SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Inform the auditee
Structural fires and transportation accidents
Resource details
2. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
OSI: Transport Layer
Inform the auditee
Network Layer Protocols
3. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
The typical Configuration Items in Configuration Management
Discovery Sampling
Attribute Sampling
Emergency Changes
4. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Judgmental sampling
A Server Cluster
Registers
Critical Path Methodology
5. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
(1.) Polices (2.) Procedures (3.) Standards
Variable Sampling
Concentrate on samples known to represent high risk
Capability Maturity Model Integration (CMMI)
6. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Critical Path Methodology
Application Layer protocols
Volumes of COSO framework
Project Management Strategies
7. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
Sampling Risk
Business Continuity
OSI Layer 7: Application
8. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Disaster Recovery
A Financial Audit
Rating Scale for Process Maturity
General Controls
9. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Split custody
Current and most up-to-date
PERT Diagram?
Notify the Audit Committee
10. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Stay current with technology
Business Realization
Hash
Deming Cycle
11. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
ITIL definition of PROBLEM
Change management
Primary security features of relational databases
12. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
TCP/IP Transport Layer
Stay current with technology
An IS audit
OSI Layer 5: Session
13. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Hash
Stop-or-go Sampling
Foreign Key
OSI: Network Layer
14. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Inform the auditee
List of systems examined
A Server Cluster
Testing activities
15. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
TCP/IP Internet Layer
Blade Computer Architecture
Main types of Controls
Overall audit risk
16. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
IT Services Financial Management
Control Unit
Data Link Layer Standards
List of systems examined
17. The sum of all samples divided by the number of samples.
A Sample Mean
OSI: Data Link Layer
Options for Risk Treatment
Project change request
18. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Recovery time objective
The Release process
Sampling Risk
Stop-or-go Sampling
19. Contains programs that communicate directly with the end user.
TCP/IP Internet Layer
OSI Layer 7: Application
ITIL - IT Infrastructure Library
The Release process
20. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
The Steering Committee
Disaster Recovery
Geographic location
21. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Inform the auditee
The Internet Layer in the TCP/IP model
TCP/IP Link Layer
less than 24 hours
22. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
SDLC Phases
Personnel involved in the requirements phase of a software development project
OSI: Physical Layer
TCP/IP Transport Layer packet delivery
23. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Separate administrative accounts
Statistical Sampling
Balanced Scorecard
Configuration Management
24. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
The 4-item focus of a Balanced Scorecard
To identify the tasks that are responsible for project delays
Transport Layer Protocols
25. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
IT Services Financial Management
TCP/IP Transport Layer packet delivery
Expected Error Rate
OSI: Transport Layer
26. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
The Internet Layer in the TCP/IP model
Control Unit
Input validation checking
Function Point Analysis
27. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
Change management
A Service Provider audit
Expected Error Rate
28. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
The Release process
Project Management Strategies
Information systems access
List of systems examined
29. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Types of sampling an auditor can perform.
Control Unit
Confidence coefficient
30. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
Configuration Management
Registers
Main types of Controls
31. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Types of sampling an auditor can perform.
Geographic location
General Controls
Business Realization
32. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
TCP/IP Internet Layer
To identify the tasks that are responsible for project delays
Service Level Management
Three Types of Controls
33. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Options for Risk Treatment
Judgmental sampling
Types of sampling an auditor can perform.
Sampling
34. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Employee termination process
objective and unbiased
The 4-item focus of a Balanced Scorecard
Configuration Management
35. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Substantive Testing (test of transaction integrity)
Information systems access
Entire password for an encryption key
36. A collection of two or more servers that is designed to appear as a single server.
The 4-item focus of a Balanced Scorecard
OSI Layer 5: Session
Server cluster
The Release process
37. IT Governance is most concerned with ________.
Function Point Analysis
Split custody
Lacks specific expertise or resources to conduct an internal audit
IT Strategy
38. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Options for Risk Treatment
Six steps of the Release Management process
A Problem
39. Used to estimate the effort required to develop a software program.
Release management
ISO 20000 Standard:
Capability Maturity Model Integration (CMMI)
Function Point Analysis
40. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Hash
The 7 phases and their order in the SDLC
A Server Cluster
IT Services Financial Management
41. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Wet pipe fire sprinkler system
List of systems examined
Testing activities
The BCP process
42. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Options for Risk Treatment
Stay current with technology
(1.) Polices (2.) Procedures (3.) Standards
Database primary key
43. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Data Link Layer Standards
PERT Diagram?
Hash
The Release process
44. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
Elements of the COBIT Framework
Business impact analysis
Organizational culture and maturity
45. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Structural fires and transportation accidents
Capability Maturity Model Integration (CMMI)
Service Continuity Management
Six steps of the Release Management process
46. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Substantive Testing
Elements of the COBIT Framework
OSI Layer 5: Session
Audit logging
47. An audit that is performed in support of an anticipated or active legal proceeding.
A Service Provider audit
An Administrative
The Steering Committee
A Forensic Audit
48. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Referential Integrity
Blade Computer Architecture
Substantive Testing (test of transaction integrity)
Substantive Testing
49. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
WAN Protocols
Six steps of the Release Management process
Detection Risk
50. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Registers
Service Continuity Management
Inherent Risk
TCP/IP Transport Layer packet delivery