Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
Inform the auditee
Vulnerability in the organization's PBX
Assess the maturity of its business processes

2. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
IT Service Management
Antivirus software on the email servers
Detection Risk
Elements of the COBIT Framework

3. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
A Forensic Audit
Input validation checking
less than 24 hours
OSI: Network Layer

4. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Reduced sign-on
To identify the tasks that are responsible for project delays
A Forensic Audit
Advantages of outsourcing

5. 1.) Executive Support (2.) Well-defined roles and responsibilities.
A Service Provider audit
Recovery time objective
Blade Computer Architecture
Information security policy

6. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Tolerable Error Rate
The audit program
Power system controls
Risk Management

7. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Criticality analysis
The 5 types of Evidence that the auditor will collect during an audit.
The typical Configuration Items in Configuration Management

8. An audit that combines an operational audit and a financial audit.
The Requirements
Resource details
An Integrated Audit
Dimensions of the COSO cube

9. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Separate administrative accounts
Project Management Strategies
Segregation of duties issue in a high value process

10. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
A Cold Site
Application Controls
IT Strategy

11. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
An IS audit
Separate administrative accounts
Critical Path Methodology
Recovery time objective

12. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Capability Maturity Model
Transport Layer Protocols
Substantive Testing
Examples of Application Controls

13. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
TCP/IP Network Model
Inform the auditee
Database primary key
List of systems examined

14. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Dimensions of the COSO cube
Employees with excessive privileges
A Cold Site
Inherent Risk

15. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
objective and unbiased
Reduced sign-on
Input validation checking
Deming Cycle

16. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

17. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Resource details
Examples of IT General Controls
The two Categories of Controls
Lacks specific expertise or resources to conduct an internal audit

18. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
An IS audit
The Steering Committee
Segregation of duties issue in a high value process

19. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Risk Management
Release management
Capability Maturity Model
The Software Program Library

20. Collections of Controls that work together to achieve an entire range of an organization's objectives.
A Service Provider audit
Capability Maturity Model Integration (CMMI)
IT standards are not being reviewed often enough
Frameworks

21. Handle application processing
Referential Integrity
Application Controls
Overall audit risk
OSI Layer 5: Session

22. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Primary security features of relational databases
Six steps of the Release Management process
A Sample Mean

23. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
Hash
Business Realization
A Forensic Audit

24. To measure organizational performance and effectiveness against strategic goals.
(1.) Man-made (2.) Natural
Balanced Scorecard
BCP Plans
Elements of the COSO pyramid

25. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
ITIL definition of CHANGE MANAGEMENT
Expected Error Rate
Deming Cycle
Substantive Testing

26. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
List of systems examined
Statistical Sampling
The first step in a business impact analysis

27. The inventory of all in-scope business processes and systems
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Gantt Chart
Personnel involved in the requirements phase of a software development project
The first step in a business impact analysis

28. An audit of a third-party organization that provides services to other organizations.
SDLC Phases
A Service Provider audit
TCP/IP Transport Layer
The Release process

29. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
List of systems examined
Tolerable Error Rate
A Virtual Server

30. The memory locations in the CPU where arithmetic values are stored.
Release management
Assess the maturity of its business processes
CPU
Registers

31. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Statistical Sampling
(1.) Polices (2.) Procedures (3.) Standards
Entire password for an encryption key
A Financial Audit

32. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Notify the Audit Committee
Inherent Risk
Substantive Testing
A gate process

33. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Confidence coefficient
Business Realization
The 4-item focus of a Balanced Scorecard

34. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
The 4-item focus of a Balanced Scorecard
Sample Standard Deviation
A Problem
A Server Cluster

35. Used to estimate the effort required to develop a software program.
A gate process
Sample Standard Deviation
Function Point Analysis
OSI Layer 5: Session

36. Framework for auditing and measuring IT Service Management Processes.
Segregation of duties issue in a high value process
The Release process
ISO 20000 Standard:
An Operational Audit

37. One of a database table's fields - whose value is unique.
Antivirus software on the email servers
Grid Computing
Application Controls
Database primary key

38. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
An Operational Audit
Stay current with technology
Personnel involved in the requirements phase of a software development project
A Service Provider audit

39. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
Personnel involved in the requirements phase of a software development project
Organizational culture and maturity
The 4-item focus of a Balanced Scorecard

40. Gantt: used to display ______________.
Resource details
TCP/IP Transport Layer packet delivery
ITIL definition of PROBLEM
The Internet Layer in the TCP/IP model

41. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Documentation and interview personnel
Capability Maturity Model
Six steps of the Release Management process
Tolerable Error Rate

42. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Project change request
Referential Integrity
ISO 20000 Standard:
Data Link Layer Standards

43. Used to translate or transform data from lower layers into formats that the application layer can work with.
Precision means
Personnel involved in the requirements phase of a software development project
OSI Layer 6: Presentation
The best approach for identifying high risk areas for an audit

44. The main hardware component of a computer system - which executes instructions in computer programs.
Business Realization
Blade Computer Architecture
Referential Integrity
CPU

45. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Application Controls
Geographic location
TCP/IP Link Layer
Service Level Management

46. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
Business Realization
Business impact analysis
Employees with excessive privileges

47. Delivery of packets from one station to another - on the same network or on different networks.
objective and unbiased
OSI Layer 5: Session
The Internet Layer in the TCP/IP model
Segregation of duties issue in a high value process

48. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Substantive Testing
Criticality analysis
To identify the tasks that are responsible for project delays
The first step in a business impact analysis

49. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Information systems access
Documentation and interview personnel
The Steering Committee
An IS audit

50. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Information security policy
Tolerable Error Rate
Reduced sign-on
Server cluster