SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
The Requirements
An Operational Audit
Substantive Testing
Security Awareness program
2. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Geographic location
A Problem
3. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Documentation and interview personnel
Control Unit
Gantt Chart
OSI: Data Link Layer
4. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Gantt Chart
An Administrative
The 4-item focus of a Balanced Scorecard
Documentation and interview personnel
5. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Incident Management
Data Link Layer Standards
Security Awareness program
Substantive Testing
6. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Application Controls
The first step in a business impact analysis
Reduced sign-on
CPU
7. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Application Layer protocols
Deming Cycle
Six steps of the Release Management process
OSI: Data Link Layer
8. Defines internal controls and provides guidance for assessing and improving internal control systems.
Emergency Changes
The best approach for identifying high risk areas for an audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A Forensic Audit
9. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
OSI: Physical Layer
Entire password for an encryption key
Options for Risk Treatment
The Software Program Library
10. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Business Realization
Critical Path Methodology
OSI: Network Layer
Examples of Application Controls
11. To measure organizational performance and effectiveness against strategic goals.
Hash
Critical Path Methodology
Balanced Scorecard
IT Strategy
12. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
The Requirements
Lacks specific expertise or resources to conduct an internal audit
Criticality analysis
13. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
The 7 phases and their order in the SDLC
The Internet Layer in the TCP/IP model
Criticality analysis
Grid Computing
14. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
15. The inventory of all in-scope business processes and systems
Inform the auditee
Controls
The first step in a business impact analysis
Transport Layer Protocols
16. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Options for Risk Treatment
Database primary key
Elements of the COSO pyramid
IT standards are not being reviewed often enough
17. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Department Charters
The availability of IT systems
The Business Process Life Cycle
Options for Risk Treatment
18. A sampling technique where at least one exception is sought in a population
Structural fires and transportation accidents
Inform the auditee
Primary security features of relational databases
Discovery Sampling
19. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Background checks performed
Audit Methodologies
(1.) Man-made (2.) Natural
Risk Management
20. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Employee termination process
Volumes of COSO framework
The BCP process
TCP/IP Link Layer
21. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Concentrate on samples known to represent high risk
Examples of Application Controls
Controls
22. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Antivirus software on the email servers
OSI Layer 7: Application
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI Layer 5: Session
23. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Deming Cycle
Insourcing
Hash
Criticality analysis
24. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
The 7 phases and their order in the SDLC
Confidence coefficient
Categories of risk treatment
25. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Statistical Sampling
Business Realization
Assess the maturity of its business processes
26. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Incident Management
Sampling
The Eight Types of Audits
27. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Capability Maturity Model Integration (CMMI)
Annualized Loss Expectance (ALE)
An Operational Audit
28. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
A Service Provider audit
ITIL - IT Infrastructure Library
Business Continuity
29. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Expected Error Rate
Structural fires and transportation accidents
Background checks performed
Disaster Recovery
30. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
More difficult to perform
Risk Management
CPU
Sampling
31. Used to estimate the effort required to develop a software program.
Prblem Management
Substantive Testing (test of transaction integrity)
Stop-or-go Sampling
Function Point Analysis
32. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Entire password for an encryption key
Business Realization
Service Continuity Management
Controls
33. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Application Controls
Blade Computer Architecture
The Release process
A gate process
34. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Server cluster
Overall audit risk
Gantt Chart
Balanced Scorecard
35. An audit that combines an operational audit and a financial audit.
Primary security features of relational databases
Statistical Sampling
An Integrated Audit
Sample Standard Deviation
36. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Information systems access
BCP Plans
Lacks specific expertise or resources to conduct an internal audit
Elements of the COBIT Framework
37. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Release management
ITIL definition of PROBLEM
Foreign Key
Judgmental sampling
38. (1.) General (2.) Application
(1.) Polices (2.) Procedures (3.) Standards
Main types of Controls
The 4-item focus of a Balanced Scorecard
The Internet Layer in the TCP/IP model
39. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
less than 24 hours
Rating Scale for Process Maturity
Sample Standard Deviation
Recovery time objective
40. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
Blade Computer Architecture
A Compliance audit
Categories of risk treatment
41. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Business Realization
Blade Computer Architecture
Confidence coefficient
CPU
42. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Power system controls
Information systems access
The first step in a business impact analysis
TCP/IP Link Layer
43. Delivery of packets from one station to another - on the same network or on different networks.
A Forensic Audit
The 5 types of Evidence that the auditor will collect during an audit.
The Internet Layer in the TCP/IP model
The BCP process
44. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Precision means
Overall audit risk
Function Point Analysis
OSI: Network Layer
45. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Attribute Sampling
A Sample Mean
Frameworks
46. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Examples of IT General Controls
Blade Computer Architecture
Background checks performed
47. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Server cluster
Precision means
Formal waterfall
Judgmental sampling
48. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Elements of the COBIT Framework
Statement of Impact
Foreign Key
Sampling Risk
49. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing
Substantive Testing (test of transaction integrity)
Cloud computing
Statement of Impact
50. An alternate processing center that contains no information processing equipment.
ITIL definition of CHANGE MANAGEMENT
Hash
Documentation and interview personnel
A Cold Site
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests