SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
less than 24 hours
The 4-item focus of a Balanced Scorecard
The Business Process Life Cycle
Resource details
2. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Structural fires and transportation accidents
Organizational culture and maturity
Change management
Formal waterfall
3. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Referential Integrity
Blade Computer Architecture
ISO 20000 Standard:
4. Support the functioning of the application controls
Expected Error Rate
General Controls
Stratified Sampling
Three Types of Controls
5. A sampling technique where at least one exception is sought in a population
The appropriate role of an IS auditor in a control self-assessment
Discovery Sampling
Project change request
Vulnerability in the organization's PBX
6. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Business Continuity
OSI: Data Link Layer
Segregation of duties issue in a high value process
Employees with excessive privileges
7. To communication security policies - procedures - and other security-related information to an organization's employees.
ITIL definition of CHANGE MANAGEMENT
A Server Cluster
An Operational Audit
Security Awareness program
8. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
(1.) Man-made (2.) Natural
The Requirements
Security Awareness program
9. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
objective and unbiased
An Operational Audit
The Release process
Grid Computing
10. Handle application processing
Stay current with technology
Cloud computing
Application Controls
Capability Maturity Model
11. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Capability Maturity Model
Sample Standard Deviation
Formal waterfall
Substantive Testing (test of transaction integrity)
12. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
OSI Layer 6: Presentation
Rating Scale for Process Maturity
Risk Management
13. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
objective and unbiased
Registers
A Service Provider audit
14. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Variable Sampling
Categories of risk treatment
Background checks performed
OSI: Network Layer
15. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
More difficult to perform
Network Layer Protocols
OSI: Transport Layer
An Operational Audit
16. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
List of systems examined
IT Services Financial Management
Hash
17. (1.) Link (2.) Internet (3.) Transport (4.) Application
Statistical Sampling
Controls
TCP/IP Network Model
Separate administrative accounts
18. Used to translate or transform data from lower layers into formats that the application layer can work with.
A Problem
OSI Layer 6: Presentation
Vulnerability in the organization's PBX
Foreign Key
19. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
An IS audit
Stop-or-go Sampling
Business Realization
20. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Overall audit risk
TCP/IP Internet Layer
Entire password for an encryption key
Change management
21. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Vulnerability in the organization's PBX
A Cold Site
Registers
22. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
A Server Cluster
Formal waterfall
Judgmental sampling
Blade Computer Architecture
23. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Stay current with technology
Formal waterfall
Structural fires and transportation accidents
Prblem Management
24. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Emergency Changes
Disaster Recovery
Testing activities
25. An alternate processing center that contains no information processing equipment.
The Requirements
ITIL - IT Infrastructure Library
A Cold Site
Tolerable Error Rate
26. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Security Awareness program
A Problem
TCP/IP Network Model
OSI Layer 5: Session
27. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Information systems access
The Release process
A Virtual Server
The Software Program Library
28. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Confidence coefficient
Incident Management
Critical Path Methodology
29. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
TCP/IP Link Layer
Criticality analysis
Project Management Strategies
30. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Substantive Testing (test of transaction integrity)
Background checks performed
OSI Layer 5: Session
31. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
A Problem
Rating Scale for Process Maturity
OSI: Data Link Layer
Separate administrative accounts
32. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Prblem Management
ITIL definition of CHANGE MANAGEMENT
Judgmental sampling
Hash
33. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Recovery time objective
The typical Configuration Items in Configuration Management
(1.) Polices (2.) Procedures (3.) Standards
Application Layer protocols
34. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Current and most up-to-date
Inform the auditee
Database primary key
Examples of IT General Controls
35. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
The Software Program Library
TCP/IP Transport Layer packet delivery
Vulnerability in the organization's PBX
OSI: Transport Layer
36. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Options for Risk Treatment
An Operational Audit
The 5 types of Evidence that the auditor will collect during an audit.
Split custody
37. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Separate administrative accounts
Blade Computer Architecture
Project change request
Audit logging
38. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Controls
OSI: Network Layer
Entire password for an encryption key
TCP/IP Network Model
39. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Critical Path Methodology
Control Unit
Testing activities
PERT Diagram?
40. PERT: shows the ______________ critical path.
Current and most up-to-date
Attribute Sampling
Antivirus software on the email servers
Detection Risk
41. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Project change request
Sampling Risk
The Internet Layer in the TCP/IP model
42. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
The BCP process
Elements of the COBIT Framework
OSI: Transport Layer
A Compliance audit
43. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
IT Service Management
Network Layer Protocols
Project Management Strategies
PERT Diagram?
44. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
Assess the maturity of its business processes
Configuration Management
The BCP process
45. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
The audit program
ITIL definition of CHANGE MANAGEMENT
TCP/IP Transport Layer packet delivery
The Release process
46. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling
Project change request
Sampling Risk
Cloud computing
47. The means by which management establishes and measures processes by which organizational objectives are achieved
Background checks performed
Concentrate on samples known to represent high risk
Controls
Service Level Management
48. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
Sampling Risk
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Release management
49. The sum of all samples divided by the number of samples.
Recovery time objective
Gantt Chart
TCP/IP Network Model
A Sample Mean
50. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
TCP/IP Link Layer
Examples of Application Controls
Prblem Management
Reduced sign-on
