Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Three Types of Controls
To identify the tasks that are responsible for project delays
The 5 types of Evidence that the auditor will collect during an audit.
The appropriate role of an IS auditor in a control self-assessment

2. A sampling technique where at least one exception is sought in a population
Emergency Changes
Discovery Sampling
ISO 20000 Standard:
Audit Methodologies

3. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Stratified Sampling
Application Layer protocols
Inform the auditee
The Steering Committee

4. (1.) General (2.) Application
Main types of Controls
Balanced Scorecard
Statement of Impact
Capability Maturity Model

5. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
objective and unbiased
Blade Computer Architecture
The 5 types of Evidence that the auditor will collect during an audit.
OSI: Transport Layer

6. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Department Charters
Resource details
Stay current with technology
TCP/IP Transport Layer packet delivery

7. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Business Continuity
The Release process
Department Charters
OSI: Data Link Layer

8. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Tolerable Error Rate
Business Continuity
Control Unit
Stop-or-go Sampling

9. (1.) Access controls (2.) Encryption (3.) Audit logging
Application Layer protocols
A gate process
Business impact analysis
Primary security features of relational databases

10. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
More difficult to perform
PERT Diagram?
Substantive Testing
Inform the auditee

11. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Judgmental sampling
(1.) Polices (2.) Procedures (3.) Standards
IT Strategy
SDLC Phases

12. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Variable Sampling
List of systems examined
Service Continuity Management
A Cold Site

13. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
General Controls
PERT Diagram?
Precision means
Control Risk

14. The sum of all samples divided by the number of samples.
Options for Risk Treatment
Vulnerability in the organization's PBX
A Sample Mean
The Software Program Library

15. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Capability Maturity Model
Geographic location
ISO 20000 Standard:
Service Continuity Management

16. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Detection Risk
A Server Cluster
Project change request
Data Link Layer Standards

17. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Sampling Risk
BCP Plans
More difficult to perform
The 4-item focus of a Balanced Scorecard

18. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
The 7 phases and their order in the SDLC
Antivirus software on the email servers
Notify the Audit Committee

19. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Application Controls
IT Service Management
less than 24 hours
Power system controls

20. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Critical Path Methodology
A Cold Site
Application Layer protocols

21. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Service Continuity Management
Cloud computing
Blade Computer Architecture
Insourcing

22. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Gantt Chart
Current and most up-to-date
An Integrated Audit

23. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
OSI: Physical Layer
Inform the auditee
Wet pipe fire sprinkler system
ITIL definition of PROBLEM

24. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
A Sample Mean
Configuration Management
Elements of the COBIT Framework

25. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
OSI Layer 6: Presentation
The first step in a business impact analysis
Documentation and interview personnel
Confidence coefficient

26. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Application Layer protocols
Sampling Risk
Separate administrative accounts
Split custody

27. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Precision means
Examples of Application Controls
Advantages of outsourcing
Project Management Strategies

28. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
IT executives and the Board of Directors
Incident Management
Six steps of the Release Management process
Server cluster

29. Used to estimate the effort required to develop a software program.
Input validation checking
Function Point Analysis
Types of sampling an auditor can perform.
OSI: Physical Layer

30. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Resource details
Formal waterfall
Foreign Key

31. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
The availability of IT systems
Dimensions of the COSO cube
Employee termination process
More difficult to perform

32. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Referential Integrity
Sampling Risk
Notify the Audit Committee
IT Services Financial Management

33. Handle application processing
Application Controls
Database primary key
Foreign Key
Inform the auditee

34. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

35. PERT: shows the ______________ critical path.
Employee termination process
A Service Provider audit
PERT Diagram?
Current and most up-to-date

36. (1.) TCP (2.) UDP
Transport Layer Protocols
Overall audit risk
Segregation of duties issue in a high value process
Referential Integrity

37. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Buffers
Sampling
CPU
Annualized Loss Expectance (ALE)

38. The risk that an IS auditor will overlook errors or exceptions during an audit.
Frameworks
Antivirus software on the email servers
IT Service Management
Detection Risk

39. Describes the effect on the business if a process is incapacitated for any appreciable time
The two Categories of Controls
Statement of Impact
To identify the tasks that are responsible for project delays
Volumes of COSO framework

40. Guide program execution through organization of resources and development of clear project objectives.
objective and unbiased
Sampling Risk
A Financial Audit
Project Management Strategies

41. The maximum period of downtime for a process or application
Advantages of outsourcing
Recovery time objective
A Server Cluster
Wet pipe fire sprinkler system

42. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Elements of the COSO pyramid
Statement of Impact
The availability of IT systems

43. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
An Integrated Audit
Geographic location
Employees with excessive privileges
Assess the maturity of its business processes

44. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Control Risk
Critical Path Methodology
Compliance Testing
Concentrate on samples known to represent high risk

45. Delivery of packets from one station to another - on the same network or on different networks.
The Internet Layer in the TCP/IP model
(1.) Man-made (2.) Natural
The availability of IT systems
A Service Provider audit

46. IT Governance is most concerned with ________.
Compliance Testing
Sampling Risk
IT Strategy
An Operational Audit

47. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
An Operational Audit
Capability Maturity Model Integration (CMMI)
OSI Layer 6: Presentation
Entire password for an encryption key

48. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
The audit program
Blade Computer Architecture
Control Unit
IT Strategy

49. Used to measure the relative maturity of an organization and its processes.
Buffers
Capability Maturity Model
Confidence coefficient
Prblem Management

50. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Cloud computing
Six steps of the Release Management process
A Financial Audit
The Requirements