SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Release management
Project change request
Gantt Chart
ITIL definition of PROBLEM
2. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
List of systems examined
OSI: Transport Layer
Business Continuity
The availability of IT systems
3. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Primary security features of relational databases
Testing activities
A Server Cluster
less than 24 hours
4. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Advantages of outsourcing
Categories of risk treatment
Segregation of duties issue in a high value process
The Release process
5. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
IT Services Financial Management
BCP Plans
TCP/IP Internet Layer
A Financial Audit
6. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
ITIL - IT Infrastructure Library
Department Charters
Options for Risk Treatment
Application Controls
7. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
ITIL definition of PROBLEM
Resource details
Background checks performed
8. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
OSI Layer 5: Session
Application Layer protocols
Business impact analysis
More difficult to perform
9. The means by which management establishes and measures processes by which organizational objectives are achieved
Categories of risk treatment
A Problem
Controls
The first step in a business impact analysis
10. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Department Charters
Application Controls
Statistical Sampling
Rating Scale for Process Maturity
11. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Project change request
More difficult to perform
IT Service Management
Audit logging
12. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Attribute Sampling
Discovery Sampling
Service Level Management
Stay current with technology
13. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
The Steering Committee
OSI: Physical Layer
Three Types of Controls
Emergency Changes
14. Used to estimate the effort required to develop a software program.
Rating Scale for Process Maturity
The audit program
Function Point Analysis
Employees with excessive privileges
15. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Emergency Changes
Expected Error Rate
IT Strategy
TCP/IP Transport Layer packet delivery
16. To communication security policies - procedures - and other security-related information to an organization's employees.
Security Awareness program
Geographic location
Main types of Controls
Categories of risk treatment
17. Contains programs that communicate directly with the end user.
Dimensions of the COSO cube
Confidence coefficient
OSI Layer 7: Application
Sampling
18. (1.) Physical (2.) Technical (4.) Administrative
The availability of IT systems
Three Types of Controls
Statement of Impact
The 5 types of Evidence that the auditor will collect during an audit.
19. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Incident Management
Categories of risk treatment
Variable Sampling
Options for Risk Treatment
20. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Advantages of outsourcing
The 4-item focus of a Balanced Scorecard
Sample Standard Deviation
less than 24 hours
21. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Database primary key
A Cold Site
Attribute Sampling
Change management
22. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
Substantive Testing (test of transaction integrity)
Business impact analysis
Formal waterfall
A Virtual Server
23. Concerned with electrical and physical specifications for devices. No frames or packets involved.
The 4-item focus of a Balanced Scorecard
Department Charters
OSI: Physical Layer
Sample Standard Deviation
24. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Registers
Substantive Testing (test of transaction integrity)
Variable Sampling
BCP Plans
25. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
Inform the auditee
The appropriate role of an IS auditor in a control self-assessment
The BCP process
26. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The availability of IT systems
OSI: Transport Layer
Split custody
To identify the tasks that are responsible for project delays
27. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
A Forensic Audit
Sampling Risk
Organizational culture and maturity
Entire password for an encryption key
28. An audit of an IS department's operations and systems.
Business impact analysis
More difficult to perform
Personnel involved in the requirements phase of a software development project
An IS audit
29. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
The Business Process Life Cycle
Assess the maturity of its business processes
TCP/IP Transport Layer
30. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
objective and unbiased
Vulnerability in the organization's PBX
Critical Path Methodology
Control Risk
31. An audit that is performed in support of an anticipated or active legal proceeding.
The Software Program Library
Security Awareness program
Project Management Strategies
A Forensic Audit
32. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Reduced sign-on
List of systems examined
Main types of Controls
ITIL - IT Infrastructure Library
33. Delivery of packets from one station to another - on the same network or on different networks.
IT executives and the Board of Directors
objective and unbiased
The Internet Layer in the TCP/IP model
Assess the maturity of its business processes
34. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Database primary key
Types of sampling an auditor can perform.
Categories of risk treatment
A Financial Audit
35. (1.) Automatic (2.) Manual
The two Categories of Controls
Discovery Sampling
(1.) Polices (2.) Procedures (3.) Standards
Advantages of outsourcing
36. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
A Forensic Audit
Insourcing
Stratified Sampling
Split custody
37. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
A Problem
Reduced sign-on
(1.) Man-made (2.) Natural
Registers
38. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Three Types of Controls
Dimensions of the COSO cube
Sampling Risk
39. The first major task in a disaster recovery or business continuity planning project.
Options for Risk Treatment
Hash
Categories of risk treatment
Business impact analysis
40. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Volumes of COSO framework
Service Level Management
OSI Layer 5: Session
IT Services Financial Management
41. Lowest layer. Delivers messages (frames) from one station to another vial local network.
List of systems examined
Hash
Application Controls
TCP/IP Link Layer
42. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Power system controls
Project Management Strategies
Wet pipe fire sprinkler system
OSI: Physical Layer
43. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
44. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Input validation checking
Advantages of outsourcing
Elements of the COBIT Framework
45. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Control Unit
The Eight Types of Audits
Primary security features of relational databases
BCP Plans
46. ITIL term used to describe the SDLC.
Release management
ISO 20000 Standard:
Function Point Analysis
Business Realization
47. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Network Layer Protocols
IT standards are not being reviewed often enough
Business Continuity
48. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Examples of IT General Controls
Foreign Key
Attribute Sampling
A gate process
49. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Categories of risk treatment
The typical Configuration Items in Configuration Management
Statement of Impact
Data Link Layer Standards
50. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Information systems access
Audit logging
Control Unit
The Software Program Library
