SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IT Governance is most concerned with ________.
Function Point Analysis
The 7 phases and their order in the SDLC
IT Strategy
Configuration Management
2. The maximum period of downtime for a process or application
Recovery time objective
Three Types of Controls
Balanced Scorecard
Documentation and interview personnel
3. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Volumes of COSO framework
Reduced sign-on
Segregation of duties issue in a high value process
Blade Computer Architecture
4. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
(1.) Man-made (2.) Natural
The appropriate role of an IS auditor in a control self-assessment
Control Risk
Wet pipe fire sprinkler system
5. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Stay current with technology
The best approach for identifying high risk areas for an audit
(1.) Man-made (2.) Natural
OSI Layer 5: Session
6. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
The two Categories of Controls
Assess the maturity of its business processes
The Business Process Life Cycle
Buffers
7. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
A Server Cluster
The Internet Layer in the TCP/IP model
Antivirus software on the email servers
Change management
8. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Stop-or-go Sampling
List of systems examined
IT Strategy
Sample Standard Deviation
9. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Sampling
Compliance Testing
less than 24 hours
An Administrative
10. (1.) Physical (2.) Technical (4.) Administrative
Transport Layer Protocols
Three Types of Controls
less than 24 hours
Reduced sign-on
11. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Examples of Application Controls
Structural fires and transportation accidents
Network Layer Protocols
Foreign Key
12. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
The availability of IT systems
Statement of Impact
Formal waterfall
IT executives and the Board of Directors
13. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
The Internet Layer in the TCP/IP model
Attribute Sampling
Service Continuity Management
14. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Security Awareness program
The two Categories of Controls
Business Realization
Attribute Sampling
15. The memory locations in the CPU where arithmetic values are stored.
A Financial Audit
Examples of Application Controls
Grid Computing
Registers
16. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
A Cold Site
TCP/IP Transport Layer packet delivery
OSI: Data Link Layer
The Release process
17. (1.) Automatic (2.) Manual
The two Categories of Controls
Application Layer protocols
Examples of Application Controls
Change management
18. Used to estimate the effort required to develop a software program.
Sampling Risk
OSI: Data Link Layer
Function Point Analysis
Substantive Testing (test of transaction integrity)
19. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Examples of IT General Controls
Elements of the COBIT Framework
Employees with excessive privileges
Six steps of the Release Management process
20. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
Incident Management
Employee termination process
Server cluster
21. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Frameworks
Background checks performed
Control Risk
The best approach for identifying high risk areas for an audit
22. The inventory of all in-scope business processes and systems
Application Layer protocols
ITIL definition of PROBLEM
An Operational Audit
The first step in a business impact analysis
23. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Information systems access
Service Continuity Management
A Service Provider audit
The 5 types of Evidence that the auditor will collect during an audit.
24. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
25. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Control Risk
Tolerable Error Rate
The Internet Layer in the TCP/IP model
Input validation checking
26. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Cloud computing
Three Types of Controls
Substantive Testing (test of transaction integrity)
Organizational culture and maturity
27. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
A Forensic Audit
objective and unbiased
Concentrate on samples known to represent high risk
28. Guide program execution through organization of resources and development of clear project objectives.
TCP/IP Transport Layer
Compliance Testing
A Compliance audit
Project Management Strategies
29. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
The audit program
Personnel involved in the requirements phase of a software development project
Cloud computing
The BCP process
30. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
Network Layer Protocols
Audit Methodologies
IT Services Financial Management
Concentrate on samples known to represent high risk
31. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
BCP Plans
Assess the maturity of its business processes
Data Link Layer Standards
Examples of IT General Controls
32. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
The availability of IT systems
Capability Maturity Model
Prblem Management
Business impact analysis
33. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
BCP Plans
Documentation and interview personnel
Substantive Testing
(1.) Polices (2.) Procedures (3.) Standards
34. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Project Management Strategies
The Internet Layer in the TCP/IP model
Tolerable Error Rate
35. An audit that combines an operational audit and a financial audit.
Compliance Testing
An Integrated Audit
Attribute Sampling
A Cold Site
36. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
OSI: Data Link Layer
The Internet Layer in the TCP/IP model
Risk Management
Employee termination process
37. (1.) Objectives (2.) Components (3.) Business Units / Areas
Primary security features of relational databases
Notify the Audit Committee
Dimensions of the COSO cube
Grid Computing
38. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Antivirus software on the email servers
OSI Layer 7: Application
A Cold Site
Audit Methodologies
39. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
WAN Protocols
Advantages of outsourcing
Background checks performed
Organizational culture and maturity
40. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Cloud computing
Reduced sign-on
A Financial Audit
Assess the maturity of its business processes
41. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Network Layer Protocols
Application Layer protocols
Notify the Audit Committee
The Requirements
42. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
TCP/IP Internet Layer
Incident Management
Categories of risk treatment
43. Lowest layer. Delivers messages (frames) from one station to another vial local network.
TCP/IP Link Layer
The 5 types of Evidence that the auditor will collect during an audit.
BCP Plans
OSI Layer 6: Presentation
44. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Antivirus software on the email servers
Examples of Application Controls
(1.) Polices (2.) Procedures (3.) Standards
Expected Error Rate
45. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Employees with excessive privileges
An Operational Audit
Server cluster
TCP/IP Transport Layer
46. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Rating Scale for Process Maturity
Registers
Release management
Business Realization
47. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
OSI Layer 5: Session
The 5 types of Evidence that the auditor will collect during an audit.
Foreign Key
Insourcing
48. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Options for Risk Treatment
Data Link Layer Standards
Project change request
SDLC Phases
49. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Organizational culture and maturity
ITIL definition of PROBLEM
IT standards are not being reviewed often enough
50. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
TCP/IP Internet Layer
Emergency Changes
Inherent Risk