SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
Elements of the COBIT Framework
Formal waterfall
Inform the auditee
2. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Capability Maturity Model
Substantive Testing (test of transaction integrity)
Categories of risk treatment
An Integrated Audit
3. An audit that is performed in support of an anticipated or active legal proceeding.
TCP/IP Transport Layer
A gate process
The best approach for identifying high risk areas for an audit
A Forensic Audit
4. A representation of how closely a sample represents an entire population.
Transport Layer Protocols
Judgmental sampling
Precision means
Overall audit risk
5. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
The best approach for identifying high risk areas for an audit
Referential Integrity
Security Awareness program
WAN Protocols
6. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
less than 24 hours
OSI: Physical Layer
The 4-item focus of a Balanced Scorecard
Categories of risk treatment
7. The inventory of all in-scope business processes and systems
The two Categories of Controls
ITIL definition of CHANGE MANAGEMENT
IT executives and the Board of Directors
The first step in a business impact analysis
8. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
IT Service Management
To identify the tasks that are responsible for project delays
Attribute Sampling
Advantages of outsourcing
9. The means by which management establishes and measures processes by which organizational objectives are achieved
Variable Sampling
Controls
Server cluster
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
10. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Audit Methodologies
The Steering Committee
Change management
The best approach for identifying high risk areas for an audit
11. IT Governance is most concerned with ________.
IT Strategy
Primary security features of relational databases
The Eight Types of Audits
Risk Management
12. (1.) General (2.) Application
Emergency Changes
Main types of Controls
ITIL definition of CHANGE MANAGEMENT
Formal waterfall
13. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The audit program
An Operational Audit
less than 24 hours
More difficult to perform
14. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Substantive Testing (test of transaction integrity)
The Steering Committee
Inherent Risk
IT Strategy
15. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Cloud computing
Grid Computing
Gantt Chart
Elements of the COSO pyramid
16. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
The Eight Types of Audits
less than 24 hours
Transport Layer Protocols
Risk Management
17. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Volumes of COSO framework
The appropriate role of an IS auditor in a control self-assessment
Elements of the COSO pyramid
Deming Cycle
18. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
ISO 20000 Standard:
OSI Layer 5: Session
The best approach for identifying high risk areas for an audit
19. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Main types of Controls
Stratified Sampling
Concentrate on samples known to represent high risk
Input validation checking
20. Used to estimate the effort required to develop a software program.
Function Point Analysis
OSI: Transport Layer
Formal waterfall
The first step in a business impact analysis
21. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Server cluster
Confidence coefficient
Elements of the COSO pyramid
22. The first major task in a disaster recovery or business continuity planning project.
The two Categories of Controls
ITIL definition of CHANGE MANAGEMENT
Business impact analysis
Stratified Sampling
23. Handle application processing
Formal waterfall
Application Controls
The 7 phases and their order in the SDLC
Examples of Application Controls
24. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
ITIL definition of PROBLEM
Blade Computer Architecture
Vulnerability in the organization's PBX
25. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Statistical Sampling
Network Layer Protocols
Cloud computing
To identify the tasks that are responsible for project delays
26. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Elements of the COSO pyramid
Judgmental sampling
Incident Management
Configuration Management
27. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
A Server Cluster
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Formal waterfall
28. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Configuration Management
CPU
OSI Layer 7: Application
29. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Elements of the COSO pyramid
Change management
Structural fires and transportation accidents
Function Point Analysis
30. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Substantive Testing (test of transaction integrity)
ISO 20000 Standard:
A gate process
Segregation of duties issue in a high value process
31. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Server cluster
The two Categories of Controls
Rating Scale for Process Maturity
Control Unit
32. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Concentrate on samples known to represent high risk
Split custody
Current and most up-to-date
Inherent Risk
33. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
A Server Cluster
Examples of IT General Controls
Information security policy
34. The memory locations in the CPU where arithmetic values are stored.
OSI: Network Layer
Registers
Confidence coefficient
Sampling
35. The sum of all samples divided by the number of samples.
Capability Maturity Model Integration (CMMI)
A Sample Mean
Project Management Strategies
Organizational culture and maturity
36. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
37. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Segregation of duties issue in a high value process
WAN Protocols
objective and unbiased
Referential Integrity
38. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Volumes of COSO framework
Critical Path Methodology
Gantt Chart
Stratified Sampling
39. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
More difficult to perform
ITIL definition of PROBLEM
Audit logging
40. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Dimensions of the COSO cube
Release management
Rating Scale for Process Maturity
Assess the maturity of its business processes
41. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
Capability Maturity Model
A Service Provider audit
Resource details
42. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Application Controls
Foreign Key
Change management
OSI: Network Layer
43. The maximum period of downtime for a process or application
The 7 phases and their order in the SDLC
The Eight Types of Audits
Recovery time objective
Three Types of Controls
44. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Examples of IT General Controls
Formal waterfall
Input validation checking
Emergency Changes
45. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
The Requirements
Three Types of Controls
Hash
Assess the maturity of its business processes
46. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Audit logging
Information security policy
Dimensions of the COSO cube
PERT Diagram?
47. Gantt: used to display ______________.
Statement of Impact
Resource details
Assess the maturity of its business processes
Critical Path Methodology
48. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
OSI Layer 5: Session
Formal waterfall
Separate administrative accounts
49. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Tolerable Error Rate
Confidence coefficient
OSI: Data Link Layer
Six steps of the Release Management process
50. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Financial Audit
A Server Cluster
Sampling Risk
More difficult to perform