Test your basic knowledge |

CISA: Certified Information Systems Auditor

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. What type of testing is performed to determine if control procedures have proper design and are operating properly?
Compliance Testing
Primary security features of relational databases
Entire password for an encryption key
objective and unbiased

2. The process of recording the configuration of IT systems. Each configuration setting is known in ITSM parlance as a Configuration Item.
A gate process
Department Charters
Configuration Management
Attribute Sampling

3. (1.) IP (2.) ICMP (3.) RRC (Radio Resource Control) (4.) AppleTalk
Inherent Risk
Network Layer Protocols
Capability Maturity Model Integration (CMMI)
Types of sampling an auditor can perform.

4. A computer uses RAM for several purposes: (1.) Operating System - to store info regarding running processes (2.) ____________ - that are used to temporarily store information retrieved from hard disks (3.) Storage of program code (4.) Storage of prog
Audit logging
Buffers
Annualized Loss Expectance (ALE)
Split custody

5. (1.) TCP (2.) UDP
ITIL definition of PROBLEM
Transport Layer Protocols
Sample Standard Deviation
Application Controls

6. (1.) General (2.) Application
Main types of Controls
Change management
Current and most up-to-date
ISO 20000 Standard:

7. Use of a set of monitoring and review activities that confirm whether IS operations is providing service to its customers.
A Cold Site
The 4-item focus of a Balanced Scorecard
Risk Management
Service Level Management

8. Should include 4 steps: (1.) Emergency Approval (2.) Implementation (3.) Verification (4.) Review
Referential Integrity
Emergency Changes
OSI Layer 7: Application
Lacks specific expertise or resources to conduct an internal audit

9. 1.) Executive Support (2.) Well-defined roles and responsibilities.
Information security policy
Options for Risk Treatment
Frameworks
Information systems access

10. An organization has chosen to open a business office in another country where labor costs are lower and has hired workers to perform business functions there. - The organization is ___________ - while they may have opened the office in a foreign coun
Insourcing
Confidence coefficient
Blade Computer Architecture
Options for Risk Treatment

11. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
To identify the tasks that are responsible for project delays
Hash
The 4-item focus of a Balanced Scorecard
More difficult to perform

12. The IS auditor should conduct a risk assessment first to determine which areas have highest risk. She should devote more testing resources to those high-risk areas.
IT Services Financial Management
The best approach for identifying high risk areas for an audit
Function Point Analysis
ISO 20000 Standard:

13. Focuses on: post-event recovery and restoration of services
Disaster Recovery
Deming Cycle
SDLC Phases
An Operational Audit

14. The CPU has: (1.) Arithmetic Logic Unit (2.) ______________ (3.) a small amount of memory (usually in to form of registers)
SDLC Phases
Control Unit
Blade Computer Architecture
IT Strategy

15. Any event which is not part of the standard operation of service and which causes or may cause an interruption to or reduction in quality of that service. Includes THREE incident types: (1.) Service Outage (2.) Service Slowdown (3.) Software Bug
Cloud computing
The two Categories of Controls
Incident Management
TCP/IP Internet Layer

16. 0. No process at all (1.) Process are ad hoc and disorganized (2.) Consistent processes (3.) Documented processes (4.) Measured and managed processes (5.) Processes are continuously improved
Overall audit risk
Buffers
Capability Maturity Model
Rating Scale for Process Maturity

17. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Project change request
Examples of Application Controls
OSI Layer 6: Presentation
Grid Computing

18. An auditor has discovered that several administrators in an application share an administrative account. The auditor should recommend that - Several __________________ should be used. This will enforce accountability for each administrator's actions.
Separate administrative accounts
The Release process
Balanced Scorecard
The Eight Types of Audits

19. Individual events may often create combined threats to enterprise operations: A tornado might also spawn ____________________.
less than 24 hours
Notify the Audit Committee
Structural fires and transportation accidents
Segregation of duties issue in a high value process

20. An audit that is performed in support of an anticipated or active legal proceeding.
Prblem Management
Deming Cycle
Elements of the COBIT Framework
A Forensic Audit

21. (1.) Develop a BC Policy (2.) Conduct BIA (3.) Perform critical analysis (4.) Establish recovery targets (5.) Develop recovery and continuity strategies and plans (6.) Test recovery and continuity plans and procedures Train personnel Maintain strateg
The BCP process
Detection Risk
Server cluster
An IS audit

22. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
To identify the tasks that are responsible for project delays
Discovery Sampling
IT standards are not being reviewed often enough
Employees with excessive privileges

23. Requires that a password be broken into two or more parts - with each part in the possession of a separate person.
Split custody
Change management
A Sample Mean
Capability Maturity Model

24. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Information security policy
TCP/IP Transport Layer
Inform the auditee
Service Level Management

25. An audit that combines an operational audit and a financial audit.
OSI: Data Link Layer
The Business Process Life Cycle
OSI: Network Layer
An Integrated Audit

26. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. (1.) Executive Summary (2.) Framework (3.) Reporting to External Parties (4.) Evaluation Tools
An Operational Audit
A Financial Audit
Volumes of COSO framework
The Steering Committee

28. (1.) Avoidance (2.) Transfer (3.) Mitigation (4.) Acceptance
Detection Risk
Main types of Controls
Categories of risk treatment
(1.) Polices (2.) Procedures (3.) Standards

29. (1.) MPLS (2.) SONET (3.) T-Carrier (4.) Frame Relay (5.) ISDN (6.) X.25
Control Unit
WAN Protocols
Employees with excessive privileges
Criticality analysis

30. An IS auditor is examining the IT standards document for an organization that was last reviewed two years earlier. The best course of action for the IS auditor is: Report that the ____________________________. Two years is far too long between revie
A Problem
IT standards are not being reviewed often enough
ITIL definition of CHANGE MANAGEMENT
TCP/IP Transport Layer

31. (1.) Authentication (2.) Authorization (3.) Change Management (4.) Completeness checks (5.) Validation checks (6.) Input controls (7.) Output controls (8.) Problem management (9.) Identification/access controls
Current and most up-to-date
Examples of IT General Controls
Six steps of the Release Management process
Examples of Application Controls

32. A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor feels that there is a low risk or low rate of exceptions in the population.
The audit program
Stop-or-go Sampling
The BCP process
PERT Diagram?

33. Consists of 11 distinct activities: (1.) Service Desk (2.) Incident Management (3.) Problem Management (4.) Change Management (5.) Configuration Management (6.) Release Management (7.) Service-level Management (8.) Financial Management (9.) Capacity
Disaster Recovery
Antivirus software on the email servers
TCP/IP Internet Layer
IT Service Management

34. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
Reduced sign-on
The Steering Committee
Grid Computing
Types of sampling an auditor can perform.

35. Consists of main chassis component that is equipped with slots are fitted with individual cpu modules. Main advantage is lower cost per unit.
SDLC Phases
A Server Cluster
Reduced sign-on
Blade Computer Architecture

36. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
The 4-item focus of a Balanced Scorecard
OSI: Data Link Layer
To identify the tasks that are responsible for project delays
Background checks performed

37. Deliver messages from one station to another on the same network or on different networks. Messaging at this layer is not guaranteed.
IT Service Management
Blade Computer Architecture
WAN Protocols
TCP/IP Internet Layer

38. One of a database table's fields - whose value is unique.
The Eight Types of Audits
Database primary key
Project change request
The Internet Layer in the TCP/IP model

39. The maximum period of downtime for a process or application
Recovery time objective
WAN Protocols
Personnel involved in the requirements phase of a software development project
Rating Scale for Process Maturity

40. A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic.
Attribute Sampling
A Virtual Server
An IS audit
The 5 types of Evidence that the auditor will collect during an audit.

41. (1.) Automatic (2.) Manual
Elements of the COSO pyramid
Split custody
The two Categories of Controls
General Controls

42. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Inform the auditee
BCP Plans
An Administrative
TCP/IP Internet Layer

43. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
Audit Methodologies
Advantages of outsourcing
Split custody
Control Risk

44. Concerns the reliability of data transfer between systems. (1.) Connection Oriented (2.) Guaranteed Delivery (3.) Order of Delivery
Resource details
A Service Provider audit
OSI: Transport Layer
Attribute Sampling

45. Aids in the coordinating of business processes using a sequence of three events -(1.) Business process creation (2.) Implementation (3.) Maintenance 3a. Benchmarking: Facilitates continuous improvement within the BPLC
Judgmental sampling
The first step in a business impact analysis
The Business Process Life Cycle
Blade Computer Architecture

46. A sampling technique where items are chosen based upon the auditor's judgment - usually based on risk or materiality.
Tolerable Error Rate
Judgmental sampling
Annualized Loss Expectance (ALE)
A Service Provider audit

47. (1.) Statistical (2.) Judgmental (3.) Attribute (4.) Variable (5.) Stop-or-Go (6.) Discovery (7.) Stratified
Types of sampling an auditor can perform.
Audit Methodologies
Information security policy
Volumes of COSO framework

48. A condition that is the result of multiple incidents that exhibit common symptoms e.g. A web application is displaying information incorrectly and many users have contacted the IT service desk.
Sampling Risk
Entire password for an encryption key
Control Unit
A Problem

49. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
The Internet Layer in the TCP/IP model
Audit Methodologies
Compliance Testing
A Service Provider audit

50. The inventory of all in-scope business processes and systems
Sampling Risk
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
The first step in a business impact analysis
Audit Methodologies