SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
The appropriate role of an IS auditor in a control self-assessment
The two Categories of Controls
Employee termination process
Controls
2. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
ITIL - IT Infrastructure Library
Discovery Sampling
Stay current with technology
The Requirements
3. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Registers
Audit Methodologies
Resource details
Expected Error Rate
4. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Application Layer protocols
CPU
A gate process
PERT Diagram?
5. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Resource details
Judgmental sampling
Release management
A Problem
6. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Application Layer protocols
Capability Maturity Model
Vulnerability in the organization's PBX
7. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Concentrate on samples known to represent high risk
Reduced sign-on
Expected Error Rate
Employees with excessive privileges
8. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Insourcing
Network Layer Protocols
Cloud computing
The appropriate role of an IS auditor in a control self-assessment
9. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Information security policy
Concentrate on samples known to represent high risk
To identify the tasks that are responsible for project delays
OSI: Data Link Layer
10. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Overall audit risk
Notify the Audit Committee
A Financial Audit
(1.) Man-made (2.) Natural
11. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
List of systems examined
Database primary key
Stay current with technology
ITIL definition of CHANGE MANAGEMENT
12. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
OSI Layer 6: Presentation
Buffers
Split custody
Disaster Recovery
13. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
Dimensions of the COSO cube
IT standards are not being reviewed often enough
ITIL definition of CHANGE MANAGEMENT
14. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
PERT Diagram?
An IS audit
The Release process
Assess the maturity of its business processes
15. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Rating Scale for Process Maturity
TCP/IP Transport Layer
Hash
Business impact analysis
16. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Capability Maturity Model Integration (CMMI)
An IS audit
Three Types of Controls
Annualized Loss Expectance (ALE)
17. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Disaster Recovery
Project Management Strategies
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
18. Used to determine which business processes are the most critical - by ranking them in order of criticality
ITIL definition of CHANGE MANAGEMENT
The 5 types of Evidence that the auditor will collect during an audit.
TCP/IP Transport Layer
Criticality analysis
19. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Capability Maturity Model Integration (CMMI)
Critical Path Methodology
OSI: Network Layer
Control Risk
20. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
WAN Protocols
Expected Error Rate
Categories of risk treatment
A Compliance audit
21. IT Service Management is defined in ___________________ framework.
TCP/IP Link Layer
Stay current with technology
Documentation and interview personnel
ITIL - IT Infrastructure Library
22. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Annualized Loss Expectance (ALE)
Variable Sampling
The Eight Types of Audits
23. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Service Continuity Management
Structural fires and transportation accidents
More difficult to perform
The appropriate role of an IS auditor in a control self-assessment
24. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Examples of Application Controls
The BCP process
Inform the auditee
TCP/IP Internet Layer
25. (1.) Objectives (2.) Components (3.) Business Units / Areas
IT Strategy
TCP/IP Transport Layer packet delivery
Information security policy
Dimensions of the COSO cube
26. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Network Layer Protocols
Wet pipe fire sprinkler system
Hash
The Eight Types of Audits
27. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Registers
Sampling
Documentation and interview personnel
28. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Controls
TCP/IP Transport Layer packet delivery
Database primary key
less than 24 hours
29. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
The Requirements
Elements of the COSO pyramid
Antivirus software on the email servers
Assess the maturity of its business processes
30. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
(1.) Polices (2.) Procedures (3.) Standards
The Internet Layer in the TCP/IP model
Capability Maturity Model Integration (CMMI)
Application Layer protocols
31. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Criticality analysis
(1.) Man-made (2.) Natural
Organizational culture and maturity
Recovery time objective
32. PERT: shows the ______________ critical path.
Frameworks
Current and most up-to-date
Substantive Testing
Vulnerability in the organization's PBX
33. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
The two Categories of Controls
(1.) Polices (2.) Procedures (3.) Standards
Confidence coefficient
Personnel involved in the requirements phase of a software development project
34. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Substantive Testing
Sampling Risk
Prblem Management
IT Strategy
35. Consists of two main packet transport protocols: TCP and UDP.
IT executives and the Board of Directors
TCP/IP Transport Layer
IT Services Financial Management
Examples of Application Controls
36. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Wet pipe fire sprinkler system
Testing activities
Configuration Management
Volumes of COSO framework
37. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Foreign Key
Types of sampling an auditor can perform.
Security Awareness program
Frameworks
38. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
Grid Computing
Server cluster
The Requirements
39. Gantt: used to display ______________.
Sampling Risk
Geographic location
Resource details
Tolerable Error Rate
40. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Business Realization
Service Level Management
Grid Computing
Data Link Layer Standards
41. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Wet pipe fire sprinkler system
Rating Scale for Process Maturity
Concentrate on samples known to represent high risk
42. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
IT Services Financial Management
The two Categories of Controls
Notify the Audit Committee
Gantt Chart
43. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Statistical Sampling
Structural fires and transportation accidents
OSI Layer 6: Presentation
Emergency Changes
44. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
The 7 phases and their order in the SDLC
Configuration Management
OSI Layer 5: Session
Control Unit
45. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
A Cold Site
Business impact analysis
Compliance Testing
46. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Project Management Strategies
Sampling Risk
Configuration Management
Capability Maturity Model
47. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
The Eight Types of Audits
More difficult to perform
Geographic location
Attribute Sampling
48. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Reduced sign-on
OSI: Transport Layer
Examples of Application Controls
Transport Layer Protocols
49. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
A Virtual Server
BCP Plans
Blade Computer Architecture
A Financial Audit
50. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
less than 24 hours
The BCP process
Controls
Separate administrative accounts
