SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Cloud computing
Blade Computer Architecture
A Financial Audit
Deming Cycle
2. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Entire password for an encryption key
The typical Configuration Items in Configuration Management
Current and most up-to-date
The Requirements
3. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Security Awareness program
Transport Layer Protocols
Stay current with technology
Sampling Risk
4. Contains programs that communicate directly with the end user.
OSI Layer 7: Application
Geographic location
The typical Configuration Items in Configuration Management
Antivirus software on the email servers
5. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
TCP/IP Internet Layer
A Virtual Server
Change management
A Compliance audit
6. Used to determine which business processes are the most critical - by ranking them in order of criticality
Dimensions of the COSO cube
Criticality analysis
ITIL - IT Infrastructure Library
The availability of IT systems
7. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
Lacks specific expertise or resources to conduct an internal audit
Project change request
Blade Computer Architecture
8. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Precision means
Judgmental sampling
Control Risk
9. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Balanced Scorecard
IT executives and the Board of Directors
Criticality analysis
IT Service Management
10. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
The Internet Layer in the TCP/IP model
Project change request
Current and most up-to-date
Six steps of the Release Management process
11. PERT: shows the ______________ critical path.
Overall audit risk
Current and most up-to-date
Vulnerability in the organization's PBX
Risk Management
12. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
TCP/IP Network Model
Sample Standard Deviation
Resource details
Six steps of the Release Management process
13. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Six steps of the Release Management process
Audit logging
Stratified Sampling
Risk Management
14. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Dimensions of the COSO cube
Employees with excessive privileges
TCP/IP Transport Layer
15. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Confidence coefficient
Elements of the COSO pyramid
Hash
The Business Process Life Cycle
16. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Cloud computing
SDLC Phases
Frameworks
General Controls
17. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
The Release process
Categories of risk treatment
Elements of the COBIT Framework
The availability of IT systems
18. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Segregation of duties issue in a high value process
WAN Protocols
Sampling Risk
The availability of IT systems
19. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Entire password for an encryption key
An Integrated Audit
The BCP process
A Server Cluster
20. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
ISO 20000 Standard:
Inform the auditee
The 7 phases and their order in the SDLC
21. Used to measure the relative maturity of an organization and its processes.
OSI Layer 6: Presentation
Elements of the COBIT Framework
Capability Maturity Model
The 5 types of Evidence that the auditor will collect during an audit.
22. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
SDLC Phases
Service Level Management
Vulnerability in the organization's PBX
Configuration Management
23. An audit of an IS department's operations and systems.
Information security policy
Resource details
An IS audit
Cloud computing
24. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Statement of Impact
TCP/IP Transport Layer packet delivery
More difficult to perform
Registers
25. Disasters are generally grouped in terms of type: ______________.
Blade Computer Architecture
(1.) Man-made (2.) Natural
A Cold Site
An Administrative
26. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Deming Cycle
WAN Protocols
The Eight Types of Audits
Statement of Impact
27. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
A Problem
OSI: Transport Layer
Separate administrative accounts
OSI: Network Layer
28. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
Input validation checking
Capability Maturity Model Integration (CMMI)
Registers
29. An audit of a third-party organization that provides services to other organizations.
IT standards are not being reviewed often enough
Substantive Testing
Configuration Management
A Service Provider audit
30. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Types of sampling an auditor can perform.
OSI: Physical Layer
Change management
Insourcing
31. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
The 5 types of Evidence that the auditor will collect during an audit.
BCP Plans
Employee termination process
Lacks specific expertise or resources to conduct an internal audit
32. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
A gate process
OSI Layer 6: Presentation
Annualized Loss Expectance (ALE)
More difficult to perform
33. (1.) Access controls (2.) Encryption (3.) Audit logging
The Requirements
WAN Protocols
TCP/IP Network Model
Primary security features of relational databases
34. (1.) Physical (2.) Technical (4.) Administrative
Disaster Recovery
Inform the auditee
Three Types of Controls
Organizational culture and maturity
35. Framework for auditing and measuring IT Service Management Processes.
Capability Maturity Model
Change management
Main types of Controls
ISO 20000 Standard:
36. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
OSI: Physical Layer
A Problem
The Software Program Library
The appropriate role of an IS auditor in a control self-assessment
37. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
The best approach for identifying high risk areas for an audit
To identify the tasks that are responsible for project delays
The typical Configuration Items in Configuration Management
Cloud computing
38. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
The typical Configuration Items in Configuration Management
Expected Error Rate
Insourcing
Stay current with technology
39. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Overall audit risk
Risk Management
Hash
A Compliance audit
40. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Data Link Layer Standards
Insourcing
Risk Management
41. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
List of systems examined
TCP/IP Network Model
BCP Plans
Segregation of duties issue in a high value process
42. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
Information systems access
Split custody
IT standards are not being reviewed often enough
43. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
The audit program
Service Level Management
Inherent Risk
44. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
A Virtual Server
Controls
A Service Provider audit
45. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Capability Maturity Model
Testing activities
Emergency Changes
OSI Layer 5: Session
46. One of a database table's fields - whose value is unique.
Database primary key
Network Layer Protocols
The two Categories of Controls
Options for Risk Treatment
47. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Lacks specific expertise or resources to conduct an internal audit
A Problem
Examples of IT General Controls
The BCP process
49. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Current and most up-to-date
Business Continuity
Release management
Control Unit
50. 1.) Executive Support (2.) Well-defined roles and responsibilities.
The appropriate role of an IS auditor in a control self-assessment
The first step in a business impact analysis
Information security policy
Geographic location