SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Describes the effect on the business if a process is incapacitated for any appreciable time
Confidence coefficient
Business impact analysis
Three Types of Controls
Statement of Impact
2. The maximum period of downtime for a process or application
The 5 types of Evidence that the auditor will collect during an audit.
TCP/IP Link Layer
A Virtual Server
Recovery time objective
3. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
An IS audit
Sample Standard Deviation
Change management
Discovery Sampling
4. Consists of two main packet transport protocols: TCP and UDP.
Dimensions of the COSO cube
Function Point Analysis
TCP/IP Transport Layer
Geographic location
5. (1.) Feasibility (2.) Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation
Structural fires and transportation accidents
The 7 phases and their order in the SDLC
Audit Methodologies
OSI: Transport Layer
6. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
PERT Diagram?
Advantages of outsourcing
Assess the maturity of its business processes
OSI Layer 5: Session
7. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Elements of the COSO pyramid
Insourcing
Blade Computer Architecture
OSI: Data Link Layer
8. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
ITIL definition of PROBLEM
An Administrative
IT Services Financial Management
Statistical Sampling
9. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
A gate process
Annualized Loss Expectance (ALE)
Notify the Audit Committee
Precision means
10. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Vulnerability in the organization's PBX
Recovery time objective
The 4-item focus of a Balanced Scorecard
Database primary key
11. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Service Level Management
General Controls
More difficult to perform
Documentation and interview personnel
12. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
SDLC Phases
Types of sampling an auditor can perform.
CPU
Segregation of duties issue in a high value process
13. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
TCP/IP Network Model
Options for Risk Treatment
Hash
Vulnerability in the organization's PBX
14. Collections of Controls that work together to achieve an entire range of an organization's objectives.
The Requirements
Frameworks
Balanced Scorecard
The appropriate role of an IS auditor in a control self-assessment
15. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
IT executives and the Board of Directors
PERT Diagram?
Stop-or-go Sampling
Separate administrative accounts
16. Support the functioning of the application controls
Control Unit
BCP Plans
Balanced Scorecard
General Controls
17. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Department Charters
IT standards are not being reviewed often enough
TCP/IP Internet Layer
18. Focuses on: post-event recovery and restoration of services
Statement of Impact
(1.) Polices (2.) Procedures (3.) Standards
Disaster Recovery
Employee termination process
19. The sum of all samples divided by the number of samples.
Sample Standard Deviation
Control Risk
A Sample Mean
A Cold Site
20. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
The 5 types of Evidence that the auditor will collect during an audit.
Incident Management
IT Services Financial Management
The first step in a business impact analysis
21. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Stratified Sampling
A gate process
Notify the Audit Committee
Business Realization
22. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
The BCP process
TCP/IP Link Layer
Database primary key
23. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
ITIL definition of CHANGE MANAGEMENT
Personnel involved in the requirements phase of a software development project
Referential Integrity
Release management
24. A collection of two or more servers that is designed to appear as a single server.
The audit program
Data Link Layer Standards
Background checks performed
Server cluster
25. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Assess the maturity of its business processes
Judgmental sampling
(1.) Man-made (2.) Natural
Annualized Loss Expectance (ALE)
26. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
IT Strategy
Lacks specific expertise or resources to conduct an internal audit
Capability Maturity Model
A Problem
27. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
Audit Methodologies
objective and unbiased
Grid Computing
28. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Recovery time objective
Stay current with technology
Audit Methodologies
Prblem Management
29. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
Lacks specific expertise or resources to conduct an internal audit
Critical Path Methodology
Volumes of COSO framework
30. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Controls
Business Realization
IT standards are not being reviewed often enough
Sampling Risk
31. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
SDLC Phases
Attribute Sampling
OSI Layer 7: Application
The 5 types of Evidence that the auditor will collect during an audit.
32. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Six steps of the Release Management process
OSI Layer 7: Application
WAN Protocols
Primary security features of relational databases
33. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Configuration Management
Grid Computing
A Cold Site
TCP/IP Transport Layer
34. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Insourcing
OSI: Transport Layer
CPU
35. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
OSI Layer 5: Session
Deming Cycle
Volumes of COSO framework
A Compliance audit
36. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Eight Types of Audits
(1.) Man-made (2.) Natural
TCP/IP Internet Layer
Attribute Sampling
37. (1.) TCP (2.) UDP
Input validation checking
Employee termination process
Transport Layer Protocols
The best approach for identifying high risk areas for an audit
38. A sampling technique where at least one exception is sought in a population
Detection Risk
Service Continuity Management
Discovery Sampling
Capability Maturity Model Integration (CMMI)
39. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Data Link Layer Standards
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
PERT Diagram?
Elements of the COBIT Framework
40. Handle application processing
less than 24 hours
Application Controls
Three Types of Controls
Background checks performed
41. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
Split custody
Examples of IT General Controls
IT Service Management
42. IT Governance is most concerned with ________.
IT Strategy
Employees with excessive privileges
Personnel involved in the requirements phase of a software development project
Sampling
43. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Precision means
A Server Cluster
Employee termination process
Organizational culture and maturity
44. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Recovery time objective
A Sample Mean
OSI: Transport Layer
45. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
ITIL definition of CHANGE MANAGEMENT
Data Link Layer Standards
less than 24 hours
Referential Integrity
46. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Buffers
Release management
OSI: Physical Layer
48. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
The availability of IT systems
Dimensions of the COSO cube
OSI: Transport Layer
49. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Tolerable Error Rate
Capability Maturity Model
Release management
A Virtual Server
50. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A Service Provider audit
Control Unit
Application Layer protocols