SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit that combines an operational audit and a financial audit.
The two Categories of Controls
The Eight Types of Audits
An Integrated Audit
Cloud computing
2. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
The appropriate role of an IS auditor in a control self-assessment
Rating Scale for Process Maturity
Critical Path Methodology
IT Services Financial Management
3. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Control Risk
Split custody
Sampling Risk
4. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Resource details
Service Level Management
Project Management Strategies
Network Layer Protocols
5. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Application Layer protocols
Gantt Chart
Substantive Testing
6. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Variable Sampling
Judgmental sampling
Business Continuity
Lacks specific expertise or resources to conduct an internal audit
7. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Inherent Risk
Attribute Sampling
List of systems examined
The Internet Layer in the TCP/IP model
8. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
A Virtual Server
An Integrated Audit
Background checks performed
A Compliance audit
9. The highest number of errors that can exist without a result being materially misstated.
Emergency Changes
Precision means
The Internet Layer in the TCP/IP model
Tolerable Error Rate
10. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
11. An alternate processing center that contains no information processing equipment.
Deming Cycle
Controls
OSI: Data Link Layer
A Cold Site
12. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The availability of IT systems
Annualized Loss Expectance (ALE)
The Business Process Life Cycle
Capability Maturity Model
13. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
TCP/IP Link Layer
Overall audit risk
ITIL definition of CHANGE MANAGEMENT
Concentrate on samples known to represent high risk
14. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Judgmental sampling
The Internet Layer in the TCP/IP model
Information systems access
Elements of the COSO pyramid
15. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
(1.) Polices (2.) Procedures (3.) Standards
Organizational culture and maturity
More difficult to perform
Department Charters
16. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Critical Path Methodology
Wet pipe fire sprinkler system
Examples of Application Controls
Security Awareness program
17. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Service Continuity Management
More difficult to perform
Employee termination process
Lacks specific expertise or resources to conduct an internal audit
18. The maximum period of downtime for a process or application
Grid Computing
Department Charters
Registers
Recovery time objective
19. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Reduced sign-on
The Steering Committee
To identify the tasks that are responsible for project delays
20. (1.) General (2.) Application
A Virtual Server
Application Controls
General Controls
Main types of Controls
21. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Testing activities
Gantt Chart
The 4-item focus of a Balanced Scorecard
Application Layer protocols
22. (1.) TCP (2.) UDP
Capability Maturity Model
Organizational culture and maturity
Categories of risk treatment
Transport Layer Protocols
23. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Statistical Sampling
A Financial Audit
Concentrate on samples known to represent high risk
Antivirus software on the email servers
24. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Service Continuity Management
less than 24 hours
IT Services Financial Management
Discovery Sampling
25. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Application Layer protocols
Application Controls
TCP/IP Internet Layer
Business Continuity
26. PERT: shows the ______________ critical path.
Current and most up-to-date
Sampling
The Requirements
CPU
27. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Structural fires and transportation accidents
Elements of the COSO pyramid
The Eight Types of Audits
28. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
CPU
Business Realization
Sampling Risk
A Server Cluster
29. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Examples of IT General Controls
The first step in a business impact analysis
Rating Scale for Process Maturity
WAN Protocols
30. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Capability Maturity Model Integration (CMMI)
Judgmental sampling
Structural fires and transportation accidents
SDLC Phases
31. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Transport Layer Protocols
Examples of IT General Controls
Database primary key
32. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Notify the Audit Committee
TCP/IP Network Model
Prblem Management
A Problem
33. Contains programs that communicate directly with the end user.
Elements of the COBIT Framework
Employees with excessive privileges
OSI Layer 7: Application
The 5 types of Evidence that the auditor will collect during an audit.
34. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Audit logging
The typical Configuration Items in Configuration Management
Documentation and interview personnel
ITIL - IT Infrastructure Library
35. Handle application processing
The Software Program Library
Application Controls
The Eight Types of Audits
Criticality analysis
36. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
An Operational Audit
Overall audit risk
Segregation of duties issue in a high value process
List of systems examined
37. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Elements of the COSO pyramid
Frameworks
The typical Configuration Items in Configuration Management
38. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Personnel involved in the requirements phase of a software development project
Testing activities
Business Continuity
Entire password for an encryption key
39. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Geographic location
Annualized Loss Expectance (ALE)
Compliance Testing
Information security policy
40. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Buffers
Incident Management
IT standards are not being reviewed often enough
The Eight Types of Audits
41. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Database primary key
Employee termination process
Substantive Testing (test of transaction integrity)
SDLC Phases
42. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Substantive Testing (test of transaction integrity)
IT standards are not being reviewed often enough
IT Services Financial Management
43. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Gantt Chart
Audit logging
Buffers
Attribute Sampling
44. Used to translate or transform data from lower layers into formats that the application layer can work with.
Input validation checking
OSI Layer 6: Presentation
Elements of the COBIT Framework
Business impact analysis
45. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
The first step in a business impact analysis
Formal waterfall
Options for Risk Treatment
46. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Categories of risk treatment
Information systems access
Stratified Sampling
47. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Hash
The best approach for identifying high risk areas for an audit
TCP/IP Transport Layer
Elements of the COBIT Framework
48. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
A Service Provider audit
Expected Error Rate
Sampling Risk
Stratified Sampling
49. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling
Disaster Recovery
Sampling Risk
Separate administrative accounts
50. Support the functioning of the application controls
General Controls
OSI: Physical Layer
Lacks specific expertise or resources to conduct an internal audit
Wet pipe fire sprinkler system