SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. (1.) Objectives (2.) Components (3.) Business Units / Areas
Background checks performed
A Forensic Audit
Dimensions of the COSO cube
PERT Diagram?
2. To measure organizational performance and effectiveness against strategic goals.
Server cluster
Balanced Scorecard
OSI: Network Layer
A Server Cluster
3. (1.) Access controls (2.) Encryption (3.) Audit logging
Primary security features of relational databases
Advantages of outsourcing
Precision means
Antivirus software on the email servers
4. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
Grid Computing
TCP/IP Internet Layer
Service Level Management
Three Types of Controls
5. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
6. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
The typical Configuration Items in Configuration Management
ITIL definition of PROBLEM
Split custody
CPU
7. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Stratified Sampling
Registers
Project Management Strategies
The 7 phases and their order in the SDLC
8. (1.) TCP (2.) UDP
Controls
ITIL definition of CHANGE MANAGEMENT
Transport Layer Protocols
IT standards are not being reviewed often enough
9. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Personnel involved in the requirements phase of a software development project
Capability Maturity Model Integration (CMMI)
Lacks specific expertise or resources to conduct an internal audit
ITIL definition of PROBLEM
10. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
A Compliance audit
A Sample Mean
Statistical Sampling
Application Layer protocols
11. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Audit Methodologies
Wet pipe fire sprinkler system
Release management
12. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Tolerable Error Rate
Expected Error Rate
Compliance Testing
A Problem
13. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
Blade Computer Architecture
IT standards are not being reviewed often enough
An Integrated Audit
IT Strategy
14. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
TCP/IP Transport Layer packet delivery
Stay current with technology
TCP/IP Internet Layer
Substantive Testing (test of transaction integrity)
15. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
BCP Plans
Buffers
Control Risk
An Operational Audit
16. The first major task in a disaster recovery or business continuity planning project.
CPU
Employee termination process
Segregation of duties issue in a high value process
Business impact analysis
17. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Information security policy
Lacks specific expertise or resources to conduct an internal audit
Wet pipe fire sprinkler system
Transport Layer Protocols
18. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
Business Continuity
Application Layer protocols
A Forensic Audit
ITIL definition of CHANGE MANAGEMENT
19. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
SDLC Phases
Information systems access
IT Service Management
Inherent Risk
20. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
ITIL definition of CHANGE MANAGEMENT
(1.) Polices (2.) Procedures (3.) Standards
Cloud computing
The best approach for identifying high risk areas for an audit
21. Contains programs that communicate directly with the end user.
A gate process
Information security policy
OSI Layer 7: Application
Grid Computing
22. A database term - which means that the database will not permit a program (or user) to deleted rows from a table if there are records in other tables whose foreign keys reference the row to be deleted.
Referential Integrity
Grid Computing
A Forensic Audit
Business impact analysis
23. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Sampling Risk
CPU
Rating Scale for Process Maturity
24. In Release Management - _________________ means that each step of the release process undergoes formal review and approval before the next step is allowed to begin.
Geographic location
A gate process
A Forensic Audit
The 5 types of Evidence that the auditor will collect during an audit.
25. The memory locations in the CPU where arithmetic values are stored.
BCP Plans
Wet pipe fire sprinkler system
Registers
Confidence coefficient
26. An audit of a third-party organization that provides services to other organizations.
Sampling
A Problem
A Service Provider audit
Network Layer Protocols
27. A large number of loosely coupled computers that are used to solve a common task may be in close proximity to each other or scattered over a large geographical area.
The Steering Committee
Grid Computing
Examples of IT General Controls
Vulnerability in the organization's PBX
28. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Sampling
The Requirements
Business Realization
Documentation and interview personnel
29. (1.) Link (2.) Internet (3.) Transport (4.) Application
TCP/IP Internet Layer
TCP/IP Network Model
Department Charters
Grid Computing
30. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
The Requirements
Vulnerability in the organization's PBX
SDLC Phases
31. Used to measure the relative maturity of an organization and its processes.
Balanced Scorecard
IT Services Financial Management
Cloud computing
Capability Maturity Model
32. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
Wet pipe fire sprinkler system
Statistical Sampling
The Eight Types of Audits
Variable Sampling
33. The annual expected loss to an asset. It is calculated as the single loss expectancy (SLE) X the annualized rate of occurrence (ARO.)
Lacks specific expertise or resources to conduct an internal audit
Annualized Loss Expectance (ALE)
Capability Maturity Model
Balanced Scorecard
34. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Data Link Layer Standards
Judgmental sampling
Segregation of duties issue in a high value process
35. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
The Business Process Life Cycle
OSI: Physical Layer
OSI: Transport Layer
IT Services Financial Management
36. Support the functioning of the application controls
General Controls
Deming Cycle
Database primary key
An Operational Audit
37. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
Critical Path Methodology
Data Link Layer Standards
Tolerable Error Rate
38. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
Antivirus software on the email servers
PERT Diagram?
Formal waterfall
Stop-or-go Sampling
39. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
Testing activities
A Financial Audit
The Requirements
40. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
OSI Layer 6: Presentation
Structural fires and transportation accidents
Control Unit
Categories of risk treatment
41. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Network Layer Protocols
A Server Cluster
Hash
Critical Path Methodology
42. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
The first step in a business impact analysis
Transport Layer Protocols
Stay current with technology
Overall audit risk
43. The risk that there are material weaknesses in existing business processes and no compensating controls to detect or prevent them
Server cluster
Inherent Risk
Risk Management
Annualized Loss Expectance (ALE)
44. An active - instance of a server operating system running on a machine that is designed to house two or more such virtual servers.
To identify the tasks that are responsible for project delays
An Administrative
A Virtual Server
Department Charters
45. IT Service Management is defined in ___________________ framework.
Notify the Audit Committee
CPU
ITIL - IT Infrastructure Library
An Administrative
46. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
A Cold Site
An Operational Audit
Substantive Testing (test of transaction integrity)
OSI: Network Layer
47. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Attribute Sampling
Recovery time objective
Lacks specific expertise or resources to conduct an internal audit
A Compliance audit
48. The sum of all samples divided by the number of samples.
A Sample Mean
A Problem
SDLC Phases
Precision means
49. One of a database table's fields - whose value is unique.
The appropriate role of an IS auditor in a control self-assessment
Database primary key
The BCP process
ISO 20000 Standard:
50. Subjective sampling is used when the auditor wants to _________________________.
Concentrate on samples known to represent high risk
TCP/IP Network Model
Separate administrative accounts
Detection Risk