SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
Confidence coefficient
Primary security features of relational databases
Buffers
Cloud computing
2. ITIL term used to describe the SDLC.
Audit Methodologies
Release management
Deming Cycle
Tolerable Error Rate
3. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
Disaster Recovery
Examples of IT General Controls
The 4-item focus of a Balanced Scorecard
ISO 20000 Standard:
4. (1.) Observations (2.) Written Notes (3.) Correspondence (4.) Process and Procedure documentation (5.) Business records
Advantages of outsourcing
The 5 types of Evidence that the auditor will collect during an audit.
Precision means
Security Awareness program
5. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
Referential Integrity
Main types of Controls
ITIL definition of PROBLEM
An Administrative
6. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. The first major task in a disaster recovery or business continuity planning project.
Business impact analysis
Primary security features of relational databases
Function Point Analysis
The Requirements
8. A computation of the variance of sample values from the sample mean. This is a measurement of the spread of values in a sample
Elements of the COSO pyramid
Sample Standard Deviation
Release management
Audit Methodologies
9. (1.) Operational (2.) Financial (3.) Integrated (4.) IS (5.) Administrative (6.) Compliance (7.) Forensic (8.) Service Provider
The Software Program Library
Vulnerability in the organization's PBX
The Eight Types of Audits
OSI: Data Link Layer
10. An audit that is performed in support of an anticipated or active legal proceeding.
A Forensic Audit
Security Awareness program
Audit Methodologies
Substantive Testing (test of transaction integrity)
11. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
objective and unbiased
To identify the tasks that are responsible for project delays
TCP/IP Internet Layer
Prblem Management
12. (1.) General (2.) Application
Substantive Testing (test of transaction integrity)
Network Layer Protocols
Main types of Controls
The BCP process
13. Lowest layer. Delivers messages (frames) from one station to another vial local network.
Application Controls
Information systems access
Application Layer protocols
TCP/IP Link Layer
14. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Grid Computing
Current and most up-to-date
A Financial Audit
Information systems access
15. An IS auditor needs to perform an audit of a financial system and needs to trace individual transactions through the system. What type of testing should the auditor perform?
Statement of Impact
Entire password for an encryption key
An Integrated Audit
Substantive Testing (test of transaction integrity)
16. (1.) Physical (2.) Technical (4.) Administrative
Business Realization
The BCP process
Three Types of Controls
Audit logging
17. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Resource details
Control Risk
Entire password for an encryption key
Criticality analysis
18. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
TCP/IP Transport Layer packet delivery
Options for Risk Treatment
Documentation and interview personnel
Gantt Chart
19. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Change management
Prblem Management
Transport Layer Protocols
Stratified Sampling
20. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Categories of risk treatment
Control Risk
The audit program
Buffers
21. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Structural fires and transportation accidents
Examples of Application Controls
less than 24 hours
Geographic location
22. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
The Internet Layer in the TCP/IP model
Assess the maturity of its business processes
List of systems examined
Compliance Testing
23. During an audit - the auditor should obtain 6 types of documents - (1.) Org charts (2.) ___________ (3.) third-party contracts (4.) policies and procedures (5.) standards (6.) system documentation
Blade Computer Architecture
Department Charters
Input validation checking
ISO 20000 Standard:
24. Consists of two main packet transport protocols: TCP and UDP.
Precision means
Concentrate on samples known to represent high risk
Sample Standard Deviation
TCP/IP Transport Layer
25. What three elements allow validation of business practices against acceptable measures of regulatory compliance - performance - and standard operational guidelines.
A Cold Site
(1.) Polices (2.) Procedures (3.) Standards
OSI Layer 7: Application
Grid Computing
26. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Hash
BCP Plans
The Steering Committee
Registers
27. Application controls limit ___________ in three ways: (1.) Point of Entry (Input Controls) (2.) During consumption (process controls) (3.) At the point of expression (Output Controls)
Dimensions of the COSO cube
Examples of Application Controls
Information systems access
Business Realization
28. The delivery of messages from one station to another via one or more networks.. Routes packets between networks.
The Internet Layer in the TCP/IP model
Data Link Layer Standards
To identify the tasks that are responsible for project delays
OSI: Network Layer
29. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Types of sampling an auditor can perform.
The Internet Layer in the TCP/IP model
Statistical Sampling
TCP/IP Internet Layer
30. A maturity model that represents the aggregations of other maturity models.
Discovery Sampling
Capability Maturity Model Integration (CMMI)
Advantages of outsourcing
Examples of IT General Controls
31. The process to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes.
Antivirus software on the email servers
TCP/IP Transport Layer
ITIL definition of CHANGE MANAGEMENT
A Cold Site
32. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
The Internet Layer in the TCP/IP model
Change management
IT Service Management
Application Layer protocols
33. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Application Controls
Power system controls
OSI: Transport Layer
Capability Maturity Model Integration (CMMI)
34. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Substantive Testing (test of transaction integrity)
Inform the auditee
Formal waterfall
The best approach for identifying high risk areas for an audit
35. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
WAN Protocols
Precision means
Emergency Changes
Buffers
36. (1.) Access Control (2.) Change Management (3.) Security Controls (4.) Incident Management (5.) SDLC (6.) Source code and versioning controls (7.) Monitoring and logging (8.) Event Management
Information security policy
The first step in a business impact analysis
Examples of IT General Controls
The 5 types of Evidence that the auditor will collect during an audit.
37. The memory locations in the CPU where arithmetic values are stored.
Gantt Chart
Registers
A Financial Audit
Security Awareness program
38. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Stay current with technology
Compliance Testing
Network Layer Protocols
Examples of Application Controls
39. Gantt: used to display ______________.
Compliance Testing
Resource details
The Eight Types of Audits
Substantive Testing
40. Collections of Controls that work together to achieve an entire range of an organization's objectives.
More difficult to perform
Wet pipe fire sprinkler system
Segregation of duties issue in a high value process
Frameworks
41. An alternate processing center that contains no information processing equipment.
Stay current with technology
Primary security features of relational databases
A Cold Site
The audit program
42. The result of strategic planning - process development - and systems development - which all contribute towards a launch of business operations to reach a set of business objectives.
Risk Management
Business Realization
Stay current with technology
Documentation and interview personnel
43. (1.) Feasibility Study (2.) Definition of Requirements (3.) Design (4.) Development (5.) Testing (6.) Implementation (7.) Post-implementation phase
SDLC Phases
The 4-item focus of a Balanced Scorecard
Recovery time objective
Criticality analysis
44. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Risk Management
Information security policy
OSI: Network Layer
WAN Protocols
45. An audit of a third-party organization that provides services to other organizations.
A Service Provider audit
Release management
Main types of Controls
Emergency Changes
46. During the development phase - Developers should only be performing Unit Testing - to verify that the individual sections of code they have written are performing properly.
Elements of the COSO pyramid
Testing activities
Control Unit
Geographic location
47. (1.) Utility (DNS - SNMP - DHCP (2.) Messaging protocols (SMTP) (3.) Data Transfer protocols (NFS - FTP) (4.) Interactive protocols (Telnet)
The Release process
Release management
ITIL - IT Infrastructure Library
Application Layer protocols
48. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Personnel involved in the requirements phase of a software development project
Elements of the COSO pyramid
Split custody
The Eight Types of Audits
49. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
The Release process
Blade Computer Architecture
Six steps of the Release Management process
A Problem
50. An estimate that expresses the percent of errors or exceptions that may exist in an entire population
CPU
A Forensic Audit
Database primary key
Expected Error Rate