Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The first major task in a disaster recovery or business continuity planning project.
An Administrative
A Cold Site
Business impact analysis
Variable Sampling

2. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
IT Services Financial Management
Deming Cycle
Inform the auditee

3. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
The two Categories of Controls
Server cluster
CPU

4. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
The 7 phases and their order in the SDLC
Foreign Key
Information security policy
Risk Management

5. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Elements of the COSO pyramid
PERT Diagram?
TCP/IP Link Layer
Information security policy

6. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Notify the Audit Committee
The two Categories of Controls
Detection Risk
The 7 phases and their order in the SDLC

7. (1.) Objectives (2.) Components (3.) Business Units / Areas
Blade Computer Architecture
The Eight Types of Audits
The 7 phases and their order in the SDLC
Dimensions of the COSO cube

8. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
ITIL - IT Infrastructure Library
OSI: Transport Layer
Change management

9. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Examples of IT General Controls
WAN Protocols
Reduced sign-on
Organizational culture and maturity

10. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Separate administrative accounts
A Problem
Grid Computing
To identify the tasks that are responsible for project delays

11. Contains programs that communicate directly with the end user.
Grid Computing
OSI Layer 7: Application
BCP Plans
The appropriate role of an IS auditor in a control self-assessment

12. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
IT standards are not being reviewed often enough
Application Controls
Statement of Impact

13. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
objective and unbiased
Personnel involved in the requirements phase of a software development project
Stop-or-go Sampling

14. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Hash
Business Realization
Grid Computing
Function Point Analysis

15. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
OSI Layer 7: Application
Notify the Audit Committee
Referential Integrity

16. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
less than 24 hours
Precision means
Rating Scale for Process Maturity
Referential Integrity

17. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Employee termination process
Main types of Controls
OSI: Transport Layer
Organizational culture and maturity

18. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
PERT Diagram?
Power system controls
SDLC Phases
Information security policy

19. (1.) General (2.) Application
Organizational culture and maturity
Main types of Controls
A Forensic Audit
The 5 types of Evidence that the auditor will collect during an audit.

20. The main hardware component of a computer system - which executes instructions in computer programs.
TCP/IP Transport Layer
Stop-or-go Sampling
CPU
Application Controls

21. An audit of a third-party organization that provides services to other organizations.
PERT Diagram?
A Service Provider audit
Deming Cycle
Information systems access

22. (1.) Physical (2.) Technical (4.) Administrative
Business Realization
Deming Cycle
Three Types of Controls
Security Awareness program

23. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Disaster Recovery
Separate administrative accounts
A gate process
TCP/IP Transport Layer

24. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Foreign Key
Control Unit
The Eight Types of Audits
less than 24 hours

25. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Substantive Testing (test of transaction integrity)
Balanced Scorecard
Application Layer protocols
ITIL definition of CHANGE MANAGEMENT

26. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Employees with excessive privileges
Reduced sign-on
Stay current with technology
The Requirements

27. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
Advantages of outsourcing
Power system controls
Entire password for an encryption key

28. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
A Virtual Server
Stratified Sampling
Inform the auditee
Incident Management

29. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Employees with excessive privileges
Frameworks
Recovery time objective
Network Layer Protocols

30. PERT: shows the ______________ critical path.
Capability Maturity Model
Service Level Management
Current and most up-to-date
Change management

31. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Confidence coefficient
Background checks performed
Assess the maturity of its business processes
Statement of Impact

32. IT Service Management is defined in ___________________ framework.
Background checks performed
The 7 phases and their order in the SDLC
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
ITIL - IT Infrastructure Library

33. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
The 4-item focus of a Balanced Scorecard
Documentation and interview personnel
ITIL definition of PROBLEM
less than 24 hours

34. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Control Unit
Frameworks
Options for Risk Treatment
Prblem Management

35. The maximum period of downtime for a process or application
Recovery time objective
Database primary key
Disaster Recovery
Statement of Impact

36. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Control Risk
The audit program
Deming Cycle

37. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Structural fires and transportation accidents
Function Point Analysis
Cloud computing
To identify the tasks that are responsible for project delays

38. Gantt: used to display ______________.
Stay current with technology
OSI: Network Layer
Resource details
A Sample Mean

39. Guide program execution through organization of resources and development of clear project objectives.
Inform the auditee
Sample Standard Deviation
TCP/IP Network Model
Project Management Strategies

40. The inventory of all in-scope business processes and systems
OSI: Physical Layer
The first step in a business impact analysis
The BCP process
Judgmental sampling

41. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Confidence coefficient
Rating Scale for Process Maturity
Information security policy
IT Strategy

42. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Personnel involved in the requirements phase of a software development project
A Sample Mean
A Server Cluster

43. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Elements of the COBIT Framework
A Virtual Server
Blade Computer Architecture
Critical Path Methodology

44. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
ITIL - IT Infrastructure Library
Frameworks
Sampling
List of systems examined

45. Describes the effect on the business if a process is incapacitated for any appreciable time
Separate administrative accounts
TCP/IP Internet Layer
Stop-or-go Sampling
Statement of Impact

46. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Gantt Chart
Elements of the COBIT Framework
A Virtual Server
The Software Program Library

47. (1.) Access controls (2.) Encryption (3.) Audit logging
WAN Protocols
The Release process
Primary security features of relational databases
Six steps of the Release Management process

48. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Statistical Sampling
A Sample Mean
Formal waterfall
Release management

49. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Primary security features of relational databases
ITIL definition of PROBLEM
Reduced sign-on

50. (1.) TCP (2.) UDP
objective and unbiased
Transport Layer Protocols
A Server Cluster
Categories of risk treatment