SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
General Controls
Attribute Sampling
An Operational Audit
2. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
The availability of IT systems
The first step in a business impact analysis
Project change request
3. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Documentation and interview personnel
Three Types of Controls
Transport Layer Protocols
4. The maximum period of downtime for a process or application
Recovery time objective
less than 24 hours
The appropriate role of an IS auditor in a control self-assessment
The Business Process Life Cycle
5. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
less than 24 hours
The Release process
Stop-or-go Sampling
Organizational culture and maturity
6. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Cloud computing
The Business Process Life Cycle
The availability of IT systems
Application Controls
7. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Business Continuity
A Cold Site
The appropriate role of an IS auditor in a control self-assessment
Personnel involved in the requirements phase of a software development project
8. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
A Service Provider audit
Disaster Recovery
Examples of IT General Controls
9. (1.) TCP (2.) UDP
Information security policy
Server cluster
Transport Layer Protocols
Employee termination process
10. The risk that an IS auditor will overlook errors or exceptions during an audit.
CPU
Detection Risk
Sampling Risk
A Financial Audit
11. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The audit program
Transport Layer Protocols
Hash
Employees with excessive privileges
12. A collection of two or more servers that is designed to appear as a single server.
Gantt Chart
Server cluster
Examples of Application Controls
The availability of IT systems
13. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
A Sample Mean
Entire password for an encryption key
The Internet Layer in the TCP/IP model
Network Layer Protocols
14. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Concentrate on samples known to represent high risk
Business Continuity
Stay current with technology
Six steps of the Release Management process
15. Handle application processing
Change management
Background checks performed
Application Controls
Control Risk
16. (1.) Automatic (2.) Manual
The two Categories of Controls
IT Strategy
OSI: Transport Layer
The Release process
17. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
Change management
Entire password for an encryption key
Control Risk
18. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Precision means
A Virtual Server
Options for Risk Treatment
19. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Sample Standard Deviation
The 7 phases and their order in the SDLC
An Integrated Audit
Frameworks
20. Delivery of packets from one station to another - on the same network or on different networks.
Discovery Sampling
Tolerable Error Rate
The Internet Layer in the TCP/IP model
More difficult to perform
21. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
The Steering Committee
Sampling Risk
Project change request
Sampling
22. The inventory of all in-scope business processes and systems
A Cold Site
Confidence coefficient
The first step in a business impact analysis
IT Service Management
23. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
The two Categories of Controls
Judgmental sampling
IT Service Management
24. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Elements of the COSO pyramid
Assess the maturity of its business processes
Inform the auditee
Judgmental sampling
25. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Examples of Application Controls
Stay current with technology
Network Layer Protocols
Categories of risk treatment
26. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
IT standards are not being reviewed often enough
Examples of Application Controls
The Business Process Life Cycle
Compliance Testing
27. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Configuration Management
IT standards are not being reviewed often enough
Input validation checking
28. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Geographic location
A Virtual Server
OSI Layer 6: Presentation
Grid Computing
29. The first major task in a disaster recovery or business continuity planning project.
Entire password for an encryption key
Business impact analysis
The 5 types of Evidence that the auditor will collect during an audit.
Sampling Risk
30. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Database primary key
Elements of the COBIT Framework
List of systems examined
Documentation and interview personnel
31. ITIL term used to describe the SDLC.
Options for Risk Treatment
Geographic location
The Requirements
Release management
32. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Elements of the COSO pyramid
Main types of Controls
A Financial Audit
Change management
33. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Documentation and interview personnel
Discovery Sampling
Stop-or-go Sampling
IT standards are not being reviewed often enough
34. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
IT executives and the Board of Directors
Criticality analysis
Business Realization
35. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
Primary security features of relational databases
(1.) Man-made (2.) Natural
Criticality analysis
36. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
The 7 phases and their order in the SDLC
Statistical Sampling
The first step in a business impact analysis
37. The sum of all samples divided by the number of samples.
A Sample Mean
Capability Maturity Model
Business Realization
The two Categories of Controls
38. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Elements of the COBIT Framework
ITIL definition of CHANGE MANAGEMENT
less than 24 hours
Critical Path Methodology
39. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
A Server Cluster
Database primary key
Critical Path Methodology
Gantt Chart
40. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
The appropriate role of an IS auditor in a control self-assessment
Primary security features of relational databases
The Eight Types of Audits
Business Continuity
42. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Sampling
Types of sampling an auditor can perform.
Application Layer protocols
43. (1.) General (2.) Application
OSI: Network Layer
Blade Computer Architecture
less than 24 hours
Main types of Controls
44. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
An Administrative
The 4-item focus of a Balanced Scorecard
The Release process
Entire password for an encryption key
45. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
More difficult to perform
Separate administrative accounts
The typical Configuration Items in Configuration Management
OSI Layer 5: Session
46. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
Inherent Risk
The best approach for identifying high risk areas for an audit
List of systems examined
The availability of IT systems
47. (1.) Objectives (2.) Components (3.) Business Units / Areas
OSI Layer 6: Presentation
Expected Error Rate
Examples of Application Controls
Dimensions of the COSO cube
48. The main hardware component of a computer system - which executes instructions in computer programs.
CPU
ISO 20000 Standard:
Sampling
Gantt Chart
49. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Entire password for an encryption key
Substantive Testing
TCP/IP Transport Layer packet delivery
Split custody
50. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Documentation and interview personnel
Wet pipe fire sprinkler system
List of systems examined
The first step in a business impact analysis