SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Business impact analysis
Compliance Testing
Prblem Management
TCP/IP Transport Layer packet delivery
2. An audit of a third-party organization that provides services to other organizations.
Information systems access
Blade Computer Architecture
A Service Provider audit
Attribute Sampling
3. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
The BCP process
Function Point Analysis
Primary security features of relational databases
Sampling
4. (1.) General (2.) Application
The appropriate role of an IS auditor in a control self-assessment
Registers
Main types of Controls
OSI Layer 5: Session
5. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
A Server Cluster
Assess the maturity of its business processes
Variable Sampling
The Steering Committee
6. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
Documentation and interview personnel
Configuration Management
Audit logging
8. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Capability Maturity Model Integration (CMMI)
Current and most up-to-date
Tolerable Error Rate
9. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Judgmental sampling
Tolerable Error Rate
Capability Maturity Model Integration (CMMI)
10. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
The Release process
Function Point Analysis
OSI: Data Link Layer
Personnel involved in the requirements phase of a software development project
11. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Concentrate on samples known to represent high risk
Primary security features of relational databases
IT executives and the Board of Directors
Inform the auditee
12. The risk that an IS auditor will overlook errors or exceptions during an audit.
TCP/IP Link Layer
objective and unbiased
Referential Integrity
Detection Risk
13. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Organizational culture and maturity
TCP/IP Link Layer
Testing activities
IT Strategy
14. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Tolerable Error Rate
SDLC Phases
Business Realization
WAN Protocols
15. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Concentrate on samples known to represent high risk
OSI: Data Link Layer
Function Point Analysis
Substantive Testing (test of transaction integrity)
16. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Server cluster
Sampling Risk
The Internet Layer in the TCP/IP model
WAN Protocols
17. The highest number of errors that can exist without a result being materially misstated.
A Financial Audit
Variable Sampling
OSI: Transport Layer
Tolerable Error Rate
18. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Prblem Management
A Service Provider audit
More difficult to perform
19. Framework for auditing and measuring IT Service Management Processes.
Entire password for an encryption key
ISO 20000 Standard:
Lacks specific expertise or resources to conduct an internal audit
Structural fires and transportation accidents
20. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Three Types of Controls
Function Point Analysis
Dimensions of the COSO cube
The 5 types of Evidence that the auditor will collect during an audit.
21. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Stop-or-go Sampling
A Virtual Server
Project change request
(1.) Man-made (2.) Natural
22. Handle application processing
objective and unbiased
Data Link Layer Standards
Referential Integrity
Application Controls
23. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Personnel involved in the requirements phase of a software development project
ISO 20000 Standard:
Foreign Key
An IS audit
24. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Registers
Audit logging
Categories of risk treatment
Network Layer Protocols
25. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
Examples of Application Controls
Emergency Changes
TCP/IP Transport Layer
26. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Categories of risk treatment
TCP/IP Internet Layer
Organizational culture and maturity
27. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Transport Layer Protocols
Capability Maturity Model
Compliance Testing
Six steps of the Release Management process
28. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Formal waterfall
OSI: Physical Layer
Concentrate on samples known to represent high risk
OSI: Network Layer
29. (1.) Link (2.) Internet (3.) Transport (4.) Application
less than 24 hours
IT Strategy
Categories of risk treatment
TCP/IP Network Model
30. The sum of all samples divided by the number of samples.
OSI Layer 6: Presentation
A Sample Mean
Compliance Testing
Tolerable Error Rate
31. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Control Unit
Examples of IT General Controls
The audit program
Current and most up-to-date
32. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
Configuration Management
Variable Sampling
The Requirements
33. A sampling technique where at least one exception is sought in a population
OSI Layer 7: Application
Stratified Sampling
Discovery Sampling
Recovery time objective
34. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
List of systems examined
Employees with excessive privileges
Control Risk
35. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The appropriate role of an IS auditor in a control self-assessment
To identify the tasks that are responsible for project delays
A Service Provider audit
less than 24 hours
36. The inventory of all in-scope business processes and systems
Business Continuity
The first step in a business impact analysis
Examples of Application Controls
Information systems access
37. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
The appropriate role of an IS auditor in a control self-assessment
An Operational Audit
Entire password for an encryption key
Deming Cycle
38. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
IT standards are not being reviewed often enough
Reduced sign-on
Deming Cycle
39. Defines internal controls and provides guidance for assessing and improving internal control systems.
Department Charters
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
An Administrative
Documentation and interview personnel
40. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
The appropriate role of an IS auditor in a control self-assessment
The 5 types of Evidence that the auditor will collect during an audit.
Sampling
less than 24 hours
41. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Service Level Management
PERT Diagram?
Input validation checking
ITIL definition of CHANGE MANAGEMENT
42. (1.) Objectives (2.) Components (3.) Business Units / Areas
Personnel involved in the requirements phase of a software development project
Dimensions of the COSO cube
The 4-item focus of a Balanced Scorecard
Cloud computing
43. Used to estimate the effort required to develop a software program.
Function Point Analysis
Annualized Loss Expectance (ALE)
Categories of risk treatment
Emergency Changes
44. The memory locations in the CPU where arithmetic values are stored.
The appropriate role of an IS auditor in a control self-assessment
ISO 20000 Standard:
Sample Standard Deviation
Registers
45. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Separate administrative accounts
Incident Management
Application Layer protocols
The Internet Layer in the TCP/IP model
46. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Stratified Sampling
Concentrate on samples known to represent high risk
Criticality analysis
47. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Stratified Sampling
Sampling Risk
To identify the tasks that are responsible for project delays
48. IT Governance is most concerned with ________.
Disaster Recovery
TCP/IP Transport Layer
Statement of Impact
IT Strategy
49. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Variable Sampling
Hash
Types of sampling an auditor can perform.
Data Link Layer Standards
50. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Sample Standard Deviation
Six steps of the Release Management process
The appropriate role of an IS auditor in a control self-assessment
SDLC Phases