SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. PERT: shows the ______________ critical path.
Current and most up-to-date
Lacks specific expertise or resources to conduct an internal audit
List of systems examined
Categories of risk treatment
2. Disasters are generally grouped in terms of type: ______________.
(1.) Man-made (2.) Natural
The two Categories of Controls
Structural fires and transportation accidents
Capability Maturity Model
3. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Sampling
TCP/IP Transport Layer packet delivery
Foreign Key
The Business Process Life Cycle
4. One of a database table's fields - whose value is unique.
Database primary key
OSI Layer 6: Presentation
ITIL definition of PROBLEM
A Financial Audit
5. Focuses on: post-event recovery and restoration of services
TCP/IP Internet Layer
Disaster Recovery
ISO 20000 Standard:
Judgmental sampling
6. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Lacks specific expertise or resources to conduct an internal audit
OSI Layer 5: Session
A Compliance audit
TCP/IP Link Layer
7. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
The first step in a business impact analysis
Gantt Chart
Resource details
Business impact analysis
8. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
(1.) Man-made (2.) Natural
Information systems access
Structural fires and transportation accidents
List of systems examined
9. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Recovery time objective
Variable Sampling
Business Continuity
The Business Process Life Cycle
10. (1.) General (2.) Application
OSI Layer 6: Presentation
A Forensic Audit
Main types of Controls
The Business Process Life Cycle
11. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
Hash
BCP Plans
Examples of Application Controls
12. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
An IS audit
OSI: Transport Layer
Insourcing
Entire password for an encryption key
13. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
TCP/IP Internet Layer
The Eight Types of Audits
A Problem
Sampling
14. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
TCP/IP Transport Layer
Reduced sign-on
Advantages of outsourcing
A Problem
15. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
The Steering Committee
Six steps of the Release Management process
Critical Path Methodology
The Release process
16. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Audit Methodologies
A Service Provider audit
More difficult to perform
ITIL definition of PROBLEM
17. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Sampling Risk
Segregation of duties issue in a high value process
An Administrative
The audit program
18. Handle application processing
Three Types of Controls
Incident Management
Security Awareness program
Application Controls
19. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Stratified Sampling
Background checks performed
Department Charters
Vulnerability in the organization's PBX
20. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
A Sample Mean
Control Unit
TCP/IP Network Model
Gantt Chart
21. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
OSI: Transport Layer
To identify the tasks that are responsible for project delays
An Operational Audit
22. An alternate processing center that contains no information processing equipment.
Assess the maturity of its business processes
General Controls
A Cold Site
Service Level Management
23. An audit of an IS department's operations and systems.
An Integrated Audit
An IS audit
The best approach for identifying high risk areas for an audit
Judgmental sampling
24. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
SDLC Phases
Change management
Foreign Key
Six steps of the Release Management process
25. An audit of a third-party organization that provides services to other organizations.
The Requirements
Power system controls
A Service Provider audit
Judgmental sampling
26. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Control Risk
OSI: Data Link Layer
Examples of IT General Controls
A Sample Mean
27. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Sampling
The Steering Committee
(1.) Polices (2.) Procedures (3.) Standards
The appropriate role of an IS auditor in a control self-assessment
28. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Separate administrative accounts
An IS audit
Annualized Loss Expectance (ALE)
29. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Resource details
Employee termination process
Emergency Changes
Sampling Risk
30. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
General Controls
ITIL definition of PROBLEM
An Administrative
Notify the Audit Committee
31. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
32. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Information security policy
Notify the Audit Committee
The BCP process
33. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
OSI Layer 5: Session
Power system controls
Expected Error Rate
OSI: Physical Layer
34. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Statement of Impact
Server cluster
Sample Standard Deviation
OSI: Physical Layer
35. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
Function Point Analysis
Geographic location
Data Link Layer Standards
36. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Structural fires and transportation accidents
Information security policy
The typical Configuration Items in Configuration Management
Concentrate on samples known to represent high risk
37. Delivery of packets from one station to another - on the same network or on different networks.
objective and unbiased
Documentation and interview personnel
Transport Layer Protocols
The Internet Layer in the TCP/IP model
38. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Examples of IT General Controls
Discovery Sampling
39. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Audit Methodologies
Discovery Sampling
List of systems examined
Hash
40. Framework for auditing and measuring IT Service Management Processes.
Annualized Loss Expectance (ALE)
Current and most up-to-date
Transport Layer Protocols
ISO 20000 Standard:
41. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
The first step in a business impact analysis
Blade Computer Architecture
List of systems examined
Entire password for an encryption key
42. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Statement of Impact
TCP/IP Link Layer
Foreign Key
The 7 phases and their order in the SDLC
43. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Detection Risk
Discovery Sampling
OSI Layer 5: Session
Overall audit risk
44. The first major task in a disaster recovery or business continuity planning project.
The appropriate role of an IS auditor in a control self-assessment
Business impact analysis
The audit program
Sampling Risk
45. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Personnel involved in the requirements phase of a software development project
OSI: Transport Layer
Application Layer protocols
List of systems examined
46. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
An Operational Audit
A Problem
Prblem Management
47. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Categories of risk treatment
Attribute Sampling
Input validation checking
The two Categories of Controls
48. An audit of operational efficiency.
Data Link Layer Standards
ITIL definition of CHANGE MANAGEMENT
Inform the auditee
An Administrative
49. (1.) Link (2.) Internet (3.) Transport (4.) Application
Audit Methodologies
The Requirements
Criticality analysis
TCP/IP Network Model
50. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
A Problem
Balanced Scorecard
Transport Layer Protocols
OSI: Network Layer
