SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
The availability of IT systems
Reduced sign-on
OSI: Physical Layer
A Compliance audit
2. Disasters are generally grouped in terms of type: ______________.
The 4-item focus of a Balanced Scorecard
(1.) Man-made (2.) Natural
OSI: Data Link Layer
Examples of Application Controls
3. Collections of Controls that work together to achieve an entire range of an organization's objectives.
Frameworks
Elements of the COSO pyramid
A Forensic Audit
Input validation checking
4. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Compliance Testing
Incident Management
Judgmental sampling
Lacks specific expertise or resources to conduct an internal audit
5. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Detection Risk
Substantive Testing (test of transaction integrity)
OSI: Physical Layer
Notify the Audit Committee
6. (1.) Physical (2.) Technical (4.) Administrative
ITIL definition of CHANGE MANAGEMENT
IT Service Management
Examples of Application Controls
Three Types of Controls
7. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Confidence coefficient
Statement of Impact
ITIL definition of PROBLEM
8. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Formal waterfall
Incident Management
Six steps of the Release Management process
General Controls
9. (1.) Objectives (2.) Components (3.) Business Units / Areas
ITIL definition of PROBLEM
The Steering Committee
Dimensions of the COSO cube
A Problem
10. An organization is building a data center in an area frequented by power outages. The organization cannot tolerate power outages. The best _________________solution is an electric generator and an uninterruptible power supply. The UPS responds to the
Power system controls
An IS audit
TCP/IP Transport Layer packet delivery
Insourcing
11. A representation of how closely a sample represents an entire population.
TCP/IP Transport Layer packet delivery
Precision means
A Sample Mean
A Service Provider audit
12. Used to estimate the effort required to develop a software program.
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Project Management Strategies
Antivirus software on the email servers
Function Point Analysis
13. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
SDLC Phases
Input validation checking
Lacks specific expertise or resources to conduct an internal audit
A gate process
14. A critical application is backed up once per day. The recovery point objective (RPO) for an application that is backed up once per day cannot be ________.
less than 24 hours
The Release process
Attribute Sampling
A Server Cluster
15. The maximum period of downtime for a process or application
Inherent Risk
A Sample Mean
ITIL - IT Infrastructure Library
Recovery time objective
16. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
Grid Computing
Stay current with technology
Gantt Chart
List of systems examined
18. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
Categories of risk treatment
Deming Cycle
Overall audit risk
19. Focuses on: maintaining service availability with the least disruption to standard operating parameters during an event
The two Categories of Controls
Sampling Risk
The BCP process
Business Continuity
20. Used to determine which business processes are the most critical - by ranking them in order of criticality
Hash
Sampling Risk
To identify the tasks that are responsible for project delays
Criticality analysis
21. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Advantages of outsourcing
Gantt Chart
Entire password for an encryption key
Cloud computing
22. The sum of all samples divided by the number of samples.
Referential Integrity
Discovery Sampling
Options for Risk Treatment
A Sample Mean
23. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
A gate process
Precision means
Audit Methodologies
24. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Cloud computing
Examples of IT General Controls
Buffers
The Requirements
25. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Prblem Management
The appropriate role of an IS auditor in a control self-assessment
IT Services Financial Management
The Internet Layer in the TCP/IP model
26. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Configuration Management
Discovery Sampling
Stop-or-go Sampling
Service Level Management
27. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
The Requirements
Tolerable Error Rate
Detection Risk
Inherent Risk
28. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Tolerable Error Rate
An Operational Audit
Controls
Rating Scale for Process Maturity
29. An audit that combines an operational audit and a financial audit.
Formal waterfall
Service Continuity Management
Business Continuity
An Integrated Audit
30. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Primary security features of relational databases
Options for Risk Treatment
Employee termination process
Capability Maturity Model Integration (CMMI)
31. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Grid Computing
Testing activities
Substantive Testing
Business Continuity
32. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
The Internet Layer in the TCP/IP model
Sample Standard Deviation
IT Strategy
The first step in a business impact analysis
33. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
The first step in a business impact analysis
General Controls
(1.) Man-made (2.) Natural
Documentation and interview personnel
34. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
The BCP process
Confidence coefficient
Disaster Recovery
A Sample Mean
35. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Volumes of COSO framework
The Requirements
WAN Protocols
Blade Computer Architecture
36. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Sampling Risk
Control Risk
Database primary key
Prblem Management
37. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Reduced sign-on
Split custody
Overall audit risk
Rating Scale for Process Maturity
38. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
More difficult to perform
Network Layer Protocols
The availability of IT systems
39. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
The Release process
PERT Diagram?
The Steering Committee
40. An alternate processing center that contains no information processing equipment.
Formal waterfall
A Cold Site
Risk Management
SDLC Phases
41. A database administrator has been asked to configure a database management system so that it records all changes made by users - The DBA should implement ___________. This will cause the database to record every change that is made to it.
OSI: Network Layer
Power system controls
Audit logging
Discovery Sampling
42. Gantt: used to display ______________.
Resource details
Judgmental sampling
Stop-or-go Sampling
Sample Standard Deviation
43. To communication security policies - procedures - and other security-related information to an organization's employees.
Function Point Analysis
Prblem Management
Security Awareness program
Information security policy
44. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
Network Layer Protocols
Information systems access
A Financial Audit
Expected Error Rate
45. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Control Risk
Elements of the COBIT Framework
OSI: Transport Layer
Sampling
46. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
IT executives and the Board of Directors
Grid Computing
The 7 phases and their order in the SDLC
Lacks specific expertise or resources to conduct an internal audit
47. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
CPU
OSI: Transport Layer
Business Realization
Balanced Scorecard
48. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Stratified Sampling
Hash
A Virtual Server
A Sample Mean
49. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Grid Computing
The 7 phases and their order in the SDLC
The Requirements
List of systems examined
50. Handle application processing
Emergency Changes
Substantive Testing (test of transaction integrity)
Testing activities
Application Controls