SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The highest number of errors that can exist without a result being materially misstated.
OSI Layer 5: Session
Tolerable Error Rate
Lacks specific expertise or resources to conduct an internal audit
Primary security features of relational databases
2. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Project Management Strategies
List of systems examined
Audit Methodologies
Function Point Analysis
3. Gantt: used to display ______________.
Department Charters
Substantive Testing (test of transaction integrity)
Power system controls
Resource details
4. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Judgmental sampling
Structural fires and transportation accidents
The Release process
5. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
An Operational Audit
Registers
Background checks performed
6. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
The 7 phases and their order in the SDLC
IT Strategy
Emergency Changes
Transport Layer Protocols
7. (1.) TCP (2.) UDP
Transport Layer Protocols
Department Charters
Background checks performed
Service Level Management
8. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Discovery Sampling
Vulnerability in the organization's PBX
An IS audit
IT executives and the Board of Directors
9. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Split custody
List of systems examined
A Cold Site
Overall audit risk
10. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Dimensions of the COSO cube
The best approach for identifying high risk areas for an audit
A Financial Audit
The appropriate role of an IS auditor in a control self-assessment
11. Disasters are generally grouped in terms of type: ______________.
Information systems access
(1.) Man-made (2.) Natural
Cloud computing
The first step in a business impact analysis
12. Support the functioning of the application controls
Emergency Changes
General Controls
Data Link Layer Standards
objective and unbiased
13. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
List of systems examined
IT standards are not being reviewed often enough
TCP/IP Network Model
The Steering Committee
14. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
Foreign Key
Main types of Controls
More difficult to perform
15. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Reduced sign-on
The 7 phases and their order in the SDLC
The Steering Committee
The 5 types of Evidence that the auditor will collect during an audit.
16. IT Governance is most concerned with ________.
Incident Management
IT Strategy
Data Link Layer Standards
Substantive Testing (test of transaction integrity)
17. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
OSI Layer 5: Session
Control Unit
The availability of IT systems
IT Service Management
18. A representation of how closely a sample represents an entire population.
Precision means
Substantive Testing
Volumes of COSO framework
OSI: Transport Layer
19. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Stay current with technology
A Sample Mean
less than 24 hours
(1.) Man-made (2.) Natural
20. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Segregation of duties issue in a high value process
Blade Computer Architecture
The Steering Committee
Project change request
21. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Examples of Application Controls
The Release process
Volumes of COSO framework
Emergency Changes
22. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Business Realization
A Virtual Server
To identify the tasks that are responsible for project delays
IT Service Management
23. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Elements of the COSO pyramid
Registers
Personnel involved in the requirements phase of a software development project
Change management
24. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Service Level Management
Inform the auditee
Assess the maturity of its business processes
OSI: Data Link Layer
25. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
Types of sampling an auditor can perform.
An Operational Audit
The first step in a business impact analysis
26. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
A Problem
Advantages of outsourcing
The 7 phases and their order in the SDLC
27. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
OSI Layer 5: Session
Gantt Chart
Segregation of duties issue in a high value process
Detection Risk
28. Used to estimate the effort required to develop a software program.
Three Types of Controls
Audit logging
Function Point Analysis
The Software Program Library
29. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Function Point Analysis
Geographic location
Server cluster
IT Service Management
30. An audit of an IS department's operations and systems.
The typical Configuration Items in Configuration Management
An IS audit
TCP/IP Internet Layer
Attribute Sampling
31. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Background checks performed
(1.) Polices (2.) Procedures (3.) Standards
Security Awareness program
32. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
Balanced Scorecard
Deming Cycle
Function Point Analysis
33. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Sampling Risk
OSI: Transport Layer
The Eight Types of Audits
Structural fires and transportation accidents
34. A sampling technique where at least one exception is sought in a population
Registers
Structural fires and transportation accidents
Power system controls
Discovery Sampling
35. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Vulnerability in the organization's PBX
Registers
Department Charters
36. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
A Cold Site
ISO 20000 Standard:
Resource details
37. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
(1.) Polices (2.) Procedures (3.) Standards
Hash
Blade Computer Architecture
Network Layer Protocols
38. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Sampling
Control Risk
OSI: Data Link Layer
Inform the auditee
39. (1.) Link (2.) Internet (3.) Transport (4.) Application
Substantive Testing (test of transaction integrity)
TCP/IP Network Model
The availability of IT systems
Buffers
40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Structural fires and transportation accidents
Variable Sampling
The Eight Types of Audits
The best approach for identifying high risk areas for an audit
41. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
TCP/IP Network Model
Risk Management
Sample Standard Deviation
42. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Power system controls
To identify the tasks that are responsible for project delays
Blade Computer Architecture
43. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Critical Path Methodology
Formal waterfall
Wet pipe fire sprinkler system
44. Subjective sampling is used when the auditor wants to _________________________.
Release management
Concentrate on samples known to represent high risk
The 7 phases and their order in the SDLC
Stratified Sampling
45. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
The typical Configuration Items in Configuration Management
ITIL definition of CHANGE MANAGEMENT
Concentrate on samples known to represent high risk
Three Types of Controls
46. IT Service Management is defined in ___________________ framework.
Options for Risk Treatment
ITIL - IT Infrastructure Library
Resource details
The Software Program Library
47. An alternate processing center that contains no information processing equipment.
Personnel involved in the requirements phase of a software development project
TCP/IP Transport Layer
SDLC Phases
A Cold Site
48. (1.) Automatic (2.) Manual
Elements of the COSO pyramid
The two Categories of Controls
Hash
The appropriate role of an IS auditor in a control self-assessment
49. Handle application processing
Application Controls
A Financial Audit
Attribute Sampling
The appropriate role of an IS auditor in a control self-assessment
50. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
A Compliance audit
Information systems access
Department Charters
Audit Methodologies
