SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
TCP/IP Network Model
Inform the auditee
Control Unit
Wet pipe fire sprinkler system
2. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Foreign Key
Incident Management
The Requirements
BCP Plans
3. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
Testing activities
Network Layer Protocols
(1.) Polices (2.) Procedures (3.) Standards
4. Used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. More simplistic than a PERT Diagram.
Gantt Chart
Lacks specific expertise or resources to conduct an internal audit
Advantages of outsourcing
Inherent Risk
5. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
BCP Plans
OSI Layer 7: Application
IT Strategy
Examples of IT General Controls
6. Delivery of packets from one station to another - on the same network or on different networks.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Sampling Risk
Employees with excessive privileges
The Internet Layer in the TCP/IP model
7. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
(1.) Polices (2.) Procedures (3.) Standards
OSI: Transport Layer
The BCP process
Prblem Management
8. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Testing activities
Main types of Controls
BCP Plans
The typical Configuration Items in Configuration Management
9. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
The Software Program Library
Information systems access
Detection Risk
Notify the Audit Committee
10. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Three Types of Controls
A Financial Audit
An Administrative
11. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
OSI Layer 5: Session
An Integrated Audit
Antivirus software on the email servers
Statistical Sampling
12. A maturity model that represents the aggregations of other maturity models.
Audit logging
The BCP process
Notify the Audit Committee
Capability Maturity Model Integration (CMMI)
13. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Rating Scale for Process Maturity
List of systems examined
The 5 types of Evidence that the auditor will collect during an audit.
TCP/IP Network Model
14. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
Compliance Testing
objective and unbiased
Testing activities
SDLC Phases
15. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Annualized Loss Expectance (ALE)
Information security policy
TCP/IP Network Model
The first step in a business impact analysis
16. (1.) General (2.) Application
Capability Maturity Model Integration (CMMI)
(1.) Man-made (2.) Natural
Main types of Controls
Confidence coefficient
17. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Volumes of COSO framework
A Service Provider audit
A Financial Audit
Input validation checking
18. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Grid Computing
The best approach for identifying high risk areas for an audit
Entire password for an encryption key
The Internet Layer in the TCP/IP model
19. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
The Eight Types of Audits
TCP/IP Network Model
The Steering Committee
20. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Judgmental sampling
Volumes of COSO framework
Business Realization
TCP/IP Network Model
21. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The typical Configuration Items in Configuration Management
Control Risk
Grid Computing
Options for Risk Treatment
22. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
23. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Antivirus software on the email servers
An Integrated Audit
The best approach for identifying high risk areas for an audit
24. Governed by: (1.) Effective Change Management (2.) Effective Application Testing (3.) Resilient Architecture (4.) Serviceable Components
A Sample Mean
SDLC Phases
The availability of IT systems
To identify the tasks that are responsible for project delays
25. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Employees with excessive privileges
Business Continuity
Blade Computer Architecture
Discovery Sampling
26. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
A Sample Mean
Blade Computer Architecture
Project change request
TCP/IP Internet Layer
27. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Configuration Management
Organizational culture and maturity
Sampling
Release management
28. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Service Continuity Management
Incident Management
Separate administrative accounts
An Integrated Audit
29. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
PERT Diagram?
Stay current with technology
Control Risk
Concentrate on samples known to represent high risk
30. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
Advantages of outsourcing
Application Controls
Stay current with technology
Release management
31. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
A Service Provider audit
The 7 phases and their order in the SDLC
Grid Computing
Insourcing
32. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Change management
The Business Process Life Cycle
The Software Program Library
Annualized Loss Expectance (ALE)
33. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
Assess the maturity of its business processes
Substantive Testing
Hash
Sampling Risk
34. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Sampling Risk
CPU
Hash
Application Controls
35. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Control Unit
Stratified Sampling
OSI Layer 5: Session
Disaster Recovery
36. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
ITIL - IT Infrastructure Library
The typical Configuration Items in Configuration Management
Testing activities
37. Used to determine which business processes are the most critical - by ranking them in order of criticality
Criticality analysis
ITIL definition of PROBLEM
Service Level Management
Emergency Changes
38. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Precision means
IT Service Management
CPU
Personnel involved in the requirements phase of a software development project
39. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
A Server Cluster
An IS audit
Substantive Testing
Judgmental sampling
40. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
Precision means
Service Continuity Management
Configuration Management
Transport Layer Protocols
41. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
Examples of IT General Controls
Advantages of outsourcing
The availability of IT systems
Database primary key
42. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Network Model
The Business Process Life Cycle
The BCP process
Testing activities
43. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
IT standards are not being reviewed often enough
Prblem Management
Employees with excessive privileges
OSI Layer 5: Session
44. An audit that combines an operational audit and a financial audit.
Employees with excessive privileges
An Integrated Audit
SDLC Phases
Attribute Sampling
45. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
The 4-item focus of a Balanced Scorecard
The best approach for identifying high risk areas for an audit
A Service Provider audit
Data Link Layer Standards
46. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Service Level Management
Information systems access
WAN Protocols
More difficult to perform
47. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Security Awareness program
Function Point Analysis
Attribute Sampling
Expected Error Rate
48. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Six steps of the Release Management process
Blade Computer Architecture
Application Controls
49. Defines internal controls and provides guidance for assessing and improving internal control systems.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The 5 types of Evidence that the auditor will collect during an audit.
Business Continuity
Statement of Impact
50. An organization experiences frequent malware infections on end-user workstations that are received through email - despite the tact that workstations have anti-virus software. To reducing malware - Implementing ________________ will provide an effect
Service Continuity Management
Antivirus software on the email servers
Foreign Key
IT Strategy
