SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA: Certified Information Systems Auditor
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization wants to reduce the number of user IDs and passwords that its employees need to remember. The best available solution to this - _______________. This provides a single authentication service (such as LDAP or AD) that many applications
Testing activities
Judgmental sampling
Reduced sign-on
Capability Maturity Model Integration (CMMI)
2. The IS auditor should act as a SME in the control self-assessment - but should not play a major role in the process.
Main types of Controls
The appropriate role of an IS auditor in a control self-assessment
Lacks specific expertise or resources to conduct an internal audit
SDLC Phases
3. (1.) Access controls (2.) Encryption (3.) Audit logging
A Cold Site
Primary security features of relational databases
The best approach for identifying high risk areas for an audit
Advantages of outsourcing
4. The risk that a material error exists that will not be prevented or detected by the organization's control framework - The possibility that a process or procedure will be unable to prevent or deter serious errors and wrongdoing.
The two Categories of Controls
A Server Cluster
Gantt Chart
Control Risk
5. (1.) Automatic (2.) Manual
The two Categories of Controls
The 7 phases and their order in the SDLC
Advantages of outsourcing
Attribute Sampling
6. (1.) LAN protocols (2.) 80 (2.) 11 MAC/LLC (WiFi) (3.) Common Carrier packet networks (4.) ARP (5.) PPP and SLIP (6.) Tunneling - PPTP - L2TP
Critical Path Methodology
IT Service Management
Employee termination process
Data Link Layer Standards
7. (1.) Requirements (2.) Design (3.) Development (4.) Testing (5.) Release preparation (packaging) (6.) Release Deployment
Six steps of the Release Management process
Blade Computer Architecture
The Requirements
Capability Maturity Model Integration (CMMI)
8. What activity involves the identification of potential risk and the appropriate response for each threat based on impact assessment using qualitative and/or quantitative measures for an enterprise-wide risk management strategy?
Release management
Risk Management
Criticality analysis
BCP Plans
9. Define 10 elements of an Audit - (1.) Subject of audit (2.) Audit Objective (3.) Type of audit (4.) Audit scope (5.) Pre-audit planning (6.) Audit procedures (7.) Communication plan (8.) Report Preparation (9.) Wrap-up (10.) Post-audit follow-up
Audit Methodologies
Critical Path Methodology
Antivirus software on the email servers
Examples of IT General Controls
10. An audit of operational efficiency.
An Administrative
Criticality analysis
Stay current with technology
TCP/IP Link Layer
11. An audit of an IS department's operations and systems.
Frameworks
An IS audit
Network Layer Protocols
Blade Computer Architecture
12. An audit report usually includes the following 10 elements: (1.) Cover letter (2.) Introduction (3.) Summary (4.) Audit description (5.) _______________ (6.) Interviewees (7.) Evidence (8.) Explanation of sampling techniques (9.) Findings (10.) Recom
Information systems access
List of systems examined
Attribute Sampling
The BCP process
13. The purpose of an auditor doing interviews - To observe personnel to better understand their discipline - as well as ______________.
List of systems examined
Hash
Main types of Controls
Organizational culture and maturity
14. IS auditors can _____________________ through the following means: (1.) training courses (2.) webinars (3.) ISACA chapter training events (4.) Industry conferences
A Cold Site
The 4-item focus of a Balanced Scorecard
Stay current with technology
Function Point Analysis
15. An audit that combines an operational audit and a financial audit.
Resource details
A Forensic Audit
Antivirus software on the email servers
An Integrated Audit
16. A condition often identified as a result of multiple incidents that exhibit common symptoms. Problems can also be identified from a single significant incident for which the impact is significant.
The audit program
OSI Layer 6: Presentation
Assess the maturity of its business processes
ITIL definition of PROBLEM
17. An organization that has experienced a sudden increase in its long-distance charges has asked an auditor to investigate. The auditor is most likely to suspect that intruders have discovered a ______________________and is committing toll fraud.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
18. An audit to determine the level and degree of compliance to a law - regulation - standard - contract provision - or internal control.
Elements of the COBIT Framework
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
PERT Diagram?
A Compliance audit
19. The inventory of all in-scope business processes and systems
TCP/IP Network Model
Overall audit risk
Frameworks
The first step in a business impact analysis
20. (1.) Monitoring (2.) Control Environment (3.) Risk Assessment and Control (4.) Information and Communication
Power system controls
Recovery time objective
Registers
Elements of the COSO pyramid
21. A quantitative risk analysis is __________________ because: It is difficult to get accurate figures on the frequency of specific threats. It is difficult to determine the probability that a threat will be realized. It is relatively easy to determine
More difficult to perform
WAN Protocols
(1.) Man-made (2.) Natural
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
22. A software developer has informed the project manager that a portion of the application development is going to take five additional days to complete. The project manager make a __________________ to document the reason for the change.
Concentrate on samples known to represent high risk
Database primary key
Project change request
ITIL definition of CHANGE MANAGEMENT
23. An audit of an accounting system - accounting department processes - and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
TCP/IP Link Layer
Information security policy
A Financial Audit
Function Point Analysis
24. 1.) Executive Support (2.) Well-defined roles and responsibilities.
A Sample Mean
Information security policy
Lacks specific expertise or resources to conduct an internal audit
OSI: Data Link Layer
25. An auditor has reviewed access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. This means User privileges are not being removed from their old position when they transfer to a new
More difficult to perform
IT executives and the Board of Directors
Background checks performed
Employees with excessive privileges
26. The primary source for test plans in a software development project is: ________________ that are developed for a project should be the primary source for detailed tests.
Primary security features of relational databases
A Problem
Judgmental sampling
The Requirements
27. An IS auditor has discovered a high-risk exception during control testing. The best course of action for the IS auditor to take - The IS auditor should immediately ________________ when any high-risk situation is discovered.
Statement of Impact
Cloud computing
Lacks specific expertise or resources to conduct an internal audit
Inform the auditee
28. A sampling technique where at least one exception is sought in a population
The availability of IT systems
SDLC Phases
Discovery Sampling
Formal waterfall
29. (1.) Executive Summary (2.) Governance and control framework (3.) Control Objectives (4.) Management Guidelines (5.) Implementation Guide (6.) IT Assurance Guide
Options for Risk Treatment
WAN Protocols
Elements of the COBIT Framework
Configuration Management
30. The portion of IT management that tracks the financial value of IT services that support organizational objectives. It includes 4 activities: (1.) Budgeting (2.) Capital Investment (3.) Expense Management (4.) Project accounting and project ROI (Ret
IT Services Financial Management
OSI: Data Link Layer
Geographic location
Change management
31. The party that performs strategic planning - addresses near-term and long-term requirements aligning business objectives - and technology strategies.
TCP/IP Link Layer
Audit logging
Entire password for an encryption key
The Steering Committee
32. An audit of IS controls - security controls - or business controls to determine control existence and effectiveness.
A Sample Mean
An Operational Audit
CPU
Employee termination process
33. (1.) Developers (2.) Architects (3.) Analysts (4.) Users
Power system controls
A Service Provider audit
Personnel involved in the requirements phase of a software development project
COSO (Committee of Sponsoring Organizations of the Treadway Commission)
34. To review and approve proposed changes to systems and infrastructure. This helps to reduce the risk of unintended events and unplanned downtime.
Input validation checking
Change management
IT Strategy
Gantt Chart
35. A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
IT executives and the Board of Directors
Variable Sampling
Application Layer protocols
objective and unbiased
36. A sampling technique where items are chosen at random; each item has a statistically equal probability of being chosen.
Statistical Sampling
Business Realization
BCP Plans
The best approach for identifying high risk areas for an audit
37. The first major task in a disaster recovery or business continuity planning project.
OSI: Network Layer
Antivirus software on the email servers
Organizational culture and maturity
Business impact analysis
38. One of a database table's fields - whose value is unique.
Notify the Audit Committee
Options for Risk Treatment
Database primary key
A Cold Site
39. A programmer is updating an application that saves passwords in plaintext. In this case - Passwords should be stored in a _____. This makes it impossible for any person to retrieve a password - which could lead to account compromise.
Application Layer protocols
Judgmental sampling
Hash
The first step in a business impact analysis
40. (1.) TCP (2.) UDP
Transport Layer Protocols
Testing activities
Substantive Testing (test of transaction integrity)
Project change request
41. Critical Path Methodology helps a project manager determine which activities are on a project's critical list - ________________________.
Resource details
Stratified Sampling
Department Charters
To identify the tasks that are responsible for project delays
42. When several incidents have occurred that appear to have the same or a similar root cause - a PROBLEM is occurring.
A Server Cluster
Prblem Management
Information systems access
Detection Risk
43. The 5 types of risks that are related to audits include: (1.) Control Risk (2.) Detection Risk (3.) Inherent risk (4.) _____________ (5.) Sampling risk
Overall audit risk
A Financial Audit
SDLC Phases
Expected Error Rate
44. Guide program execution through organization of resources and development of clear project objectives.
Business Continuity
Project Management Strategies
Structural fires and transportation accidents
Sample Standard Deviation
45. (1.) Physical (2.) Technical (4.) Administrative
Three Types of Controls
The two Categories of Controls
Prblem Management
The Eight Types of Audits
46. Focuses on: post-event recovery and restoration of services
Stratified Sampling
Sampling Risk
Disaster Recovery
Service Level Management
47. Must be tested to validate effectiveness through: (1.) Document Review (2.) Walkthrough (3.) Simulation (4.) Parallel testing (5.) Cutover testing practices
Examples of Application Controls
Vulnerability in the organization's PBX
BCP Plans
TCP/IP Link Layer
48. An audit that is performed in support of an anticipated or active legal proceeding.
The audit program
An Operational Audit
A Forensic Audit
Overall audit risk
49. A field in a record in one table that can reference a primary key in another table that can reference a primary key in another table.
Foreign Key
To identify the tasks that are responsible for project delays
Deming Cycle
Variable Sampling
50. The set of activities that is concerned with the ability of the organization to continue to provide services - primarily in the event that a natural or man made disaster has occurred.
List of systems examined
Service Continuity Management
Referential Integrity
The availability of IT systems