SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
PERT Diagram?
Grid Computing
Expected Error Rate
Annualized Loss Expectance (ALE)
2. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Statement of Impact
The Steering Committee
Input validation checking
Capability Maturity Model
3. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Structural fires and transportation accidents
Stop-or-go Sampling
A Server Cluster
4. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Hash
TCP/IP Transport Layer packet delivery
Geographic location
5. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Statistical Sampling
Sampling Risk
Foreign Key
6. Disasters are generally grouped in terms of type: ______________.
Inherent Risk
Split custody
(1.) Man-made (2.) Natural
Documentation and interview personnel
7. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Data Link Layer Standards
The Steering Committee
Information security policy
Overall audit risk
8. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Inform the auditee
Buffers
Categories of risk treatment
9. Contains programs that communicate directly with the end user.
Business Continuity
OSI Layer 7: Application
Advantages of outsourcing
Three Types of Controls
10. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
Testing activities
Antivirus software on the email servers
Transport Layer Protocols
11. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
Business Realization
WAN Protocols
Precision means
12. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
OSI: Data Link Layer
The Internet Layer in the TCP/IP model
Confidence coefficient
13. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Separate administrative accounts
Current and most up-to-date
TCP/IP Transport Layer packet delivery
14. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
The audit program
To identify the tasks that are responsible for project delays
Variable Sampling
Employee termination process
15. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Precision means
Power system controls
Blade Computer Architecture
Function Point Analysis
16. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
More difficult to perform
Types of sampling an auditor can perform.
Audit Methodologies
Security Awareness program
17. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Business Realization
Compliance Testing
Hash
ITIL definition of PROBLEM
18. The risk that an IS auditor will overlook errors or exceptions during an audit.
IT standards are not being reviewed often enough
Detection Risk
Project change request
IT executives and the Board of Directors
19. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Expected Error Rate
Structural fires and transportation accidents
Wet pipe fire sprinkler system
An Administrative
20. Defines internal controls and provides guidance for assessing and improving internal control systems.
Project Management Strategies
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Transport Layer Protocols
Controls
21. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Deming Cycle
A Problem
Entire password for an encryption key
An IS audit
22. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Hash
Notify the Audit Committee
Statistical Sampling
Vulnerability in the organization's PBX
23. Describes the effect on the business if a process is incapacitated for any appreciable time
Critical Path Methodology
OSI: Physical Layer
Hash
Statement of Impact
24. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Transport Layer Protocols
Notify the Audit Committee
OSI: Data Link Layer
Separate administrative accounts
25. A maturity model that represents the aggregations of other maturity models.
ITIL - IT Infrastructure Library
Entire password for an encryption key
The BCP process
Capability Maturity Model Integration (CMMI)
26. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Structural fires and transportation accidents
Substantive Testing (test of transaction integrity)
Release management
Service Continuity Management
27. A representation of how closely a sample represents an entire population.
Precision means
To identify the tasks that are responsible for project delays
The Software Program Library
ISO 20000 Standard:
28. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
The 5 types of Evidence that the auditor will collect during an audit.
An IS audit
A Service Provider audit
Sampling Risk
29. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Recovery time objective
Grid Computing
Inform the auditee
IT Service Management
30. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Notify the Audit Committee
Statistical Sampling
List of systems examined
Deming Cycle
31. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Formal waterfall
Control Unit
The appropriate role of an IS auditor in a control self-assessment
Deming Cycle
32. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
The Internet Layer in the TCP/IP model
A Financial Audit
less than 24 hours
Stop-or-go Sampling
33. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
The Requirements
A Sample Mean
BCP Plans
Disaster Recovery
34. An alternate processing center that contains no information processing equipment.
ITIL - IT Infrastructure Library
A Forensic Audit
A Cold Site
Information security policy
35. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Elements of the COSO pyramid
The Business Process Life Cycle
ITIL definition of PROBLEM
Function Point Analysis
36. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Network Layer Protocols
IT standards are not being reviewed often enough
TCP/IP Transport Layer packet delivery
37. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Inform the auditee
A Financial Audit
Stratified Sampling
Elements of the COSO pyramid
38. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Statement of Impact
Formal waterfall
Attribute Sampling
PERT Diagram?
39. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
The Release process
A Server Cluster
An Integrated Audit
Transport Layer Protocols
40. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
The best approach for identifying high risk areas for an audit
Capability Maturity Model Integration (CMMI)
Incident Management
A Virtual Server
41. To communication security policies - procedures - and other security-related information to an organization's employees.
List of systems examined
Security Awareness program
Business Realization
A Compliance audit
42. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Dimensions of the COSO cube
To identify the tasks that are responsible for project delays
A Server Cluster
Sampling Risk
43. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Main types of Controls
Application Layer protocols
A gate process
Examples of Application Controls
44. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Current and most up-to-date
Buffers
Structural fires and transportation accidents
Registers
45. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
The first step in a business impact analysis
Sampling Risk
TCP/IP Internet Layer
Application Layer protocols
46. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
The 4-item focus of a Balanced Scorecard
Rating Scale for Process Maturity
IT standards are not being reviewed often enough
Types of sampling an auditor can perform.
47. Support the functioning of the application controls
Application Layer protocols
Business Continuity
General Controls
OSI Layer 5: Session
48. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Formal waterfall
Security Awareness program
Capability Maturity Model
Service Continuity Management
49. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
A Sample Mean
Antivirus software on the email servers
OSI: Data Link Layer
Transport Layer Protocols
50. (1.) Automatic (2.) Manual
Data Link Layer Standards
The BCP process
Types of sampling an auditor can perform.
The two Categories of Controls
