SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) TCP (2.) UDP
Notify the Audit Committee
Transport Layer Protocols
Entire password for an encryption key
Lacks specific expertise or resources to conduct an internal audit
2. n audit strategy and plans that include: (1.) Scope (2.) Objectives (3.) Resources (4.) Procedures used to evaluation controls and processes
The audit program
Statistical Sampling
OSI: Network Layer
A Sample Mean
3. The highest number of errors that can exist without a result being materially misstated.
An Administrative
OSI Layer 5: Session
Tolerable Error Rate
Stop-or-go Sampling
4. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
OSI: Data Link Layer
The 4-item focus of a Balanced Scorecard
IT standards are not being reviewed often enough
5. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Project change request
TCP/IP Link Layer
OSI: Transport Layer
Frameworks
6. Used for several types of system changes: (1.) Incidents and problem resolution (bug fixes.) (2.) Enhancements (new functionality.) (3.) Subsystem patches and changes (require testing similar to when changes are made to the application itself.)
Database primary key
Detection Risk
The two Categories of Controls
The Release process
7. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Prblem Management
Stop-or-go Sampling
Formal waterfall
Annualized Loss Expectance (ALE)
8. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - as the numeric inverse of the confidence coefficient.
Application Controls
Capability Maturity Model
Separate administrative accounts
Sampling Risk
9. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
A Virtual Server
Testing activities
objective and unbiased
Configuration Management
10. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Statement of Impact
Insourcing
OSI: Physical Layer
Risk Management
11. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Wet pipe fire sprinkler system
More difficult to perform
Application Layer protocols
Segregation of duties issue in a high value process
12. An alternate processing center that contains no information processing equipment.
Capability Maturity Model Integration (CMMI)
A Cold Site
Reduced sign-on
Concentrate on samples known to represent high risk
13. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
The Business Process Life Cycle
Stratified Sampling
Concentrate on samples known to represent high risk
IT executives and the Board of Directors
14. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Stratified Sampling
Rating Scale for Process Maturity
The best approach for identifying high risk areas for an audit
Expected Error Rate
15. The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage - the numeric inverse of the confidence coefficient
Background checks performed
Sampling Risk
A Compliance audit
A Cold Site
16. The inventory of all in-scope business processes and systems
The first step in a business impact analysis
BCP Plans
Assess the maturity of its business processes
Elements of the COBIT Framework
17. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
OSI: Physical Layer
Entire password for an encryption key
An Integrated Audit
Confidence coefficient
18. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
A gate process
A Service Provider audit
A Server Cluster
Examples of Application Controls
19. A tightly coupled collection of computers that are used to solve a common task. One or more actively perform tasks - while zero or more may be in a standby state.
The two Categories of Controls
Assess the maturity of its business processes
A Server Cluster
Grid Computing
20. A facility that is used to store and manage access to an organization's application source and object code. It consists of 5 parts: (1.) Access and authorization controls (2.) Program checkout (3.) Program Check-in (4.) Version Control (5.) Code Ana
Project Management Strategies
The Software Program Library
ISO 20000 Standard:
An Integrated Audit
21. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
Employees with excessive privileges
Server cluster
Registers
Resource details
22. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
Data Link Layer Standards
Substantive Testing (test of transaction integrity)
Documentation and interview personnel
Attribute Sampling
23. An audit of a third-party organization that provides services to other organizations.
Discovery Sampling
The Business Process Life Cycle
Hash
A Service Provider audit
24. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Formal waterfall
Variable Sampling
Service Continuity Management
25. To ensure that input values are within established ranges - of the correct character types - and free of harmful contents.
Six steps of the Release Management process
ITIL definition of PROBLEM
Input validation checking
PERT Diagram?
26. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Examples of Application Controls
The appropriate role of an IS auditor in a control self-assessment
Substantive Testing
ITIL definition of CHANGE MANAGEMENT
27. An organization has discovered that some of its employees have criminal records. The best course of action for the organization to take - The organization should have ___________________ on all of its existing employees and also begin instituting bac
Sample Standard Deviation
Background checks performed
Critical Path Methodology
Server cluster
28. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Grid Computing
Business Continuity
Annualized Loss Expectance (ALE)
Capability Maturity Model Integration (CMMI)
29. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
TCP/IP Internet Layer
OSI: Network Layer
Compliance Testing
Application Controls
30. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
TCP/IP Transport Layer
OSI Layer 7: Application
A Sample Mean
A Virtual Server
31. Describes the effect on the business if a process is incapacitated for any appreciable time
Statement of Impact
Referential Integrity
Sampling Risk
Foreign Key
32. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
33. To communication security policies - procedures - and other security-related information to an organization's employees.
The Eight Types of Audits
Vulnerability in the organization's PBX
Security Awareness program
Substantive Testing (test of transaction integrity)
34. An auditor has discovered several errors in user account management: many terminated employees' computer accounts are still active. The best course of action - To improve the _________________ to reduce the number of exceptions. For a time - the proc
Split custody
Entire password for an encryption key
Types of sampling an auditor can perform.
Employee termination process
35. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
Annualized Loss Expectance (ALE)
The Release process
More difficult to perform
Control Unit
36. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
(1.) Polices (2.) Procedures (3.) Standards
Prblem Management
To identify the tasks that are responsible for project delays
The Internet Layer in the TCP/IP model
37. Focuses on: post-event recovery and restoration of services
Sampling Risk
OSI: Physical Layer
Disaster Recovery
Split custody
38. The risk that an IS auditor will overlook errors or exceptions during an audit.
Detection Risk
Discovery Sampling
PERT Diagram?
Attribute Sampling
39. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
TCP/IP Network Model
A Compliance audit
Judgmental sampling
More difficult to perform
40. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Substantive Testing (test of transaction integrity)
Detection Risk
Foreign Key
Audit Methodologies
41. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Substantive Testing (test of transaction integrity)
A gate process
Business impact analysis
Notify the Audit Committee
42. Used to illustrate the relationship between planned activities. PERT diagrams show multiple routes through the project activities - as necessary for accomplishing a goal.
Grid Computing
Stratified Sampling
Examples of IT General Controls
PERT Diagram?
43. A maturity model that represents the aggregations of other maturity models.
Capability Maturity Model Integration (CMMI)
Service Level Management
Notify the Audit Committee
A Compliance audit
44. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Criticality analysis
A Sample Mean
Service Continuity Management
45. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
TCP/IP Link Layer
TCP/IP Transport Layer packet delivery
Attribute Sampling
Annualized Loss Expectance (ALE)
46. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Examples of IT General Controls
A Sample Mean
Personnel involved in the requirements phase of a software development project
Entire password for an encryption key
47. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
An Operational Audit
Buffers
Sampling Risk
The Steering Committee
48. The memory locations in the CPU where arithmetic values are stored.
Registers
A Sample Mean
An Administrative
PERT Diagram?
49. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
Documentation and interview personnel
Balanced Scorecard
The first step in a business impact analysis
50. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Organizational culture and maturity
PERT Diagram?
Information security policy
Structural fires and transportation accidents
