SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Project Management Strategies
The first step in a business impact analysis
Overall audit risk
Rating Scale for Process Maturity
2. A representation of how closely a sample represents an entire population.
Insourcing
Expected Error Rate
Precision means
Sampling
3. An audit that is performed in support of an anticipated or active legal proceeding.
A Sample Mean
The availability of IT systems
Dimensions of the COSO cube
A Forensic Audit
4. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Registers
The 4-item focus of a Balanced Scorecard
Audit Methodologies
Overall audit risk
5. (1.) General (2.) Application
Information systems access
Statement of Impact
Notify the Audit Committee
Main types of Controls
6. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
Sample Standard Deviation
Lacks specific expertise or resources to conduct an internal audit
Segregation of duties issue in a high value process
7. Concerned with electrical and physical specifications for devices. No frames or packets involved.
The Requirements
OSI: Physical Layer
Referential Integrity
Organizational culture and maturity
8. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
OSI Layer 5: Session
Employee termination process
Stratified Sampling
9. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
The best approach for identifying high risk areas for an audit
Employee termination process
The Eight Types of Audits
Business impact analysis
10. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
The Eight Types of Audits
TCP/IP Internet Layer
Structural fires and transportation accidents
Statistical Sampling
11. Used to measure the relative maturity of an organization and its processes.
Power system controls
Capability Maturity Model
Information security policy
Notify the Audit Committee
12. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Formal waterfall
Split custody
Change management
13. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
Separate administrative accounts
PERT Diagram?
Examples of Application Controls
14. Defines internal controls and provides guidance for assessing and improving internal control systems.
Vulnerability in the organization's PBX
Rating Scale for Process Maturity
Current and most up-to-date
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
15. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
A Virtual Server
Foreign Key
Resource details
Release management
16. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Sample Standard Deviation
Background checks performed
Documentation and interview personnel
A Sample Mean
17. An alternate processing center that contains no information processing equipment.
(1.) Polices (2.) Procedures (3.) Standards
Information systems access
Business Continuity
A Cold Site
18. Support the functioning of the application controls
Assess the maturity of its business processes
General Controls
Three Types of Controls
Risk Management
19. The risk that an IS auditor will overlook errors or exceptions during an audit.
Criticality analysis
Gantt Chart
Detection Risk
Three Types of Controls
20. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
The best approach for identifying high risk areas for an audit
Information security policy
Emergency Changes
21. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
A Server Cluster
Types of sampling an auditor can perform.
The 7 phases and their order in the SDLC
(1.) Man-made (2.) Natural
22. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Resource details
OSI: Network Layer
An IS audit
TCP/IP Network Model
23. ITIL term used to describe the SDLC.
Business Realization
Personnel involved in the requirements phase of a software development project
Release management
Segregation of duties issue in a high value process
24. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Antivirus software on the email servers
Project change request
Control Risk
Power system controls
25. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Concentrate on samples known to represent high risk
A Server Cluster
The audit program
Reduced sign-on
26. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
The first step in a business impact analysis
Annualized Loss Expectance (ALE)
Gantt Chart
27. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Vulnerability in the organization's PBX
ITIL definition of CHANGE MANAGEMENT
Data Link Layer Standards
28. To communication security policies - procedures - and other security-related information to an organization's employees.
PERT Diagram?
Department Charters
Stratified Sampling
Security Awareness program
29. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Capability Maturity Model Integration (CMMI)
The Requirements
TCP/IP Network Model
Function Point Analysis
30. The sum of all samples divided by the number of samples.
A Sample Mean
Prblem Management
The typical Configuration Items in Configuration Management
Stratified Sampling
31. An audit of operational efficiency.
An Administrative
Incident Management
The appropriate role of an IS auditor in a control self-assessment
Prblem Management
32. Used to estimate the effort required to develop a software program.
Function Point Analysis
Concentrate on samples known to represent high risk
PERT Diagram?
Personnel involved in the requirements phase of a software development project
33. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
Assess the maturity of its business processes
SDLC Phases
Entire password for an encryption key
34. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
The BCP process
Lacks specific expertise or resources to conduct an internal audit
IT standards are not being reviewed often enough
35. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Buffers
Network Layer Protocols
The first step in a business impact analysis
36. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Statistical Sampling
Statement of Impact
IT executives and the Board of Directors
To identify the tasks that are responsible for project delays
37. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Primary security features of relational databases
The Steering Committee
Insourcing
Expected Error Rate
38. 1.) Executive Support (2.) Well-defined roles and responsibilities.
WAN Protocols
Information security policy
Elements of the COBIT Framework
OSI: Network Layer
39. A sampling technique where at least one exception is sought in a population
Options for Risk Treatment
ITIL - IT Infrastructure Library
Discovery Sampling
A Sample Mean
40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Personnel involved in the requirements phase of a software development project
Discovery Sampling
Variable Sampling
Hash
41. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Three Types of Controls
Wet pipe fire sprinkler system
Audit Methodologies
The audit program
42. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
The Steering Committee
OSI Layer 5: Session
Capability Maturity Model
43. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
Organizational culture and maturity
IT executives and the Board of Directors
Stay current with technology
44. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
ITIL definition of CHANGE MANAGEMENT
The typical Configuration Items in Configuration Management
Recovery time objective
Examples of IT General Controls
45. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Network Layer Protocols
Business Realization
Resource details
46. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Grid Computing
An IS audit
Disaster Recovery
47. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Dimensions of the COSO cube
Compliance Testing
The Eight Types of Audits
48. Consists of two main packet transport protocols: TCP and UDP.
A Financial Audit
OSI: Data Link Layer
TCP/IP Transport Layer
A Service Provider audit
49. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Sampling Risk
BCP Plans
Database primary key
Examples of Application Controls
50. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Inform the auditee
Cloud computing
Examples of Application Controls
Reduced sign-on