SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Balanced Scorecard
Background checks performed
Elements of the COBIT Framework
Six steps of the Release Management process
2. IT Governance is most concerned with ________.
IT Services Financial Management
General Controls
OSI: Data Link Layer
IT Strategy
3. (1.) Objectives (2.) Components (3.) Business Units / Areas
The appropriate role of an IS auditor in a control self-assessment
ISO 20000 Standard:
To identify the tasks that are responsible for project delays
Dimensions of the COSO cube
4. PERT: shows the ______________ critical path.
Stay current with technology
Sampling Risk
Current and most up-to-date
Entire password for an encryption key
5. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
The 4-item focus of a Balanced Scorecard
Information security policy
Inherent Risk
Audit logging
6. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Balanced Scorecard
Critical Path Methodology
The BCP process
The best approach for identifying high risk areas for an audit
7. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Project Management Strategies
Prblem Management
The 4-item focus of a Balanced Scorecard
Hash
8. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
A Forensic Audit
Organizational culture and maturity
Audit Methodologies
Detection Risk
9. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Information security policy
Security Awareness program
Wet pipe fire sprinkler system
Input validation checking
10. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Information systems access
Separate administrative accounts
Input validation checking
Referential Integrity
11. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Volumes of COSO framework
The 5 types of Evidence that the auditor will collect during an audit.
Types of sampling an auditor can perform.
ITIL definition of CHANGE MANAGEMENT
12. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
A Forensic Audit
A Server Cluster
OSI: Data Link Layer
Database primary key
13. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
IT executives and the Board of Directors
Gantt Chart
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Emergency Changes
14. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
An Operational Audit
The Release process
Gantt Chart
IT Services Financial Management
15. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Elements of the COSO pyramid
OSI: Network Layer
Structural fires and transportation accidents
Blade Computer Architecture
16. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Project change request
The BCP process
Business impact analysis
Business Continuity
17. Collections of Controls that work together to achieve an entire range of an organization's objectives.
TCP/IP Network Model
(1.) Man-made (2.) Natural
Function Point Analysis
Frameworks
18. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Employees with excessive privileges
Balanced Scorecard
Volumes of COSO framework
19. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
To identify the tasks that are responsible for project delays
The best approach for identifying high risk areas for an audit
The appropriate role of an IS auditor in a control self-assessment
Network Layer Protocols
20. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
Main types of Controls
The audit program
OSI Layer 7: Application
Vulnerability in the organization's PBX
21. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
IT standards are not being reviewed often enough
Gantt Chart
Confidence coefficient
22. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
More difficult to perform
TCP/IP Internet Layer
SDLC Phases
Lacks specific expertise or resources to conduct an internal audit
23. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
OSI: Transport Layer
The Internet Layer in the TCP/IP model
CPU
24. Gantt: used to display ______________.
Emergency Changes
Reduced sign-on
To identify the tasks that are responsible for project delays
Resource details
25. The main hardware component of a computer system - which executes instructions in computer programs.
Judgmental sampling
Service Level Management
OSI Layer 6: Presentation
CPU
26. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
The typical Configuration Items in Configuration Management
(1.) Polices (2.) Procedures (3.) Standards
TCP/IP Link Layer
IT standards are not being reviewed often enough
27. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Application Controls
Power system controls
Overall audit risk
Change management
28. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
TCP/IP Link Layer
Entire password for an encryption key
The Eight Types of Audits
An IS audit
29. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Employee termination process
Confidence coefficient
Wet pipe fire sprinkler system
Incident Management
30. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Formal waterfall
Incident Management
TCP/IP Link Layer
Foreign Key
31. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Audit Methodologies
Organizational culture and maturity
Overall audit risk
A Compliance audit
32. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Expected Error Rate
Confidence coefficient
Elements of the COSO pyramid
Cloud computing
33. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Data Link Layer Standards
Segregation of duties issue in a high value process
Business impact analysis
34. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Detection Risk
The audit program
Capability Maturity Model Integration (CMMI)
35. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
Data Link Layer Standards
A Forensic Audit
Employees with excessive privileges
36. The first major task in a disaster recovery or business continuity planning project.
TCP/IP Transport Layer packet delivery
Business impact analysis
A Sample Mean
Controls
37. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
More difficult to perform
Statistical Sampling
Emergency Changes
Tolerable Error Rate
38. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
The two Categories of Controls
Referential Integrity
General Controls
Sample Standard Deviation
39. An audit of operational efficiency.
An Administrative
Notify the Audit Committee
Server cluster
ITIL definition of CHANGE MANAGEMENT
40. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Data Link Layer Standards
Antivirus software on the email servers
Documentation and interview personnel
Personnel involved in the requirements phase of a software development project
41. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
The Steering Committee
Separate administrative accounts
A Service Provider audit
Service Continuity Management
42. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
The Release process
Reduced sign-on
Geographic location
Background checks performed
43. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Six steps of the Release Management process
Rating Scale for Process Maturity
Elements of the COSO pyramid
A Compliance audit
44. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
IT executives and the Board of Directors
Blade Computer Architecture
Audit logging
Split custody
45. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
IT standards are not being reviewed often enough
Elements of the COBIT Framework
The two Categories of Controls
Emergency Changes
46. (1.) TCP (2.) UDP
OSI Layer 5: Session
Transport Layer Protocols
Types of sampling an auditor can perform.
The Steering Committee
47. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Business Realization
Hash
OSI: Physical Layer
Capability Maturity Model Integration (CMMI)
48. Delivery of packets from one station to another - on the same network or on different networks.
Employees with excessive privileges
The Internet Layer in the TCP/IP model
Volumes of COSO framework
PERT Diagram?
49. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Background checks performed
The Business Process Life Cycle
A Problem
Power system controls
