SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
TCP/IP Internet Layer
An Integrated Audit
OSI: Transport Layer
2. Used to determine which business processes are the most critical - by ranking them in order of criticality
To identify the tasks that are responsible for project delays
Capability Maturity Model
WAN Protocols
Criticality analysis
3. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Volumes of COSO framework
Power system controls
Stop-or-go Sampling
Transport Layer Protocols
4. An audit that combines an operational audit and a financial audit.
Application Controls
Project Management Strategies
An Integrated Audit
PERT Diagram?
5. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Documentation and interview personnel
ITIL definition of CHANGE MANAGEMENT
Referential Integrity
TCP/IP Internet Layer
6. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Reduced sign-on
Blade Computer Architecture
Registers
Primary security features of relational databases
7. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
SDLC Phases
ITIL definition of CHANGE MANAGEMENT
A Compliance audit
Sampling Risk
8. Lowest layer. Delivers messages (frames) from one station to another vial local network.
A Forensic Audit
Detection Risk
Gantt Chart
TCP/IP Link Layer
9. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Notify the Audit Committee
Expected Error Rate
Control Unit
Split custody
10. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Employee termination process
Variable Sampling
Separate administrative accounts
Three Types of Controls
11. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Network Layer Protocols
Precision means
Reduced sign-on
Inherent Risk
12. (1.) Objectives (2.) Components (3.) Business Units / Areas
BCP Plans
The 7 phases and their order in the SDLC
Dimensions of the COSO cube
OSI Layer 5: Session
13. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Compliance Testing
Categories of risk treatment
Cloud computing
Documentation and interview personnel
14. A technique that is used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
An IS audit
Six steps of the Release Management process
Discovery Sampling
Critical Path Methodology
15. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Incident Management
The Business Process Life Cycle
Segregation of duties issue in a high value process
Data Link Layer Standards
16. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
The Internet Layer in the TCP/IP model
Elements of the COBIT Framework
Hash
Business Realization
17. Guide program execution through organization of resources and development of clear project objectives.
Dimensions of the COSO cube
Department Charters
Prblem Management
Project Management Strategies
18. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
The best approach for identifying high risk areas for an audit
Cloud computing
Business Realization
Information systems access
19. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
An Integrated Audit
Lacks specific expertise or resources to conduct an internal audit
Examples of Application Controls
A Virtual Server
20. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
Sampling
IT Service Management
A Problem
Configuration Management
21. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Capability Maturity Model Integration (CMMI)
Elements of the COSO pyramid
A gate process
Information security policy
22. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
OSI: Physical Layer
Geographic location
OSI: Network Layer
Elements of the COSO pyramid
23. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Data Link Layer Standards
Stay current with technology
Hash
Concentrate on samples known to represent high risk
24. IT Governance is most concerned with ________.
Inherent Risk
Precision means
Discovery Sampling
IT Strategy
25. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Data Link Layer Standards
Stay current with technology
ITIL definition of CHANGE MANAGEMENT
The audit program
26. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Capability Maturity Model Integration (CMMI)
The 7 phases and their order in the SDLC
(1.) Man-made (2.) Natural
27. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Emergency Changes
Project change request
OSI: Physical Layer
An Operational Audit
28. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Stop-or-go Sampling
ITIL definition of PROBLEM
An Administrative
29. A collection of two or more servers that is designed to appear as a single server.
ISO 20000 Standard:
The appropriate role of an IS auditor in a control self-assessment
IT standards are not being reviewed often enough
Server cluster
30. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Registers
Data Link Layer Standards
Application Layer protocols
Compliance Testing
31. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Service Continuity Management
The Eight Types of Audits
Sampling
Stay current with technology
32. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Server cluster
OSI: Physical Layer
Entire password for an encryption key
Department Charters
33. IT Service Management is defined in ___________________ framework.
ITIL - IT Infrastructure Library
Judgmental sampling
Buffers
ITIL definition of PROBLEM
34. A maturity model that represents the aggregations of other maturity models.
Grid Computing
Statistical Sampling
Sampling Risk
Capability Maturity Model Integration (CMMI)
35. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Business Continuity
The typical Configuration Items in Configuration Management
Entire password for an encryption key
Data Link Layer Standards
36. One of a database table's fields - whose value is unique.
OSI: Data Link Layer
A gate process
Database primary key
Frameworks
37. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Options for Risk Treatment
OSI: Data Link Layer
Dimensions of the COSO cube
Personnel involved in the requirements phase of a software development project
39. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Tolerable Error Rate
Vulnerability in the organization's PBX
objective and unbiased
A Financial Audit
40. The maximum period of downtime for a process or application
Sampling Risk
Information systems access
Recovery time objective
Background checks performed
41. (1.) TCP (2.) UDP
Balanced Scorecard
Configuration Management
Sample Standard Deviation
Transport Layer Protocols
42. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
A Problem
SDLC Phases
CPU
The Software Program Library
43. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
Overall audit risk
The BCP process
OSI: Physical Layer
The appropriate role of an IS auditor in a control self-assessment
44. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Notify the Audit Committee
Information systems access
A gate process
Options for Risk Treatment
45. To communication security policies - procedures - and other security-related information to an organization's employees.
Grid Computing
Personnel involved in the requirements phase of a software development project
TCP/IP Internet Layer
Security Awareness program
46. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
Formal waterfall
Employee termination process
Stratified Sampling
47. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Controls
Insourcing
Network Layer Protocols
The two Categories of Controls
48. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Statistical Sampling
The two Categories of Controls
A Financial Audit
49. Focuses on: post-event recovery and restoration of services
The Business Process Life Cycle
Disaster Recovery
Configuration Management
Examples of Application Controls
50. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Statistical Sampling
OSI Layer 7: Application
The Software Program Library
Critical Path Methodology