SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
ITIL definition of CHANGE MANAGEMENT
The Eight Types of Audits
Inform the auditee
More difficult to perform
2. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
More difficult to perform
List of systems examined
A Sample Mean
3. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
The 4-item focus of a Balanced Scorecard
Rating Scale for Process Maturity
ITIL definition of PROBLEM
Audit Methodologies
4. The first major task in a disaster recovery or business continuity planning project.
Hash
Information systems access
Business impact analysis
An Administrative
5. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Discovery Sampling
Business impact analysis
Information systems access
6. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
Application Controls
Dimensions of the COSO cube
The Steering Committee
7. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Employees with excessive privileges
Formal waterfall
Statistical Sampling
Sample Standard Deviation
9. The highest number of errors that can exist without a result being materially misstated.
The typical Configuration Items in Configuration Management
ITIL definition of PROBLEM
Business Continuity
Tolerable Error Rate
10. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Deming Cycle
BCP Plans
Insourcing
OSI Layer 5: Session
11. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
IT executives and the Board of Directors
Formal waterfall
Statement of Impact
Service Level Management
12. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Compliance Testing
Primary security features of relational databases
Incident Management
Resource details
13. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
Compliance Testing
Elements of the COSO pyramid
Assess the maturity of its business processes
14. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Recovery time objective
Overall audit risk
objective and unbiased
The Steering Committee
15. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
The 4-item focus of a Balanced Scorecard
Grid Computing
Server cluster
16. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Judgmental sampling
Service Level Management
Project change request
IT Strategy
17. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Frameworks
Lacks specific expertise or resources to conduct an internal audit
An Operational Audit
Control Risk
18. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
An Administrative
Information systems access
Dimensions of the COSO cube
19. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Audit logging
Elements of the COBIT Framework
Database primary key
Segregation of duties issue in a high value process
20. ITIL term used to describe the SDLC.
Release management
The 7 phases and their order in the SDLC
Business Realization
Recovery time objective
21. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Statement of Impact
A Sample Mean
Application Layer protocols
Stay current with technology
22. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
The typical Configuration Items in Configuration Management
ITIL definition of PROBLEM
Notify the Audit Committee
23. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Business Realization
Data Link Layer Standards
Change management
less than 24 hours
24. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
IT Services Financial Management
Audit logging
The Business Process Life Cycle
25. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
(1.) Polices (2.) Procedures (3.) Standards
List of systems examined
OSI: Data Link Layer
PERT Diagram?
26. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
A Virtual Server
Information systems access
A Problem
27. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Discovery Sampling
Elements of the COBIT Framework
Grid Computing
Information systems access
28. Used to determine which business processes are the most critical - by ranking them in order of criticality
Sampling
The Business Process Life Cycle
Inform the auditee
Criticality analysis
29. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Discovery Sampling
Employees with excessive privileges
Split custody
Project Management Strategies
30. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Transport Layer Protocols
General Controls
IT Services Financial Management
31. Lowest layer. Delivers messages (frames) from one station to another vial local network.
The 7 phases and their order in the SDLC
TCP/IP Link Layer
Wet pipe fire sprinkler system
The typical Configuration Items in Configuration Management
32. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
TCP/IP Network Model
Resource details
Buffers
Prblem Management
33. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Application Layer protocols
Control Risk
Split custody
Rating Scale for Process Maturity
34. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
The availability of IT systems
Inform the auditee
An Operational Audit
35. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
The appropriate role of an IS auditor in a control self-assessment
(1.) Polices (2.) Procedures (3.) Standards
Sampling Risk
Formal waterfall
36. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Grid Computing
Substantive Testing
Background checks performed
Examples of Application Controls
37. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Examples of Application Controls
Segregation of duties issue in a high value process
Split custody
Assess the maturity of its business processes
38. To communication security policies - procedures - and other security-related information to an organization's employees.
Main types of Controls
Split custody
The 5 types of Evidence that the auditor will collect during an audit.
Security Awareness program
39. Used to measure the relative maturity of an organization and its processes.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
General Controls
Capability Maturity Model
The two Categories of Controls
40. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Project Management Strategies
Attribute Sampling
Database primary key
Information systems access
41. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
TCP/IP Internet Layer
Project change request
IT executives and the Board of Directors
The Business Process Life Cycle
42. The maximum period of downtime for a process or application
Recovery time objective
Background checks performed
Hash
Server cluster
43. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
PERT Diagram?
Hash
Input validation checking
Categories of risk treatment
44. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
SDLC Phases
Current and most up-to-date
Concentrate on samples known to represent high risk
An Operational Audit
45. The risk that an IS auditor will overlook errors or exceptions during an audit.
Database primary key
The BCP process
Separate administrative accounts
Detection Risk
46. Describes the effect on the business if a process is incapacitated for any appreciable time
Service Continuity Management
Statement of Impact
Volumes of COSO framework
Substantive Testing (test of transaction integrity)
47. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Discovery Sampling
Service Continuity Management
(1.) Man-made (2.) Natural
The 7 phases and their order in the SDLC
48. Support the functioning of the application controls
Business Realization
Lacks specific expertise or resources to conduct an internal audit
General Controls
Formal waterfall
49. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Six steps of the Release Management process
CPU
Assess the maturity of its business processes
Input validation checking
50. (1.) Automatic (2.) Manual
The Internet Layer in the TCP/IP model
Geographic location
TCP/IP Internet Layer
The two Categories of Controls