Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Subjective sampling is used when the auditor wants to _________________________.
Primary security features of relational databases
Concentrate on samples known to represent high risk
The Internet Layer in the TCP/IP model
Service Level Management

2. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Disaster Recovery
Audit logging
Application Layer protocols

3. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Advantages of outsourcing
TCP/IP Link Layer
Foreign Key
ITIL definition of CHANGE MANAGEMENT

4. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
A Compliance audit
Documentation and interview personnel
Lacks specific expertise or resources to conduct an internal audit

5. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Application Layer protocols
Control Risk
Employee termination process
A gate process

6. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
TCP/IP Transport Layer packet delivery
OSI: Transport Layer
Notify the Audit Committee
Transport Layer Protocols

7. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
Discovery Sampling
An Operational Audit
Main types of Controls

8. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
Discovery Sampling
Sample Standard Deviation
Control Risk

9. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Hash
OSI: Data Link Layer
WAN Protocols
Confidence coefficient

10. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The appropriate role of an IS auditor in a control self-assessment
Detection Risk
Compliance Testing
The Business Process Life Cycle

11. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Examples of Application Controls
Control Unit
The 5 types of Evidence that the auditor will collect during an audit.
Inform the auditee

12. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
TCP/IP Network Model
Split custody
Hash
Assess the maturity of its business processes

13. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
BCP Plans
Categories of risk treatment
Hash
IT standards are not being reviewed often enough

14. (1.) TCP (2.) UDP
Audit Methodologies
Six steps of the Release Management process
Frameworks
Transport Layer Protocols

15. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Stop-or-go Sampling
To identify the tasks that are responsible for project delays
Sampling
OSI Layer 6: Presentation

16. An audit of operational efficiency.
TCP/IP Internet Layer
TCP/IP Link Layer
An Administrative
TCP/IP Transport Layer

17. An audit of an IS department's operations and systems.
The typical Configuration Items in Configuration Management
More difficult to perform
An IS audit
TCP/IP Internet Layer

18. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Split custody
Elements of the COBIT Framework
OSI: Physical Layer
Incident Management

19. (1.) Objectives (2.) Components (3.) Business Units / Areas
A Compliance audit
A Forensic Audit
Dimensions of the COSO cube
Substantive Testing (test of transaction integrity)

20. 1.) Executive Support (2.) Well-defined roles and responsibilities.
TCP/IP Transport Layer
Critical Path Methodology
Information security policy
A Cold Site

21. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Transport Layer Protocols
The 5 types of Evidence that the auditor will collect during an audit.
A Cold Site
OSI Layer 6: Presentation

22. Handle application processing
Project Management Strategies
IT executives and the Board of Directors
Options for Risk Treatment
Application Controls

23. An alternate processing center that contains no information processing equipment.
Service Level Management
Concentrate on samples known to represent high risk
Compliance Testing
A Cold Site

24. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Split custody
An Administrative
Examples of IT General Controls
IT Service Management

25. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Dimensions of the COSO cube
An Operational Audit
Business impact analysis
Prblem Management

26. The memory locations in the CPU where arithmetic values are stored.
Registers
Three Types of Controls
Primary security features of relational databases
An Administrative

27. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
A Forensic Audit
Sample Standard Deviation
Types of sampling an auditor can perform.

28. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

29. Defines internal controls and provides guidance for assessing and improving internal control systems.
Resource details
The Eight Types of Audits
PERT Diagram?
COSO (Committee of Sponsoring Organizations of the Treadway Commission)

30. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Split custody
Statistical Sampling
OSI Layer 7: Application
Examples of IT General Controls

31. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Configuration Management
A Forensic Audit
ITIL definition of PROBLEM
Security Awareness program

32. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
The Release process
A Sample Mean
Categories of risk treatment

33. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Antivirus software on the email servers
Blade Computer Architecture
Application Layer protocols
ITIL definition of PROBLEM

34. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Balanced Scorecard
The typical Configuration Items in Configuration Management
The 5 types of Evidence that the auditor will collect during an audit.
Documentation and interview personnel

35. Delivery of packets from one station to another - on the same network or on different networks.
Control Unit
Advantages of outsourcing
The Internet Layer in the TCP/IP model
Data Link Layer Standards

36. A representation of how closely a sample represents an entire population.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Cloud computing
Substantive Testing
Precision means

37. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
TCP/IP Link Layer
ISO 20000 Standard:
Stop-or-go Sampling
OSI Layer 5: Session

38. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Foreign Key
A Compliance audit
Examples of IT General Controls
Control Risk

39. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Advantages of outsourcing
Wet pipe fire sprinkler system
ITIL definition of PROBLEM

40. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
More difficult to perform
Tolerable Error Rate
Application Layer protocols
The typical Configuration Items in Configuration Management

41. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
IT Service Management
Main types of Controls
Discovery Sampling
Emergency Changes

42. The inventory of all in-scope business processes and systems
Resource details
The first step in a business impact analysis
Variable Sampling
The Release process

43. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Judgmental sampling
The 4-item focus of a Balanced Scorecard
Employees with excessive privileges
Risk Management

44. (1.) Link (2.) Internet (3.) Transport (4.) Application
Database primary key
Substantive Testing (test of transaction integrity)
Frameworks
TCP/IP Network Model

45. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Prblem Management
Deming Cycle
Grid Computing
Input validation checking

46. PERT: shows the ______________ critical path.
Business Continuity
TCP/IP Transport Layer packet delivery
A Service Provider audit
Current and most up-to-date

47. The means by which management establishes and measures processes by which organizational objectives are achieved
Overall audit risk
Controls
Transport Layer Protocols
Testing activities

48. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
A Sample Mean
Controls
The first step in a business impact analysis
The 7 phases and their order in the SDLC

49. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
OSI: Data Link Layer
Balanced Scorecard
Substantive Testing (test of transaction integrity)
The Requirements

50. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Recovery time objective
A Service Provider audit
IT standards are not being reviewed often enough