SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
OSI Layer 6: Presentation
IT Services Financial Management
OSI: Physical Layer
2. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
OSI: Network Layer
Split custody
Overall audit risk
Inform the auditee
3. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Dimensions of the COSO cube
SDLC Phases
Function Point Analysis
4. The inventory of all in-scope business processes and systems
Risk Management
Structural fires and transportation accidents
Stratified Sampling
The first step in a business impact analysis
5. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Security Awareness program
The typical Configuration Items in Configuration Management
Substantive Testing (test of transaction integrity)
Stratified Sampling
6. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Incident Management
TCP/IP Network Model
Frameworks
CPU
7. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Foreign Key
Cloud computing
Grid Computing
Judgmental sampling
8. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Gantt Chart
Attribute Sampling
The Requirements
Reduced sign-on
9. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Elements of the COBIT Framework
A Problem
TCP/IP Internet Layer
Background checks performed
10. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Buffers
IT Service Management
WAN Protocols
Blade Computer Architecture
11. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Categories of risk treatment
The Business Process Life Cycle
Concentrate on samples known to represent high risk
Business Continuity
12. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
OSI: Data Link Layer
Substantive Testing (test of transaction integrity)
TCP/IP Internet Layer
SDLC Phases
13. To communication security policies - procedures - and other security-related information to an organization's employees.
Primary security features of relational databases
(1.) Polices (2.) Procedures (3.) Standards
Hash
Security Awareness program
14. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Input validation checking
Overall audit risk
Department Charters
Wet pipe fire sprinkler system
15. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
IT Service Management
More difficult to perform
Insourcing
The Internet Layer in the TCP/IP model
16. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Types of sampling an auditor can perform.
TCP/IP Transport Layer packet delivery
Six steps of the Release Management process
Business impact analysis
17. A sampling technique where at least one exception is sought in a population
Disaster Recovery
Sampling Risk
Discovery Sampling
The Requirements
18. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
List of systems examined
Foreign Key
The appropriate role of an IS auditor in a control self-assessment
Control Unit
19. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Frameworks
Wet pipe fire sprinkler system
Options for Risk Treatment
Employee termination process
20. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
OSI: Transport Layer
The typical Configuration Items in Configuration Management
Statement of Impact
Variable Sampling
21. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
A gate process
A Forensic Audit
Frameworks
Risk Management
22. Subjective sampling is used when the auditor wants to _________________________.
Critical Path Methodology
An IS audit
Concentrate on samples known to represent high risk
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
23. A maturity model that represents the aggregations of other maturity models.
Precision means
Rating Scale for Process Maturity
Insourcing
Capability Maturity Model Integration (CMMI)
24. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Dimensions of the COSO cube
Documentation and interview personnel
The BCP process
SDLC Phases
25. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Advantages of outsourcing
Statistical Sampling
A Cold Site
The 4-item focus of a Balanced Scorecard
26. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Sampling Risk
The 5 types of Evidence that the auditor will collect during an audit.
Inherent Risk
objective and unbiased
27. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Background checks performed
OSI: Physical Layer
Rating Scale for Process Maturity
(1.) Man-made (2.) Natural
28. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
A Sample Mean
Segregation of duties issue in a high value process
Background checks performed
29. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Project Management Strategies
General Controls
Data Link Layer Standards
Employee termination process
30. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Information security policy
Types of sampling an auditor can perform.
Statistical Sampling
A Service Provider audit
31. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
A Problem
Disaster Recovery
Audit Methodologies
32. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
The Internet Layer in the TCP/IP model
Detection Risk
Reduced sign-on
Critical Path Methodology
33. (1.) Automatic (2.) Manual
The Requirements
The 7 phases and their order in the SDLC
The two Categories of Controls
The 4-item focus of a Balanced Scorecard
34. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
An Integrated Audit
Overall audit risk
Grid Computing
Elements of the COSO pyramid
35. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Business Continuity
The first step in a business impact analysis
The Software Program Library
Discovery Sampling
36. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
A Sample Mean
TCP/IP Transport Layer packet delivery
The two Categories of Controls
Cloud computing
37. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Audit Methodologies
Separate administrative accounts
Categories of risk treatment
The availability of IT systems
38. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
(1.) Polices (2.) Procedures (3.) Standards
Personnel involved in the requirements phase of a software development project
BCP Plans
39. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
Examples of IT General Controls
OSI: Transport Layer
ITIL definition of PROBLEM
40. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The availability of IT systems
More difficult to perform
Emergency Changes
The BCP process
41. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Controls
A Virtual Server
Service Level Management
Assess the maturity of its business processes
42. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
OSI: Transport Layer
Controls
A gate process
Project change request
43. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
An Administrative
The Requirements
Sample Standard Deviation
Data Link Layer Standards
44. ITIL term used to describe the SDLC.
The Software Program Library
Department Charters
Expected Error Rate
Release management
45. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Personnel involved in the requirements phase of a software development project
Sample Standard Deviation
Audit logging
OSI Layer 5: Session
46. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Sampling Risk
Geographic location
IT Service Management
General Controls
47. IT Service Management is defined in ___________________ framework.
Blade Computer Architecture
TCP/IP Transport Layer packet delivery
ITIL - IT Infrastructure Library
A Sample Mean
48. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Formal waterfall
Lacks specific expertise or resources to conduct an internal audit
TCP/IP Transport Layer packet delivery
A Cold Site
49. An audit of an IS department's operations and systems.
An IS audit
Application Layer protocols
Categories of risk treatment
Sampling
50. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Server cluster
Recovery time objective
The 4-item focus of a Balanced Scorecard
