SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit that combines an operational audit and a financial audit.
SDLC Phases
Department Charters
TCP/IP Transport Layer
An Integrated Audit
2. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
ITIL definition of PROBLEM
A Forensic Audit
Substantive Testing (test of transaction integrity)
The 4-item focus of a Balanced Scorecard
3. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Vulnerability in the organization's PBX
Balanced Scorecard
Power system controls
ITIL definition of CHANGE MANAGEMENT
4. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
IT Service Management
The Software Program Library
Segregation of duties issue in a high value process
5. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Function Point Analysis
An Operational Audit
Organizational culture and maturity
Precision means
6. Used to translate or transform data from lower layers into formats that the application layer can work with.
Foreign Key
OSI Layer 6: Presentation
Organizational culture and maturity
Current and most up-to-date
7. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Capability Maturity Model
Controls
Audit logging
8. Consists of two main packet transport protocols: TCP and UDP.
Buffers
Overall audit risk
Disaster Recovery
TCP/IP Transport Layer
9. The inventory of all in-scope business processes and systems
CPU
The first step in a business impact analysis
Foreign Key
Sampling Risk
10. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Resource details
Frameworks
less than 24 hours
Overall audit risk
11. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
The 7 phases and their order in the SDLC
Criticality analysis
An Operational Audit
Antivirus software on the email servers
12. ITIL term used to describe the SDLC.
The Release process
Dimensions of the COSO cube
Advantages of outsourcing
Release management
13. Framework for auditing and measuring IT Service Management Processes.
Database primary key
Confidence coefficient
ISO 20000 Standard:
Balanced Scorecard
14. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Three Types of Controls
To identify the tasks that are responsible for project delays
Incident Management
A Compliance audit
15. IT Service Management is defined in ___________________ framework.
The 5 types of Evidence that the auditor will collect during an audit.
Business Continuity
ITIL - IT Infrastructure Library
Organizational culture and maturity
16. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Sampling
Business impact analysis
Precision means
17. Disasters are generally grouped in terms of type: ______________.
The 7 phases and their order in the SDLC
(1.) Man-made (2.) Natural
Geographic location
Judgmental sampling
18. Used to estimate the effort required to develop a software program.
Audit Methodologies
Split custody
Confidence coefficient
Function Point Analysis
19. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Advantages of outsourcing
Split custody
Service Level Management
The 5 types of Evidence that the auditor will collect during an audit.
20. One of a database table's fields - whose value is unique.
Database primary key
(1.) Man-made (2.) Natural
OSI Layer 6: Presentation
A Forensic Audit
21. PERT: shows the ______________ critical path.
OSI Layer 6: Presentation
Statistical Sampling
Current and most up-to-date
Buffers
22. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
IT executives and the Board of Directors
The Steering Committee
Precision means
A Compliance audit
23. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
The Software Program Library
TCP/IP Transport Layer
Power system controls
24. An audit of operational efficiency.
An Administrative
The Business Process Life Cycle
OSI: Transport Layer
OSI: Network Layer
25. The means by which management establishes and measures processes by which organizational objectives are achieved
Tolerable Error Rate
Frameworks
(1.) Man-made (2.) Natural
Controls
26. To communication security policies - procedures - and other security-related information to an organization's employees.
OSI: Data Link Layer
Categories of risk treatment
Security Awareness program
Overall audit risk
27. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
TCP/IP Transport Layer
Variable Sampling
The Release process
Structural fires and transportation accidents
28. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Geographic location
Elements of the COBIT Framework
Buffers
OSI Layer 5: Session
29. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
More difficult to perform
Insourcing
TCP/IP Link Layer
The first step in a business impact analysis
30. Used to determine which business processes are the most critical - by ranking them in order of criticality
The audit program
TCP/IP Internet Layer
Criticality analysis
Elements of the COSO pyramid
31. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Database primary key
BCP Plans
IT executives and the Board of Directors
Hash
32. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Antivirus software on the email servers
The audit program
WAN Protocols
A Sample Mean
33. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Overall audit risk
Entire password for an encryption key
Current and most up-to-date
Frameworks
34. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Recovery time objective
Lacks specific expertise or resources to conduct an internal audit
Criticality analysis
Advantages of outsourcing
35. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Balanced Scorecard
Information systems access
TCP/IP Internet Layer
Recovery time objective
36. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Current and most up-to-date
Tolerable Error Rate
OSI Layer 6: Presentation
37. (1.) Link (2.) Internet (3.) Transport (4.) Application
SDLC Phases
TCP/IP Network Model
Security Awareness program
Statement of Impact
38. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Split custody
A Financial Audit
Sample Standard Deviation
Control Risk
39. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
TCP/IP Network Model
Employee termination process
The Release process
40. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Release management
Buffers
The 5 types of Evidence that the auditor will collect during an audit.
CPU
41. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Risk Management
Compliance Testing
Foreign Key
less than 24 hours
42. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
General Controls
The 5 types of Evidence that the auditor will collect during an audit.
The Release process
43. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
TCP/IP Network Model
Personnel involved in the requirements phase of a software development project
SDLC Phases
44. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Concentrate on samples known to represent high risk
Insourcing
Service Level Management
45. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Wet pipe fire sprinkler system
The typical Configuration Items in Configuration Management
Service Level Management
Deming Cycle
46. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
OSI: Transport Layer
A Server Cluster
Audit logging
Documentation and interview personnel
47. The sum of all samples divided by the number of samples.
Six steps of the Release Management process
Resource details
A Sample Mean
A Virtual Server
48. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Stay current with technology
Deming Cycle
Application Controls
The Steering Committee
49. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Deming Cycle
Service Continuity Management
A Sample Mean
Assess the maturity of its business processes
50. The risk that an IS auditor will overlook errors or exceptions during an audit.
Inherent Risk
The 5 types of Evidence that the auditor will collect during an audit.
Six steps of the Release Management process
Detection Risk
