Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The appropriate role of an IS auditor in a control self-assessment
Notify the Audit Committee
The 4-item focus of a Balanced Scorecard
A gate process

2. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
Categories of risk treatment
IT Strategy
Configuration Management

3. The inventory of all in-scope business processes and systems
Project Management Strategies
Testing activities
The first step in a business impact analysis
Business Realization

4. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
PERT Diagram?
Six steps of the Release Management process
Critical Path Methodology

5. A maturity model that represents the aggregations of other maturity models.
The first step in a business impact analysis
Capability Maturity Model Integration (CMMI)
SDLC Phases
The Internet Layer in the TCP/IP model

6. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
A Virtual Server
Examples of IT General Controls
The first step in a business impact analysis
A Financial Audit

7. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Referential Integrity
A gate process
Service Continuity Management
Input validation checking

8. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
A gate process
The 7 phases and their order in the SDLC
TCP/IP Transport Layer packet delivery
Department Charters

9. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
(1.) Polices (2.) Procedures (3.) Standards
OSI Layer 7: Application
ITIL definition of CHANGE MANAGEMENT
TCP/IP Network Model

10. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
IT executives and the Board of Directors
A Cold Site
Gantt Chart

11. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Precision means
Personnel involved in the requirements phase of a software development project
Gantt Chart
TCP/IP Transport Layer

12. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Entire password for an encryption key
Inherent Risk
Controls

13. An audit that combines an operational audit and a financial audit.
An Integrated Audit
Configuration Management
Detection Risk
The 5 types of Evidence that the auditor will collect during an audit.

14. Concerned with electrical and physical specifications for devices. No frames or packets involved.
List of systems examined
OSI: Physical Layer
Three Types of Controls
Database primary key

15. Handle application processing
The 5 types of Evidence that the auditor will collect during an audit.
IT Services Financial Management
A Problem
Application Controls

16. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
Discovery Sampling
Compliance Testing
Service Continuity Management

17. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Statistical Sampling
The typical Configuration Items in Configuration Management
The best approach for identifying high risk areas for an audit
Wet pipe fire sprinkler system

18. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
The availability of IT systems
A Problem
Three Types of Controls

19. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Elements of the COSO pyramid
Six steps of the Release Management process
Formal waterfall
Employees with excessive privileges

20. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Sample Standard Deviation
Emergency Changes
A gate process
Application Controls

21. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
An Operational Audit
PERT Diagram?
Gantt Chart
Frameworks

22. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
IT Service Management
TCP/IP Network Model
BCP Plans
OSI: Transport Layer

23. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Examples of Application Controls
General Controls
OSI Layer 7: Application

24. Support the functioning of the application controls
Examples of IT General Controls
An Administrative
A Forensic Audit
General Controls

25. The means by which management establishes and measures processes by which organizational objectives are achieved
Controls
Business impact analysis
Annualized Loss Expectance (ALE)
Control Risk

26. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
IT Strategy
Application Layer protocols
Change management
OSI Layer 7: Application

27. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Resource details
Sampling Risk
A Sample Mean
ITIL definition of PROBLEM

28. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Power system controls
Six steps of the Release Management process
Attribute Sampling

29. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
A Server Cluster
Registers
To identify the tasks that are responsible for project delays
Documentation and interview personnel

30. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Attribute Sampling
Structural fires and transportation accidents
OSI: Network Layer
Options for Risk Treatment

31. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
The Eight Types of Audits
Power system controls
Main types of Controls

32. The memory locations in the CPU where arithmetic values are stored.
Stop-or-go Sampling
Business impact analysis
(1.) Polices (2.) Procedures (3.) Standards
Registers

33. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
ITIL - IT Infrastructure Library
Change management
The availability of IT systems
An Operational Audit

34. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
IT executives and the Board of Directors
Primary security features of relational databases
Transport Layer Protocols
OSI: Network Layer

35. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Employees with excessive privileges
Service Level Management
Types of sampling an auditor can perform.
Personnel involved in the requirements phase of a software development project

36. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
TCP/IP Transport Layer packet delivery
Cloud computing
Tolerable Error Rate
Elements of the COSO pyramid

37. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Employees with excessive privileges
Service Continuity Management
Information systems access
A Problem

38. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
Server cluster
The 5 types of Evidence that the auditor will collect during an audit.
PERT Diagram?

39. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Database primary key
Function Point Analysis
Three Types of Controls
Frameworks

40. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
The Steering Committee
Incident Management
Judgmental sampling

41. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

42. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Examples of IT General Controls
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Employee termination process

43. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Gantt Chart
A gate process
Deming Cycle
Insourcing

44. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Confidence coefficient
The Requirements
An Integrated Audit
objective and unbiased

45. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Confidence coefficient
The 7 phases and their order in the SDLC
TCP/IP Transport Layer
Service Continuity Management

46. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Capability Maturity Model
Capability Maturity Model Integration (CMMI)
A Problem
Advantages of outsourcing

47. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
less than 24 hours
Stay current with technology
Judgmental sampling
Sample Standard Deviation

48. An audit of a third-party organization that provides services to other organizations.
Notify the Audit Committee
Rating Scale for Process Maturity
SDLC Phases
A Service Provider audit

49. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Substantive Testing (test of transaction integrity)
Antivirus software on the email servers
less than 24 hours
Tolerable Error Rate

50. Focuses on: post-event recovery and restoration of services
OSI Layer 7: Application
A Financial Audit
Project Management Strategies
Disaster Recovery