SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Information systems access
Personnel involved in the requirements phase of a software development project
Documentation and interview personnel
Risk Management
2. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
The Internet Layer in the TCP/IP model
Recovery time objective
SDLC Phases
Inherent Risk
3. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Security Awareness program
ISO 20000 Standard:
Blade Computer Architecture
4. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
IT Services Financial Management
Advantages of outsourcing
Sampling Risk
less than 24 hours
5. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Resource details
Grid Computing
Testing activities
PERT Diagram?
6. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
OSI: Network Layer
Service Continuity Management
Project change request
7. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Service Continuity Management
TCP/IP Transport Layer
Gantt Chart
IT executives and the Board of Directors
8. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
The audit program
Service Continuity Management
Notify the Audit Committee
9. A collection of two or more servers that is designed to appear as a single server.
Insourcing
Server cluster
OSI: Data Link Layer
Split custody
10. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Application Controls
Rating Scale for Process Maturity
BCP Plans
Referential Integrity
11. (1.) General (2.) Application
OSI: Network Layer
CPU
Main types of Controls
The Internet Layer in the TCP/IP model
12. (1.) Access controls (2.) Encryption (3.) Audit logging
Change management
Judgmental sampling
Primary security features of relational databases
Criticality analysis
13. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Variable Sampling
Service Continuity Management
Criticality analysis
Stay current with technology
14. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
IT standards are not being reviewed often enough
Expected Error Rate
Reduced sign-on
Documentation and interview personnel
15. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Elements of the COBIT Framework
Control Unit
OSI Layer 7: Application
The audit program
16. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
The Eight Types of Audits
Foreign Key
Dimensions of the COSO cube
Reduced sign-on
17. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Network Layer Protocols
Sampling
The Steering Committee
Compliance Testing
18. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
A Forensic Audit
Three Types of Controls
Elements of the COBIT Framework
Separate administrative accounts
19. To measure organizational performance and effectiveness against strategic goals.
Incident Management
Formal waterfall
Balanced Scorecard
Organizational culture and maturity
20. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Annualized Loss Expectance (ALE)
Attribute Sampling
Tolerable Error Rate
(1.) Polices (2.) Procedures (3.) Standards
21. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
A Compliance audit
(1.) Man-made (2.) Natural
Service Continuity Management
22. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Service Continuity Management
Compliance Testing
A Server Cluster
ISO 20000 Standard:
23. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Testing activities
A Problem
The Software Program Library
Substantive Testing (test of transaction integrity)
24. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
(1.) Man-made (2.) Natural
Sample Standard Deviation
Options for Risk Treatment
25. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
Frameworks
The Steering Committee
Lacks specific expertise or resources to conduct an internal audit
26. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
Three Types of Controls
Annualized Loss Expectance (ALE)
Blade Computer Architecture
27. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Blade Computer Architecture
less than 24 hours
Data Link Layer Standards
Cloud computing
28. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Employees with excessive privileges
Function Point Analysis
Prblem Management
29. Contains programs that communicate directly with the end user.
Cloud computing
OSI Layer 7: Application
Department Charters
Notify the Audit Committee
30. An audit that is performed in support of an anticipated or active legal proceeding.
Function Point Analysis
Controls
Precision means
A Forensic Audit
31. The main hardware component of a computer system - which executes instructions in computer programs.
Concentrate on samples known to represent high risk
Data Link Layer Standards
CPU
Statement of Impact
32. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The Steering Committee
The 5 types of Evidence that the auditor will collect during an audit.
WAN Protocols
Grid Computing
33. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Control Risk
Categories of risk treatment
OSI: Network Layer
Split custody
34. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Elements of the COBIT Framework
The Steering Committee
A Server Cluster
Stay current with technology
35. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Change management
(1.) Man-made (2.) Natural
Organizational culture and maturity
Project change request
36. Support the functioning of the application controls
To identify the tasks that are responsible for project delays
The Business Process Life Cycle
General Controls
Compliance Testing
37. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Change management
The typical Configuration Items in Configuration Management
Detection Risk
Substantive Testing (test of transaction integrity)
38. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
BCP Plans
Geographic location
A Cold Site
Elements of the COSO pyramid
39. Used to determine which business processes are the most critical - by ranking them in order of criticality
The two Categories of Controls
Criticality analysis
Network Layer Protocols
Database primary key
40. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Incident Management
The typical Configuration Items in Configuration Management
An IS audit
The audit program
41. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Categories of risk treatment
Sampling Risk
Audit Methodologies
42. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Recovery time objective
Examples of Application Controls
Application Layer protocols
Frameworks
43. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Variable Sampling
Statistical Sampling
Sample Standard Deviation
IT standards are not being reviewed often enough
44. ITIL term used to describe the SDLC.
Critical Path Methodology
Current and most up-to-date
Release management
The Requirements
45. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
A Server Cluster
Organizational culture and maturity
IT executives and the Board of Directors
Tolerable Error Rate
46. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Precision means
Statistical Sampling
Stratified Sampling
Critical Path Methodology
47. A maturity model that represents the aggregations of other maturity models.
Insourcing
Capability Maturity Model Integration (CMMI)
Input validation checking
Vulnerability in the organization's PBX
48. (1.) Objectives (2.) Components (3.) Business Units / Areas
Segregation of duties issue in a high value process
Entire password for an encryption key
Lacks specific expertise or resources to conduct an internal audit
Dimensions of the COSO cube
49. Used to translate or transform data from lower layers into formats that the application layer can work with.
Types of sampling an auditor can perform.
BCP Plans
To identify the tasks that are responsible for project delays
OSI Layer 6: Presentation
50. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Application Controls
Configuration Management
Project Management Strategies
Lacks specific expertise or resources to conduct an internal audit