SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Cloud computing
Control Unit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The availability of IT systems
2. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
(1.) Polices (2.) Procedures (3.) Standards
TCP/IP Transport Layer packet delivery
TCP/IP Internet Layer
The Release process
3. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
IT Service Management
Advantages of outsourcing
Assess the maturity of its business processes
Annualized Loss Expectance (ALE)
4. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The appropriate role of an IS auditor in a control self-assessment
Variable Sampling
Organizational culture and maturity
objective and unbiased
5. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
A Virtual Server
ITIL definition of CHANGE MANAGEMENT
Business impact analysis
To identify the tasks that are responsible for project delays
6. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
OSI Layer 6: Presentation
TCP/IP Network Model
Business Realization
Sampling Risk
7. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Documentation and interview personnel
Buffers
BCP Plans
A Cold Site
8. A representation of how closely a sample represents an entire population.
Department Charters
Employees with excessive privileges
Precision means
Business Continuity
9. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Security Awareness program
Elements of the COSO pyramid
Frameworks
The Steering Committee
10. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
The Eight Types of Audits
Inherent Risk
Background checks performed
Sampling
11. The sum of all samples divided by the number of samples.
A Compliance audit
A Sample Mean
Vulnerability in the organization's PBX
The first step in a business impact analysis
12. A maturity model that represents the aggregations of other maturity models.
Control Unit
Frameworks
The first step in a business impact analysis
Capability Maturity Model Integration (CMMI)
13. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
OSI Layer 6: Presentation
Formal waterfall
Personnel involved in the requirements phase of a software development project
14. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Balanced Scorecard
Statistical Sampling
less than 24 hours
Release management
15. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Recovery time objective
Three Types of Controls
SDLC Phases
The 5 types of Evidence that the auditor will collect during an audit.
16. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
A Server Cluster
TCP/IP Link Layer
Emergency Changes
Rating Scale for Process Maturity
17. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Information systems access
Change management
Compliance Testing
Risk Management
18. A collection of two or more servers that is designed to appear as a single server.
ISO 20000 Standard:
The Internet Layer in the TCP/IP model
Configuration Management
Server cluster
19. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
Prblem Management
The 7 phases and their order in the SDLC
Business Realization
20. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Grid Computing
Six steps of the Release Management process
Examples of IT General Controls
Risk Management
21. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Tolerable Error Rate
Substantive Testing
Categories of risk treatment
Grid Computing
22. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Assess the maturity of its business processes
Information systems access
The appropriate role of an IS auditor in a control self-assessment
Options for Risk Treatment
23. An audit of operational efficiency.
Grid Computing
The Internet Layer in the TCP/IP model
The 4-item focus of a Balanced Scorecard
An Administrative
24. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Overall audit risk
Statement of Impact
Attribute Sampling
Entire password for an encryption key
25. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
OSI Layer 7: Application
A Financial Audit
Configuration Management
Examples of Application Controls
26. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Service Provider audit
The availability of IT systems
Recovery time objective
A Server Cluster
27. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Types of sampling an auditor can perform.
The Requirements
TCP/IP Internet Layer
28. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Data Link Layer Standards
Sampling
Attribute Sampling
29. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
An Administrative
Annualized Loss Expectance (ALE)
Information systems access
Antivirus software on the email servers
30. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
A Financial Audit
Elements of the COSO pyramid
IT standards are not being reviewed often enough
IT Services Financial Management
31. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Stop-or-go Sampling
Six steps of the Release Management process
ITIL definition of PROBLEM
The 4-item focus of a Balanced Scorecard
32. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
IT Strategy
Recovery time objective
Documentation and interview personnel
IT standards are not being reviewed often enough
33. Consists of two main packet transport protocols: TCP and UDP.
Sampling Risk
TCP/IP Internet Layer
To identify the tasks that are responsible for project delays
TCP/IP Transport Layer
34. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Recovery time objective
Tolerable Error Rate
The BCP process
OSI Layer 7: Application
35. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Vulnerability in the organization's PBX
More difficult to perform
Segregation of duties issue in a high value process
OSI Layer 6: Presentation
36. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Substantive Testing (test of transaction integrity)
Notify the Audit Committee
TCP/IP Transport Layer packet delivery
37. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Annualized Loss Expectance (ALE)
Grid Computing
Prblem Management
Primary security features of relational databases
38. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Audit logging
Release management
Service Level Management
Concentrate on samples known to represent high risk
39. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Employees with excessive privileges
A Financial Audit
Three Types of Controls
40. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
IT Services Financial Management
A Service Provider audit
SDLC Phases
Types of sampling an auditor can perform.
41. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
The Requirements
OSI Layer 5: Session
ITIL definition of CHANGE MANAGEMENT
The availability of IT systems
42. Gantt: used to display ______________.
Emergency Changes
Resource details
The 7 phases and their order in the SDLC
Database primary key
43. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Project Management Strategies
Recovery time objective
Audit logging
IT standards are not being reviewed often enough
44. (1.) Automatic (2.) Manual
Volumes of COSO framework
Antivirus software on the email servers
Application Layer protocols
The two Categories of Controls
45. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
OSI: Data Link Layer
Risk Management
Application Layer protocols
IT Services Financial Management
46. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Personnel involved in the requirements phase of a software development project
Vulnerability in the organization's PBX
Detection Risk
Audit Methodologies
47. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Buffers
Notify the Audit Committee
The typical Configuration Items in Configuration Management
Overall audit risk
48. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Application Controls
Blade Computer Architecture
A Financial Audit
Employees with excessive privileges
49. Describes the effect on the business if a process is incapacitated for any appreciable time
less than 24 hours
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Statement of Impact
Change management
50. The memory locations in the CPU where arithmetic values are stored.
Configuration Management
Registers
Categories of risk treatment
Employees with excessive privileges
