SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Compliance Testing
Sample Standard Deviation
Service Level Management
Audit logging
2. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
(1.) Polices (2.) Procedures (3.) Standards
Critical Path Methodology
Rating Scale for Process Maturity
Gantt Chart
3. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Dimensions of the COSO cube
An Integrated Audit
Application Layer protocols
The 7 phases and their order in the SDLC
4. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Volumes of COSO framework
OSI: Physical Layer
Concentrate on samples known to represent high risk
Examples of Application Controls
5. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Incident Management
Notify the Audit Committee
List of systems examined
ISO 20000 Standard:
6. Defines internal controls and provides guidance for assessing and improving internal control systems.
Balanced Scorecard
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI: Network Layer
A Compliance audit
7. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
An Integrated Audit
A Sample Mean
Elements of the COSO pyramid
(1.) Man-made (2.) Natural
8. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Current and most up-to-date
Transport Layer Protocols
Deming Cycle
The Internet Layer in the TCP/IP model
9. IT Governance is most concerned with ________.
Wet pipe fire sprinkler system
CPU
Examples of IT General Controls
IT Strategy
10. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Options for Risk Treatment
Cloud computing
Business Realization
Substantive Testing
11. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
SDLC Phases
The Internet Layer in the TCP/IP model
Annualized Loss Expectance (ALE)
12. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
A Virtual Server
Statistical Sampling
Employees with excessive privileges
Resource details
13. (1.) Objectives (2.) Components (3.) Business Units / Areas
Stratified Sampling
Dimensions of the COSO cube
Statistical Sampling
Detection Risk
14. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
The Steering Committee
Formal waterfall
Sample Standard Deviation
Examples of IT General Controls
15. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
A Problem
The 5 types of Evidence that the auditor will collect during an audit.
A Virtual Server
An Operational Audit
16. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
A Financial Audit
Sampling Risk
Inherent Risk
The Requirements
17. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Gantt Chart
A Compliance audit
A Virtual Server
IT Strategy
18. Handle application processing
Emergency Changes
The BCP process
Grid Computing
Application Controls
19. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Notify the Audit Committee
IT Services Financial Management
Foreign Key
Attribute Sampling
20. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Stop-or-go Sampling
Background checks performed
Buffers
List of systems examined
21. Contains programs that communicate directly with the end user.
Employee termination process
OSI Layer 7: Application
The Requirements
Emergency Changes
22. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
IT Services Financial Management
Precision means
IT Service Management
23. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Wet pipe fire sprinkler system
Sampling
IT Services Financial Management
Advantages of outsourcing
24. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Attribute Sampling
A Virtual Server
Discovery Sampling
The 4-item focus of a Balanced Scorecard
25. The risk that an IS auditor will overlook errors or exceptions during an audit.
Insourcing
Security Awareness program
Service Level Management
Detection Risk
26. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Transport Layer Protocols
The Eight Types of Audits
The Steering Committee
Assess the maturity of its business processes
27. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
An Integrated Audit
Service Continuity Management
Elements of the COBIT Framework
Three Types of Controls
28. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Insourcing
Sample Standard Deviation
SDLC Phases
29. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
The Internet Layer in the TCP/IP model
Split custody
Application Layer protocols
30. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
The 5 types of Evidence that the auditor will collect during an audit.
Confidence coefficient
Cloud computing
Options for Risk Treatment
31. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Risk Management
IT standards are not being reviewed often enough
Sampling Risk
Sampling
32. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
The typical Configuration Items in Configuration Management
Hash
Business Realization
Personnel involved in the requirements phase of a software development project
33. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
Application Layer protocols
Disaster Recovery
Risk Management
34. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Configuration Management
Controls
Network Layer Protocols
Split custody
35. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Sampling Risk
A Financial Audit
Recovery time objective
Elements of the COBIT Framework
36. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Antivirus software on the email servers
Formal waterfall
ITIL definition of CHANGE MANAGEMENT
A Problem
37. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
ITIL definition of CHANGE MANAGEMENT
Reduced sign-on
WAN Protocols
38. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
To identify the tasks that are responsible for project delays
Security Awareness program
Judgmental sampling
The availability of IT systems
39. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Information security policy
Control Risk
TCP/IP Network Model
BCP Plans
40. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Compliance Testing
Antivirus software on the email servers
Expected Error Rate
Hash
41. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Controls
Entire password for an encryption key
Dimensions of the COSO cube
42. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
43. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
Lacks specific expertise or resources to conduct an internal audit
Server cluster
Service Continuity Management
44. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Change management
Employee termination process
OSI: Data Link Layer
Hash
45. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Application Controls
Geographic location
The 7 phases and their order in the SDLC
Inform the auditee
46. Guide program execution through organization of resources and development of clear project objectives.
IT Strategy
The best approach for identifying high risk areas for an audit
Business Continuity
Project Management Strategies
47. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
Project Management Strategies
Discovery Sampling
Main types of Controls
48. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Segregation of duties issue in a high value process
Prblem Management
Expected Error Rate
Hash
49. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
TCP/IP Link Layer
List of systems examined
ITIL - IT Infrastructure Library
50. A representation of how closely a sample represents an entire population.
Precision means
Control Unit
Stay current with technology
Concentrate on samples known to represent high risk