SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
WAN Protocols
OSI Layer 5: Session
Sampling
To identify the tasks that are responsible for project delays
2. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Stratified Sampling
Buffers
Foreign Key
Incident Management
3. The means by which management establishes and measures processes by which organizational objectives are achieved
Recovery time objective
Organizational culture and maturity
Examples of IT General Controls
Controls
4. PERT: shows the ______________ critical path.
Structural fires and transportation accidents
The Software Program Library
Current and most up-to-date
ITIL definition of CHANGE MANAGEMENT
5. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Vulnerability in the organization's PBX
Information security policy
Service Continuity Management
Grid Computing
6. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Business Realization
ITIL - IT Infrastructure Library
Examples of IT General Controls
TCP/IP Link Layer
7. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
The Requirements
Criticality analysis
The first step in a business impact analysis
Separate administrative accounts
8. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
OSI Layer 6: Presentation
The 4-item focus of a Balanced Scorecard
A Virtual Server
Overall audit risk
9. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Six steps of the Release Management process
Inherent Risk
OSI: Physical Layer
ITIL definition of CHANGE MANAGEMENT
10. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
An Integrated Audit
Sample Standard Deviation
Notify the Audit Committee
Control Risk
11. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
The 7 phases and their order in the SDLC
Controls
Network Layer Protocols
12. Subjective sampling is used when the auditor wants to _________________________.
Tolerable Error Rate
Concentrate on samples known to represent high risk
IT standards are not being reviewed often enough
Lacks specific expertise or resources to conduct an internal audit
13. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
14. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Judgmental sampling
Blade Computer Architecture
Audit logging
Recovery time objective
15. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Deming Cycle
Testing activities
Capability Maturity Model Integration (CMMI)
Statement of Impact
16. Gantt: used to display ______________.
Elements of the COSO pyramid
Resource details
Recovery time objective
Transport Layer Protocols
17. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
Network Layer Protocols
IT standards are not being reviewed often enough
Inherent Risk
18. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
TCP/IP Transport Layer
IT executives and the Board of Directors
TCP/IP Network Model
19. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Advantages of outsourcing
Gantt Chart
Options for Risk Treatment
Background checks performed
20. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Entire password for an encryption key
A Server Cluster
Current and most up-to-date
Frameworks
21. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Types of sampling an auditor can perform.
Categories of risk treatment
Controls
Stay current with technology
22. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
CPU
The 7 phases and their order in the SDLC
Critical Path Methodology
Hash
23. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Assess the maturity of its business processes
Statistical Sampling
IT Service Management
Input validation checking
24. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
Release management
Lacks specific expertise or resources to conduct an internal audit
(1.) Man-made (2.) Natural
25. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
A gate process
IT standards are not being reviewed often enough
Split custody
Deming Cycle
26. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
A Forensic Audit
WAN Protocols
Formal waterfall
TCP/IP Link Layer
27. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The best approach for identifying high risk areas for an audit
Grid Computing
Rating Scale for Process Maturity
Registers
28. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Gantt Chart
An Integrated Audit
IT standards are not being reviewed often enough
Network Layer Protocols
29. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Cloud computing
OSI Layer 6: Presentation
objective and unbiased
Wet pipe fire sprinkler system
30. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Documentation and interview personnel
Server cluster
Application Controls
31. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Antivirus software on the email servers
OSI: Network Layer
ISO 20000 Standard:
Buffers
32. The inventory of all in-scope business processes and systems
An Integrated Audit
An Operational Audit
The first step in a business impact analysis
Dimensions of the COSO cube
33. (1.) General (2.) Application
An IS audit
Recovery time objective
Main types of Controls
Release management
34. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
Service Continuity Management
TCP/IP Transport Layer packet delivery
ITIL - IT Infrastructure Library
35. An audit that is performed in support of an anticipated or active legal proceeding.
Hash
A Forensic Audit
Separate administrative accounts
Project Management Strategies
36. The sum of all samples divided by the number of samples.
Testing activities
A Sample Mean
Annualized Loss Expectance (ALE)
Control Unit
37. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Advantages of outsourcing
Transport Layer Protocols
Information systems access
38. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
IT executives and the Board of Directors
Input validation checking
Formal waterfall
Project Management Strategies
39. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Advantages of outsourcing
The Requirements
Substantive Testing
Six steps of the Release Management process
40. The highest number of errors that can exist without a result being materially misstated.
TCP/IP Transport Layer packet delivery
Statistical Sampling
Tolerable Error Rate
Precision means
41. The memory locations in the CPU where arithmetic values are stored.
Data Link Layer Standards
Detection Risk
Registers
Gantt Chart
42. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
More difficult to perform
Examples of Application Controls
Background checks performed
Data Link Layer Standards
43. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Release management
Organizational culture and maturity
Blade Computer Architecture
44. An audit of operational efficiency.
A Server Cluster
Annualized Loss Expectance (ALE)
An Administrative
Employee termination process
45. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Elements of the COBIT Framework
OSI: Transport Layer
Business Realization
Project Management Strategies
46. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Audit Methodologies
The availability of IT systems
Business Realization
Precision means
47. ITIL term used to describe the SDLC.
Release management
Separate administrative accounts
Compliance Testing
The Business Process Life Cycle
48. IT Service Management is defined in ___________________ framework.
Confidence coefficient
The Steering Committee
A Server Cluster
ITIL - IT Infrastructure Library
49. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Project change request
Transport Layer Protocols
Deming Cycle
Change management
50. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Service Level Management
An Administrative
OSI Layer 6: Presentation