SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
A Financial Audit
Concentrate on samples known to represent high risk
IT Service Management
Release management
2. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Documentation and interview personnel
Service Level Management
(1.) Man-made (2.) Natural
Rating Scale for Process Maturity
3. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
The Steering Committee
Rating Scale for Process Maturity
Application Layer protocols
Dimensions of the COSO cube
4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Referential Integrity
Judgmental sampling
Recovery time objective
Antivirus software on the email servers
5. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Statement of Impact
Judgmental sampling
Lacks specific expertise or resources to conduct an internal audit
6. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Stop-or-go Sampling
Audit logging
Notify the Audit Committee
To identify the tasks that are responsible for project delays
7. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Power system controls
Geographic location
Rating Scale for Process Maturity
Information systems access
8. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
Project Management Strategies
CPU
Entire password for an encryption key
9. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Background checks performed
General Controls
Risk Management
Prblem Management
10. IT Service Management is defined in ___________________ framework.
Detection Risk
Cloud computing
A Service Provider audit
ITIL - IT Infrastructure Library
11. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Geographic location
Capability Maturity Model Integration (CMMI)
Elements of the COSO pyramid
Application Controls
12. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
A Compliance audit
Categories of risk treatment
Inform the auditee
SDLC Phases
13. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
General Controls
Rating Scale for Process Maturity
A Service Provider audit
14. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
Control Risk
Service Continuity Management
OSI Layer 5: Session
Gantt Chart
15. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Control Risk
A Cold Site
Annualized Loss Expectance (ALE)
The BCP process
16. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Controls
The Software Program Library
Six steps of the Release Management process
Substantive Testing
17. (1.) Link (2.) Internet (3.) Transport (4.) Application
A Sample Mean
A Compliance audit
TCP/IP Network Model
Rating Scale for Process Maturity
18. To communication security policies - procedures - and other security-related information to an organization's employees.
Frameworks
OSI Layer 6: Presentation
Security Awareness program
Tolerable Error Rate
19. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
A Compliance audit
Business impact analysis
Main types of Controls
Sampling Risk
20. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Rating Scale for Process Maturity
SDLC Phases
PERT Diagram?
21. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
The best approach for identifying high risk areas for an audit
Hash
Foreign Key
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
22. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Control Unit
An Operational Audit
(1.) Polices (2.) Procedures (3.) Standards
Service Level Management
23. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
The Requirements
PERT Diagram?
Sampling Risk
24. Describes the effect on the business if a process is incapacitated for any appreciable time
BCP Plans
Application Controls
Statement of Impact
Employee termination process
25. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
TCP/IP Internet Layer
A Virtual Server
Hash
26. (1.) Automatic (2.) Manual
Entire password for an encryption key
The two Categories of Controls
Data Link Layer Standards
Buffers
27. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
Business impact analysis
A Financial Audit
Organizational culture and maturity
28. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
IT Strategy
OSI: Network Layer
Recovery time objective
Configuration Management
29. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
A Problem
Elements of the COBIT Framework
Reduced sign-on
Change management
30. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
Service Continuity Management
The audit program
Database primary key
More difficult to perform
31. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Primary security features of relational databases
Segregation of duties issue in a high value process
Three Types of Controls
32. The highest number of errors that can exist without a result being materially misstated.
A Virtual Server
Tolerable Error Rate
Input validation checking
An Operational Audit
33. An alternate processing center that contains no information processing equipment.
Advantages of outsourcing
Function Point Analysis
OSI Layer 6: Presentation
A Cold Site
34. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Examples of IT General Controls
Audit Methodologies
Types of sampling an auditor can perform.
less than 24 hours
35. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Capability Maturity Model Integration (CMMI)
Inherent Risk
Project change request
A Server Cluster
36. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
Examples of Application Controls
Registers
Application Layer protocols
37. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. IT Governance is most concerned with ________.
ITIL definition of CHANGE MANAGEMENT
Controls
Control Unit
IT Strategy
39. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Network Layer Protocols
The best approach for identifying high risk areas for an audit
Data Link Layer Standards
A Server Cluster
40. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
Prblem Management
OSI: Network Layer
The availability of IT systems
Release management
41. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Information security policy
Employees with excessive privileges
Insourcing
The Eight Types of Audits
42. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Notify the Audit Committee
OSI: Transport Layer
objective and unbiased
Application Layer protocols
43. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Audit Methodologies
Volumes of COSO framework
Information security policy
The Internet Layer in the TCP/IP model
44. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Information systems access
List of systems examined
CPU
The Eight Types of Audits
45. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
A Cold Site
Assess the maturity of its business processes
OSI Layer 7: Application
Project change request
46. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Stop-or-go Sampling
ISO 20000 Standard:
Foreign Key
Categories of risk treatment
47. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Resource details
The Steering Committee
Emergency Changes
A Service Provider audit
48. ITIL term used to describe the SDLC.
Change management
A Financial Audit
Reduced sign-on
Release management
49. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
Referential Integrity
Security Awareness program
Inform the auditee
50. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
less than 24 hours
Frameworks
Statement of Impact
Business Realization