SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Database primary key
Organizational culture and maturity
Business Realization
Insourcing
2. Support the functioning of the application controls
Precision means
The audit program
General Controls
TCP/IP Link Layer
3. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Input validation checking
The 4-item focus of a Balanced Scorecard
Elements of the COSO pyramid
Department Charters
4. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Lacks specific expertise or resources to conduct an internal audit
OSI Layer 5: Session
OSI: Physical Layer
IT executives and the Board of Directors
5. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Business impact analysis
Examples of Application Controls
Segregation of duties issue in a high value process
Control Unit
6. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
A Compliance audit
Judgmental sampling
Segregation of duties issue in a high value process
Server cluster
7. Disasters are generally grouped in terms of type: ______________.
(1.) Polices (2.) Procedures (3.) Standards
(1.) Man-made (2.) Natural
General Controls
Recovery time objective
8. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Database primary key
Entire password for an encryption key
Inherent Risk
A Server Cluster
9. Gantt: used to display ______________.
Structural fires and transportation accidents
Information systems access
Resource details
Audit Methodologies
10. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Geographic location
Information systems access
Project change request
Sample Standard Deviation
11. The inventory of all in-scope business processes and systems
A Virtual Server
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Critical Path Methodology
The first step in a business impact analysis
12. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Annualized Loss Expectance (ALE)
Stratified Sampling
Insourcing
An Integrated Audit
13. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Server cluster
Categories of risk treatment
BCP Plans
Entire password for an encryption key
14. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
The Requirements
SDLC Phases
Business Realization
The best approach for identifying high risk areas for an audit
15. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Business Realization
Employee termination process
An Integrated Audit
The Requirements
16. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Background checks performed
The first step in a business impact analysis
Configuration Management
The appropriate role of an IS auditor in a control self-assessment
17. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Power system controls
Recovery time objective
OSI: Physical Layer
Project change request
18. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
Function Point Analysis
An Integrated Audit
Lacks specific expertise or resources to conduct an internal audit
19. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
A Compliance audit
Database primary key
Detection Risk
Foreign Key
20. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Wet pipe fire sprinkler system
Statistical Sampling
Inherent Risk
The Software Program Library
21. A sampling technique where at least one exception is sought in a population
More difficult to perform
Information systems access
Discovery Sampling
Segregation of duties issue in a high value process
22. ITIL term used to describe the SDLC.
Wet pipe fire sprinkler system
Tolerable Error Rate
An IS audit
Release management
23. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
The availability of IT systems
SDLC Phases
Organizational culture and maturity
24. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Formal waterfall
IT Services Financial Management
The 5 types of Evidence that the auditor will collect during an audit.
Deming Cycle
25. To measure organizational performance and effectiveness against strategic goals.
Discovery Sampling
(1.) Polices (2.) Procedures (3.) Standards
Data Link Layer Standards
Balanced Scorecard
26. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Elements of the COSO pyramid
Geographic location
Capability Maturity Model
Input validation checking
27. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
The Internet Layer in the TCP/IP model
Audit logging
OSI Layer 5: Session
Information security policy
28. The maximum period of downtime for a process or application
Controls
Recovery time objective
The best approach for identifying high risk areas for an audit
Security Awareness program
29. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Discovery Sampling
The Requirements
Substantive Testing
Audit logging
30. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Examples of Application Controls
The Requirements
ITIL definition of PROBLEM
Sample Standard Deviation
31. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Database primary key
Overall audit risk
Inherent Risk
Testing activities
32. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Overall audit risk
Statistical Sampling
The availability of IT systems
The Requirements
33. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
A Problem
IT Service Management
Stratified Sampling
34. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
Main types of Controls
Registers
The Eight Types of Audits
Formal waterfall
35. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
36. A technique that is used to select a portion of a population when it is not feasible to test an entire population.
Substantive Testing
Segregation of duties issue in a high value process
Registers
Sampling
37. A four-step quality control process known as PDSA - or PDCA. Steps: (1.) Plan (2.) Do (3.) Study (4.) Act
Deming Cycle
OSI Layer 6: Presentation
IT standards are not being reviewed often enough
Department Charters
38. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Information security policy
Employee termination process
Statistical Sampling
TCP/IP Internet Layer
39. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Wet pipe fire sprinkler system
Configuration Management
The BCP process
OSI: Physical Layer
40. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Blade Computer Architecture
Expected Error Rate
Business Continuity
Vulnerability in the organization's PBX
41. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Current and most up-to-date
Examples of IT General Controls
Options for Risk Treatment
Frameworks
42. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
An IS audit
Reduced sign-on
Function Point Analysis
Audit Methodologies
43. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
The 4-item focus of a Balanced Scorecard
Segregation of duties issue in a high value process
The audit program
A Service Provider audit
44. (1.) Hardware Complement (physical specifications) (2.) Hardware Configuration (firmware settings) (3.) Operating system version and configuration (4.) Software versions and configuration
Audit logging
Substantive Testing
Insourcing
The typical Configuration Items in Configuration Management
45. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
TCP/IP Network Model
The first step in a business impact analysis
An Operational Audit
Geographic location
46. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Service Level Management
The first step in a business impact analysis
Buffers
Sample Standard Deviation
47. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
OSI Layer 6: Presentation
Hash
The availability of IT systems
Employees with excessive privileges
48. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
Elements of the COBIT Framework
Precision means
Volumes of COSO framework
An Operational Audit
49. A maturity model that represents the aggregations of other maturity models.
Substantive Testing
Capability Maturity Model Integration (CMMI)
Hash
Sampling Risk
50. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
Service Continuity Management
Reduced sign-on
A Service Provider audit
