Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Background checks performed
Lacks specific expertise or resources to conduct an internal audit
Business impact analysis
Capability Maturity Model Integration (CMMI)

2. Used to measure the relative maturity of an organization and its processes.
Balanced Scorecard
Capability Maturity Model
Categories of risk treatment
To identify the tasks that are responsible for project delays

3. What type of testing is performed to determine if control procedures have proper design and are operating properly?
(1.) Polices (2.) Procedures (3.) Standards
Service Level Management
Compliance Testing
OSI: Network Layer

4. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Vulnerability in the organization's PBX
Structural fires and transportation accidents
Cloud computing
Emergency Changes

5. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
Recovery time objective
OSI Layer 7: Application
Risk Management

6. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
The availability of IT systems
Organizational culture and maturity
(1.) Polices (2.) Procedures (3.) Standards
Substantive Testing (test of transaction integrity)

7. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Resource details
TCP/IP Link Layer
Split custody
Examples of Application Controls

8. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
The Release process
Elements of the COBIT Framework
Volumes of COSO framework
Blade Computer Architecture

9. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Annualized Loss Expectance (ALE)
Foreign Key
Attribute Sampling
Information systems access

10. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
TCP/IP Link Layer
Six steps of the Release Management process
ITIL definition of PROBLEM

11. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Notify the Audit Committee
TCP/IP Link Layer
Variable Sampling
More difficult to perform

12. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Attribute Sampling
Gantt Chart
Entire password for an encryption key
Sampling

13. Handle application processing
WAN Protocols
Audit Methodologies
Application Controls
Emergency Changes

14. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Cloud computing
BCP Plans
Advantages of outsourcing
Information security policy

15. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
(1.) Man-made (2.) Natural
OSI Layer 5: Session
The Steering Committee
A Virtual Server

16. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Information systems access
Foreign Key
Entire password for an encryption key
Split custody

17. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
SDLC Phases
The 7 phases and their order in the SDLC
OSI: Data Link Layer
Vulnerability in the organization's PBX

18. The memory locations in the CPU where arithmetic values are stored.
A Compliance audit
Registers
A Sample Mean
TCP/IP Transport Layer

19. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Risk Management
Security Awareness program
Grid Computing

20. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
TCP/IP Transport Layer packet delivery
WAN Protocols
Concentrate on samples known to represent high risk
Stay current with technology

21. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

22. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Antivirus software on the email servers
TCP/IP Link Layer
Project change request
Examples of IT General Controls

23. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Wet pipe fire sprinkler system
Background checks performed
less than 24 hours
Application Layer protocols

24. The inventory of all in-scope business processes and systems
A Server Cluster
The first step in a business impact analysis
Project Management Strategies
Control Risk

25. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
The 5 types of Evidence that the auditor will collect during an audit.
Options for Risk Treatment
IT executives and the Board of Directors
Split custody

26. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
OSI Layer 5: Session
IT standards are not being reviewed often enough
A gate process
IT executives and the Board of Directors

27. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
The Release process
Audit logging
Testing activities
Service Continuity Management

28. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Change management
OSI Layer 6: Presentation
Employees with excessive privileges
General Controls

29. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Employees with excessive privileges
A gate process
The Eight Types of Audits
The first step in a business impact analysis

30. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Concentrate on samples known to represent high risk
Input validation checking
Blade Computer Architecture
Three Types of Controls

31. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
TCP/IP Transport Layer packet delivery
Compliance Testing
An Integrated Audit
More difficult to perform

32. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Categories of risk treatment
Hash
Resource details
Configuration Management

33. An audit of a third-party organization that provides services to other organizations.
The appropriate role of an IS auditor in a control self-assessment
A Service Provider audit
The Requirements
An Operational Audit

34. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Balanced Scorecard
Categories of risk treatment
Antivirus software on the email servers
The Release process

35. One of a database table's fields - whose value is unique.
Application Controls
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Database primary key
Organizational culture and maturity

36. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Compliance Testing
Deming Cycle
The Eight Types of Audits
Network Layer Protocols

37. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
IT Service Management
Split custody
Deming Cycle
Sampling

38. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
The typical Configuration Items in Configuration Management
An Administrative
Service Continuity Management

39. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
ITIL definition of CHANGE MANAGEMENT
Deming Cycle
SDLC Phases
Segregation of duties issue in a high value process

40. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Geographic location
Transport Layer Protocols
Hash
Antivirus software on the email servers

41. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
A gate process
Antivirus software on the email servers
OSI Layer 6: Presentation
Advantages of outsourcing

42. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Release management
Examples of Application Controls
TCP/IP Link Layer
TCP/IP Transport Layer

43. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Data Link Layer Standards
Business Continuity
A Service Provider audit
The BCP process

44. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Release management
The Internet Layer in the TCP/IP model
Blade Computer Architecture

45. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Substantive Testing
Resource details
Incident Management

46. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Project change request
Inform the auditee
BCP Plans
Application Layer protocols

47. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Control Unit
OSI: Transport Layer
A Financial Audit

48. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Lacks specific expertise or resources to conduct an internal audit
Department Charters
Service Continuity Management
Audit Methodologies

49. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
BCP Plans
TCP/IP Network Model
ITIL definition of CHANGE MANAGEMENT
Rating Scale for Process Maturity

50. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
less than 24 hours
Discovery Sampling
TCP/IP Transport Layer packet delivery
A Forensic Audit