SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
OSI Layer 7: Application
Insourcing
Application Layer protocols
Referential Integrity
2. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Substantive Testing
The appropriate role of an IS auditor in a control self-assessment
IT Service Management
TCP/IP Transport Layer packet delivery
3. Used to determine which business processes are the most critical - by ranking them in order of criticality
Examples of Application Controls
IT standards are not being reviewed often enough
Data Link Layer Standards
Criticality analysis
4. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Critical Path Methodology
(1.) Polices (2.) Procedures (3.) Standards
IT Strategy
TCP/IP Internet Layer
6. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
Power system controls
The Steering Committee
Statistical Sampling
7. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Employee termination process
Examples of Application Controls
The Release process
Project change request
8. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Formal waterfall
objective and unbiased
Audit logging
9. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
Business Continuity
Employee termination process
Gantt Chart
IT executives and the Board of Directors
10. (1.) Physical (2.) Technical (4.) Administrative
The two Categories of Controls
Three Types of Controls
The 5 types of Evidence that the auditor will collect during an audit.
Variable Sampling
11. An alternate processing center that contains no information processing equipment.
A Cold Site
The best approach for identifying high risk areas for an audit
Personnel involved in the requirements phase of a software development project
Audit Methodologies
12. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Grid Computing
The best approach for identifying high risk areas for an audit
Cloud computing
Referential Integrity
13. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Attribute Sampling
Sampling Risk
A Compliance audit
Employees with excessive privileges
14. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Function Point Analysis
Assess the maturity of its business processes
Database primary key
15. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
Business impact analysis
Criticality analysis
A Server Cluster
The availability of IT systems
16. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Options for Risk Treatment
Network Layer Protocols
less than 24 hours
Elements of the COBIT Framework
17. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Network Layer Protocols
Types of sampling an auditor can perform.
The Software Program Library
Data Link Layer Standards
18. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
A Compliance audit
OSI: Transport Layer
Control Risk
Background checks performed
19. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Variable Sampling
Vulnerability in the organization's PBX
Examples of IT General Controls
Elements of the COBIT Framework
20. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
OSI: Data Link Layer
A Cold Site
OSI Layer 5: Session
Capability Maturity Model
21. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Critical Path Methodology
Service Level Management
The Eight Types of Audits
The availability of IT systems
22. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
OSI: Network Layer
A Virtual Server
Balanced Scorecard
Foreign Key
23. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Current and most up-to-date
A Compliance audit
Employees with excessive privileges
Precision means
24. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
List of systems examined
A Compliance audit
The audit program
General Controls
25. IT Governance is most concerned with ________.
Sampling Risk
IT Strategy
Testing activities
Entire password for an encryption key
26. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
TCP/IP Transport Layer
Segregation of duties issue in a high value process
Assess the maturity of its business processes
Formal waterfall
27. The sum of all samples divided by the number of samples.
Annualized Loss Expectance (ALE)
Variable Sampling
A Sample Mean
OSI Layer 7: Application
28. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Assess the maturity of its business processes
The audit program
Variable Sampling
Transport Layer Protocols
29. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
CPU
A gate process
Gantt Chart
Function Point Analysis
30. A representation of how closely a sample represents an entire population.
Precision means
Business Continuity
The audit program
Release management
31. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Gantt Chart
BCP Plans
Notify the Audit Committee
Attribute Sampling
32. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
A gate process
Balanced Scorecard
Prblem Management
The availability of IT systems
33. Collections of Controls that work together to achieve an entire range of an organization's objectives.
A Financial Audit
Frameworks
Substantive Testing (test of transaction integrity)
A Sample Mean
34. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
TCP/IP Network Model
Detection Risk
A Problem
TCP/IP Internet Layer
35. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
Stop-or-go Sampling
OSI: Physical Layer
Stay current with technology
IT standards are not being reviewed often enough
36. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
OSI Layer 6: Presentation
Audit logging
Inform the auditee
Sampling Risk
37. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Stop-or-go Sampling
Input validation checking
Gantt Chart
38. The inventory of all in-scope business processes and systems
The 5 types of Evidence that the auditor will collect during an audit.
The Internet Layer in the TCP/IP model
IT Strategy
The first step in a business impact analysis
39. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Application Controls
The availability of IT systems
OSI: Network Layer
Risk Management
40. To measure organizational performance and effectiveness against strategic goals.
IT Services Financial Management
Balanced Scorecard
Stratified Sampling
Inform the auditee
41. Contains programs that communicate directly with the end user.
SDLC Phases
The 4-item focus of a Balanced Scorecard
The Requirements
OSI Layer 7: Application
42. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Stratified Sampling
Release management
The Software Program Library
Registers
43. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
A Cold Site
List of systems examined
Substantive Testing
Background checks performed
44. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Security Awareness program
Testing activities
Advantages of outsourcing
An Administrative
45. (1.) TCP (2.) UDP
Criticality analysis
Assess the maturity of its business processes
Transport Layer Protocols
Application Layer protocols
46. The first major task in a disaster recovery or business continuity planning project.
Buffers
Frameworks
Substantive Testing (test of transaction integrity)
Business impact analysis
47. The maximum period of downtime for a process or application
Recovery time objective
TCP/IP Link Layer
Transport Layer Protocols
The availability of IT systems
48. A collection of two or more servers that is designed to appear as a single server.
Server cluster
OSI: Transport Layer
Buffers
More difficult to perform
49. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Main types of Controls
Elements of the COBIT Framework
To identify the tasks that are responsible for project delays
A Financial Audit
50. Support the functioning of the application controls
Hash
General Controls
Options for Risk Treatment
Release management