SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Dimensions of the COSO cube
Main types of Controls
Sampling
Split custody
2. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Hash
Examples of IT General Controls
The audit program
Employees with excessive privileges
3. An IS auditor is auditing the change management process for a financial application. The auditor has two primary pieces of evidence: change logs and a written analysis of the change logs performed by a business analyst. The change log is best because
objective and unbiased
Background checks performed
Confidence coefficient
Options for Risk Treatment
4. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Separate administrative accounts
Reduced sign-on
Testing activities
Registers
5. The main hardware component of a computer system - which executes instructions in computer programs.
Inherent Risk
The typical Configuration Items in Configuration Management
objective and unbiased
CPU
6. Defines internal controls and provides guidance for assessing and improving internal control systems.
Current and most up-to-date
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Frameworks
Attribute Sampling
7. The inventory of all in-scope business processes and systems
Wet pipe fire sprinkler system
The first step in a business impact analysis
Variable Sampling
The Eight Types of Audits
8. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
BCP Plans
Sampling Risk
Project change request
Critical Path Methodology
9. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
10. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Wet pipe fire sprinkler system
Expected Error Rate
11. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
A Forensic Audit
Service Level Management
SDLC Phases
Power system controls
12. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Inherent Risk
Department Charters
Notify the Audit Committee
Network Layer Protocols
13. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Formal waterfall
Advantages of outsourcing
Prblem Management
Main types of Controls
14. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Project Management Strategies
More difficult to perform
IT executives and the Board of Directors
Structural fires and transportation accidents
15. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
An Integrated Audit
Application Layer protocols
PERT Diagram?
Current and most up-to-date
16. (1.) Automatic (2.) Manual
Sampling Risk
The two Categories of Controls
Control Risk
OSI Layer 7: Application
17. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
OSI: Transport Layer
WAN Protocols
Lacks specific expertise or resources to conduct an internal audit
Employee termination process
18. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
Tolerable Error Rate
ISO 20000 Standard:
(1.) Polices (2.) Procedures (3.) Standards
Inherent Risk
19. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Confidence coefficient
Substantive Testing (test of transaction integrity)
Control Risk
The 5 types of Evidence that the auditor will collect during an audit.
20. (1.) General (2.) Application
Main types of Controls
Release management
Sampling Risk
Primary security features of relational databases
21. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
The Release process
Annualized Loss Expectance (ALE)
IT Service Management
Blade Computer Architecture
22. Focuses on: post-event recovery and restoration of services
Disaster Recovery
OSI: Physical Layer
Configuration Management
Control Unit
23. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Resource details
Network Layer Protocols
An IS audit
An Integrated Audit
24. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Advantages of outsourcing
Blade Computer Architecture
Service Continuity Management
Department Charters
25. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Annualized Loss Expectance (ALE)
Recovery time objective
Options for Risk Treatment
WAN Protocols
26. A maturity model that represents the aggregations of other maturity models.
Database primary key
The first step in a business impact analysis
Capability Maturity Model Integration (CMMI)
Concentrate on samples known to represent high risk
27. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Sampling Risk
Rating Scale for Process Maturity
Three Types of Controls
28. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Resource details
Deming Cycle
Information systems access
Project change request
29. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Employee termination process
Six steps of the Release Management process
Business impact analysis
The two Categories of Controls
30. Used to translate or transform data from lower layers into formats that the application layer can work with.
Background checks performed
The Release process
OSI Layer 6: Presentation
Primary security features of relational databases
31. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
ITIL definition of CHANGE MANAGEMENT
Transport Layer Protocols
More difficult to perform
Substantive Testing
32. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Rating Scale for Process Maturity
Sampling Risk
Application Layer protocols
The Business Process Life Cycle
33. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Release management
IT Service Management
Audit Methodologies
Risk Management
34. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Inherent Risk
Sampling Risk
ITIL definition of PROBLEM
Power system controls
35. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
Geographic location
The typical Configuration Items in Configuration Management
Sample Standard Deviation
less than 24 hours
36. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
OSI: Transport Layer
Stay current with technology
Notify the Audit Committee
Disaster Recovery
37. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Project change request
Notify the Audit Committee
IT Service Management
Assess the maturity of its business processes
38. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Annualized Loss Expectance (ALE)
TCP/IP Internet Layer
Structural fires and transportation accidents
Entire password for an encryption key
39. The memory locations in the CPU where arithmetic values are stored.
TCP/IP Network Model
Examples of Application Controls
The appropriate role of an IS auditor in a control self-assessment
Registers
40. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Control Risk
Business Realization
Elements of the COSO pyramid
Application Controls
41. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
The Internet Layer in the TCP/IP model
ISO 20000 Standard:
A Virtual Server
BCP Plans
42. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Sampling Risk
TCP/IP Link Layer
OSI: Network Layer
An Administrative
43. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
Service Continuity Management
An Integrated Audit
Statement of Impact
44. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Sampling
ITIL definition of CHANGE MANAGEMENT
Background checks performed
Service Level Management
45. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Examples of IT General Controls
Wet pipe fire sprinkler system
Current and most up-to-date
Capability Maturity Model Integration (CMMI)
46. To measure organizational performance and effectiveness against strategic goals.
The Eight Types of Audits
Balanced Scorecard
Stratified Sampling
Registers
47. Disasters are generally grouped in terms of type: ______________.
BCP Plans
Critical Path Methodology
(1.) Man-made (2.) Natural
Substantive Testing
48. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Separate administrative accounts
Sample Standard Deviation
Data Link Layer Standards
Inform the auditee
49. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
The availability of IT systems
Organizational culture and maturity
(1.) Man-made (2.) Natural
Data Link Layer Standards
50. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
OSI Layer 6: Presentation
The Requirements
Sampling Risk
The Release process