SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Options for Risk Treatment
Organizational culture and maturity
Examples of IT General Controls
TCP/IP Transport Layer packet delivery
2. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Volumes of COSO framework
Critical Path Methodology
Stay current with technology
OSI Layer 5: Session
3. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
A gate process
Annualized Loss Expectance (ALE)
IT executives and the Board of Directors
Advantages of outsourcing
4. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Cloud computing
TCP/IP Internet Layer
The typical Configuration Items in Configuration Management
Compliance Testing
5. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Recovery time objective
Volumes of COSO framework
Grid Computing
TCP/IP Transport Layer packet delivery
6. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
The first step in a business impact analysis
Antivirus software on the email servers
Statistical Sampling
Server cluster
8. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Cloud computing
The Eight Types of Audits
A Cold Site
Critical Path Methodology
9. (1.) Access controls (2.) Encryption (3.) Audit logging
A Virtual Server
Primary security features of relational databases
SDLC Phases
IT Strategy
10. The main hardware component of a computer system - which executes instructions in computer programs.
Wet pipe fire sprinkler system
Stay current with technology
CPU
Attribute Sampling
11. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
Registers
Organizational culture and maturity
A Server Cluster
12. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Control Risk
Expected Error Rate
Advantages of outsourcing
The availability of IT systems
13. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
ITIL definition of PROBLEM
General Controls
The 7 phases and their order in the SDLC
14. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Sampling Risk
Segregation of duties issue in a high value process
Information security policy
Substantive Testing
15. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
List of systems examined
Critical Path Methodology
OSI: Network Layer
16. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
To identify the tasks that are responsible for project delays
Advantages of outsourcing
Business Realization
17. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Annualized Loss Expectance (ALE)
The appropriate role of an IS auditor in a control self-assessment
The best approach for identifying high risk areas for an audit
An Administrative
18. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Entire password for an encryption key
Structural fires and transportation accidents
Security Awareness program
Expected Error Rate
19. An alternate processing center that contains no information processing equipment.
A Cold Site
A Service Provider audit
Transport Layer Protocols
More difficult to perform
20. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Change management
The appropriate role of an IS auditor in a control self-assessment
WAN Protocols
Lacks specific expertise or resources to conduct an internal audit
21. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The Internet Layer in the TCP/IP model
WAN Protocols
Variable Sampling
A Virtual Server
22. Framework for auditing and measuring IT Service Management Processes.
Controls
The Software Program Library
ISO 20000 Standard:
OSI Layer 7: Application
23. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Frameworks
Buffers
Blade Computer Architecture
The Eight Types of Audits
24. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Server cluster
Stratified Sampling
Testing activities
Sampling Risk
25. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
IT Strategy
Stratified Sampling
Antivirus software on the email servers
26. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
The 4-item focus of a Balanced Scorecard
Discovery Sampling
Annualized Loss Expectance (ALE)
Configuration Management
27. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Deming Cycle
Substantive Testing (test of transaction integrity)
Detection Risk
28. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Wet pipe fire sprinkler system
The Business Process Life Cycle
The Requirements
The audit program
29. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
A Compliance audit
Personnel involved in the requirements phase of a software development project
Power system controls
Referential Integrity
30. Defines internal controls and provides guidance for assessing and improving internal control systems.
The Internet Layer in the TCP/IP model
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A Virtual Server
Main types of Controls
31. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Current and most up-to-date
The Release process
To identify the tasks that are responsible for project delays
Types of sampling an auditor can perform.
32. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
Project change request
The appropriate role of an IS auditor in a control self-assessment
Testing activities
33. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
ITIL definition of CHANGE MANAGEMENT
OSI: Physical Layer
Deming Cycle
Network Layer Protocols
34. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
A Service Provider audit
IT standards are not being reviewed often enough
Rating Scale for Process Maturity
Grid Computing
35. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
The audit program
Primary security features of relational databases
Advantages of outsourcing
36. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
An Integrated Audit
Release management
Inform the auditee
Discovery Sampling
37. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Emergency Changes
OSI Layer 7: Application
Audit Methodologies
38. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Insourcing
Structural fires and transportation accidents
A Cold Site
39. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Concentrate on samples known to represent high risk
The Steering Committee
Release management
Configuration Management
40. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Tolerable Error Rate
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Information systems access
Cloud computing
41. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Compliance Testing
The first step in a business impact analysis
Tolerable Error Rate
An Operational Audit
42. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
(1.) Man-made (2.) Natural
Three Types of Controls
Inherent Risk
Sample Standard Deviation
43. (1.) TCP (2.) UDP
Transport Layer Protocols
Sampling Risk
ITIL - IT Infrastructure Library
The Release process
44. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
Security Awareness program
TCP/IP Link Layer
Resource details
45. (1.) General (2.) Application
Annualized Loss Expectance (ALE)
Main types of Controls
The Release process
Formal waterfall
46. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
ISO 20000 Standard:
Critical Path Methodology
Buffers
BCP Plans
47. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Testing activities
PERT Diagram?
Employees with excessive privileges
48. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Inherent Risk
TCP/IP Transport Layer packet delivery
Background checks performed
Sampling
49. An audit that is performed in support of an anticipated or active legal proceeding.
Variable Sampling
Department Charters
Controls
A Forensic Audit
50. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Deming Cycle
Prblem Management
The best approach for identifying high risk areas for an audit
Compliance Testing
