SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
A Forensic Audit
OSI: Network Layer
CPU
Separate administrative accounts
2. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Server cluster
Hash
More difficult to perform
Foreign Key
3. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Notify the Audit Committee
Precision means
Employees with excessive privileges
An IS audit
4. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
A Forensic Audit
The best approach for identifying high risk areas for an audit
Employees with excessive privileges
The Steering Committee
5. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
A Server Cluster
Input validation checking
Sampling Risk
Organizational culture and maturity
6. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Capability Maturity Model
Wet pipe fire sprinkler system
The two Categories of Controls
7. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Business Continuity
Concentrate on samples known to represent high risk
The Eight Types of Audits
8. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
OSI Layer 5: Session
Sampling Risk
The Requirements
Inform the auditee
9. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Registers
Volumes of COSO framework
BCP Plans
Blade Computer Architecture
10. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Sampling Risk
Referential Integrity
Employee termination process
Business Realization
11. The highest number of errors that can exist without a result being materially misstated.
Statistical Sampling
An Administrative
Tolerable Error Rate
OSI: Transport Layer
12. A sampling technique where at least one exception is sought in a population
OSI: Data Link Layer
Judgmental sampling
The Steering Committee
Discovery Sampling
13. (1.) Access controls (2.) Encryption (3.) Audit logging
IT Service Management
PERT Diagram?
Variable Sampling
Primary security features of relational databases
14. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
CPU
Control Unit
Incident Management
Employees with excessive privileges
15. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Primary security features of relational databases
Service Level Management
Function Point Analysis
Risk Management
16. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
OSI Layer 6: Presentation
(1.) Man-made (2.) Natural
Application Layer protocols
Inherent Risk
17. An audit of an IS department's operations and systems.
Network Layer Protocols
Antivirus software on the email servers
An IS audit
OSI Layer 6: Presentation
18. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
The best approach for identifying high risk areas for an audit
IT standards are not being reviewed often enough
TCP/IP Transport Layer packet delivery
Dimensions of the COSO cube
19. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Personnel involved in the requirements phase of a software development project
The Software Program Library
IT Service Management
20. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
A Cold Site
Cloud computing
Six steps of the Release Management process
The availability of IT systems
21. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Critical Path Methodology
A Sample Mean
The 5 types of Evidence that the auditor will collect during an audit.
Assess the maturity of its business processes
22. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Cloud computing
Volumes of COSO framework
The 7 phases and their order in the SDLC
23. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
OSI: Physical Layer
Inherent Risk
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
24. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Referential Integrity
Antivirus software on the email servers
Change management
Sample Standard Deviation
25. A collection of two or more servers that is designed to appear as a single server.
ITIL definition of CHANGE MANAGEMENT
Business Continuity
Server cluster
Precision means
26. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
The Eight Types of Audits
OSI Layer 7: Application
Risk Management
BCP Plans
27. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Types of sampling an auditor can perform.
Annualized Loss Expectance (ALE)
IT Services Financial Management
Elements of the COBIT Framework
28. Defines internal controls and provides guidance for assessing and improving internal control systems.
Inherent Risk
Testing activities
The 7 phases and their order in the SDLC
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
29. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Controls
Lacks specific expertise or resources to conduct an internal audit
Organizational culture and maturity
Primary security features of relational databases
30. Guide program execution through organization of resources and development of clear project objectives.
Rating Scale for Process Maturity
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Project Management Strategies
(1.) Polices (2.) Procedures (3.) Standards
31. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
(1.) Man-made (2.) Natural
Testing activities
An IS audit
The Business Process Life Cycle
32. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Control Risk
An Operational Audit
Primary security features of relational databases
33. Gantt: used to display ______________.
Resource details
Detection Risk
Current and most up-to-date
The availability of IT systems
34. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
A Service Provider audit
Types of sampling an auditor can perform.
Documentation and interview personnel
The Internet Layer in the TCP/IP model
35. The memory locations in the CPU where arithmetic values are stored.
Registers
Capability Maturity Model
Expected Error Rate
Information systems access
36. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
objective and unbiased
Lacks specific expertise or resources to conduct an internal audit
TCP/IP Transport Layer
37. (1.) TCP (2.) UDP
objective and unbiased
Reduced sign-on
Sample Standard Deviation
Transport Layer Protocols
38. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
List of systems examined
Blade Computer Architecture
The Steering Committee
Examples of IT General Controls
39. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
More difficult to perform
Primary security features of relational databases
The 5 types of Evidence that the auditor will collect during an audit.
40. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Separate administrative accounts
List of systems examined
General Controls
A Sample Mean
41. The inventory of all in-scope business processes and systems
Judgmental sampling
An Integrated Audit
The first step in a business impact analysis
less than 24 hours
42. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
A Financial Audit
The best approach for identifying high risk areas for an audit
IT Services Financial Management
OSI Layer 5: Session
43. PERT: shows the ______________ critical path.
Current and most up-to-date
Elements of the COBIT Framework
OSI Layer 5: Session
Criticality analysis
44. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
An Administrative
The 5 types of Evidence that the auditor will collect during an audit.
Server cluster
45. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Volumes of COSO framework
Service Continuity Management
Lacks specific expertise or resources to conduct an internal audit
Gantt Chart
46. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
A Server Cluster
Reduced sign-on
A Forensic Audit
OSI: Network Layer
47. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Overall audit risk
Inherent Risk
The Requirements
Prblem Management
48. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
TCP/IP Transport Layer packet delivery
TCP/IP Link Layer
objective and unbiased
A gate process
49. One of a database table's fields - whose value is unique.
IT executives and the Board of Directors
Database primary key
Geographic location
Incident Management
50. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Background checks performed
Business Continuity
Database primary key
Notify the Audit Committee
