SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Framework for auditing and measuring IT Service Management Processes.
Sampling Risk
Release management
ISO 20000 Standard:
Annualized Loss Expectance (ALE)
2. A Fire sprinkler system has water in its pipes - and sprinkler heads emit water only if the ambient temperature reaches 220 deg. F. This is a ________________. The system is charged with water and will discharge water out of any sprinkler head whose
Transport Layer Protocols
Wet pipe fire sprinkler system
Deming Cycle
Power system controls
3. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
Capability Maturity Model
The best approach for identifying high risk areas for an audit
Stop-or-go Sampling
Stay current with technology
4. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
Attribute Sampling
More difficult to perform
Cloud computing
A Financial Audit
5. Contains programs that communicate directly with the end user.
Notify the Audit Committee
A Problem
OSI Layer 7: Application
The 7 phases and their order in the SDLC
6. Risk Mitigation Risk Avoidance Risk Transfer Risk Acceptance
Compliance Testing
Options for Risk Treatment
Attribute Sampling
Six steps of the Release Management process
7. Support the functioning of the application controls
Current and most up-to-date
Configuration Management
General Controls
Insourcing
8. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
Function Point Analysis
A Server Cluster
Prblem Management
OSI: Data Link Layer
9. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Volumes of COSO framework
Elements of the COSO pyramid
Network Layer Protocols
Insourcing
10. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
The appropriate role of an IS auditor in a control self-assessment
Network Layer Protocols
TCP/IP Internet Layer
TCP/IP Transport Layer packet delivery
11. (1.) General (2.) Application
Main types of Controls
Inform the auditee
Reduced sign-on
ITIL definition of PROBLEM
12. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Lacks specific expertise or resources to conduct an internal audit
Split custody
Data Link Layer Standards
Reduced sign-on
13. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Recovery time objective
less than 24 hours
Capability Maturity Model Integration (CMMI)
Judgmental sampling
14. One of a database table's fields - whose value is unique.
Structural fires and transportation accidents
Insourcing
objective and unbiased
Database primary key
15. Outsourcing is an opportunity for the organization to focus on core competencies. When an organization oursources a business function - it no longer needs to be concerned about training employees in that function. Outsources does not always reduce co
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Application Layer protocols
Elements of the COBIT Framework
Advantages of outsourcing
16. An external IS auditor has discovered a _______________________ - The external auditor can only document the finding in the audit report. An external auditor is not in a position to implement controls.
Vulnerability in the organization's PBX
OSI Layer 5: Session
The BCP process
Segregation of duties issue in a high value process
17. What type of testing is performed to determine if control procedures have proper design and are operating properly?
An Administrative
SDLC Phases
Dimensions of the COSO cube
Compliance Testing
18. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
19. Concerned with electrical and physical specifications for devices. No frames or packets involved.
Project change request
Business Realization
ITIL definition of PROBLEM
OSI: Physical Layer
20. A sampling technique where a population is divided into classes or strata - based upon the value of one of the attributes. Samples are then selected from each class.
Service Level Management
Discovery Sampling
Stratified Sampling
TCP/IP Transport Layer
21. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The audit program
OSI Layer 6: Presentation
IT executives and the Board of Directors
To identify the tasks that are responsible for project delays
22. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Inform the auditee
Annualized Loss Expectance (ALE)
The 4-item focus of a Balanced Scorecard
Examples of Application Controls
23. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
Elements of the COBIT Framework
OSI: Physical Layer
Service Level Management
A Forensic Audit
24. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
IT Service Management
The best approach for identifying high risk areas for an audit
Formal waterfall
PERT Diagram?
25. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
Business impact analysis
Organizational culture and maturity
A Financial Audit
Department Charters
26. External auditors are needed under these conditions: (1.) When the organization ________________________. (2.) Some regulations and standards require external - independent auditors
Incident Management
Server cluster
Lacks specific expertise or resources to conduct an internal audit
Sampling Risk
27. Who is responsible for imposing an IT governance model encompassing IT strategy - information security - and formal enterprise architectural mandates?
An Administrative
Deming Cycle
IT executives and the Board of Directors
The availability of IT systems
28. Change Management includes a _____________ of six steps: (1.) Proposal or Request (2.) Review (3.) Approval (4.) Implementation (5.) Verification (6.) Post-change Review
Formal waterfall
Volumes of COSO framework
Grid Computing
Incident Management
29. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Compliance Testing
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
Control Unit
30. ITIL term used to describe the SDLC.
SDLC Phases
Release management
IT executives and the Board of Directors
Judgmental sampling
31. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Audit Methodologies
Sample Standard Deviation
Split custody
32. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
The BCP process
The Requirements
More difficult to perform
Separate administrative accounts
33. (1.) Objectives (2.) Components (3.) Business Units / Areas
Dimensions of the COSO cube
Prblem Management
Testing activities
Referential Integrity
34. The highest number of errors that can exist without a result being materially misstated.
A Sample Mean
Tolerable Error Rate
Entire password for an encryption key
IT executives and the Board of Directors
35. (1.) Financial (2.) Customer (3.) Internal processes (4.) Innovation / Learning
The 4-item focus of a Balanced Scorecard
Examples of IT General Controls
Emergency Changes
Application Layer protocols
36. Guide program execution through organization of resources and development of clear project objectives.
Project Management Strategies
An Administrative
Documentation and interview personnel
Discovery Sampling
37. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
Primary security features of relational databases
Structural fires and transportation accidents
Security Awareness program
Grid Computing
38. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
ITIL definition of CHANGE MANAGEMENT
(1.) Polices (2.) Procedures (3.) Standards
Incident Management
Substantive Testing
39. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Information security policy
Entire password for an encryption key
Risk Management
A Compliance audit
40. An audit that is performed in support of an anticipated or active legal proceeding.
Segregation of duties issue in a high value process
Vulnerability in the organization's PBX
A Forensic Audit
The audit program
41. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Incident Management
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The availability of IT systems
42. What type of testing is performed to verify the accuracy and integrity of transactions as they flow through a system?
(1.) Polices (2.) Procedures (3.) Standards
IT Service Management
Balanced Scorecard
Substantive Testing
43. A dynamically scalable and usually virtualized computing environment that is provided as a service. Clout computing services may be rented or leased so that an organization can have a scalable application without the need for supporting hardware.
Split custody
Formal waterfall
Network Layer Protocols
Cloud computing
44. A maturity model that represents the aggregations of other maturity models.
Employee termination process
Capability Maturity Model Integration (CMMI)
OSI Layer 7: Application
Security Awareness program
45. To determine effectiveness of a disaster recovery program - an IT auditor should examine _____________.
An Operational Audit
Deming Cycle
The Software Program Library
Documentation and interview personnel
46. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Information systems access
List of systems examined
Three Types of Controls
Elements of the COBIT Framework
47. (1.) TCP (2.) UDP
Geographic location
Expected Error Rate
Network Layer Protocols
Transport Layer Protocols
48. IT Service Management is defined in ___________________ framework.
Hash
Inherent Risk
ITIL - IT Infrastructure Library
(1.) Man-made (2.) Natural
49. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
The two Categories of Controls
The Eight Types of Audits
OSI: Transport Layer
Compliance Testing
50. An auditor is examining a key management process and has found that the IT department is not following its split-custody procedure. As a result - Someone may be in possession of the _________________.
Server cluster
Grid Computing
Entire password for an encryption key
Sample Standard Deviation