Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Structural fires and transportation accidents
The appropriate role of an IS auditor in a control self-assessment
A gate process
Input validation checking

2. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
less than 24 hours
Capability Maturity Model Integration (CMMI)
Reduced sign-on

3. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Insourcing
ITIL definition of PROBLEM
Statistical Sampling
Buffers

4. (1.) Physical (2.) Technical (4.) Administrative
The Internet Layer in the TCP/IP model
OSI Layer 5: Session
Three Types of Controls
Referential Integrity

5. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
An Operational Audit
The typical Configuration Items in Configuration Management
Stratified Sampling
Buffers

6. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Sampling Risk
OSI Layer 7: Application
Categories of risk treatment
Project change request

7. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Information security policy
Stay current with technology
Service Continuity Management
Database primary key

8. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
The 5 types of Evidence that the auditor will collect during an audit.
less than 24 hours
objective and unbiased
A Sample Mean

9. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Control Unit
Examples of Application Controls
Network Layer Protocols
Statement of Impact

10. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Application Layer protocols
Audit logging
Options for Risk Treatment

11. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
less than 24 hours
Security Awareness program
Primary security features of relational databases

12. (1.) General (2.) Application
Main types of Controls
Formal waterfall
Overall audit risk
ISO 20000 Standard:

13. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Blade Computer Architecture
Emergency Changes
IT standards are not being reviewed often enough
(1.) Man-made (2.) Natural

14. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
IT Strategy
The 7 phases and their order in the SDLC
Formal waterfall

15. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Resource details
Critical Path Methodology
TCP/IP Transport Layer
Advantages of outsourcing

16. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
A Service Provider audit
Deming Cycle
Concentrate on samples known to represent high risk

17. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Substantive Testing (test of transaction integrity)
Examples of Application Controls
More difficult to perform

18. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Separate administrative accounts
The Eight Types of Audits
Employee termination process
The typical Configuration Items in Configuration Management

19. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
ITIL definition of PROBLEM
Business Realization
Grid Computing
The appropriate role of an IS auditor in a control self-assessment

20. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Sampling Risk
Data Link Layer Standards
Risk Management
BCP Plans

21. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

22. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
ITIL - IT Infrastructure Library
The Eight Types of Audits
Sampling Risk
Confidence coefficient

23. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Annualized Loss Expectance (ALE)
Antivirus software on the email servers
Input validation checking
Concentrate on samples known to represent high risk

24. (1.) Access controls (2.) Encryption (3.) Audit logging
IT executives and the Board of Directors
Hash
Primary security features of relational databases
Tolerable Error Rate

25. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Release management
Wet pipe fire sprinkler system
Segregation of duties issue in a high value process
IT executives and the Board of Directors

26. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Service Level Management
Organizational culture and maturity
Registers
Inherent Risk

27. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Statement of Impact
General Controls
OSI Layer 6: Presentation
Incident Management

28. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Deming Cycle
Variable Sampling
Database primary key
A gate process

29. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
Volumes of COSO framework
Antivirus software on the email servers
List of systems examined

30. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Business Realization
Critical Path Methodology
Hash

31. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
The Business Process Life Cycle
Business impact analysis
Organizational culture and maturity

32. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
IT Service Management
Discovery Sampling
Three Types of Controls

33. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Referential Integrity
TCP/IP Link Layer
Discovery Sampling
Separate administrative accounts

34. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
OSI: Physical Layer
Compliance Testing
Project Management Strategies

35. The main hardware component of a computer system - which executes instructions in computer programs.
Criticality analysis
A Virtual Server
A Financial Audit
CPU

36. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Prblem Management
General Controls
Substantive Testing (test of transaction integrity)
Audit Methodologies

37. Used to translate or transform data from lower layers into formats that the application layer can work with.
Server cluster
Tolerable Error Rate
OSI Layer 6: Presentation
Insourcing

38. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Controls
Inform the auditee
Three Types of Controls

39. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
The Software Program Library
IT Service Management
CPU

40. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Data Link Layer
Types of sampling an auditor can perform.
Rating Scale for Process Maturity
Current and most up-to-date

41. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
The first step in a business impact analysis
less than 24 hours
Options for Risk Treatment
Cloud computing

42. Used to estimate the effort required to develop a software program.
OSI: Physical Layer
Annualized Loss Expectance (ALE)
SDLC Phases
Function Point Analysis

43. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Discovery Sampling
Vulnerability in the organization's PBX
The audit program

44. The memory locations in the CPU where arithmetic values are stored.
Registers
Geographic location
Blade Computer Architecture
TCP/IP Internet Layer

45. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Formal waterfall
Service Level Management
TCP/IP Internet Layer

46. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Overall audit risk
A gate process
Testing activities
TCP/IP Transport Layer

47. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Annualized Loss Expectance (ALE)
Current and most up-to-date
Lacks specific expertise or resources to conduct an internal audit
To identify the tasks that are responsible for project delays

48. Used to measure the relative maturity of an organization and its processes.
Network Layer Protocols
TCP/IP Transport Layer
Capability Maturity Model
Sampling Risk

49. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Audit logging
Employee termination process
Configuration Management
Information security policy

50. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Information security policy
The Steering Committee
PERT Diagram?
Project change request