SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Prblem Management
The best approach for identifying high risk areas for an audit
TCP/IP Transport Layer packet delivery
2. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Business Realization
Service Continuity Management
The 7 phases and their order in the SDLC
Notify the Audit Committee
3. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Project Management Strategies
Transport Layer Protocols
Compliance Testing
Prblem Management
4. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
A Forensic Audit
Frameworks
The BCP process
5. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Department Charters
The Release process
Capability Maturity Model
List of systems examined
6. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Resource details
Categories of risk treatment
An Integrated Audit
Audit logging
7. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Statement of Impact
Split custody
The Eight Types of Audits
8. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
List of systems examined
Wet pipe fire sprinkler system
Organizational culture and maturity
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
9. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Antivirus software on the email servers
Stratified Sampling
Criticality analysis
Annualized Loss Expectance (ALE)
10. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Change management
Incident Management
A gate process
An Operational Audit
11. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Overall audit risk
List of systems examined
Buffers
Control Risk
12. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Critical Path Methodology
Compliance Testing
A Problem
Geographic location
13. The highest number of errors that can exist without a result being materially misstated.
Confidence coefficient
Documentation and interview personnel
Critical Path Methodology
Tolerable Error Rate
14. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
Split custody
Main types of Controls
Statistical Sampling
15. A maturity model that represents the aggregations of other maturity models.
Project change request
Capability Maturity Model Integration (CMMI)
Primary security features of relational databases
The availability of IT systems
16. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
To identify the tasks that are responsible for project delays
An Integrated Audit
Notify the Audit Committee
Configuration Management
17. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Grid Computing
OSI Layer 7: Application
Business Realization
Confidence coefficient
18. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The Requirements
OSI: Transport Layer
19. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
IT Services Financial Management
Business Continuity
To identify the tasks that are responsible for project delays
Primary security features of relational databases
20. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Reduced sign-on
SDLC Phases
TCP/IP Network Model
A Cold Site
21. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Elements of the COBIT Framework
Dimensions of the COSO cube
OSI: Data Link Layer
Balanced Scorecard
22. Delivery of packets from one station to another - on the same network or on different networks.
OSI Layer 5: Session
The two Categories of Controls
The Internet Layer in the TCP/IP model
Main types of Controls
23. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
Discovery Sampling
Capability Maturity Model Integration (CMMI)
Expected Error Rate
24. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Precision means
An Operational Audit
Cloud computing
Statement of Impact
25. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
ITIL definition of CHANGE MANAGEMENT
Attribute Sampling
Transport Layer Protocols
26. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
(1.) Polices (2.) Procedures (3.) Standards
Examples of IT General Controls
Capability Maturity Model
The Business Process Life Cycle
27. To measure organizational performance and effectiveness against strategic goals.
Stop-or-go Sampling
TCP/IP Network Model
Capability Maturity Model
Balanced Scorecard
28. Gantt: used to display ______________.
Resource details
Judgmental sampling
Segregation of duties issue in a high value process
A Financial Audit
29. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
The Software Program Library
Critical Path Methodology
Transport Layer Protocols
Substantive Testing
30. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Statistical Sampling
A Server Cluster
Sampling
IT Service Management
31. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
A Cold Site
Service Level Management
Blade Computer Architecture
Organizational culture and maturity
32. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
OSI Layer 6: Presentation
Registers
Expected Error Rate
Hash
33. A collection of two or more servers that is designed to appear as a single server.
Overall audit risk
OSI Layer 5: Session
Prblem Management
Server cluster
34. IT Service Management is defined in ___________________ framework.
Resource details
ITIL - IT Infrastructure Library
Advantages of outsourcing
OSI Layer 6: Presentation
35. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
CPU
The Release process
Grid Computing
Attribute Sampling
36. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
CPU
Structural fires and transportation accidents
Resource details
The typical Configuration Items in Configuration Management
37. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Recovery time objective
Assess the maturity of its business processes
Employees with excessive privileges
An Operational Audit
38. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Segregation of duties issue in a high value process
A Compliance audit
The appropriate role of an IS auditor in a control self-assessment
Expected Error Rate
39. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
A Cold Site
Registers
Statement of Impact
40. (1.) Automatic (2.) Manual
SDLC Phases
Six steps of the Release Management process
The two Categories of Controls
Stratified Sampling
41. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
The 4-item focus of a Balanced Scorecard
Stratified Sampling
Controls
To identify the tasks that are responsible for project delays
42. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
Controls
TCP/IP Transport Layer
IT executives and the Board of Directors
43. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Deming Cycle
Inherent Risk
A Server Cluster
Server cluster
44. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Assess the maturity of its business processes
IT executives and the Board of Directors
SDLC Phases
Criticality analysis
45. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
The availability of IT systems
IT standards are not being reviewed often enough
Statistical Sampling
A gate process
46. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
Buffers
Server cluster
Information systems access
47. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Confidence coefficient
Transport Layer Protocols
Lacks specific expertise or resources to conduct an internal audit
IT Service Management
48. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Recovery time objective
The 4-item focus of a Balanced Scorecard
IT standards are not being reviewed often enough
Antivirus software on the email servers
49. An audit of a third-party organization that provides services to other organizations.
An Operational Audit
A Service Provider audit
OSI Layer 7: Application
Volumes of COSO framework
50. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
OSI: Physical Layer
(1.) Polices (2.) Procedures (3.) Standards
ITIL definition of CHANGE MANAGEMENT
Foreign Key