Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. (1.) Physical (2.) Technical (4.) Administrative
Emergency Changes
Three Types of Controls
The Internet Layer in the TCP/IP model
ITIL - IT Infrastructure Library

2. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Reduced sign-on
Network Layer Protocols
Cloud computing
Capability Maturity Model Integration (CMMI)

3. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Expected Error Rate
Information systems access
The 5 types of Evidence that the auditor will collect during an audit.
General Controls

4. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Overall audit risk
Primary security features of relational databases
Information security policy

5. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Lacks specific expertise or resources to conduct an internal audit
PERT Diagram?
Capability Maturity Model Integration (CMMI)

6. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Service Continuity Management
Categories of risk treatment
Types of sampling an auditor can perform.
TCP/IP Internet Layer

7. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
The 7 phases and their order in the SDLC
Critical Path Methodology
The Internet Layer in the TCP/IP model

8. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Entire password for an encryption key
The appropriate role of an IS auditor in a control self-assessment
Three Types of Controls
Department Charters

9. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

10. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
IT standards are not being reviewed often enough
A Virtual Server
Function Point Analysis

11. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
General Controls
Insourcing
The Steering Committee
Judgmental sampling

12. (1.) Automatic (2.) Manual
OSI Layer 5: Session
Referential Integrity
The two Categories of Controls
Service Level Management

13. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Employees with excessive privileges
The Software Program Library
Application Layer protocols
Judgmental sampling

14. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
An Operational Audit
More difficult to perform
ITIL - IT Infrastructure Library

15. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Attribute Sampling
Dimensions of the COSO cube
Three Types of Controls
Information security policy

16. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Categories of risk treatment
Assess the maturity of its business processes
The 4-item focus of a Balanced Scorecard
Criticality analysis

17. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
A Compliance audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Vulnerability in the organization's PBX
Stay current with technology

18. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Stratified Sampling
Substantive Testing (test of transaction integrity)
Assess the maturity of its business processes
Registers

19. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
The Internet Layer in the TCP/IP model
Insourcing
Advantages of outsourcing
Disaster Recovery

20. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Application Layer protocols
Project change request
Power system controls
The BCP process

21. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Criticality analysis
Geographic location
TCP/IP Transport Layer
Stop-or-go Sampling

22. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
ITIL definition of CHANGE MANAGEMENT
Application Layer protocols
Security Awareness program
Annualized Loss Expectance (ALE)

23. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
The Business Process Life Cycle
Employees with excessive privileges
More difficult to perform

24. Used to estimate the effort required to develop a software program.
Separate administrative accounts
Network Layer Protocols
Categories of risk treatment
Function Point Analysis

25. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Assess the maturity of its business processes
Six steps of the Release Management process
Hash
Compliance Testing

26. Used to translate or transform data from lower layers into formats that the application layer can work with.
Stratified Sampling
OSI Layer 6: Presentation
Business Realization
IT Strategy

27. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Employee termination process
The typical Configuration Items in Configuration Management
Business impact analysis
IT executives and the Board of Directors

28. IT Governance is most concerned with ________.
Capability Maturity Model Integration (CMMI)
The 4-item focus of a Balanced Scorecard
IT Strategy
Volumes of COSO framework

29. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Compliance Testing
OSI: Network Layer
The Steering Committee
The best approach for identifying high risk areas for an audit

30. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
The two Categories of Controls
Background checks performed
Separate administrative accounts
Stop-or-go Sampling

31. The means by which management establishes and measures processes by which organizational objectives are achieved
The Release process
ITIL - IT Infrastructure Library
Volumes of COSO framework
Controls

32. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
General Controls
Inform the auditee
Antivirus software on the email servers

33. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Deming Cycle
Substantive Testing (test of transaction integrity)
TCP/IP Link Layer
OSI Layer 7: Application

34. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Antivirus software on the email servers
TCP/IP Transport Layer packet delivery
Volumes of COSO framework
The Requirements

35. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Types of sampling an auditor can perform.
Statistical Sampling
Data Link Layer Standards
Vulnerability in the organization's PBX

36. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Project change request
Annualized Loss Expectance (ALE)
Overall audit risk

37. (1.) General (2.) Application
Sampling
Hash
Variable Sampling
Main types of Controls

38. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Capability Maturity Model Integration (CMMI)
OSI: Physical Layer
Testing activities
Configuration Management

39. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Risk Management
TCP/IP Internet Layer
Sampling
Audit Methodologies

40. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
The first step in a business impact analysis
Disaster Recovery
Current and most up-to-date
Critical Path Methodology

41. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
IT Strategy
List of systems examined
Sample Standard Deviation
Business impact analysis

42. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Employee termination process
Foreign Key
ITIL - IT Infrastructure Library
CPU

43. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Buffers
The 4-item focus of a Balanced Scorecard
Background checks performed
Lacks specific expertise or resources to conduct an internal audit

44. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Frameworks
Inherent Risk
The 7 phases and their order in the SDLC
The first step in a business impact analysis

45. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
Antivirus software on the email servers
Structural fires and transportation accidents
Buffers

46. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Vulnerability in the organization's PBX
Sampling Risk
Registers
Wet pipe fire sprinkler system

47. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
CPU
Risk Management
A Problem
The Requirements

48. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Variable Sampling
Input validation checking
Prblem Management
Formal waterfall

49. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The Internet Layer in the TCP/IP model
Stratified Sampling
A Server Cluster
The best approach for identifying high risk areas for an audit

50. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
The Release process
Registers
WAN Protocols
An Operational Audit