SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
The typical Configuration Items in Configuration Management
Hash
OSI Layer 5: Session
2. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
OSI: Physical Layer
The appropriate role of an IS auditor in a control self-assessment
The availability of IT systems
IT standards are not being reviewed often enough
3. (1.) Physical (2.) Technical (4.) Administrative
To identify the tasks that are responsible for project delays
Frameworks
less than 24 hours
Three Types of Controls
4. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Categories of risk treatment
Sampling
Reduced sign-on
Business Realization
5. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Service Level Management
The Steering Committee
Server cluster
Buffers
6. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
More difficult to perform
Risk Management
The typical Configuration Items in Configuration Management
The BCP process
7. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Business Continuity
Resource details
Department Charters
OSI: Physical Layer
8. Support the functioning of the application controls
A Problem
Emergency Changes
General Controls
Advantages of outsourcing
9. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
A Cold Site
Department Charters
Frameworks
Audit logging
10. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Audit Methodologies
Sampling Risk
Capability Maturity Model Integration (CMMI)
ITIL definition of PROBLEM
11. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Elements of the COBIT Framework
CPU
Information systems access
The 7 phases and their order in the SDLC
12. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
Resource details
Reduced sign-on
OSI: Physical Layer
13. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Split custody
A Forensic Audit
OSI: Data Link Layer
IT Services Financial Management
14. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Background checks performed
Emergency Changes
Prblem Management
Gantt Chart
15. To communication security policies - procedures - and other security-related information to an organization's employees.
less than 24 hours
To identify the tasks that are responsible for project delays
Security Awareness program
Options for Risk Treatment
16. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Testing activities
Risk Management
Disaster Recovery
Stop-or-go Sampling
17. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Precision means
Six steps of the Release Management process
The Release process
18. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
The Internet Layer in the TCP/IP model
(1.) Man-made (2.) Natural
The appropriate role of an IS auditor in a control self-assessment
19. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
The Internet Layer in the TCP/IP model
Split custody
Insourcing
Change management
20. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Function Point Analysis
Business Continuity
Recovery time objective
ITIL definition of PROBLEM
21. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
An IS audit
IT Services Financial Management
The appropriate role of an IS auditor in a control self-assessment
Overall audit risk
22. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Application Layer protocols
Organizational culture and maturity
The first step in a business impact analysis
Prblem Management
23. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
The typical Configuration Items in Configuration Management
OSI Layer 5: Session
The Steering Committee
Substantive Testing (test of transaction integrity)
24. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
The 4-item focus of a Balanced Scorecard
ISO 20000 Standard:
Expected Error Rate
Gantt Chart
25. (1.) TCP (2.) UDP
The Software Program Library
Business Realization
Transport Layer Protocols
Formal waterfall
26. (1.) Objectives (2.) Components (3.) Business Units / Areas
Six steps of the Release Management process
ITIL - IT Infrastructure Library
Project change request
Dimensions of the COSO cube
27. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Hash
Audit logging
Service Continuity Management
28. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Examples of IT General Controls
To identify the tasks that are responsible for project delays
ITIL definition of CHANGE MANAGEMENT
Advantages of outsourcing
29. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
The BCP process
Rating Scale for Process Maturity
Personnel involved in the requirements phase of a software development project
TCP/IP Internet Layer
30. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Stay current with technology
Transport Layer Protocols
Cloud computing
Business Realization
31. (1.) General (2.) Application
Emergency Changes
Recovery time objective
OSI: Data Link Layer
Main types of Controls
32. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Antivirus software on the email servers
Sample Standard Deviation
(1.) Man-made (2.) Natural
Information security policy
33. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Registers
An Operational Audit
The two Categories of Controls
Entire password for an encryption key
34. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
35. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Main types of Controls
Structural fires and transportation accidents
Buffers
Detection Risk
36. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Notify the Audit Committee
The two Categories of Controls
TCP/IP Transport Layer
An Operational Audit
37. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
An Administrative
Employee termination process
A Problem
38. Used to translate or transform data from lower layers into formats that the application layer can work with.
Formal waterfall
OSI Layer 6: Presentation
Recovery time objective
Attribute Sampling
39. One of a database table's fields - whose value is unique.
The audit program
Judgmental sampling
Segregation of duties issue in a high value process
Database primary key
40. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Security Awareness program
Elements of the COBIT Framework
ITIL definition of PROBLEM
41. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Background checks performed
Sampling Risk
CPU
The availability of IT systems
42. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
A Cold Site
Disaster Recovery
Blade Computer Architecture
Testing activities
43. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
The two Categories of Controls
Power system controls
Inherent Risk
A gate process
44. Used to measure the relative maturity of an organization and its processes.
Geographic location
OSI Layer 5: Session
Capability Maturity Model
Disaster Recovery
45. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Three Types of Controls
Business Continuity
Application Layer protocols
Primary security features of relational databases
46. What type of testing is performed to determine if control procedures have proper design and are operating properly?
The Software Program Library
ITIL definition of PROBLEM
Compliance Testing
Concentrate on samples known to represent high risk
47. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Dimensions of the COSO cube
The 7 phases and their order in the SDLC
Function Point Analysis
48. Delivery of packets from one station to another - on the same network or on different networks.
Network Layer Protocols
Critical Path Methodology
Personnel involved in the requirements phase of a software development project
The Internet Layer in the TCP/IP model
49. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
General Controls
Sample Standard Deviation
Rating Scale for Process Maturity
50. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
TCP/IP Link Layer
Rating Scale for Process Maturity
Emergency Changes
Power system controls