SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
Service Continuity Management
Referential Integrity
OSI: Physical Layer
2. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Personnel involved in the requirements phase of a software development project
Risk Management
A Problem
Geographic location
3. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Sampling Risk
Security Awareness program
OSI: Data Link Layer
4. (1.) Automatic (2.) Manual
Substantive Testing
The two Categories of Controls
Examples of Application Controls
SDLC Phases
5. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
IT standards are not being reviewed often enough
Hash
Service Continuity Management
6. An audit that is performed in support of an anticipated or active legal proceeding.
Service Level Management
Foreign Key
Release management
A Forensic Audit
7. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Network Layer Protocols
TCP/IP Internet Layer
Rating Scale for Process Maturity
8. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Change management
Compliance Testing
ISO 20000 Standard:
Power system controls
9. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Split custody
The 7 phases and their order in the SDLC
Formal waterfall
Deming Cycle
10. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
(1.) Polices (2.) Procedures (3.) Standards
Categories of risk treatment
Power system controls
Stop-or-go Sampling
11. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
The 4-item focus of a Balanced Scorecard
To identify the tasks that are responsible for project delays
Buffers
Sampling
12. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Advantages of outsourcing
Stratified Sampling
less than 24 hours
Documentation and interview personnel
13. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
The Release process
IT Services Financial Management
Service Continuity Management
14. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Information security policy
WAN Protocols
A Financial Audit
Sample Standard Deviation
15. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Information security policy
Statistical Sampling
IT Services Financial Management
Lacks specific expertise or resources to conduct an internal audit
16. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Sampling Risk
TCP/IP Internet Layer
Structural fires and transportation accidents
17. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
The Business Process Life Cycle
Critical Path Methodology
An Integrated Audit
Vulnerability in the organization's PBX
18. The inventory of all in-scope business processes and systems
Overall audit risk
Separate administrative accounts
Wet pipe fire sprinkler system
The first step in a business impact analysis
19. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
TCP/IP Internet Layer
More difficult to perform
Overall audit risk
SDLC Phases
20. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Service Level Management
Project Management Strategies
Current and most up-to-date
21. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
ITIL definition of CHANGE MANAGEMENT
Wet pipe fire sprinkler system
Concentrate on samples known to represent high risk
22. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
Elements of the COBIT Framework
An Integrated Audit
Examples of IT General Controls
23. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Incident Management
TCP/IP Transport Layer packet delivery
Audit logging
Types of sampling an auditor can perform.
24. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Expected Error Rate
Formal waterfall
Examples of Application Controls
An IS audit
25. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Testing activities
Categories of risk treatment
General Controls
26. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Network Layer
Employee termination process
Project change request
SDLC Phases
27. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Financial Audit
The 5 types of Evidence that the auditor will collect during an audit.
A Problem
Geographic location
28. The first major task in a disaster recovery or business continuity planning project.
Current and most up-to-date
Business impact analysis
Buffers
The Release process
29. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Attribute Sampling
Power system controls
The two Categories of Controls
30. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Power system controls
(1.) Man-made (2.) Natural
Annualized Loss Expectance (ALE)
Substantive Testing (test of transaction integrity)
31. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Blade Computer Architecture
Power system controls
Formal waterfall
Three Types of Controls
32. A maturity model that represents the aggregations of other maturity models.
Precision means
General Controls
To identify the tasks that are responsible for project delays
Capability Maturity Model Integration (CMMI)
33. A sampling technique where at least one exception is sought in a population
Notify the Audit Committee
Elements of the COBIT Framework
Discovery Sampling
Referential Integrity
34. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Employees with excessive privileges
Transport Layer Protocols
BCP Plans
35. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Emergency Changes
TCP/IP Link Layer
The best approach for identifying high risk areas for an audit
Function Point Analysis
36. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Hash
An Operational Audit
Application Layer protocols
The two Categories of Controls
37. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Formal waterfall
The two Categories of Controls
PERT Diagram?
Prblem Management
39. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
An Operational Audit
Network Layer Protocols
Business Continuity
40. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Inform the auditee
A Problem
Sampling
Vulnerability in the organization's PBX
41. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
Discovery Sampling
Department Charters
The 4-item focus of a Balanced Scorecard
42. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
Personnel involved in the requirements phase of a software development project
Information systems access
Audit Methodologies
43. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Project change request
Incident Management
Judgmental sampling
Substantive Testing
44. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
A Forensic Audit
Audit logging
Examples of IT General Controls
Inherent Risk
45. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Separate administrative accounts
Employees with excessive privileges
Capability Maturity Model
46. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
OSI: Data Link Layer
Options for Risk Treatment
Examples of IT General Controls
The availability of IT systems
47. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
The Business Process Life Cycle
Advantages of outsourcing
Transport Layer Protocols
48. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
Department Charters
General Controls
Information systems access
49. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Control Risk
Sample Standard Deviation
The typical Configuration Items in Configuration Management
List of systems examined
50. The risk that an IS auditor will overlook errors or exceptions during an audit.
Options for Risk Treatment
A gate process
An Administrative
Detection Risk
