SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The highest number of errors that can exist without a result being materially misstated.
Tolerable Error Rate
The Steering Committee
Stay current with technology
Substantive Testing
2. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Criticality analysis
IT Strategy
IT executives and the Board of Directors
Volumes of COSO framework
3. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Elements of the COBIT Framework
Insourcing
Cloud computing
Advantages of outsourcing
4. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
The Requirements
Separate administrative accounts
OSI: Physical Layer
Lacks specific expertise or resources to conduct an internal audit
5. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Dimensions of the COSO cube
Grid Computing
Prblem Management
Sampling
6. (1.) Access controls (2.) Encryption (3.) Audit logging
TCP/IP Transport Layer
TCP/IP Transport Layer packet delivery
The Steering Committee
Primary security features of relational databases
7. An audit of operational efficiency.
An Administrative
Statistical Sampling
objective and unbiased
Separate administrative accounts
8. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Service Continuity Management
Information systems access
TCP/IP Internet Layer
Power system controls
9. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
WAN Protocols
PERT Diagram?
Organizational culture and maturity
Split custody
10. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
The Release process
less than 24 hours
Notify the Audit Committee
11. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Reduced sign-on
Detection Risk
Risk Management
The 4-item focus of a Balanced Scorecard
12. The risk that an IS auditor will overlook errors or exceptions during an audit.
Network Layer Protocols
Risk Management
Employee termination process
Detection Risk
13. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Geographic location
Control Risk
Reduced sign-on
Gantt Chart
14. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
The Steering Committee
Substantive Testing (test of transaction integrity)
Attribute Sampling
15. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Three Types of Controls
Testing activities
Audit Methodologies
Attribute Sampling
16. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Vulnerability in the organization's PBX
The Software Program Library
Examples of IT General Controls
Project change request
17. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
List of systems examined
Data Link Layer Standards
Main types of Controls
18. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
IT Services Financial Management
Elements of the COSO pyramid
Three Types of Controls
Cloud computing
19. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Attribute Sampling
The Steering Committee
Controls
20. A representation of how closely a sample represents an entire population.
Personnel involved in the requirements phase of a software development project
Confidence coefficient
Risk Management
Precision means
21. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
TCP/IP Link Layer
Examples of IT General Controls
Risk Management
Cloud computing
22. To measure organizational performance and effectiveness against strategic goals.
Balanced Scorecard
Criticality analysis
Deming Cycle
BCP Plans
23. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
A Service Provider audit
Service Level Management
ITIL definition of CHANGE MANAGEMENT
Variable Sampling
24. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
CPU
Attribute Sampling
The Eight Types of Audits
Separate administrative accounts
25. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Tolerable Error Rate
Hash
Primary security features of relational databases
Stratified Sampling
26. One of a database table's fields - whose value is unique.
Employee termination process
Gantt Chart
TCP/IP Link Layer
Database primary key
27. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Service Level Management
Main types of Controls
Audit logging
(1.) Polices (2.) Procedures (3.) Standards
28. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Statistical Sampling
Emergency Changes
Stop-or-go Sampling
Information systems access
29. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
Registers
Stay current with technology
The Eight Types of Audits
An Operational Audit
30. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
TCP/IP Internet Layer
IT standards are not being reviewed often enough
An Integrated Audit
More difficult to perform
31. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Notify the Audit Committee
Statistical Sampling
Reduced sign-on
Segregation of duties issue in a high value process
32. (1.) Objectives (2.) Components (3.) Business Units / Areas
Stratified Sampling
Elements of the COBIT Framework
Input validation checking
Dimensions of the COSO cube
33. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Security Awareness program
Judgmental sampling
Foreign Key
objective and unbiased
34. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Entire password for an encryption key
A Financial Audit
OSI: Transport Layer
An IS audit
35. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Configuration Management
OSI: Physical Layer
A Problem
TCP/IP Transport Layer
36. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Application Controls
Attribute Sampling
Substantive Testing
OSI Layer 7: Application
37. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Concentrate on samples known to represent high risk
Testing activities
Expected Error Rate
Judgmental sampling
38. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Risk Management
The BCP process
Documentation and interview personnel
CPU
39. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Sampling
OSI: Physical Layer
Segregation of duties issue in a high value process
OSI: Data Link Layer
40. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Sample Standard Deviation
Service Level Management
The Software Program Library
A Problem
41. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
Sampling
Critical Path Methodology
List of systems examined
Documentation and interview personnel
42. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
The Internet Layer in the TCP/IP model
Assess the maturity of its business processes
Service Level Management
43. IT Service Management is defined in ___________________ framework.
An IS audit
ITIL - IT Infrastructure Library
Capability Maturity Model
Six steps of the Release Management process
44. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
OSI: Data Link Layer
Audit Methodologies
A Compliance audit
45. (1.) Reliable delivery (2.) Connection oriented (persistent connection) (3.) Order of Delivery (4.) Flow Control (transfer rate is throttled) (5.) Port Number
Business Realization
TCP/IP Transport Layer packet delivery
Audit logging
Sampling Risk
46. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
ITIL - IT Infrastructure Library
A Forensic Audit
TCP/IP Transport Layer packet delivery
48. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Attribute Sampling
Audit Methodologies
Business Realization
Capability Maturity Model Integration (CMMI)
49. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling
Project Management Strategies
The first step in a business impact analysis
Sampling Risk
50. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
The 4-item focus of a Balanced Scorecard
Wet pipe fire sprinkler system
IT Service Management
Incident Management
