SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Formal waterfall
Criticality analysis
Advantages of outsourcing
Separate administrative accounts
2. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Detection Risk
A Compliance audit
Split custody
The audit program
3. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Confidence coefficient
The 7 phases and their order in the SDLC
Statistical Sampling
4. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Audit logging
Balanced Scorecard
Capability Maturity Model Integration (CMMI)
Incident Management
5. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Documentation and interview personnel
Buffers
Security Awareness program
Notify the Audit Committee
6. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
OSI: Physical Layer
A gate process
Expected Error Rate
7. A representation of how closely a sample represents an entire population.
Critical Path Methodology
Variable Sampling
OSI: Data Link Layer
Precision means
8. An audit that is performed in support of an anticipated or active legal proceeding.
Separate administrative accounts
Geographic location
Attribute Sampling
A Forensic Audit
9. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
TCP/IP Internet Layer
Capability Maturity Model Integration (CMMI)
Substantive Testing (test of transaction integrity)
Antivirus software on the email servers
10. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
(1.) Polices (2.) Procedures (3.) Standards
Examples of Application Controls
Grid Computing
Balanced Scorecard
11. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Balanced Scorecard
Detection Risk
(1.) Man-made (2.) Natural
A Virtual Server
12. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
TCP/IP Network Model
Recovery time objective
Buffers
List of systems examined
13. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Precision means
A Cold Site
Frameworks
Deming Cycle
14. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Audit Methodologies
Elements of the COSO pyramid
Lacks specific expertise or resources to conduct an internal audit
Concentrate on samples known to represent high risk
15. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI Layer 5: Session
Three Types of Controls
A Cold Site
More difficult to perform
16. Support the functioning of the application controls
Main types of Controls
Prblem Management
General Controls
Grid Computing
17. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The best approach for identifying high risk areas for an audit
The Software Program Library
Inherent Risk
Examples of IT General Controls
18. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
19. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
A Financial Audit
A Forensic Audit
Examples of IT General Controls
Application Controls
20. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
TCP/IP Transport Layer packet delivery
Business Realization
Business impact analysis
Segregation of duties issue in a high value process
21. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
List of systems examined
(1.) Polices (2.) Procedures (3.) Standards
Split custody
Sampling Risk
22. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Change management
Network Layer Protocols
Overall audit risk
Business impact analysis
23. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Reduced sign-on
Categories of risk treatment
Service Level Management
Control Unit
24. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
The typical Configuration Items in Configuration Management
Service Level Management
The Eight Types of Audits
Control Unit
25. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Personnel involved in the requirements phase of a software development project
Configuration Management
Transport Layer Protocols
26. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Cloud computing
Control Unit
The Software Program Library
27. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Stop-or-go Sampling
Sampling
Capability Maturity Model Integration (CMMI)
28. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
CPU
Organizational culture and maturity
Project Management Strategies
WAN Protocols
29. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Statement of Impact
Rating Scale for Process Maturity
Controls
30. Used to determine which business processes are the most critical - by ranking them in order of criticality
Statistical Sampling
Frameworks
Criticality analysis
Statement of Impact
31. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Recovery time objective
A Problem
Blade Computer Architecture
The BCP process
32. The memory locations in the CPU where arithmetic values are stored.
Registers
Deming Cycle
Annualized Loss Expectance (ALE)
Geographic location
33. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Sample Standard Deviation
The appropriate role of an IS auditor in a control self-assessment
Segregation of duties issue in a high value process
Substantive Testing (test of transaction integrity)
34. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
The audit program
The BCP process
Sampling Risk
35. An alternate processing center that contains no information processing equipment.
A Server Cluster
Project change request
An IS audit
A Cold Site
36. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
The Eight Types of Audits
Overall audit risk
Power system controls
CPU
37. One of a database table's fields - whose value is unique.
The audit program
Antivirus software on the email servers
Database primary key
A Forensic Audit
38. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Stratified Sampling
Incident Management
OSI: Physical Layer
Options for Risk Treatment
39. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
Testing activities
Volumes of COSO framework
Examples of IT General Controls
40. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Prblem Management
OSI Layer 5: Session
The 4-item focus of a Balanced Scorecard
A gate process
41. An audit of an IS department's operations and systems.
Types of sampling an auditor can perform.
An IS audit
SDLC Phases
Detection Risk
42. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
objective and unbiased
The Internet Layer in the TCP/IP model
IT Services Financial Management
Recovery time objective
43. (1.) TCP (2.) UDP
Transport Layer Protocols
TCP/IP Transport Layer
Input validation checking
TCP/IP Link Layer
44. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
A Server Cluster
Attribute Sampling
Volumes of COSO framework
To identify the tasks that are responsible for project delays
45. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Incident Management
Disaster Recovery
Information security policy
BCP Plans
46. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Prblem Management
Advantages of outsourcing
Elements of the COSO pyramid
Critical Path Methodology
47. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Information systems access
Criticality analysis
The Requirements
The Release process
48. (1.) Automatic (2.) Manual
Prblem Management
Server cluster
Entire password for an encryption key
The two Categories of Controls
49. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
A gate process
Precision means
Inform the auditee
50. IT Governance is most concerned with ________.
Precision means
TCP/IP Link Layer
Wet pipe fire sprinkler system
IT Strategy
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests