SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
ITIL - IT Infrastructure Library
Project change request
More difficult to perform
Notify the Audit Committee
2. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
IT executives and the Board of Directors
A Virtual Server
Rating Scale for Process Maturity
Personnel involved in the requirements phase of a software development project
3. Guide program execution through organization of resources and development of clear project objectives.
(1.) Polices (2.) Procedures (3.) Standards
Project Management Strategies
The Internet Layer in the TCP/IP model
Discovery Sampling
4. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
Geographic location
Current and most up-to-date
Substantive Testing (test of transaction integrity)
5. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
OSI Layer 6: Presentation
More difficult to perform
Business impact analysis
Sampling
6. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
The Release process
TCP/IP Internet Layer
Data Link Layer Standards
7. ITIL term used to describe the SDLC.
Security Awareness program
Release management
More difficult to perform
A Server Cluster
8. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Function Point Analysis
Examples of IT General Controls
IT Service Management
IT executives and the Board of Directors
9. (1.) Access controls (2.) Encryption (3.) Audit logging
OSI: Physical Layer
Detection Risk
Primary security features of relational databases
Stop-or-go Sampling
10. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Inform the auditee
A Problem
Cloud computing
Referential Integrity
11. An audit of operational efficiency.
The audit program
An Administrative
IT executives and the Board of Directors
Service Level Management
12. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Referential Integrity
Employee termination process
Lacks specific expertise or resources to conduct an internal audit
Risk Management
13. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Project change request
Emergency Changes
Volumes of COSO framework
14. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Buffers
OSI Layer 7: Application
A Compliance audit
Risk Management
15. IT Service Management is defined in ___________________ framework.
Grid Computing
The 7 phases and their order in the SDLC
Volumes of COSO framework
ITIL - IT Infrastructure Library
16. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Statistical Sampling
(1.) Man-made (2.) Natural
Change management
Judgmental sampling
17. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Service Level Management
OSI Layer 6: Presentation
IT Strategy
18. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Cloud computing
Statistical Sampling
More difficult to perform
19. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Examples of IT General Controls
SDLC Phases
ITIL - IT Infrastructure Library
20. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Department Charters
TCP/IP Link Layer
An Integrated Audit
Data Link Layer Standards
21. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
A gate process
The best approach for identifying high risk areas for an audit
Discovery Sampling
Background checks performed
22. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
A Financial Audit
Testing activities
List of systems examined
Examples of IT General Controls
23. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Statement of Impact
Foreign Key
IT Services Financial Management
24. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Information security policy
(1.) Polices (2.) Procedures (3.) Standards
Foreign Key
objective and unbiased
25. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Stop-or-go Sampling
Database primary key
Elements of the COSO pyramid
Separate administrative accounts
26. Contains programs that communicate directly with the end user.
Notify the Audit Committee
Cloud computing
Database primary key
OSI Layer 7: Application
27. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Foreign Key
IT standards are not being reviewed often enough
TCP/IP Transport Layer packet delivery
Primary security features of relational databases
28. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
The availability of IT systems
Information systems access
objective and unbiased
Split custody
29. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
TCP/IP Transport Layer
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Power system controls
Employees with excessive privileges
30. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The audit program
An Integrated Audit
The appropriate role of an IS auditor in a control self-assessment
Function Point Analysis
31. The means by which management establishes and measures processes by which organizational objectives are achieved
less than 24 hours
Controls
General Controls
Foreign Key
32. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
Cloud computing
Blade Computer Architecture
Background checks performed
33. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
An IS audit
Recovery time objective
Function Point Analysis
34. (1.) Automatic (2.) Manual
A Forensic Audit
The two Categories of Controls
less than 24 hours
OSI Layer 7: Application
35. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Expected Error Rate
Control Unit
OSI Layer 5: Session
Statistical Sampling
36. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Confidence coefficient
The BCP process
Substantive Testing
TCP/IP Internet Layer
37. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Balanced Scorecard
Testing activities
Registers
List of systems examined
38. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Six steps of the Release Management process
Controls
A Compliance audit
Notify the Audit Committee
39. An audit of a third-party organization that provides services to other organizations.
The appropriate role of an IS auditor in a control self-assessment
A Service Provider audit
Confidence coefficient
Judgmental sampling
40. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Statement of Impact
Frameworks
Dimensions of the COSO cube
41. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Six steps of the Release Management process
Security Awareness program
Antivirus software on the email servers
Background checks performed
42. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Criticality analysis
Insourcing
Project change request
Service Level Management
43. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
The appropriate role of an IS auditor in a control self-assessment
OSI Layer 5: Session
The 7 phases and their order in the SDLC
44. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Criticality analysis
The BCP process
Confidence coefficient
Incident Management
45. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Project Management Strategies
Information security policy
Tolerable Error Rate
The BCP process
46. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
less than 24 hours
Input validation checking
WAN Protocols
The appropriate role of an IS auditor in a control self-assessment
47. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
An IS audit
A Virtual Server
Incident Management
(1.) Polices (2.) Procedures (3.) Standards
48. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
(1.) Man-made (2.) Natural
Business Realization
Geographic location
Insourcing
49. The inventory of all in-scope business processes and systems
Information systems access
An Operational Audit
The first step in a business impact analysis
Overall audit risk
50. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing
Controls
Examples of IT General Controls
Substantive Testing (test of transaction integrity)
