SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Assess the maturity of its business processes
Dimensions of the COSO cube
Personnel involved in the requirements phase of a software development project
The best approach for identifying high risk areas for an audit
2. Concerned with electrical and physical specifications for devices. No frames or packets involved.
OSI: Physical Layer
Precision means
Control Unit
Function Point Analysis
3. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Elements of the COSO pyramid
Reduced sign-on
Current and most up-to-date
The audit program
4. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Tolerable Error Rate
The 4-item focus of a Balanced Scorecard
Six steps of the Release Management process
A Financial Audit
5. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Service Continuity Management
Configuration Management
Business impact analysis
OSI: Physical Layer
6. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Resource details
The audit program
To identify the tasks that are responsible for project delays
7. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
ITIL - IT Infrastructure Library
Formal waterfall
Disaster Recovery
The Release process
8. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Reduced sign-on
The two Categories of Controls
Entire password for an encryption key
Frameworks
9. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Capability Maturity Model Integration (CMMI)
Statistical Sampling
More difficult to perform
Elements of the COBIT Framework
10. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
OSI: Data Link Layer
Advantages of outsourcing
The typical Configuration Items in Configuration Management
Audit logging
11. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
(1.) Polices (2.) Procedures (3.) Standards
The BCP process
Substantive Testing
The Release process
12. (1.) Access controls (2.) Encryption (3.) Audit logging
Department Charters
Primary security features of relational databases
Examples of IT General Controls
Reduced sign-on
13. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
The Internet Layer in the TCP/IP model
Notify the Audit Committee
Attribute Sampling
Expected Error Rate
14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
More difficult to perform
OSI Layer 5: Session
Testing activities
Function Point Analysis
15. IT Governance is most concerned with ________.
Substantive Testing (test of transaction integrity)
Background checks performed
Department Charters
IT Strategy
16. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
To identify the tasks that are responsible for project delays
Information systems access
Buffers
A gate process
17. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
IT Strategy
Expected Error Rate
Blade Computer Architecture
Audit logging
18. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Substantive Testing
Deming Cycle
Control Risk
Control Unit
19. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Buffers
Notify the Audit Committee
Elements of the COBIT Framework
Background checks performed
20. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
ITIL definition of PROBLEM
A Server Cluster
Elements of the COBIT Framework
The availability of IT systems
21. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
22. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Controls
Release management
TCP/IP Transport Layer
23. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
General Controls
Current and most up-to-date
Capability Maturity Model
objective and unbiased
24. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
TCP/IP Transport Layer
Incident Management
Criticality analysis
Business Continuity
25. PERT: shows the ______________ critical path.
SDLC Phases
The availability of IT systems
objective and unbiased
Current and most up-to-date
26. ITIL term used to describe the SDLC.
Capability Maturity Model
Release management
Criticality analysis
The availability of IT systems
27. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Data Link Layer Standards
Attribute Sampling
Frameworks
Stratified Sampling
28. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Detection Risk
Primary security features of relational databases
The typical Configuration Items in Configuration Management
The Steering Committee
29. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Substantive Testing
BCP Plans
SDLC Phases
30. The memory locations in the CPU where arithmetic values are stored.
Statistical Sampling
Registers
Current and most up-to-date
Prblem Management
31. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Project change request
OSI: Data Link Layer
Segregation of duties issue in a high value process
Antivirus software on the email servers
32. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Data Link Layer Standards
The appropriate role of an IS auditor in a control self-assessment
Buffers
The 7 phases and their order in the SDLC
33. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
The Release process
Information systems access
Types of sampling an auditor can perform.
Change management
34. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Capability Maturity Model
The Software Program Library
Lacks specific expertise or resources to conduct an internal audit
Three Types of Controls
35. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Primary security features of relational databases
Risk Management
Critical Path Methodology
The Requirements
36. The sum of all samples divided by the number of samples.
Primary security features of relational databases
A Service Provider audit
A Sample Mean
WAN Protocols
37. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
OSI: Data Link Layer
The Internet Layer in the TCP/IP model
Project change request
38. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The Requirements
OSI: Data Link Layer
The Software Program Library
To identify the tasks that are responsible for project delays
39. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Substantive Testing
Volumes of COSO framework
Tolerable Error Rate
Data Link Layer Standards
40. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
Application Controls
Geographic location
Rating Scale for Process Maturity
41. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Detection Risk
Volumes of COSO framework
ITIL - IT Infrastructure Library
42. The maximum period of downtime for a process or application
Confidence coefficient
Elements of the COSO pyramid
Recovery time objective
Control Risk
43. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
An Operational Audit
A Financial Audit
Examples of IT General Controls
An Integrated Audit
44. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Categories of risk treatment
SDLC Phases
Substantive Testing
The Software Program Library
45. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
Data Link Layer Standards
Organizational culture and maturity
Substantive Testing
46. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
OSI: Network Layer
Cloud computing
Insourcing
47. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
A Server Cluster
The two Categories of Controls
Referential Integrity
48. (1.) Objectives (2.) Components (3.) Business Units / Areas
Reduced sign-on
Attribute Sampling
Testing activities
Dimensions of the COSO cube
49. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Release management
A Service Provider audit
Incident Management
Annualized Loss Expectance (ALE)
50. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Assess the maturity of its business processes
Input validation checking
BCP Plans
Data Link Layer Standards