SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A representation of how closely a sample represents an entire population.
Substantive Testing
Precision means
WAN Protocols
Recovery time objective
2. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Resource details
Inherent Risk
The Software Program Library
3. Used to translate or transform data from lower layers into formats that the application layer can work with.
Prblem Management
Information security policy
OSI Layer 5: Session
OSI Layer 6: Presentation
4. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
OSI Layer 7: Application
Capability Maturity Model
Substantive Testing
TCP/IP Internet Layer
5. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Incident Management
Critical Path Methodology
BCP Plans
Confidence coefficient
6. Used to determine which business processes are the most critical - by ranking them in order of criticality
The appropriate role of an IS auditor in a control self-assessment
A Virtual Server
Emergency Changes
Criticality analysis
7. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Statistical Sampling
Gantt Chart
Primary security features of relational databases
8. (1.) TCP (2.) UDP
Transport Layer Protocols
Sampling Risk
Examples of Application Controls
The 5 types of Evidence that the auditor will collect during an audit.
9. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Emergency Changes
BCP Plans
Attribute Sampling
Sampling Risk
10. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Referential Integrity
A Server Cluster
OSI: Transport Layer
The audit program
11. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Segregation of duties issue in a high value process
A Forensic Audit
Volumes of COSO framework
The first step in a business impact analysis
12. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Sampling Risk
WAN Protocols
Input validation checking
An Integrated Audit
13. Framework for auditing and measuring IT Service Management Processes.
Annualized Loss Expectance (ALE)
ISO 20000 Standard:
Emergency Changes
Audit logging
14. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
objective and unbiased
OSI Layer 5: Session
Options for Risk Treatment
Stop-or-go Sampling
15. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Split custody
Assess the maturity of its business processes
Control Risk
objective and unbiased
16. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. (1.) Objectives (2.) Components (3.) Business Units / Areas
Control Risk
Categories of risk treatment
Dimensions of the COSO cube
Annualized Loss Expectance (ALE)
18. Gantt: used to display ______________.
ITIL definition of PROBLEM
Assess the maturity of its business processes
Resource details
Wet pipe fire sprinkler system
19. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Organizational culture and maturity
TCP/IP Link Layer
Audit logging
Categories of risk treatment
20. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
PERT Diagram?
Testing activities
More difficult to perform
Discovery Sampling
21. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Business Continuity
Stay current with technology
Advantages of outsourcing
22. Contains programs that communicate directly with the end user.
The 4-item focus of a Balanced Scorecard
OSI Layer 7: Application
Recovery time objective
Business Realization
23. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
OSI: Transport Layer
Segregation of duties issue in a high value process
Change management
Gantt Chart
24. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
SDLC Phases
The Software Program Library
Inform the auditee
Application Controls
25. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Statistical Sampling
Concentrate on samples known to represent high risk
Data Link Layer Standards
IT Service Management
26. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
BCP Plans
WAN Protocols
Power system controls
27. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Options for Risk Treatment
Service Level Management
Testing activities
Types of sampling an auditor can perform.
28. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
Substantive Testing
less than 24 hours
The 4-item focus of a Balanced Scorecard
29. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
A Service Provider audit
(1.) Man-made (2.) Natural
Business impact analysis
The best approach for identifying high risk areas for an audit
30. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Blade Computer Architecture
Judgmental sampling
Formal waterfall
The Eight Types of Audits
31. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
The best approach for identifying high risk areas for an audit
Deming Cycle
Cloud computing
Main types of Controls
32. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
The Eight Types of Audits
Department Charters
An Operational Audit
A Virtual Server
33. Used to measure the relative maturity of an organization and its processes.
Grid Computing
Resource details
Geographic location
Capability Maturity Model
34. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Criticality analysis
Reduced sign-on
Options for Risk Treatment
OSI: Data Link Layer
35. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Six steps of the Release Management process
Stop-or-go Sampling
The Steering Committee
36. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Business impact analysis
OSI: Physical Layer
TCP/IP Transport Layer packet delivery
37. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Project change request
objective and unbiased
Audit logging
Control Unit
38. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
The Internet Layer in the TCP/IP model
Security Awareness program
Gantt Chart
IT standards are not being reviewed often enough
39. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Registers
ITIL definition of PROBLEM
TCP/IP Network Model
Risk Management
40. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Data Link Layer Standards
List of systems examined
Separate administrative accounts
Assess the maturity of its business processes
41. The means by which management establishes and measures processes by which organizational objectives are achieved
TCP/IP Link Layer
The Eight Types of Audits
Controls
Information security policy
42. (1.) Access controls (2.) Encryption (3.) Audit logging
Capability Maturity Model
Grid Computing
TCP/IP Internet Layer
Primary security features of relational databases
43. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
An Integrated Audit
Testing activities
Gantt Chart
TCP/IP Transport Layer
44. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Background checks performed
(1.) Polices (2.) Procedures (3.) Standards
Insourcing
An Operational Audit
45. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
A Server Cluster
ISO 20000 Standard:
TCP/IP Internet Layer
46. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
ITIL definition of CHANGE MANAGEMENT
Project change request
Capability Maturity Model
Data Link Layer Standards
47. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Structural fires and transportation accidents
Risk Management
Documentation and interview personnel
OSI: Data Link Layer
48. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Department Charters
Options for Risk Treatment
Input validation checking
49. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Server cluster
TCP/IP Transport Layer packet delivery
Rating Scale for Process Maturity
An Integrated Audit
50. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Detection Risk
Stratified Sampling
More difficult to perform
OSI: Network Layer