SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
The two Categories of Controls
General Controls
Overall audit risk
OSI: Physical Layer
2. Contains programs that communicate directly with the end user.
Examples of Application Controls
OSI Layer 7: Application
Network Layer Protocols
Entire password for an encryption key
3. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
A Cold Site
Inform the auditee
Gantt Chart
4. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
CPU
Blade Computer Architecture
Incident Management
Substantive Testing
5. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
The best approach for identifying high risk areas for an audit
Compliance Testing
Risk Management
Blade Computer Architecture
6. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Gantt Chart
The typical Configuration Items in Configuration Management
The availability of IT systems
Substantive Testing
7. IT Service Management is defined in ___________________ framework.
OSI Layer 6: Presentation
ITIL - IT Infrastructure Library
Configuration Management
Confidence coefficient
8. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
WAN Protocols
SDLC Phases
Service Level Management
Change management
9. One of a database table's fields - whose value is unique.
Database primary key
A Sample Mean
Wet pipe fire sprinkler system
Balanced Scorecard
10. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Risk Management
Emergency Changes
Deming Cycle
Business impact analysis
11. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Attribute Sampling
OSI Layer 6: Presentation
Sampling
Stratified Sampling
12. The means by which management establishes and measures processes by which organizational objectives are achieved
Examples of IT General Controls
Configuration Management
IT Service Management
Controls
13. An audit that is performed in support of an anticipated or active legal proceeding.
Sampling
Three Types of Controls
A Forensic Audit
Main types of Controls
14. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
ISO 20000 Standard:
TCP/IP Transport Layer packet delivery
Notify the Audit Committee
OSI: Physical Layer
15. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Controls
Gantt Chart
Confidence coefficient
An Integrated Audit
16. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Control Unit
SDLC Phases
Employees with excessive privileges
General Controls
17. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Documentation and interview personnel
An Operational Audit
Audit Methodologies
ITIL definition of CHANGE MANAGEMENT
18. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Audit logging
Wet pipe fire sprinkler system
Examples of IT General Controls
Network Layer Protocols
19. Focuses on: post-event recovery and restoration of services
A Problem
Annualized Loss Expectance (ALE)
Disaster Recovery
Capability Maturity Model Integration (CMMI)
20. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Primary security features of relational databases
Substantive Testing (test of transaction integrity)
OSI Layer 5: Session
(1.) Man-made (2.) Natural
21. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
General Controls
Options for Risk Treatment
Structural fires and transportation accidents
Tolerable Error Rate
22. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
A Cold Site
An IS audit
Entire password for an encryption key
Risk Management
23. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Frameworks
An Operational Audit
IT Strategy
Sample Standard Deviation
24. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Security Awareness program
The Eight Types of Audits
Disaster Recovery
A Virtual Server
25. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Deming Cycle
Emergency Changes
Data Link Layer Standards
The best approach for identifying high risk areas for an audit
26. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Geographic location
The Software Program Library
A Service Provider audit
A Cold Site
27. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
Transport Layer Protocols
Emergency Changes
Application Controls
28. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
OSI: Network Layer
Critical Path Methodology
Compliance Testing
TCP/IP Link Layer
29. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
OSI: Transport Layer
Precision means
Service Level Management
Department Charters
30. An audit that combines an operational audit and a financial audit.
Input validation checking
An Integrated Audit
The Release process
(1.) Man-made (2.) Natural
31. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Geographic location
An Integrated Audit
Sample Standard Deviation
32. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
The Software Program Library
Business Realization
Personnel involved in the requirements phase of a software development project
Examples of Application Controls
33. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
ISO 20000 Standard:
Confidence coefficient
Detection Risk
Rating Scale for Process Maturity
34. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Rating Scale for Process Maturity
Annualized Loss Expectance (ALE)
Types of sampling an auditor can perform.
PERT Diagram?
35. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Project change request
Segregation of duties issue in a high value process
Organizational culture and maturity
Grid Computing
36. (1.) Objectives (2.) Components (3.) Business Units / Areas
The Steering Committee
Formal waterfall
Wet pipe fire sprinkler system
Dimensions of the COSO cube
37. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
Application Controls
Options for Risk Treatment
Elements of the COSO pyramid
38. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Main types of Controls
Types of sampling an auditor can perform.
Variable Sampling
39. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Overall audit risk
Insourcing
Tolerable Error Rate
40. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Function Point Analysis
Annualized Loss Expectance (ALE)
Information security policy
41. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Registers
Substantive Testing
Six steps of the Release Management process
42. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Deming Cycle
Configuration Management
Types of sampling an auditor can perform.
SDLC Phases
43. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
TCP/IP Transport Layer packet delivery
A Service Provider audit
Change management
44. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Elements of the COSO pyramid
The Software Program Library
ISO 20000 Standard:
45. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Hash
Dimensions of the COSO cube
List of systems examined
Statement of Impact
46. A maturity model that represents the aggregations of other maturity models.
Foreign Key
Antivirus software on the email servers
Capability Maturity Model Integration (CMMI)
Split custody
47. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Cloud computing
Control Unit
Service Level Management
A Virtual Server
48. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Change management
Volumes of COSO framework
Sampling Risk
A Service Provider audit
49. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Gantt Chart
Sampling Risk
A Service Provider audit
50. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Buffers
Employee termination process
Geographic location
Wet pipe fire sprinkler system