SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Employee termination process
Grid Computing
Critical Path Methodology
Segregation of duties issue in a high value process
2. Used to translate or transform data from lower layers into formats that the application layer can work with.
OSI Layer 6: Presentation
TCP/IP Transport Layer
IT Strategy
Stay current with technology
3. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Database primary key
OSI: Transport Layer
Service Continuity Management
TCP/IP Link Layer
4. An audit of operational efficiency.
Gantt Chart
An Administrative
Project change request
The Steering Committee
5. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Business Continuity
Sampling Risk
The audit program
Hash
6. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Sampling
The Steering Committee
The 7 phases and their order in the SDLC
Formal waterfall
7. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Application Controls
Hash
Personnel involved in the requirements phase of a software development project
Critical Path Methodology
8. Delivery of packets from one station to another - on the same network or on different networks.
Examples of Application Controls
The Internet Layer in the TCP/IP model
ITIL - IT Infrastructure Library
Project Management Strategies
9. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Information systems access
Discovery Sampling
Judgmental sampling
Split custody
10. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Criticality analysis
Application Controls
Background checks performed
Overall audit risk
11. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
The 4-item focus of a Balanced Scorecard
Confidence coefficient
A gate process
Examples of IT General Controls
12. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Stay current with technology
Tolerable Error Rate
Examples of IT General Controls
Hash
13. IT Governance is most concerned with ________.
Project change request
Hash
IT Strategy
Stop-or-go Sampling
14. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Configuration Management
Separate administrative accounts
Current and most up-to-date
Criticality analysis
15. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Volumes of COSO framework
ITIL definition of CHANGE MANAGEMENT
Inform the auditee
Critical Path Methodology
16. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Organizational culture and maturity
The BCP process
A gate process
17. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
The Requirements
Entire password for an encryption key
The Business Process Life Cycle
OSI Layer 5: Session
18. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
less than 24 hours
Examples of Application Controls
Lacks specific expertise or resources to conduct an internal audit
Elements of the COBIT Framework
19. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
A Problem
Tolerable Error Rate
Business Realization
Business Continuity
20. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
List of systems examined
Annualized Loss Expectance (ALE)
Function Point Analysis
General Controls
21. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Audit Methodologies
Frameworks
The Requirements
Stop-or-go Sampling
22. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Antivirus software on the email servers
WAN Protocols
Personnel involved in the requirements phase of a software development project
BCP Plans
23. (1.) TCP (2.) UDP
Inherent Risk
Transport Layer Protocols
OSI Layer 7: Application
A Problem
24. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Control Risk
Sampling Risk
A Virtual Server
Split custody
25. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
The availability of IT systems
Tolerable Error Rate
Variable Sampling
Rating Scale for Process Maturity
26. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
(1.) Polices (2.) Procedures (3.) Standards
Precision means
Notify the Audit Committee
Examples of Application Controls
27. ____________________ of the hot site is most important consideration for site selection. IF they are too close together then a single event may involve both locations
An Operational Audit
Geographic location
Categories of risk treatment
The first step in a business impact analysis
28. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Examples of Application Controls
OSI Layer 5: Session
Organizational culture and maturity
Confidence coefficient
29. The highest number of errors that can exist without a result being materially misstated.
Notify the Audit Committee
Tolerable Error Rate
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The appropriate role of an IS auditor in a control self-assessment
30. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
Project Management Strategies
objective and unbiased
Prblem Management
Function Point Analysis
31. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
A Forensic Audit
Disaster Recovery
The two Categories of Controls
BCP Plans
32. An audit that is performed in support of an anticipated or active legal proceeding.
Current and most up-to-date
BCP Plans
IT Service Management
A Forensic Audit
33. The maximum period of downtime for a process or application
A gate process
Recovery time objective
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Expected Error Rate
34. (1.) Physical (2.) Technical (4.) Administrative
The Internet Layer in the TCP/IP model
Critical Path Methodology
(1.) Man-made (2.) Natural
Three Types of Controls
35. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
less than 24 hours
Risk Management
A Server Cluster
Variable Sampling
36. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Notify the Audit Committee
Sample Standard Deviation
Expected Error Rate
Control Risk
37. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
ITIL definition of CHANGE MANAGEMENT
A Financial Audit
Control Unit
Input validation checking
38. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Function Point Analysis
Service Level Management
A Server Cluster
Project change request
39. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
Current and most up-to-date
Resource details
PERT Diagram?
40. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Recovery time objective
The 5 types of Evidence that the auditor will collect during an audit.
Network Layer Protocols
41. An auditor has detected potential fraud while testing a control objective - He should ___________________. Because Audit committee members are generally not involved in business operations - they will be sufficiently remove from the matter - and they
Geographic location
Notify the Audit Committee
OSI Layer 7: Application
Sampling
42. Consists of two main packet transport protocols: TCP and UDP.
TCP/IP Transport Layer
The availability of IT systems
Insourcing
Sample Standard Deviation
43. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Disaster Recovery
Split custody
Testing activities
44. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
A Forensic Audit
Testing activities
IT Strategy
A Sample Mean
45. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Statement of Impact
The Release process
Application Controls
The Business Process Life Cycle
46. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Categories of risk treatment
Statistical Sampling
IT standards are not being reviewed often enough
Examples of IT General Controls
48. (1.) Access controls (2.) Encryption (3.) Audit logging
Balanced Scorecard
Primary security features of relational databases
Stay current with technology
IT Strategy
49. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Split custody
(1.) Man-made (2.) Natural
Options for Risk Treatment
Testing activities
50. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Criticality analysis
Elements of the COSO pyramid
The typical Configuration Items in Configuration Management
Insourcing
