SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Risk Management
TCP/IP Internet Layer
Lacks specific expertise or resources to conduct an internal audit
IT Service Management
2. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Project Management Strategies
IT executives and the Board of Directors
The typical Configuration Items in Configuration Management
The Internet Layer in the TCP/IP model
3. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
The availability of IT systems
Antivirus software on the email servers
Wet pipe fire sprinkler system
A gate process
4. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Transport Layer Protocols
ITIL definition of CHANGE MANAGEMENT
An Integrated Audit
The typical Configuration Items in Configuration Management
5. Framework for auditing and measuring IT Service Management Processes.
ITIL definition of PROBLEM
The typical Configuration Items in Configuration Management
Power system controls
ISO 20000 Standard:
6. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Business Realization
Wet pipe fire sprinkler system
Service Continuity Management
The first step in a business impact analysis
7. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Antivirus software on the email servers
Recovery time objective
Separate administrative accounts
The Steering Committee
8. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Structural fires and transportation accidents
Inherent Risk
Overall audit risk
Documentation and interview personnel
9. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The Software Program Library
Substantive Testing
To identify the tasks that are responsible for project delays
The appropriate role of an IS auditor in a control self-assessment
10. (1.) Link (2.) Internet (3.) Transport (4.) Application
OSI: Transport Layer
Service Continuity Management
TCP/IP Network Model
Employee termination process
11. (1.) General (2.) Application
Control Unit
IT executives and the Board of Directors
Disaster Recovery
Main types of Controls
12. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Wet pipe fire sprinkler system
Advantages of outsourcing
A Virtual Server
13. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
WAN Protocols
Stop-or-go Sampling
Geographic location
Employees with excessive privileges
14. Used to translate or transform data from lower layers into formats that the application layer can work with.
ITIL definition of CHANGE MANAGEMENT
OSI Layer 6: Presentation
Power system controls
TCP/IP Network Model
15. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Configuration Management
The availability of IT systems
Capability Maturity Model
To identify the tasks that are responsible for project delays
16. ITIL term used to describe the SDLC.
Release management
BCP Plans
Entire password for an encryption key
The Internet Layer in the TCP/IP model
17. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Inherent Risk
The 4-item focus of a Balanced Scorecard
WAN Protocols
Vulnerability in the organization's PBX
18. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Power system controls
Capability Maturity Model Integration (CMMI)
Stratified Sampling
Examples of IT General Controls
19. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
WAN Protocols
Capability Maturity Model Integration (CMMI)
Sampling Risk
An Administrative
20. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Overall audit risk
Elements of the COSO pyramid
A Problem
21. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Capability Maturity Model
A Cold Site
Incident Management
22. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
The typical Configuration Items in Configuration Management
Balanced Scorecard
A Server Cluster
23. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Application Layer protocols
The BCP process
Deming Cycle
The Software Program Library
24. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
An Operational Audit
Confidence coefficient
objective and unbiased
A Forensic Audit
25. An audit of an IS department's operations and systems.
An IS audit
Confidence coefficient
Background checks performed
SDLC Phases
26. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Grid Computing
Formal waterfall
Controls
Variable Sampling
27. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Gantt Chart
Business impact analysis
The 7 phases and their order in the SDLC
28. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
A gate process
The audit program
Rating Scale for Process Maturity
IT standards are not being reviewed often enough
29. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
The BCP process
Application Layer protocols
TCP/IP Transport Layer
Employee termination process
30. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Insourcing
Personnel involved in the requirements phase of a software development project
Inform the auditee
TCP/IP Transport Layer packet delivery
31. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Control Risk
ITIL definition of PROBLEM
Substantive Testing
Referential Integrity
32. IT Governance is most concerned with ________.
Gantt Chart
IT Strategy
General Controls
Security Awareness program
33. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Six steps of the Release Management process
Reduced sign-on
To identify the tasks that are responsible for project delays
Release management
34. An audit of operational efficiency.
Capability Maturity Model Integration (CMMI)
A Virtual Server
Inform the auditee
An Administrative
35. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
An Administrative
OSI: Physical Layer
objective and unbiased
Separate administrative accounts
36. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Precision means
The 5 types of Evidence that the auditor will collect during an audit.
The two Categories of Controls
A gate process
37. IT Service Management is defined in ___________________ framework.
Business Continuity
Compliance Testing
ITIL - IT Infrastructure Library
TCP/IP Internet Layer
38. Used to measure the relative maturity of an organization and its processes.
Power system controls
Resource details
Capability Maturity Model
The Steering Committee
39. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
Configuration Management
Employees with excessive privileges
A Virtual Server
40. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Cloud computing
Application Controls
Annualized Loss Expectance (ALE)
Server cluster
41. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Disaster Recovery
A Sample Mean
Gantt Chart
42. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
A Virtual Server
Risk Management
Split custody
The Release process
43. A representation of how closely a sample represents an entire population.
Power system controls
Precision means
Business Realization
Elements of the COSO pyramid
44. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Service Level Management
PERT Diagram?
The audit program
An Administrative
45. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Primary security features of relational databases
TCP/IP Link Layer
Information systems access
Inherent Risk
46. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
SDLC Phases
Confidence coefficient
Background checks performed
List of systems examined
47. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Lacks specific expertise or resources to conduct an internal audit
Prblem Management
Statistical Sampling
Detection Risk
48. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Buffers
Structural fires and transportation accidents
Overall audit risk
The first step in a business impact analysis
49. The maximum period of downtime for a process or application
Server cluster
Security Awareness program
Advantages of outsourcing
Recovery time objective
50. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Foreign Key
Judgmental sampling
Buffers