecard
43. Consists of two main packet transport protocols: TCP and UDP.
Expected Error Rate
TCP/IP Transport Layer
Stratified Sampling
The 4-item focus of a Balanced Scorecard
44. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
An IS audit
A Financial Audit
The Steering Committee
45. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Database primary key
Frameworks
Grid Computing
Input validation checking
46. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Sampling
Control Unit
Database primary key
A gate process
47. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Security Awareness program
Configuration Management
Statement of Impact
The appropriate role of an IS auditor in a control self-assessment
48. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Criticality analysis
Control Unit
WAN Protocols
A Forensic Audit
49. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
WAN Protocols
OSI Layer 5: Session
Three Types of Controls
50. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
OSI: Data Link Layer
less than 24 hours
Stratified Sampling