Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Department Charters
Attribute Sampling
Substantive Testing
Controls

2. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
WAN Protocols
Overall audit risk
Wet pipe fire sprinkler system
Rating Scale for Process Maturity

3. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Rating Scale for Process Maturity
Reduced sign-on
COSO (Committee of Sponsoring Organizations of the Treadway Commission)

4. IT Governance is most concerned with ________.
Six steps of the Release Management process
Dimensions of the COSO cube
ITIL definition of PROBLEM
IT Strategy

5. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Structural fires and transportation accidents
Employees with excessive privileges
Stop-or-go Sampling
Rating Scale for Process Maturity

6. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Deming Cycle
Business Realization
A Compliance audit
A Forensic Audit

7. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Options for Risk Treatment
The audit program
List of systems examined

8. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Assess the maturity of its business processes
Structural fires and transportation accidents
Configuration Management
ITIL definition of PROBLEM

9. An audit that combines an operational audit and a financial audit.
An Integrated Audit
BCP Plans
TCP/IP Internet Layer
Examples of Application Controls

10. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Notify the Audit Committee
Blade Computer Architecture
Primary security features of relational databases
Main types of Controls

11. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
Stop-or-go Sampling
WAN Protocols
COSO (Committee of Sponsoring Organizations of the Treadway Commission)

12. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Server cluster
Incident Management
IT Service Management
TCP/IP Transport Layer

13. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Structural fires and transportation accidents
Organizational culture and maturity
Stratified Sampling
(1.) Polices (2.) Procedures (3.) Standards

14. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Judgmental sampling
Six steps of the Release Management process
The typical Configuration Items in Configuration Management
The Internet Layer in the TCP/IP model

15. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
Project change request
Application Controls
Stratified Sampling

16. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Data Link Layer Standards
Project change request
Insourcing
A Forensic Audit

17. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
TCP/IP Transport Layer
Department Charters
A Virtual Server
Inform the auditee

18. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
An IS audit
IT standards are not being reviewed often enough
OSI Layer 5: Session
Wet pipe fire sprinkler system

19. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
The availability of IT systems
A Virtual Server
Service Level Management
Separate administrative accounts

20. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Hash
A gate process
Assess the maturity of its business processes
OSI: Transport Layer

21. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
OSI: Network Layer
Substantive Testing (test of transaction integrity)
Cloud computing
IT executives and the Board of Directors

22. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Stratified Sampling
Audit Methodologies
Background checks performed
Incident Management

23. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Expected Error Rate
objective and unbiased
Substantive Testing

24. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Information systems access
The two Categories of Controls
SDLC Phases
objective and unbiased

25. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Recovery time objective
OSI: Physical Layer
Service Continuity Management
OSI Layer 7: Application

26. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Stop-or-go Sampling
Project change request
Formal waterfall

28. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Service Continuity Management
The BCP process
Detection Risk
Referential Integrity

29. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Wet pipe fire sprinkler system
Disaster Recovery
The 4-item focus of a Balanced Scorecard
Emergency Changes

30. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Buffers
less than 24 hours
Transport Layer Protocols
A Virtual Server

31. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
ITIL definition of CHANGE MANAGEMENT
A gate process
Change management
A Server Cluster

32. Used to estimate the effort required to develop a software program.
Function Point Analysis
The availability of IT systems
Capability Maturity Model
Annualized Loss Expectance (ALE)

33. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Business Continuity
Six steps of the Release Management process
less than 24 hours
Variable Sampling

34. The highest number of errors that can exist without a result being materially misstated.
Options for Risk Treatment
Control Unit
Tolerable Error Rate
OSI: Network Layer

35. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
Application Layer protocols
Statistical Sampling
The 5 types of Evidence that the auditor will collect during an audit.

36. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Security Awareness program
Geographic location
IT Services Financial Management
Grid Computing

37. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Database primary key
Elements of the COBIT Framework
Reduced sign-on
Buffers

38. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
The typical Configuration Items in Configuration Management
Separate administrative accounts
Annualized Loss Expectance (ALE)
Confidence coefficient

39. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
OSI: Data Link Layer
Database primary key
Wet pipe fire sprinkler system
Buffers

40. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Statistical Sampling
A Sample Mean
Database primary key
The Requirements

41. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
SDLC Phases
The 4-item focus of a Balanced Scorecard
Business Continuity
(1.) Polices (2.) Procedures (3.) Standards

42. The means by which management establishes and measures processes by which organizational objectives are achieved
A Server Cluster
IT standards are not being reviewed often enough
Controls
Statement of Impact

43. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Categories of risk treatment
The 5 types of Evidence that the auditor will collect during an audit.
Prblem Management

44. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Expected Error Rate
Substantive Testing (test of transaction integrity)
Resource details
Business Continuity

45. Guide program execution through organization of resources and development of clear project objectives.
Resource details
Referential Integrity
Business Continuity
Project Management Strategies

46. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Data Link Layer Standards
Categories of risk treatment
The Internet Layer in the TCP/IP model
Foreign Key

47. An audit of operational efficiency.
Grid Computing
An Administrative
Separate administrative accounts
IT Services Financial Management

48. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Formal waterfall
Attribute Sampling
The appropriate role of an IS auditor in a control self-assessment
ITIL definition of PROBLEM

49. The maximum period of downtime for a process or application
Foreign Key
Business Realization
SDLC Phases
Recovery time objective

50. ITIL term used to describe the SDLC.
Precision means
The typical Configuration Items in Configuration Management
Capability Maturity Model Integration (CMMI)
Release management