SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
The first step in a business impact analysis
The Release process
To identify the tasks that are responsible for project delays
2. An audit that is performed in support of an anticipated or active legal proceeding.
objective and unbiased
A Forensic Audit
Variable Sampling
Inherent Risk
3. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
TCP/IP Internet Layer
Hash
Background checks performed
The Internet Layer in the TCP/IP model
4. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
Insourcing
Compliance Testing
Notify the Audit Committee
5. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Security Awareness program
The typical Configuration Items in Configuration Management
To identify the tasks that are responsible for project delays
TCP/IP Link Layer
6. Support the functioning of the application controls
Service Continuity Management
An IS audit
The Eight Types of Audits
General Controls
7. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
SDLC Phases
OSI Layer 5: Session
The 5 types of Evidence that the auditor will collect during an audit.
TCP/IP Internet Layer
8. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Notify the Audit Committee
Assess the maturity of its business processes
Testing activities
OSI: Physical Layer
9. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Primary security features of relational databases
Application Layer protocols
The appropriate role of an IS auditor in a control self-assessment
10. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Disaster Recovery
Separate administrative accounts
Registers
11. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Information systems access
ITIL - IT Infrastructure Library
SDLC Phases
12. Gantt: used to display ______________.
Project change request
Power system controls
Main types of Controls
Resource details
13. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Blade Computer Architecture
IT executives and the Board of Directors
A Cold Site
ISO 20000 Standard:
14. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
TCP/IP Transport Layer packet delivery
An IS audit
The Requirements
More difficult to perform
15. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Formal waterfall
Notify the Audit Committee
Geographic location
Stratified Sampling
16. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Business Realization
Attribute Sampling
TCP/IP Link Layer
Registers
17. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Structural fires and transportation accidents
Critical Path Methodology
Stay current with technology
OSI Layer 7: Application
18. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Prblem Management
Application Layer protocols
IT Service Management
A Virtual Server
19. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
A Virtual Server
The Software Program Library
TCP/IP Internet Layer
A Sample Mean
20. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
A gate process
Elements of the COBIT Framework
Sampling Risk
Substantive Testing
21. Defines internal controls and provides guidance for assessing and improving internal control systems.
Stop-or-go Sampling
Gantt Chart
Prblem Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
22. A sampling technique where at least one exception is sought in a population
Confidence coefficient
Discovery Sampling
Expected Error Rate
A Forensic Audit
23. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Judgmental sampling
TCP/IP Link Layer
Referential Integrity
24. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Controls
A Problem
CPU
Sampling Risk
25. ITIL term used to describe the SDLC.
Disaster Recovery
Discovery Sampling
Release management
A Cold Site
26. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Balanced Scorecard
Separate administrative accounts
Background checks performed
27. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Control Unit
Overall audit risk
28. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Tolerable Error Rate
Information systems access
The Release process
Data Link Layer Standards
29. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Main types of Controls
Insourcing
Disaster Recovery
Sampling Risk
30. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The Release process
A Problem
Sampling Risk
Hash
31. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Vulnerability in the organization's PBX
Antivirus software on the email servers
Notify the Audit Committee
32. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
ISO 20000 Standard:
(1.) Polices (2.) Procedures (3.) Standards
Incident Management
Judgmental sampling
33. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
Sampling
The Eight Types of Audits
Separate administrative accounts
34. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Referential Integrity
Stratified Sampling
Data Link Layer Standards
Examples of Application Controls
35. (1.) General (2.) Application
Main types of Controls
WAN Protocols
Application Controls
The typical Configuration Items in Configuration Management
36. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
The Eight Types of Audits
A Problem
The best approach for identifying high risk areas for an audit
37. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Documentation and interview personnel
Audit logging
Examples of IT General Controls
Business Realization
38. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Deming Cycle
Split custody
Application Controls
Notify the Audit Committee
39. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
Hash
Service Level Management
The Software Program Library
40. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Risk Management
The 7 phases and their order in the SDLC
Incident Management
An Integrated Audit
41. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
BCP Plans
Annualized Loss Expectance (ALE)
OSI Layer 5: Session
Gantt Chart
42. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
More difficult to perform
CPU
Criticality analysis
BCP Plans
43. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
The appropriate role of an IS auditor in a control self-assessment
Project Management Strategies
IT Services Financial Management
Business Realization
44. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Employees with excessive privileges
OSI Layer 5: Session
Power system controls
IT Service Management
45. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Employees with excessive privileges
A Problem
Advantages of outsourcing
Antivirus software on the email servers
46. An audit of an IS department's operations and systems.
SDLC Phases
A Virtual Server
An IS audit
Project change request
47. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Incident Management
The Steering Committee
Foreign Key
48. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Background checks performed
OSI: Transport Layer
The typical Configuration Items in Configuration Management
49. An audit that combines an operational audit and a financial audit.
An Integrated Audit
Dimensions of the COSO cube
The Business Process Life Cycle
The Release process
50. Delivery of packets from one station to another - on the same network or on different networks.
OSI: Physical Layer
The Internet Layer in the TCP/IP model
Elements of the COBIT Framework
The Software Program Library
