SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Disasters are generally grouped in terms of type: ______________.
OSI: Network Layer
IT Services Financial Management
Risk Management
(1.) Man-made (2.) Natural
2. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Vulnerability in the organization's PBX
Dimensions of the COSO cube
Risk Management
A gate process
3. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Main types of Controls
Configuration Management
The Software Program Library
Rating Scale for Process Maturity
4. Handle application processing
Cloud computing
Inform the auditee
Application Controls
Six steps of the Release Management process
5. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
WAN Protocols
The appropriate role of an IS auditor in a control self-assessment
Substantive Testing
Reduced sign-on
6. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Three Types of Controls
Controls
Inherent Risk
Formal waterfall
7. Framework for auditing and measuring IT Service Management Processes.
ISO 20000 Standard:
The two Categories of Controls
The audit program
Data Link Layer Standards
8. IT Governance is most concerned with ________.
Service Level Management
Formal waterfall
IT Strategy
Precision means
9. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Volumes of COSO framework
Capability Maturity Model
Cloud computing
Grid Computing
10. Used to control connections that are established between systems (1.) TCP (2.) IPC (3.) SIP (Session Initiation Protocol) (4.) RPC (Remote Procedure Call) (5.) NetBIOS
The Steering Committee
Categories of risk treatment
Compliance Testing
OSI Layer 5: Session
11. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Foreign Key
Balanced Scorecard
IT standards are not being reviewed often enough
Elements of the COBIT Framework
12. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
A Sample Mean
Blade Computer Architecture
Inherent Risk
13. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
TCP/IP Internet Layer
BCP Plans
Function Point Analysis
Sampling Risk
14. ITIL term used to describe the SDLC.
The best approach for identifying high risk areas for an audit
A Forensic Audit
Statement of Impact
Release management
15. The sum of all samples divided by the number of samples.
The Business Process Life Cycle
A Sample Mean
A Service Provider audit
Service Continuity Management
16. A representation of how closely a sample represents an entire population.
Critical Path Methodology
Detection Risk
Precision means
Types of sampling an auditor can perform.
17. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Formal waterfall
Current and most up-to-date
Grid Computing
Function Point Analysis
18. The means by which management establishes and measures processes by which organizational objectives are achieved
Detection Risk
Controls
Advantages of outsourcing
Primary security features of relational databases
19. One of a database table's fields - whose value is unique.
The typical Configuration Items in Configuration Management
The audit program
Detection Risk
Database primary key
20. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Service Level Management
Entire password for an encryption key
SDLC Phases
21. Information is arranged in frames and transported across the medium. Collision detection. Checksum verification of delivery.
Structural fires and transportation accidents
Stay current with technology
Current and most up-to-date
OSI: Data Link Layer
22. A sampling technique where at least one exception is sought in a population
Discovery Sampling
Function Point Analysis
Emergency Changes
Lacks specific expertise or resources to conduct an internal audit
23. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
To identify the tasks that are responsible for project delays
Stop-or-go Sampling
Transport Layer Protocols
OSI: Network Layer
24. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
The Release process
Attribute Sampling
The Internet Layer in the TCP/IP model
Overall audit risk
25. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Rating Scale for Process Maturity
Advantages of outsourcing
Buffers
Substantive Testing
26. A CMM helps an organization to _______________ - which is an important first step to any large-scale process improvement effort.
Controls
Inform the auditee
Cloud computing
Assess the maturity of its business processes
27. PERT: shows the ______________ critical path.
Split custody
Current and most up-to-date
Vulnerability in the organization's PBX
Critical Path Methodology
28. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
ISO 20000 Standard:
An Operational Audit
Project Management Strategies
29. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
The appropriate role of an IS auditor in a control self-assessment
Data Link Layer Standards
The availability of IT systems
Employees with excessive privileges
30. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
A Sample Mean
Controls
Cloud computing
31. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
A Service Provider audit
Registers
OSI: Transport Layer
32. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Elements of the COBIT Framework
The Software Program Library
Statistical Sampling
Tolerable Error Rate
33. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Disaster Recovery
Sample Standard Deviation
PERT Diagram?
Geographic location
34. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
Variable Sampling
Business Continuity
TCP/IP Internet Layer
An Integrated Audit
35. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Balanced Scorecard
Employee termination process
Referential Integrity
A Service Provider audit
36. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Rating Scale for Process Maturity
Types of sampling an auditor can perform.
IT Service Management
ITIL - IT Infrastructure Library
37. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Network Layer Protocols
Change management
Assess the maturity of its business processes
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
38. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
OSI: Transport Layer
ITIL definition of CHANGE MANAGEMENT
Antivirus software on the email servers
Compliance Testing
39. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Sampling Risk
Concentrate on samples known to represent high risk
Variable Sampling
Stop-or-go Sampling
41. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
The two Categories of Controls
Categories of risk treatment
A Sample Mean
Blade Computer Architecture
42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Substantive Testing (test of transaction integrity)
To identify the tasks that are responsible for project delays
Sampling Risk
Application Controls
43. Collections of Controls that work together to achieve an entire range of an organization's objectives.
The audit program
ITIL definition of PROBLEM
Frameworks
Transport Layer Protocols
44. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
Project change request
Examples of IT General Controls
Main types of Controls
45. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
The 5 types of Evidence that the auditor will collect during an audit.
TCP/IP Transport Layer
The Internet Layer in the TCP/IP model
46. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Documentation and interview personnel
Application Layer protocols
Stay current with technology
ITIL - IT Infrastructure Library
47. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
(1.) Polices (2.) Procedures (3.) Standards
Function Point Analysis
Six steps of the Release Management process
Audit Methodologies
48. (1.) General (2.) Application
Prblem Management
An Operational Audit
Main types of Controls
Referential Integrity
49. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Frameworks
The Software Program Library
Inform the auditee
A Sample Mean
50. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
Audit logging
Input validation checking
Documentation and interview personnel
OSI: Network Layer