SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The sum of all samples divided by the number of samples.
Rating Scale for Process Maturity
Elements of the COBIT Framework
A Sample Mean
Database primary key
2. Support the functioning of the application controls
Stratified Sampling
Options for Risk Treatment
General Controls
Application Controls
3. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Expected Error Rate
Registers
Split custody
Blade Computer Architecture
4. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
less than 24 hours
Foreign Key
OSI: Data Link Layer
5. PERT: shows the ______________ critical path.
Segregation of duties issue in a high value process
Service Level Management
Separate administrative accounts
Current and most up-to-date
6. (1.) Physical (2.) Technical (4.) Administrative
Registers
Three Types of Controls
Annualized Loss Expectance (ALE)
TCP/IP Transport Layer
7. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Personnel involved in the requirements phase of a software development project
Business Continuity
OSI: Transport Layer
9. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Deming Cycle
TCP/IP Transport Layer packet delivery
Security Awareness program
Audit Methodologies
10. Consists of two main packet transport protocols: TCP and UDP.
A Problem
TCP/IP Transport Layer
Data Link Layer Standards
Assess the maturity of its business processes
11. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Current and most up-to-date
The availability of IT systems
ITIL definition of CHANGE MANAGEMENT
Elements of the COBIT Framework
12. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
OSI Layer 6: Presentation
IT executives and the Board of Directors
OSI: Transport Layer
Change management
13. Focuses on: post-event recovery and restoration of services
Department Charters
Disaster Recovery
Notify the Audit Committee
OSI: Data Link Layer
14. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Sampling Risk
The 7 phases and their order in the SDLC
Separate administrative accounts
15. Lowest layer. Delivers messages (frames) from one station to another vial local network.
OSI: Network Layer
TCP/IP Link Layer
An IS audit
Six steps of the Release Management process
16. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
A Financial Audit
Compliance Testing
Judgmental sampling
Notify the Audit Committee
17. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
Criticality analysis
Six steps of the Release Management process
Documentation and interview personnel
18. A sampling technique where at least one exception is sought in a population
Critical Path Methodology
Controls
Discovery Sampling
Antivirus software on the email servers
19. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Control Unit
A Sample Mean
An Operational Audit
Service Level Management
20. To communication security policies - procedures - and other security-related information to an organization's employees.
Split custody
Annualized Loss Expectance (ALE)
The best approach for identifying high risk areas for an audit
Security Awareness program
21. An audit of a third-party organization that provides services to other organizations.
IT Service Management
A Service Provider audit
Change management
The Business Process Life Cycle
22. Guide program execution through organization of resources and development of clear project objectives.
Tolerable Error Rate
List of systems examined
Project Management Strategies
Referential Integrity
23. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
An Administrative
Power system controls
IT Strategy
The Business Process Life Cycle
24. Used to measure the relative maturity of an organization and its processes.
ITIL - IT Infrastructure Library
Capability Maturity Model
Lacks specific expertise or resources to conduct an internal audit
Server cluster
25. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The Steering Committee
Grid Computing
ITIL definition of CHANGE MANAGEMENT
Business impact analysis
26. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
IT executives and the Board of Directors
Data Link Layer Standards
Stratified Sampling
Examples of IT General Controls
27. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
IT Services Financial Management
ITIL definition of PROBLEM
The Requirements
28. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
The Requirements
Categories of risk treatment
Controls
Segregation of duties issue in a high value process
29. Used to determine which business processes are the most critical - by ranking them in order of criticality
Service Level Management
Change management
Criticality analysis
Data Link Layer Standards
30. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
Stay current with technology
More difficult to perform
An Integrated Audit
31. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Project Management Strategies
Dimensions of the COSO cube
Referential Integrity
An Administrative
32. (1.) TCP (2.) UDP
Transport Layer Protocols
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Capability Maturity Model
The availability of IT systems
33. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Split custody
Statement of Impact
less than 24 hours
34. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Overall audit risk
A Financial Audit
General Controls
Stop-or-go Sampling
35. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Examples of Application Controls
IT executives and the Board of Directors
SDLC Phases
Registers
36. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
The Business Process Life Cycle
Sampling Risk
Structural fires and transportation accidents
Service Level Management
37. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Audit Methodologies
OSI: Network Layer
OSI Layer 5: Session
Structural fires and transportation accidents
38. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Concentrate on samples known to represent high risk
Prblem Management
Service Continuity Management
Input validation checking
39. Used to estimate the effort required to develop a software program.
(1.) Polices (2.) Procedures (3.) Standards
Function Point Analysis
Three Types of Controls
OSI: Physical Layer
40. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
IT Service Management
A gate process
A Financial Audit
Discovery Sampling
41. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
Business Realization
A Virtual Server
An Operational Audit
42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
An Administrative
Service Continuity Management
Control Unit
Sampling Risk
43. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Six steps of the Release Management process
More difficult to perform
ITIL definition of CHANGE MANAGEMENT
TCP/IP Transport Layer
44. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Inherent Risk
Antivirus software on the email servers
Overall audit risk
Sample Standard Deviation
45. Describes the effect on the business if a process is incapacitated for any appreciable time
Compliance Testing
Application Layer protocols
IT standards are not being reviewed often enough
Statement of Impact
46. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
A Server Cluster
Power system controls
Substantive Testing
Stay current with technology
47. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Prblem Management
OSI: Transport Layer
Registers
OSI: Data Link Layer
48. IT Governance is most concerned with ________.
Examples of IT General Controls
The audit program
Personnel involved in the requirements phase of a software development project
IT Strategy
49. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
ITIL - IT Infrastructure Library
Network Layer Protocols
Lacks specific expertise or resources to conduct an internal audit
50. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Variable Sampling
Rating Scale for Process Maturity
Reduced sign-on
Advantages of outsourcing