SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Assess the maturity of its business processes
Service Continuity Management
Dimensions of the COSO cube
Notify the Audit Committee
2. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Emergency Changes
SDLC Phases
(1.) Man-made (2.) Natural
3. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Examples of Application Controls
A Financial Audit
Annualized Loss Expectance (ALE)
Cloud computing
4. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Judgmental sampling
A Sample Mean
Elements of the COBIT Framework
List of systems examined
6. An audit of operational efficiency.
An Administrative
PERT Diagram?
Change management
Hash
7. The first major task in a disaster recovery or business continuity planning project.
Disaster Recovery
OSI: Physical Layer
Department Charters
Business impact analysis
8. The maximum period of downtime for a process or application
Recovery time objective
The two Categories of Controls
Stay current with technology
IT Strategy
9. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Personnel involved in the requirements phase of a software development project
PERT Diagram?
Prblem Management
List of systems examined
10. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Disaster Recovery
IT Service Management
Registers
ITIL definition of CHANGE MANAGEMENT
11. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
(1.) Polices (2.) Procedures (3.) Standards
Deming Cycle
Incident Management
Sample Standard Deviation
12. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Attribute Sampling
Main types of Controls
Disaster Recovery
Audit logging
13. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
A Cold Site
Input validation checking
ITIL definition of PROBLEM
Main types of Controls
14. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
TCP/IP Internet Layer
Lacks specific expertise or resources to conduct an internal audit
Expected Error Rate
To identify the tasks that are responsible for project delays
15. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
Geographic location
Criticality analysis
Employees with excessive privileges
16. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
The availability of IT systems
Critical Path Methodology
Categories of risk treatment
17. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
TCP/IP Internet Layer
Cloud computing
BCP Plans
A Financial Audit
18. Used to measure the relative maturity of an organization and its processes.
Capability Maturity Model
The typical Configuration Items in Configuration Management
Application Controls
Transport Layer Protocols
19. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
ISO 20000 Standard:
Employee termination process
TCP/IP Link Layer
Function Point Analysis
20. (1.) TCP (2.) UDP
Assess the maturity of its business processes
Judgmental sampling
Project Management Strategies
Transport Layer Protocols
21. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Precision means
OSI: Data Link Layer
Risk Management
Change management
22. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
The best approach for identifying high risk areas for an audit
Stay current with technology
CPU
23. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
An Integrated Audit
IT Service Management
Stop-or-go Sampling
24. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Stay current with technology
A Compliance audit
Precision means
25. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Input validation checking
Geographic location
A Compliance audit
ITIL definition of CHANGE MANAGEMENT
26. An audit that combines an operational audit and a financial audit.
SDLC Phases
Data Link Layer Standards
An Integrated Audit
Variable Sampling
27. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Referential Integrity
OSI: Transport Layer
Database primary key
28. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Main types of Controls
Data Link Layer Standards
Segregation of duties issue in a high value process
objective and unbiased
29. Subjective sampling is used when the auditor wants to _________________________.
Precision means
Capability Maturity Model Integration (CMMI)
Cloud computing
Concentrate on samples known to represent high risk
30. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
A Forensic Audit
Confidence coefficient
Deming Cycle
Annualized Loss Expectance (ALE)
31. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Organizational culture and maturity
Current and most up-to-date
More difficult to perform
Input validation checking
32. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Service Level Management
Volumes of COSO framework
Hash
Substantive Testing (test of transaction integrity)
33. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Categories of risk treatment
Configuration Management
Compliance Testing
Formal waterfall
34. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Sampling
Concentrate on samples known to represent high risk
List of systems examined
35. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
CPU
Lacks specific expertise or resources to conduct an internal audit
The Eight Types of Audits
Stop-or-go Sampling
36. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Statement of Impact
Criticality analysis
Six steps of the Release Management process
Stop-or-go Sampling
37. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Power system controls
Variable Sampling
Types of sampling an auditor can perform.
Sampling Risk
38. The means by which management establishes and measures processes by which organizational objectives are achieved
Capability Maturity Model
Controls
The Business Process Life Cycle
Statement of Impact
39. A sampling technique where at least one exception is sought in a population
Overall audit risk
To identify the tasks that are responsible for project delays
Discovery Sampling
OSI Layer 7: Application
40. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
The two Categories of Controls
Configuration Management
Change management
Structural fires and transportation accidents
41. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Expected Error Rate
The Release process
Server cluster
Sampling
42. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
OSI: Physical Layer
Substantive Testing
Attribute Sampling
Overall audit risk
43. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Separate administrative accounts
Personnel involved in the requirements phase of a software development project
Service Level Management
Input validation checking
44. Framework for auditing and measuring IT Service Management Processes.
Stratified Sampling
The 7 phases and their order in the SDLC
Expected Error Rate
ISO 20000 Standard:
45. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Inherent Risk
Sample Standard Deviation
More difficult to perform
46. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Power system controls
The appropriate role of an IS auditor in a control self-assessment
Separate administrative accounts
Background checks performed
47. An audit that is performed in support of an anticipated or active legal proceeding.
Current and most up-to-date
Control Unit
A Forensic Audit
Transport Layer Protocols
48. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Organizational culture and maturity
OSI: Physical Layer
The 7 phases and their order in the SDLC
Employees with excessive privileges
49. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Blade Computer Architecture
Split custody
Compliance Testing
50. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Network Layer Protocols
Balanced Scorecard
Security Awareness program
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests