SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to measure the relative maturity of an organization and its processes.
The Steering Committee
Capability Maturity Model
Referential Integrity
Recovery time objective
2. (1.) Objectives (2.) Components (3.) Business Units / Areas
CPU
Dimensions of the COSO cube
Annualized Loss Expectance (ALE)
IT standards are not being reviewed often enough
3. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
ITIL - IT Infrastructure Library
OSI Layer 7: Application
The first step in a business impact analysis
OSI: Network Layer
4. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Project Management Strategies
The Business Process Life Cycle
Geographic location
Structural fires and transportation accidents
5. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
The 5 types of Evidence that the auditor will collect during an audit.
Transport Layer Protocols
Discovery Sampling
Assess the maturity of its business processes
6. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
An Operational Audit
Examples of IT General Controls
The best approach for identifying high risk areas for an audit
7. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Variable Sampling
Formal waterfall
Network Layer Protocols
The Release process
8. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
objective and unbiased
Service Continuity Management
Tolerable Error Rate
More difficult to perform
9. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Concentrate on samples known to represent high risk
Project change request
Blade Computer Architecture
Lacks specific expertise or resources to conduct an internal audit
10. The maximum period of downtime for a process or application
Geographic location
Recovery time objective
Disaster Recovery
OSI: Data Link Layer
11. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
TCP/IP Link Layer
IT standards are not being reviewed often enough
Criticality analysis
An Operational Audit
12. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
A Compliance audit
The availability of IT systems
(1.) Man-made (2.) Natural
Risk Management
13. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Categories of risk treatment
Vulnerability in the organization's PBX
The 5 types of Evidence that the auditor will collect during an audit.
Testing activities
14. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Business Continuity
Six steps of the Release Management process
Emergency Changes
The Business Process Life Cycle
15. Disasters are generally grouped in terms of type: ______________.
The 4-item focus of a Balanced Scorecard
Options for Risk Treatment
Change management
(1.) Man-made (2.) Natural
16. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
The typical Configuration Items in Configuration Management
The Software Program Library
Project Management Strategies
17. (1.) Link (2.) Internet (3.) Transport (4.) Application
Risk Management
TCP/IP Network Model
A gate process
BCP Plans
18. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
IT standards are not being reviewed often enough
Audit Methodologies
A Server Cluster
Project Management Strategies
19. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Wet pipe fire sprinkler system
Buffers
BCP Plans
IT executives and the Board of Directors
20. (1.) TCP (2.) UDP
Detection Risk
An Administrative
Transport Layer Protocols
Registers
21. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Judgmental sampling
Project change request
Sampling
The appropriate role of an IS auditor in a control self-assessment
22. The sum of all samples divided by the number of samples.
TCP/IP Transport Layer packet delivery
Change management
A Sample Mean
The two Categories of Controls
23. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Statistical Sampling
Service Level Management
Advantages of outsourcing
Wet pipe fire sprinkler system
24. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Input validation checking
Current and most up-to-date
The 7 phases and their order in the SDLC
25. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
A Forensic Audit
The first step in a business impact analysis
Wet pipe fire sprinkler system
26. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
Geographic location
Compliance Testing
IT Strategy
Lacks specific expertise or resources to conduct an internal audit
27. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Business impact analysis
Substantive Testing
Incident Management
IT standards are not being reviewed often enough
28. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Categories of risk treatment
Service Continuity Management
Grid Computing
Organizational culture and maturity
29. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
A Cold Site
Background checks performed
Options for Risk Treatment
OSI: Transport Layer
30. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Information security policy
TCP/IP Transport Layer
A gate process
Lacks specific expertise or resources to conduct an internal audit
31. IT Service Management is defined in ___________________ framework.
Main types of Controls
Rating Scale for Process Maturity
ITIL - IT Infrastructure Library
(1.) Polices (2.) Procedures (3.) Standards
32. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Options for Risk Treatment
Statistical Sampling
The two Categories of Controls
A gate process
33. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The Release process
List of systems examined
Business Continuity
The typical Configuration Items in Configuration Management
34. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Entire password for an encryption key
More difficult to perform
Information security policy
TCP/IP Link Layer
35. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Disaster Recovery
Deming Cycle
Inform the auditee
Current and most up-to-date
36. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Recovery time objective
Entire password for an encryption key
Stop-or-go Sampling
TCP/IP Internet Layer
37. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Substantive Testing
The availability of IT systems
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
OSI: Transport Layer
38. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A Forensic Audit
(1.) Polices (2.) Procedures (3.) Standards
PERT Diagram?
39. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Statement of Impact
Sample Standard Deviation
BCP Plans
40. An audit that combines an operational audit and a financial audit.
Geographic location
An Integrated Audit
The Business Process Life Cycle
Application Layer protocols
41. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Entire password for an encryption key
An Operational Audit
Types of sampling an auditor can perform.
A Compliance audit
42. Subjective sampling is used when the auditor wants to _________________________.
Substantive Testing (test of transaction integrity)
Segregation of duties issue in a high value process
Concentrate on samples known to represent high risk
BCP Plans
43. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
IT Service Management
Buffers
Business Continuity
More difficult to perform
44. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Disaster Recovery
The Steering Committee
Audit Methodologies
Buffers
45. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Balanced Scorecard
Frameworks
ITIL definition of PROBLEM
Organizational culture and maturity
46. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
WAN Protocols
Data Link Layer Standards
Primary security features of relational databases
Buffers
48. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Cloud computing
An Integrated Audit
Examples of IT General Controls
Assess the maturity of its business processes
49. One of a database table's fields - whose value is unique.
Compliance Testing
Database primary key
The Eight Types of Audits
(1.) Man-made (2.) Natural
50. The main hardware component of a computer system - which executes instructions in computer programs.
Information systems access
Controls
CPU
To identify the tasks that are responsible for project delays